8 research outputs found

    Flow-based reputation: more than just ranking

    Full text link
    The last years have seen a growing interest in collaborative systems like electronic marketplaces and P2P file sharing systems where people are intended to interact with other people. Those systems, however, are subject to security and operational risks because of their open and distributed nature. Reputation systems provide a mechanism to reduce such risks by building trust relationships among entities and identifying malicious entities. A popular reputation model is the so called flow-based model. Most existing reputation systems based on such a model provide only a ranking, without absolute reputation values; this makes it difficult to determine whether entities are actually trustworthy or untrustworthy. In addition, those systems ignore a significant part of the available information; as a consequence, reputation values may not be accurate. In this paper, we present a flow-based reputation metric that gives absolute values instead of merely a ranking. Our metric makes use of all the available information. We study, both analytically and numerically, the properties of the proposed metric and the effect of attacks on reputation values

    Multi-party trust computation in decentralized environments in the presence of malicious adversaries

    Get PDF
    In this paper, we describe a decentralized privacy-preserving protocol for securely casting trust ratings in distributed reputation systems. Our protocol allows n participants to cast their votes in a way that preserves the privacy of individual values against both internal and external attacks. The protocol is coupled with an extensive theoretical analysis in which we formally prove that our protocol is resistant to collusion against as many as n-1 corrupted nodes in both the semi-honest and malicious adversarial models. The behavior of our protocol is tested in a real P2P network by measuring its communication delay and processing overhead. The experimental results uncover the advantages of our protocol over previous works in the area; without sacrificing security, our decentralized protocol is shown to be almost one order of magnitude faster than the previous best protocol for providing anonymous feedback

    RECLAMO: virtual and collaborative honeynets based on trust management and autonomous systems applied to intrusion management

    Get PDF
    Security intrusions in large systems is a problem due to its lack of scalability with the current IDS-based approaches. This paper describes the RECLAMO project, where an architecture for an Automated Intrusion Response System (AIRS) is being proposed. This system will infer the most appropriate response for a given attack, taking into account the attack type, context information, and the trust and reputation of the reporting IDSs. RECLAMO is proposing a novel approach: diverting the attack to a specific honeynet that has been dynamically built based on the attack information. Among all components forming the RECLAMO's architecture, this paper is mainly focused on defining a trust and reputation management model, essential to recognize if IDSs are exposing an honest behavior in order to accept their alerts as true. Experimental results confirm that our model helps to encourage or discourage the launch of the automatic reaction process

    Trust and reputation management in decentralized systems

    Get PDF
    In large, open and distributed systems, agents are often used to represent users and act on their behalves. Agents can provide good or bad services or act honestly or dishonestly. Trust and reputation mechanisms are used to distinguish good services from bad ones or honest agents from dishonest ones. My research is focused on trust and reputation management in decentralized systems. Compared with centralized systems, decentralized systems are more difficult and inefficient for agents to find and collect information to build trust and reputation. In this thesis, I propose a Bayesian network-based trust model. It provides a flexible way to present differentiated trust and combine different aspects of trust that can meet agents’ different needs. As a complementary element, I propose a super-agent based approach that facilitates reputation management in decentralized networks. The idea of allowing super-agents to form interest-based communities further enables flexible reputation management among groups of agents. A reward mechanism creates incentives for super-agents to contribute their resources and to be honest. As a single package, my work is able to promote effective, efficient and flexible trust and reputation management in decentralized systems

    TrustedKad - Application of Trust Mechanisms to a Kademlia-Based Peer-to-Peer Network

    Get PDF
    Peer-to-Peer-Netzwerke (P2P) sind verteilte Systeme, die aus gleichberechtigten Knoten („Peers“) bestehen. Im Gegensatz zu klassischen Client-Server-Systemen gibt es in P2P-Netzwerken keine hierarchischen Ebenen oder zentrale Kontrolleinheiten: Alle Peers bieten gleichzeitig Dienste an und nutzen sie. Im vergangenen Jahrzehnt ist eine Vielzahl verschiedener P2P-Anwendungen entwickelt worden – Filesharing-Anwendungen wie BitTorrent und eMule und Kommunikations-Anwendungen wie Skype gehören zu den bekanntesten von ihnen. Forschungsarbeiten haben gezeigt, dass P2P-Netzwerke anfĂ€llig fĂŒr verschiedene Arten von Angriffen sind. Bekannte Angriffe sind z.B. die Sybil- und die Eclipse-Attack. Die ĂŒblichen Gegenmaßnahmen gegen die Angriffe sind Replikation und das Verwenden von disjunkten Routing-Pfaden, um die Wahrscheinlichkeit zu reduzieren, wĂ€hrend einer Routing- oder Storage-Operation mit bösartigen Knoten zu interagieren. Seit einiger Zeit wird die Anwendung von Vertrauensmechanismen auf P2P-Netzwerke untersucht. Existierende Arbeiten betrachten meist unstrukturierte P2P-Netzwerke – in realen Umgebungen ĂŒberwiegen jedoch die strukturierten Netzwerke. Insbesondere Implementierungen des Kademlia-Algorithmus‘ sind weit verbreitet, da er von BitTorrent und eMule genutzt wird. Dennoch versucht keiner der vertrauensbasierten AnsĂ€tze, die strukturierte Netzwerke behandeln, speziell die Sicherheit von Kademlia zu verbessern. Aufgrund der Verbreitung von Kademlia wird TrustedKad vom Autor entwickelt, um die Sicherheit des Kademlia-Algorithmus‘ zu verbessern. In dieser Arbeit wird TrustedKad eingefĂŒhrt und die Funktionsweise erlĂ€utert. TrustedKad bewertet das Verhalten von Knoten nach Routing- oder Storage-Operationen als entweder positiv oder negativ. DafĂŒr definiert TrustedKad unter BerĂŒcksichtigung der Funktionsweise von Kademlia die Regeln, nach denen gut- und bösartiges Verhalten identifiziert wird. Basierend auf diesen Bewertungen werden Vertrauenswerte fĂŒr Routing und Storage berechnet, um gutartige und bösartige Knoten zu erkennen. Jeder Knoten nutzt Schwellwerte fĂŒr diese Vertrauenswerte, um zu entscheiden, welche Knoten er als vertrauenswĂŒrdig ansieht. Nicht vertrauenswĂŒrdige Knoten werden wĂ€hrend der eigenen Operationen eines Knotens vermieden. DarĂŒber hinaus nutzt TrustedKad zusĂ€tzliche Sicherheitsfunktionen, um die Sicherheit des Systems weiter zu erhöhen. Diese werden im Verlauf dieser Arbeit vorgestellt. Um TrustedKad zu evaluieren, wird es in einer Simulationsumgebung implementiert und analysiert. Die in dieser Arbeit prĂ€sentierten Ergebnisse zeigen, dass TrustedKad in der Lage ist, gutartige und bösartige Knoten zu unterscheiden. Es wehrt verschiedene Variationen von bekannten Angriffen ab und verbessert die Sicherheit von Kademlia-basierten Netzwerken deutlich.Peer-to-peer networks (P2P) are distributed systems that consist of equal nodes (“peers”). In contrast to classic client/server systems, there is no hierarchy or central entity: All peers offer services and use them at the same time. In the past decade, a multitude of different P2P applications has been developed – filesharing applications such as BitTorrent and eMule and communication applications such as Skype are among the most popular of them. Research has shown that P2P networks are vulnerable to different kinds of attacks. Known attacks include, e.g., the Sybil attack and the Eclipse attack. Traditional countermeasures against the attacks are replication and the usage of disjoint routing paths to reduce the probability of interacting with malicious nodes during a routing or storage operation. More recently, trust mechanisms have been proposed and analyzed for applicability to P2P networks. The existing related work mostly targets unstructured P2P networks – however, in real-world environments, the structured networks prevail. Especially implementations of the Kademlia algorithm are widely spread, as it is used by BitTorrent and eMule. Nevertheless, none of the trust-based approaches that aim at structured networks specifically attempts to enhance Kademlia’s security. Due to Kademlia’s prevalence, TrustedKad is particularly designed by the author to improve the security of the Kademlia algorithm. In this thesis, TrustedKad is introduced and its functioning is explained. TrustedKad rates the behavior of nodes after routing and storage operations as either positive or negative. To do so, it defines the rules by which inoffensive and malicious behavior is identified in dependence of the functioning of the Kademlia algorithm. Based on the ratings, routing and storage trust values are calculated to identify inoffensive and malicious nodes. Every node uses thresholds for these trust values to decide which nodes it regards as trustworthy. Non-trustworthy nodes are avoided during a node’s own operations. Furthermore, TrustedKad uses additional security features to further increase the security of the system. They are introduced in this thesis. In order to evaluate TrustedKad, it is implemented and analyzed in a simulation environment. The results presented in this thesis show that TrustedKad is able to distinguish inoffensive and malicious nodes. It counters miscellaneous variations of known attacks and improves the security of Kademlia-based networks considerably

    Implications of query caching for JXTA peers

    Get PDF
    This dissertation studies the caching of queries and how to cache in an efficient way, so that retrieving previously accessed data does not need any intermediary nodes between the data-source peer and the querying peer in super-peer P2P network. A precise algorithm was devised that demonstrated how queries can be deconstructed to provide greater flexibility for reusing their constituent elements. It showed how subsequent queries can make use of more than one previous query and any part of those queries to reconstruct direct data communication with one or more source peers that have supplied data previously. In effect, a new query can search and exploit the entire cached list of queries to construct the list of the data locations it requires that might match any locations previously accessed. The new method increases the likelihood of repeat queries being able to reuse earlier queries and provides a viable way of by-passing shared data indexes in structured networks. It could also increase the efficiency of unstructured networks by reducing traffic and the propensity for network flooding. In addition, performance evaluation for predicting query routing performance by using a UML sequence diagram is introduced. This new method of performance evaluation provides designers with information about when it is most beneficial to use caching and how the peer connections can optimize its exploitation

    Accountants\u27 index. Thirtieth supplement, January-December 1981, volume 1: A-L

    Get PDF
    https://egrove.olemiss.edu/aicpa_accind/1037/thumbnail.jp
    corecore