Beyond the Hype: On Using Blockchains in Trust Management for Authentication

Trust Management (TM) systems for authentication are vital to the security of online interactions, which are ubiquitous in our everyday lives. Various systems, like the Web PKI (X.509) and PGP's Web of Trust are used to manage trust in this setting. In recent years, blockchain technology has been introduced as a panacea to our security problems, including that of authentication, without sufficient reasoning, as to its merits.In this work, we investigate the merits of using open distributed ledgers (ODLs), such as the one implemented by blockchain technology, for securing TM systems for authentication. We formally model such systems, and explore how blockchain can help mitigate attacks against them. After formal argumentation, we conclude that in the context of Trust Management for authentication, blockchain technology, and ODLs in general, can offer considerable advantages compared to previous approaches. Our analysis is, to the best of our knowledge, the first to formally model and argue about the security of TM systems for authentication, based on blockchain technology. To achieve this result, we first provide an abstract model for TM systems for authentication. Then, we show how this model can be conceptually encoded in a blockchain, by expressing it as a series of state transitions. As a next step, we examine five prevalent attacks on TM systems, and provide evidence that blockchain-based solutions can be beneficial to the security of such systems, by mitigating, or completely negating such attacks.Comment: A version of this paper was published in IEEE Trustcom. http://ieeexplore.ieee.org/document/8029486

A strategy for trust propagation along the more trusted paths

The main goal of social networks are sharing and exchanging information among users. With the rapid growth of social networks on the Web, the most of interactions are conducted among unknown individuals. On the other hand, with increasing the biased behaviors in online communities, ability to assess the level of trustworthiness of a person before interacting with him has an important influence on users' decisions. Trust inference is a method used for this purpose. This paper studies propagating trust values along trust relationships in order to estimate the reliability of an anonymous person from the point of view of the user who intends to trust him/her. It describes a new approach for predicting trust values in social networks. The proposed method selects the most reliable trust paths from a source node to a destination node. In order to select the optimal paths, a new relation for calculating trustable coefficient based on previous performance of users in the social network is proposed. In ciao dataset there is a column called helpfulness. Helpfulness values represent previous performance of users in the social network. Advantages of this algorithm is its simplicity in trust calculation, using a new entity in dataset and its improvement in accuracy. The results of the experiments on Ciao dataset indicate that accuracy of the proposed method in evaluating trust values is higher than well-known methods in this area including TidalTrust, MoleTrust methods

Online Reputation Systems for the Health Sector

People who are seeking medical advice and care often find it difficult to obtain reliable information about the quality and competence of health service providers. While transparent quality evaluation of products and services is commonplace in most commercial services, public access to information about the quality of health services is usually very restricted. Online reputation and rating systems represent an emerging trend in decision support for service consumers. Reputation systems are based on collecting information about other parties in order to derive measures of their trustworthiness or reliability on various aspects. More specifically these systems use the Internet for the collection of ratings and for dissemination of derived reputation scores. Online rating systems applied to the health sector are already emerging. This article describes robust principles for implementing online reputation systems in the health sector. In order to prevent uncontrolled ratings, our method ensures that only genuine consumers of a specific service can rate that service. The advantage of using online reputation systems in the health sector is that it can assist consumers when deciding which health services to use, and that it gives an incentive for high quality health services among health service providers

Enhancing digital business ecosystem trust and reputation with centrality measures

Digital Business Ecosystem (DBE) is a decentralised environment where very small enterprises (VSEs) and small to medium sized enterprises (SMEs) interoperate by establishing collaborations with each other. Collaborations play a major role in the development of DBEs where it is often difficult to select partners, as they are most likely strangers. Even though trust forms the basis for collaboration decisions, trust and reputation information may not be available for each participant. Recommendations from other participants are therefore necessary to help with the selection process. Given the nature of DBEs, social network centrality measures that can influence power and control in the network need to be considered for DBE trust and reputation. A number of social network centralities, which influence reputation in social graphs have been studied in the past. This paper investigates an unexploited centrality measure, betweenness centrality, as a metric to be considered for trust and reputation

Enhancing digital business ecosystem trust and reputation with centrality measures

Digital Business Ecosystem (DBE) is a decentralised environment where very small enterprises (VSEs) and small to medium sized enterprises (SMEs) interoperate by establishing collaborations with each other. Collaborations play a major role in the development of DBEs where it is often difficult to select partners, as they are most likely strangers. Even though trust forms the basis for collaboration decisions, trust and reputation information may not be available for each participant. Recommendations from other participants are therefore necessary to help with the selection process. Given the nature of DBEs, social network centrality measures that can influence power and control in the network need to be considered for DBE trust and reputation. A number of social network centralities, which influence reputation in social graphs have been studied in the past. This paper investigates an unexploited centrality measure, betweenness centrality, as a metric to be considered for trust and reputation

Flow-based reputation with uncertainty: Evidence-Based Subjective Logic

The concept of reputation is widely used as a measure of trustworthiness based on ratings from members in a community. The adoption of reputation systems, however, relies on their ability to capture the actual trustworthiness of a target. Several reputation models for aggregating trust information have been proposed in the literature. The choice of model has an impact on the reliability of the aggregated trust information as well as on the procedure used to compute reputations. Two prominent models are flow-based reputation (e.g., EigenTrust, PageRank) and Subjective Logic based reputation. Flow-based models provide an automated method to aggregate trust information, but they are not able to express the level of uncertainty in the information. In contrast, Subjective Logic extends probabilistic models with an explicit notion of uncertainty, but the calculation of reputation depends on the structure of the trust network and often requires information to be discarded. These are severe drawbacks. In this work, we observe that the `opinion discounting' operation in Subjective Logic has a number of basic problems. We resolve these problems by providing a new discounting operator that describes the flow of evidence from one party to another. The adoption of our discounting rule results in a consistent Subjective Logic algebra that is entirely based on the handling of evidence. We show that the new algebra enables the construction of an automated reputation assessment procedure for arbitrary trust networks, where the calculation no longer depends on the structure of the network, and does not need to throw away any information. Thus, we obtain the best of both worlds: flow-based reputation and consistent handling of uncertainties

A Formal Structure of Separation of Duty and Trust in Modelling Delegation Policy

There are considerable number of approaches to policy specification both for security management and policy driven network management purposes as reported in [20]. This specification sort security policies into two basic types: authorization and obligation policies. Most of the researches in security policies specification over the years focus on authorization policy modelling. In this paper, we report our approach in the design and Modelling of obligation Policy as delegation in information security by considering separation of duty and trust as pre-requisite conditions for delegation. The formal structures of the Delegation models developed was adapted from the Mathematical structures of Separation of duty (both Static and Dynamic SoD) in RBAC environment as described in [8] and [16]. Three factors of Properties, Experiences and Recommendation as described in [22] were used for the Trust Modelling. Future works proposed include the development of a formal model for revocation after delegation and integration of appropriate authorization policy with the model.Facultad de Informátic

Strategic Value of Agricultural Business Networks in Sustaining Common Goods

This article aims to highlight the positive relationship between the organizational form of the agricultural business network and common goods, thus seizing their strategic value for the company in terms of protection, development, and sustainable use. The common goods analyzed in this research are of different origins: natural, such as the local environment and biodiversity, and artificial, such as cooperation and communication. To this end, a four-year longitudinal study was conducted to study the relationship between agricultural business networks and common goods. This study provides an in-depth analysis of the literature, which highlights the following as main themes: the sharing of values, the importance of trust and reputation, the central role of adaptive management, learning as participation, and environmental sustainability. The chosen case highlights how agricultural business networks can be considered both an effective tool in the protection and sustainable use of common goods and a tool that allows the development of the commons. Both these aspects have a strategic value for an organization that can derive significant benefits both from common goods developed and from the implemented organizational form and simultaneously protect the environment with strong positive externalities for itself and the community