Agenda

MotivationInternet and WWW have changed our livesDespite their several advantages, there are also many security risksTraditional security solutions are very effective but not always applicableTrust and reputation management has been proposed as an accurate alternativeOneself can make his/her own opinion about how trustworthy or reputable another member of the community isIncreases the probability of a successful transaction while reducing the opportunities of being defraudedEuropean Union supported this research field in several projects

GoalsAnalyse the current state of the artIdentify possible deficienciesDesign and suggest innovative and original alternativesMake an analysis of the intrinsic nature of these modelsStudy those threats specifically applicable in these systemsDevelop a tool to implement trust and reputation modelsSurvey some real and final scenariosCompare our alternatives with other representative modelsPropose and develop our own trust models

BackgroundLack of mature bio-inspired approachesLack of taxonomy analysisLack of security threats studyLack of generic testing tools

FuzzyBayesianBio-inspiredAnalyticAgentPATROL-FAFRASMTrustBNBTMAntRepATRMATSNSporasRegretP2PPATROL-FPTMBNBTMPTMRRSAntRepTDTMDWTrustTPODGroupRepEigenTrustAd-hocPTMRRSATRMWSNRFSNATRMDRBTSATSN

Trust and Reputation Management in Distributed and Heterogeneous SystemsSimulatorBio-inspired TRMTrust ModelsTaxonomy Security ThreatsApplication Scenarios

Bio-inspired Trust and Reputation ModelsSimulatorBio-inspired TRMTrust ModelsTaxonomy Security ThreatsApplication Scenarios TACS META-TACS BTRM-WSN

Ant Colony SystemOptimisation algorithmProblems represented as graphs (like TSP)Quite accurate and efficient Stop condition Ants transition Pheromone updating Path quality evaluation Reward/punish

TACS, Trust Model for P2P NetworksAimed to work in P2P networksA client applies for a certain serviceThere are benevolent and malicious service providersAnts find the most trustworthy server offering the requested servicePheromone traces represent the credibility of finding such server

TACS, Trust Model for P2P NetworksTACS adaptationPheromone updatingPath quality evaluationPunishmentAnts transition and stop conditionReward

Experiments carried outOver static networksOver dynamic networksOver oscillating networksCapability of managing multi-service networksSourceforge projectTACS, Trust Model for P2P Networks

META-TACS: a Trust Model Demonstration of Robustness through a Genetic AlgorithmTACS had several parametersWas it too complex?Was it too dependent?

META-TACS: a Trust Model Demonstration of Robustness through a Genetic AlgorithmSearch for the optimal parameters configurationGenetic algorithm CHC

META-TACS: a Trust Model Demonstration of Robustness through a Genetic AlgorithmNot one unique optimal parameters configurationEach parameter had a wide range of valuesDemonstration of robustness against parameters initialisation

BTRM-WSN, Bio-inspired Trust and Reputation Model for Wireless Sensor NetworksApplication to WSNsEnhancements with regard to TACSSeveral clients managementEnhanced pheromone updatingEnhanced punish & rewardTwo proposed modelsMulti-serviceNot multi-service

BTRM-WSN, Bio-inspired Trust and Reputation Model for Wireless Sensor NetworksExperimentsStatic NetworksDynamic NetworksOscillating NetworksCollusion NetworksAccuracyPath length

Trust Models TaxonomySimulatorBio-inspired TRMTrust ModelsTaxonomy Security ThreatsApplication Scenarios

Trust Models TaxonomyGeneric stepsGeneric interfacesGeneric data structures

Trust Models Taxonomy10 design advicesAnonymous recommendationsHigher weight to more recent transactionsRecommendations subjectivityRedemption of past malicious entitiesOpportunity to participate for benevolent newcomersAvoid abuse of a high achieved reputationBenevolent nodes should have more opportunities than newcomersDifferent trust/reputation scores for different servicesTake into account bandwidth, energy consumption, scalability...Consider the importance or associated risk of a transaction

Trust Models Security ThreatsSimulatorBio-inspired TRMTrust ModelsTaxonomy Security ThreatsApplication Scenarios

Trust Models Security ThreatsMalicious collectives with camouflageResilience mostly depends on malicious peers behavioral patternsNot always considered as a threatManage recommenders reliabilityKeep a transactions history to detect and punish variable behaviorCommonly neglected issueLack of a comprehensive analysis9 studied threatsMalicious spiesSpies may achieve a high reputationManage recommenders reliabilityMore difficult to distinguish malicious peers and malicious spiesSybil attackUnderestimated but great riskOne single entity generates a disproportionate number of identitiesAssociate a cost to the generation of new identities

Security threats taxonomyAttack intentTargetsRequired knowledgeCostAlgorithm dependenceDetectabilityTrust Models Security ThreatsTackling summaryEigenTrustPeerTrustBTRM-WSNPowerTrustATSNDWTrust

SimulatorSimulatorBio-inspired TRMTrust ModelsTaxonomy Security ThreatsApplication Scenarios

SimulatorGeneric toolEasy to implement and add new modelsV0.4 includes 5 modelsBTRM-WSNEigenTrustPeerTrustPowerTrustLFTMSourceforge project+ 2300 downloadsWorld wide interestModels comparison

ConclusionsDistributed and heterogeneous systems are nowadays developing very quickly, leading to new unresolved security risksTrust and reputation management has been proposed in this PhD Thesis as an effective solution in certain environmentsOur original bio-inspired trust and reputation models have been proved to have a high performance, while solving some of the previous issuesTaxonomy and design advices & security threats analysis might be quite helpful for future researchersAppealing field with much more to doExtensible and easy to use simulator, enabling models comparison

Future WorkOngoing workTrust and reputation models comparisonReal scenariosIdentity Management SystemsWireless Sensors and Actuators NetworksFuzzy logic, fuzzy sets and linguistic labelsFuture workImprove TRMSim-WSNNew Trust & Reputation modelsNew security threatsVehicular-to-Vehicular (V2V)Internet of Things (IoT)

Publications derived from the PhD Thesis

Publications derived from the PhD ThesisFlix Gmez Mrmol, Gregorio Martnez Prez, State of the art in trust and reputation models in P2P networks, Handbook of Peer-to-Peer Networking, Eds: X. Shen, H. Yu, J. Buford, M. Akon, Publisher: Springer, ISBN: 978-0-387-09750-3, pp 761-784, 2010 http://dx.doi.org/10.1007/978-0-387-09751-0 26 Book chapters

Publications derived from the PhD ThesisFlix Gmez Mrmol, Gregorio Martnez Prez, Antonio F. Gmez Skarmeta, TACS, a Trust Model for P2P Networks, Wireless Personal Communications, vol. 51, no. 1, pp 153-164, 2009 http://dx.doi.org/10.1007/s11277-008-9596-9Flix Gmez Mrmol, Gregorio Martnez Prez, Javier Gmez Marn-Blzquez, META-TACS: a Trust Model Demonstration of Robustness through a Genetic Algorithm, Intelligent Automation and Soft Computing (Autosoft) Journal, 2010 (in press)Flix Gmez Mrmol, Gregorio Martnez Prez, Providing Trust in Wireless Sensor Networks using a Bio-Inspired Technique, Telecommunication Systems Journal, vol. 46, no. 2, 2010 (in press) http://dx.doi.org/10.1007/s11235-010-9281-7Journals with impact factor (included in the JCR)Flix Gmez Mrmol, Gregorio Martnez Prez, "Providing Trust in Wireless Sensor Networks using a Bio-inspired Technique", Networking and Electronic Commerce Research Conference (NAEC 08), pp. 415-430, ISBN: 978-0-9820958-0-5, Lake Garda, Italy, 25-28 September 2008 International conferences

Publications derived from the PhD ThesisFlix Gmez Mrmol, Gregorio Martnez Prez, Towards Pre-Standardization of Trust and Reputation Models for Distributed and Heterogeneous Systems, Computer Standards & Interfaces, Special Issue on Information and Communications Security, Privacy and Trust: Standards and Regulations, vol. 32, no. 4, pp. 185-196, 2010 http://dx.doi.org/10.1016/j.csi.2010.01.003Journals with impact factor (included in the JCR)

Publications derived from the PhD ThesisFlix Gmez Mrmol, Gregorio Martnez Prez, Security Threats Scenarios in Trust and Reputation Models for Distributed Systems, Elsevier Computers & Security, vol. 28, no. 7, pp. 545-556, 2009 http://dx.doi.org/10.1016/j.cose.2009.05.005Journals with impact factor (included in the JCR)

Flix Gmez Mrmol, Gregorio Martnez Prez, TRMSim-WSN, Trust and Reputation Models Simulator for Wireless Sensor Networks, IEEE International Conference on Communications (IEEE ICC 2009), Communication and Information Systems Security Symposium, Dresden, Germany, 14-18 June 2009 http://dx.doi.org/10.1109/ICC.2009.5199545International conferencesPublications derived from the PhD Thesis

Flix Gmez Mrmol, Javier Gmez Marn-Blzquez, Gregorio Martnez Prez, "Linguistic Fuzzy Logic Enhancement of a Trust Mechanism for Distributed Networks", Third IEEE International Symposium on Trust, Security and Privacy for Emerging Applications (TSP-10), Bradford, UK, June 29-July 1, 2010 Flix Gmez Mrmol, Gregorio Martnez Prez, Trust and Reputation Models Comparison, submitted to Emerald Internet Research on the 16th of August, 2009Flix Gmez Mrmol, Joao Girao , Gregorio Martnez Prez, TRIMS, a Privacy-aware Trust and Reputation Model for Identity Management Systems, submitted to Elsevier Computer Networks on the 15th of December, 2009 (currently in a 2nd revision)Flix Gmez Mrmol, Joao Girao , Gregorio Martnez Prez, Identity Management: In privacy we trust, submitted to IEEE Internet Computing Magazine on the 15th of February, 2010Flix Gmez Mrmol, Christoph Sorge, Osman Ugus, Gregorio Martnez Prez, WSANRep, WSAN Reputation-Based Selection in Open Environments, submitted to IEEE Wireless Communications Magazine on the 21st of January, 2010International conferencesJournals with impact factor (included in the JCR), under reviewPublications derived from the PhD Thesis

Publications derived from the PhD ThesisSummaryBook chapters: 1Journals with impact factor: 9 (5 published and 4 under current review)International conferences: 3Open-source software projects protected with IPR: 2Patent applications: 1

Experiments carried outOver static networksOver dynamic networksOver oscillating networksCapability of managing multi-service networksTACS, Trust Model for P2P Networks

TACS, Trust Model for P2P Networks1. Client C executes TACS in order to find the most trustworthy server S offering the service s2. TACS launches the ACS algorithm and ants modify the pheromone traces of the network3. TACS finishes, having selected the optimum path to server S'4. TACS informs the client C that the most trustworthy server found is S'5. Client C requests service s to the server S'6. Server S' provides service s' to the client C7. Client C evaluates his satisfaction with the received service s'8. If client C is not satisfied with the received service s', he punishes the server S' evaporating the pheromone of the edges that lead from C to S'

Trust Models TaxonomyAnonymous recommendationsHiding real-world identities behind pseudonymsCryptographically generated unique identifiersSecure hardware modulesHigher weight to more recent transactionsRecommendations subjectivityRedemption of past malicious entities

Trust Models TaxonomyOpportunity to participate for benevolent newcomersBenevolent nodes should have more opportunities than newcomersAvoid abuse of a high achieved reputation

Trust Models TaxonomyDifferent trust/reputation scores for different servicesTake into account bandwidth, energy consumption, scalability...Wireless Sensor NetworksConsider the importance or associated risk of a transactionTransaction importance Punish/Reward

Trust Models Security ThreatsIndividual malicious peersSimplest threatDecrease trust in malicious peersMalicious collectivesCollusion is often an important riskManage recommenders reliabilityMalicious collectives with camouflageResilience mostly depends on malicious peers behavioral patternsNot always considered as a threatManage recommenders reliabilityKeep a transactions history to detect and punish variable behavior

Trust Models Security ThreatsMalicious spiesSpies may achieve a high reputationManage recommenders reliabilityMore difficult to distinguish malicious peers and malicious spiesSybil attackUnderestimated but great riskOne single entity generates a disproportionate number of identitiesAssociate a cost to the generation of new identitiesMan in the middle attackTraditionally not associated with trust and reputation managementAuthenticate each peer through cryptographic mechanismsSolution not always feasible

Trust Models Security ThreatsDriving down the reputation of a reliable peerA benevolent peer may be isolated foreverManage recommenders reliabilityPartially malicious collectivesOne peer might be benevolent providing a certain service, but malicious provisioning a different serviceDifferent trust scores for different servicesMalicious pre-trusted peersOnly applicable in some trust modelsNot always easy to find peers to be pre-trustedDynamically select the set of pre-trusted peers

Trust models comparisonStatic networksDynamic networksOscillating networksCollusion networks

TRIMS, a Privacy-aware Trust and Reputation Model for Identity Management SystemsSeveral domainsUsers identity information exchangeApplication of a reputation mechanismPreservation of recommenders privacyWSC provides the requested serviceWSP provides user identity informationIdPs act as recommendation aggregatorsDeveloped during 1st NEC internshipLed to an international patent

WSANRep, WSAN Reputation-Based Selection in Open EnvironmentsMobile users looking for servicesSeveral WSAN offering such servicesApplication of a reputation mechanismUsers form groups to preserve their privacyFP acts as recommendations aggregatorOne RP per group storing recommendationsDeveloped during 2nd NEC internship

Linguistic Fuzzy Logic Enhancement of a Trust Mechanism for Distributed NetworksFuzzy sets, fuzzy logic and linguistic labelsEnhanced interpretabilityImproved accuracy

Good morning ladies and gentlemen. With the permission of the board, I would like to start the presentation of the PhD Thesis entitled Trust and Reputation Management in Distributed and Heterogeneous Systems, supervised by Gregorio Martnez Prez. This Thesis has been developed within the Department of Information and Communication Engineering of the University of Murcia. This is the outline of the presentation. First of all, a brief motivation, as well as the main goals we wanted to achieve with this Thesis will be presented. Then a background section will locate the thesis work in a concrete frame inside Trust and Reputation Management. The next four points of the presentation describe the four main achievements of our research work, as we will see later: our original bio-inspired trust models, a trust models taxonomy description, a study of those security threats specifically applicable in these systems and a developed simulator together with some comparisons of our work with some of the current most representative approaches in this field. Finally, some concluding remarks as well as future research lines will be discussed.

Once we have seen (or watched) the motivations for conducting this Thesis, its time to present the main goals we expected to fulfil with our work. First we needed to survey the current state of the art in this specific research field in order to identify possible deficiencies. With such study, the next goal is to provide our own innovative proposals (in our case they will be bio-inspired ones). A profound analysis of the intrinsic nature of these systems in order to provide some generic steps to be followed by every trust and reputation mechanism will be the next goal. Next it would be interesting and even necessary to cope with those security threats than can specifically compromise these mechanisms. Additionally, its also important to have the appropriate framework for developing new trust and reputation proposals as well as performing a comprehensive comparison amongst them. Finally, the applicability of this trust and reputation management must be demonstrated by means of real scenarios where to deploy such models.