A utility-based reputation model for the Internet of Things

Part 7: TPM and Internet of ThingsInternational audienceThe MQTT protocol has emerged over the past decade as a key protocol for a number of low power and lightweight communication scenarios including machine-to-machine and the Internet of Things. In this paper we develop a utility-based reputation model for MQTT, where we can assign a reputation score to participants in a network based on monitoring their behaviour. We mathematically define the reputation model using utility functions on participants based on the expected and perceived behaviour of MQTT clients and servers. We define an architecture for this model, and discuss how this architecture can be implemented using existing MQTT open source tools, and we demonstrate how experimental results obtained from simulating the architecture compare with the expected outcome of the theoretical reputation model

Evaluating trustworthiness through monitoring: The foot, the horse and the elephant

This paper presents a framework for trust evaluation through monitoring, in particular, to address the question of how to derive trust from observations of certain properties. We propose a trust model based on subjective logic to represent trust through the notion of an opinion and to include aspects of uncertainty in a systematic fashion. Moreover, we analyze requirements for opinion generators and introduce novel parameterized generators that capture the requirements for opinion generators much better than current generators do. In addition, we show how a decision can be made based on trust monitoring within a certain context. The proposed trust evaluation framework is demonstrated with a case study of a Body Area Sensor Network. The results and examples show that the opinion generators can effectively work with various types of properties, including dependability, security and functionality related properties

Point-based trust: Define how much privacy is worth

There has been much recent work on privacy-preserving access control negotiations, i.e., carrying out the negotiation in a manner that minimizes the disclosure of credentials and of access policies. This paper introduces the notion of point-based policies for access control and gives protocols for implementing them in a disclosure-minimizing fashion. Specifically, Bob values each credential with a certain number of points and requires a minimum total threshold of points before granting Alice access to a resource. In turn, Alice values each of her credentials with a privacy score that indicates her reluctance to reveal that credential. She is interested in achieving the required threshold for accessing the resource while minimizing the sum of the privacy scores of her used credentials. Bob’s valuation of credentials is private and should not be revealed, as is his threshold. Alice’s privacy-valuation of her credentials is also private and should not be revealed. What Alice uses is a subset of her credentials that achieves Bob’s required threshold for access, yet is of as small a value to her as possible. We give protocols for computing such a subset of Alice’s credentials without revealing any of the two parties ’ above-mentioned sensitive valuation functions and threshold numbers. A contribution of this paper that goes beyond the specific problem considered is a general method for recovering an optimal solution from any value-computing dynamic programming computation, while detecting cheating by the participants. Specifically, our traceback technique relies on the subset sum problem to force consistency. \u