Trust beyond reputation: A computational trust model based on stereotypes

Models of computational trust support users in taking decisions. They are commonly used to guide users' judgements in online auction sites; or to determine quality of contributions in Web 2.0 sites. However, most existing systems require historical information about the past behavior of the specific agent being judged. In contrast, in real life, to anticipate and to predict a stranger's actions in absence of the knowledge of such behavioral history, we often use our "instinct"- essentially stereotypes developed from our past interactions with other "similar" persons. In this paper, we propose StereoTrust, a computational trust model inspired by stereotypes as used in real-life. A stereotype contains certain features of agents and an expected outcome of the transaction. When facing a stranger, an agent derives its trust by aggregating stereotypes matching the stranger's profile. Since stereotypes are formed locally, recommendations stem from the trustor's own personal experiences and perspective. Historical behavioral information, when available, can be used to refine the analysis. According to our experiments using Epinions.com dataset, StereoTrust compares favorably with existing trust models that use different kinds of information and more complete historical information

Collusion in Peer-to-Peer Systems

Peer-to-peer systems have reached a widespread use, ranging from academic and industrial applications to home entertainment. The key advantage of this paradigm lies in its scalability and flexibility, consequences of the participants sharing their resources for the common welfare. Security in such systems is a desirable goal. For example, when mission-critical operations or bank transactions are involved, their effectiveness strongly depends on the perception that users have about the system dependability and trustworthiness. A major threat to the security of these systems is the phenomenon of collusion. Peers can be selfish colluders, when they try to fool the system to gain unfair advantages over other peers, or malicious, when their purpose is to subvert the system or disturb other users. The problem, however, has received so far only a marginal attention by the research community. While several solutions exist to counter attacks in peer-to-peer systems, very few of them are meant to directly counter colluders and their attacks. Reputation, micro-payments, and concepts of game theory are currently used as the main means to obtain fairness in the usage of the resources. Our goal is to provide an overview of the topic by examining the key issues involved. We measure the relevance of the problem in the current literature and the effectiveness of existing philosophies against it, to suggest fruitful directions in the further development of the field

A subjective model for trustworthiness evaluation in the social Internet of Things

The integration of social networking concepts into the Internet of Things (IoT) has led to the so called Social Internet of Things (SIoT) paradigm, according to which the objects are capable of establishing social relationships in an autonomous way with respect to their owners. The benefits are those of improving scalability in information/service discovery when the SIoT is made of huge numbers of heterogeneous nodes, similarly to what happens with social networks among humans. In this paper we focus on the problem of understanding how the information provided by the other members of the SIoT has to be processed so as to build a reliable system on the basis of the behavior of the objects. We define a subjective model for the management of trustworthiness which builds upon the solutions proposed for P2P networks. Each node computes the trustworthiness of its friends on the basis of its own experience and on the opinion of the common friends with the potential service providers. We employ a feedback system and we combine the credibility and centrality of the nodes to evaluate the trust level. Preliminary simulations show the benefits of the proposed model towards the isolation of almost any malicious node in the network

Managing the Internet of Things based on its Social Structure

Society is moving towards an “always connected” paradigm, where the Internet user is shifting from persons to things, leading to the so called Internet of Things (IoT) scenario. The IoT vision integrates a large number of technologies and foresees to embody a variety of smart objects around us (such as sensors, actuators, smartphones, RFID, etc.) that, through unique addressing schemes and standard communication protocols, are able to interact with each Others and cooperate with their neighbors to reach common goals [2, 3]. IoT is a hot research topic, as demonstrated by the increasing attention and the large worldwide investments devoted to it. It is believed that the IoT will be composed of trillions of elements interacting in an extremely heterogeneous way in terms of requirements, behavior and capabilities; according to [4], by 2015 the RIFD devices alone will reach hundreds of billions. Unquestionably, the IoT will pervade every aspect of our world and will have a huge impact in our everyday life: indeed, as stated by the US National Intelligence Council (NIC) [5], “by 2025 Internet nodes may reside in everyday things − food packages, furniture, paper documents, and more”. Then, communications will not only involve persons but also things thus bringing about the IoT environment in which objects will have virtual counterparts on the Internet. Such virtual entities will produce and consume services, collaborate toward common goals and should be integrated with all the other services. One of the biggest challenges that the research community is facing right now is to be able to organize such an ocean of devices so that the discovery of objects and services is performed efficiently and in a scalable way. Recently, several attempts have been made to apply concepts of social networking to the IoT. There are scientific evidences that a large number of individuals tied in a social network can provide far more accurate answers to complex problems than a single individual (or a small group of – even knowledgeable – individuals) [1]. The exploitation of such a principle, applied to smart objects, has been widely investigated in Internet-related researches. Indeed, several schemes have been proposed that use social networks to search Internet resources, to route traffic, or to select effective policies for content distribution. The idea that the convergence of the “Internet of Things” and the “Social Networks” worlds, which up to now were mostly kept separate by both scientific and industrial communities, is possible or even advisable is gaining momentum very quickly. This is due to the growing awareness that a “Social Internet of Things” (SIoT) paradigm carries with it many desirable implications in a future world populated by objects permeating the everyday life of human beings. Therefore, the goal of this thesis is to define a possible architecture for the SIoT, which includes the functionalities required to integrate things into a social network, and the needed strategies to help things to create their relationships in such a way that the resulting social network is navigable. Moreover, it focuses on the trustworthiness management, so that interaction among objects that are friends can be done in a more reliable way and proposes a possible implementation of a SIoT network. Since this thesis covers several aspects of the Social internet of Things, I will present the state of the art related to the specific research activities at the beginning of every Chapter. The rest of the thesis is structured as follows. In Chapter 1, I identify appropriate policies for the establishment and the management of social relationships between objects, describe a possible architecture for the IoT that includes the functionalities required to integrate things into a social network and analyze the characteristics of the SIoT network structure by means of simulations. Chapter 2 addresses the problem of the objects to manage a large number of friends, by analyzing possible strategies to drive the objects to select the appropriate links for the benefit of overall network navigability and to speed up the search of the services. In Chapter 3, I focus on the problem of understanding how the information provided by members of the social IoT has to be processed so as to build a reliable system on the basis of the behavior of the objects and define two models for trustworthiness management starting from the solutions proposed for P2P and social networks. Chapter 4 presents an implementation of a SIoT platform and its major functionalities: how to register a new social object to the platform, how the system manages the creation of new relationships, and how the devices create groups of members with similar characteristics. Finally, in Chapter 5, conclusions will be drawn regarding the effectiveness of the proposed Introduction 3 algorithms, and some possible future works will be sketche

Managing the Internet of Things based on its Social Structure

Society is moving towards an “always connected” paradigm, where the Internet user is shifting from persons to things, leading to the so called Internet of Things (IoT) scenario. The IoT vision integrates a large number of technologies and foresees to embody a variety of smart objects around us (such as sensors, actuators, smartphones, RFID, etc.) that, through unique addressing schemes and standard communication protocols, are able to interact with each Others and cooperate with their neighbors to reach common goals [2, 3]. IoT is a hot research topic, as demonstrated by the increasing attention and the large worldwide investments devoted to it. It is believed that the IoT will be composed of trillions of elements interacting in an extremely heterogeneous way in terms of requirements, behavior and capabilities; according to [4], by 2015 the RIFD devices alone will reach hundreds of billions. Unquestionably, the IoT will pervade every aspect of our world and will have a huge impact in our everyday life: indeed, as stated by the US National Intelligence Council (NIC) [5], “by 2025 Internet nodes may reside in everyday things − food packages, furniture, paper documents, and more”. Then, communications will not only involve persons but also things thus bringing about the IoT environment in which objects will have virtual counterparts on the Internet. Such virtual entities will produce and consume services, collaborate toward common goals and should be integrated with all the other services. One of the biggest challenges that the research community is facing right now is to be able to organize such an ocean of devices so that the discovery of objects and services is performed efficiently and in a scalable way. Recently, several attempts have been made to apply concepts of social networking to the IoT. There are scientific evidences that a large number of individuals tied in a social network can provide far more accurate answers to complex problems than a single individual (or a small group of – even knowledgeable – individuals) [1]. The exploitation of such a principle, applied to smart objects, has been widely investigated in Internet-related researches. Indeed, several schemes have been proposed that use social networks to search Internet resources, to route traffic, or to select effective policies for content distribution. The idea that the convergence of the “Internet of Things” and the “Social Networks” worlds, which up to now were mostly kept separate by both scientific and industrial communities, is possible or even advisable is gaining momentum very quickly. This is due to the growing awareness that a “Social Internet of Things” (SIoT) paradigm carries with it many desirable implications in a future world populated by objects permeating the everyday life of human beings. Therefore, the goal of this thesis is to define a possible architecture for the SIoT, which includes the functionalities required to integrate things into a social network, and the needed strategies to help things to create their relationships in such a way that the resulting social network is navigable. Moreover, it focuses on the trustworthiness management, so that interaction among objects that are friends can be done in a more reliable way and proposes a possible implementation of a SIoT network. Since this thesis covers several aspects of the Social internet of Things, I will present the state of the art related to the specific research activities at the beginning of every Chapter. The rest of the thesis is structured as follows. In Chapter 1, I identify appropriate policies for the establishment and the management of social relationships between objects, describe a possible architecture for the IoT that includes the functionalities required to integrate things into a social network and analyze the characteristics of the SIoT network structure by means of simulations. Chapter 2 addresses the problem of the objects to manage a large number of friends, by analyzing possible strategies to drive the objects to select the appropriate links for the benefit of overall network navigability and to speed up the search of the services. In Chapter 3, I focus on the problem of understanding how the information provided by members of the social IoT has to be processed so as to build a reliable system on the basis of the behavior of the objects and define two models for trustworthiness management starting from the solutions proposed for P2P and social networks. Chapter 4 presents an implementation of a SIoT platform and its major functionalities: how to register a new social object to the platform, how the system manages the creation of new relationships, and how the devices create groups of members with similar characteristics. Finally, in Chapter 5, conclusions will be drawn regarding the effectiveness of the proposed Introduction 3 algorithms, and some possible future works will be sketche

Non—cryptographic methods for improving real time transmission security and integrity

In this paper we present a few non cryptographic methods for improving the security, integrity and reliability of real time services. The methods presented in this paper apply to real time transmitting systems, which are based on the Peer-to-Peer (P2P) model. A basic idea of the first technique is to use agents for detecting steganographic content in packet headers, so packets with suspicious entries in the IP header fields will be blocked or the fields will be erased. The two other presented techniques are based on reputation and trust systems, so trust and reputation basic definitions, types and modelling methods are shown. Also a simple design scheme of using these mechanisms in a P2P real-time data transmitting infrastructure is presented. Additionally, we describe an idea of path selecting technique, which can be used to avoid paths that are susceptible to eavesdropping

Notary-based self-healing mechanism for centralized peer-to-peer infrastructures

Centralized architecture, due to its simplicity, fast and reliable user management mechanism (authorization, authentication and lookup) and O(1) searching capability, is still a preferable choice for many P2P-based services. However, it suffers from a “single point of failure” vulnerability, so networks based on this topology are highly vulnerable to DoS attacks or other blocking attempts. This paper describes a new mechanism that can be used for centralized P2P networks to prevent a P2P service unavailability after central server failure. High security level is obtained by using notary servers which track server public key changes and collect social feedback from users. This allows not only to detect popular attacks (like man-in-the middle) but also to assess whether the Central Server (CS) behaves properly. In the case of central server failure or when server becomes compromised, decentralized Condorcet voting is preformed and new CS is selected. Additionally, by incorporating a reputation mechanism which uses two kinds of scores respectively for providing good service and fair evaluation of other peers, the best candidates for a new Central Server can be chosen. Valuable data which is used to rebuild user database in new CS is stored in the encrypted form in peers and updated during the user-peer authorization process. The decryption key is divided between peers using the threshold secret sharing method

Security in DHT-based peer-to-peer networks

Questa tesi riguarda il problema dell’integrazione dei meccanismi per la gestione di reputazione e dei processi di lookup nelle reti peer-to-peer basate su DHT (Distributed Hash Table) e l’applicazione di tali tecniche a scenari di reti chiuse e gerarchiche con particolare riferimento al livello di sicurezza e efficienza dello storage e del backup delle risorse. La soluzione proposta rappresenta una combinazione delle tecniche per la valutazione di reputazione e degli strumenti per i sistemi di computer distribuiti come protezione dagli specifici attacchi causati dai peer maliziosi in sistemi P2P collaborativi. Inoltre, e’ stata proposta l’applicazione dei meccanismi DHT nell’ambito delle reti di computer gerarchiche, in particolare nelle reti aziendali. L’obiettivo di questo lavoro e’ quello di offrire una soluzione ai problemi derivanti dall’utilizzo di una architettura centralizzata tramite l’introduzione del sistema di organizzazione dei dati inerente all’ambito P2P basato sugli algoritmi DHT in una rete aziendale.This thesis addresses the problem of integration of reputation management mechanisms and other instruments used in distributed computing environment with lookup processes in DHT-based peer-to-peer networks in order to improve resilience of such systems to destructive actions of malevolent or faulty components. The goal of this integration is to obtain a more efficient, less expensive (in terms of data transferred, computational resources involved and time spent) and possibly simple solution to cope with the specific problems of DHT-based environment. A particular accent has been given to DHT-based environments with a collaborative nature. Another issue considered in this work regards the application of DHT mechanisms to lookup and data retrieval processes in hierarchical collaborative environments, in particular, in enterprise networks. This approach exploits advantages of the P2P data organization system based on DHTs to avoid some problems inherent in systems with centralized architectures

Trust-aware information retrieval in peer-to-peer environments

Information Retrieval in P2P environments (P2PIR) has become an active field of research due to the observation that P2P architectures have the potential to become as appealing as traditional centralised architectures. P2P networks are formed with voluntary peers that exchange information and accomplish various tasks. Some of them may be malicious peers spreading untrustworthy resources. However, existing P2PIR systems only focus on finding relevant documents, while trustworthiness of documents and document providers has been ignored. Without prior experience and knowledge about the network, users run the risk to review,download and use untrustworthy documents, even if these documents are relevant. The work presented in this dissertation provide the first integrated framework for trust-aware Information Retrieval in P2P environments, which can retrieve not only relevant but also trustworthy documents. The proposed content trust models extend an existing P2P trust management system, PeerTrust, in the context of P2PIR to compute the trust values of documents and document providers for given queries. A method is proposed to estimate global term statistics which are integrated with existing relevance-based approaches for document ranking and peer selection. Different approaches are explored to find optimal parametersettings in the proposed trust-aware P2PIR systems. Moreover, system architectures and data management protocols are designed to implement the proposed trust-aware P2PIR systems in structured P2P networks. The experimental evaluation demonstrates that P2PIR can benefit from trust-aware P2PIR systems significantly. It can importantly reduce the possibility of untrustworthy documents in the top-ranked result list. The proposed estimated global term statistics can provide acceptable and competitive retrieval accuracy within different P2PIR scenarios.EThOS - Electronic Theses Online ServiceORSSchool ScholarshipGBUnited Kingdo