Universitat Passau

IT-Security GroupProf. Dr. rer. nat. Joachim Posegga

Conference Seminar SS2013 — Real Life Security (5827HS)

Trust and Reputation in theInternet of Things

This work was created in the context of the EU Project COMPOSE (FP7-317862).

Authors: Thomas EderDaniel Nachtmann

Supervisors: David ParraDaniel Schreckling

Submitted: 2013-09-12

Trust and Reputation in the Internet of ThingsThomas Eder, Daniel Nachtmann

1 Introduction"The Internet of Things has the potential to change the world, just as the Inter-net did. Maybe even more so." [1]

The Internet of Things allows various different physical objects called Thingsto connect and interact with other Things. This fast growing heterogeneous net-work of the future needs a security measurements which can deal with all thenew challenges this system offers. Because of this we take a look at Trust andReputation systems and their capability in such networks.In this paper we first introduce the Internet of Things as well as Trust and Rep-utation. In the next step we take approaches from Trust and Reputation systemsand analyse if those systems are applicable in the Internet of Things.

2 Internet of ThingsThe internet as we know it will change dramatically over the next decades. Any-time soon there will be added a new dimension to the internet: Things. Things,in this context, are entities that have specific attributes and standardized in-terfaces so they can connect to other things in the network. They can be bothphysical devices or virtual entities as long as they can be identified (e.g. by as-signed numbers, or location addresses).Things are meant to be active participants interacting and communicating au-tonomously with each other as well as their environment.Consequently, the main difference between the Internet as we know it and the In-ternet of Things is the interaction with the physical world. While the traditionalinternet created a virtual new world beside the physical world, the Internet ofThings aims to merge both worlds into one single augmented world.Because of a great variety of fields of application, things are expected to have re-spective heterogeneity concerning physical attributes (e.g. sensors & actuators),communication protocols, processing power, connectivity or the operating sys-tem, to name a few. This will allow them to be connected anywhere and anytimein order to serve anything and anyone.But it is still a long way to go. The Internet of Things depends on many othertechnologies like Identification Technologies, Communication Technologies, Net-work Technologies, Power and Energy Storage Technologies, Security and Pri-vacy Technologies and much more that all will determine the pace the Internetof Things can develop. Examples of the main application domains that will beaffected are automotives, intelligent buildings, healthcare or logistics [9].

2.1 Applications

We picked out two of the endless application areas to demonstrate in what waythe Internet of Things could impact and contribute to their development accord-ing to [13]:

Health care applications The connection of data-collecting sensors, whichwill have a large share in the Internet of Things, will have great benefits fo thehealth care domain. A very essential aspect of health care is the tracking andmonitoring of informations about the state of the patient. The more informa-tions available, the more accurate the diagnosis, and consequently the treatmentas well, will be. Further, especially in accidents, it’s vital to gather and evaluatethe informations as fast as possible.In both issues, collecting huge amounts of information in the physical world andforwarding them fast, the autonomus and distributed idea of the Internet ofThings can play off his full strength.

Corporal applications The Internet of Things will have great influence inthe domain of Business Intelligence as well, along with controlling and optimiz-ing productivity, making it very attractive for big companies. For example, inthe Internet of Things, all products could be tracked with a minimum effort yetmaximum effectivity, due to it’s autonomity, allowing to improve manufacturingand logistics for the benefit of both the companies and the customers.However, this is very likely to deeply impact the job market. All the new devicesand systems being introduced with the Internet of Things will create many newmaintenance jobs. On the other side, it’s autonomity will make many blue-collarjobs obsolete.While this development would happen anyway, we cannot estimate to what ex-tent the Internet of Things will contribute to the acceleration of this trend.

2.2 Challenges

However, there are many Internet of Things-specific challenges to be considered,either: The already mentioned heterogeneity makes it hard to standardize theinteraction and communication. Furthermore the interaction has to be decou-pled in terms of time and location to guarantee the necessary flexibility.Other Challenges that we will have to face are scalability and costs, since wecan expect the number of things connected to the internet to grow not onlycontinuously but also rapidly over the next decades. This will require ways toavoid bottlenecks, what makes it inevitable to look for a decentralized approachfor the Internet of Things.With this kind of infrastructure, there wont be a strict separation of clientsand servers. Moreover there will be things that not only adapt themselves totheir environment, but are also capable of self-replication or even of creatingand destroying other things in the network. What brings us to one of the biggestproblems we will have to face:

With all these many devices communicating autonomously with each other, howcan we know which information will be reliable, so we can ensure security andtrust?To answer this question we need to consider many different security and reliabil-ity aspects at once: communication security, authentication, availability, accesspolicy, integrity and reliability [12]. And although the Internet of Things will bean aggregation of many smaller networks connected over the internet, networkscannot interact with other systems of lower security standards without loosingtrust themselves. This makes security a very essential property in every facet ofthe Internet of Things, postulating a guarantee of a minimum of security stan-dards in all application areas.

2.3 Counterfeit

Another problem to be considered is counterfeiting. In the emerging Internet ofThings, it will be easy and cheap to serve information about anything. This willinevitably lead to the creation of counterparts of objects that could make theoriginals dispensable.The trustability of a device can only be ensured by investigating its source. Evenif it is physically appearance is identically to the original, it may still be an im-itation, hence containing insecurities.To truly identify a device it will be necessary to consider both the physical ob-ject as well as its virtual presence. This could be done by a physically encodedidentifier on the device leading to a verification-tool in the virtual world.We’ll need to take account of this critical problem since in Trust and Reputationsystems we deeply depend on reliable authentication processes. However, tack-ling this issue is not part of this paper. Here we’re investigating the suitabilityof the Trust and Reputation concept in general, not it’s implementation yet.

2.4 Architecture

Before we start investigating security mechanisms in the Internet of Things, weneed to take a closer look at the underlying communication architecture we’redealing with. We’re considering the architecture suggested by [13]:

Fig. 1: Communication layer of the Internet of Things domain model from anapplication point of view. AppNode: application node; GW: gateway; CP: controlpoint; DS: data sink. [13]

This application-centred model shows a distributed approach since it is the mostsuitable for the already distributed nature of the Internet of Things. However thecomponents shown in the graphic don’t correspond to the entities interacting inthe Internet of Things. The latter are supposed to be modelled as aggregates ofthe shown atomic communication units, consisting of an application node and,depending on the considered device, also data processors, control points (CP)and data sinks (DS).As we can see, the communication flow is bound to specific ways. For Example,the app nodes cannot communicate directly with sensors and actuators. Instead,

they are connected via control points as well as data sinks.However according to the distributed design, application nodes are able to inter-act independently with other application nodes, symbolized by the self-referencein the diagram. The same applies for Gateways (GW) and data processors.The control point is a software entity sending instructions to actuators andsensors and mediating between all other entities except the data sink. The bidirectionality of app node and control point interactions is necessary to informthe app node about certain events.While the data sink is basically storing and sharing data, it is also able to initiatecommunications on certain occasions related to the data it receives.Since we’re talking about a Internet of Things, we need gateways to connect localnetworks with each other over the internet. Since not all entities in the networksare supposed to interact with the gateways directly, each network needs to hostthe adequate components in order to communicate with other networks.Being the interface to the internet and other networks, gateways are the com-ponents responsible for protocol translations to standardize communication andensure compatibility despite the vast heterogeneity inherent in the Internet ofThings.

3 Trust and Reputation

Trust and Reputation is a security mechanism in environments where severalentities communicate and interact. This security mechanism is based on two at-tributes found in human relationships: Trust and Reputation. First of all thosetwo attributes will be defined in the context of security system. Afterwards wewill describe the general function of those systems and elaborate the differencesbetween the main architectures.At first we need to define the entities which are responsible for Trust and Rep-utation in such systems. In this case those entities are called agents. Agents areentities which are capable of computing, sending and receiving recommendations[8].

3.1 Trust

Before we take a look at trust in the context of Trust and Reputation systems weneed to define trust in general. First of all there are various different definitionsof trust but with regard to Trust and Reputation systems the definition fromGambetta suits best [14]:"trust (or, symmetrically, distrust) is a particular level of the subjective proba-bility with which an agent assesses that another agent or group of agents willperform a particular action, both before he can monitor such action (or indepen-dently of his capacity ever to be able to monitor it) and in a context in which itaffects his own action (...)."As a result of this definition trustworthiness can be described as the probability

of an entity to behave expected. Based on this definition we can now take a lookat how trust is utilized in actual Trust and Reputation systems. First of all asdescribed by Marsh it is difficult to formalize such a subjective phenomenon liketrust because formalised trust only covers a sub-class of trust and is isolatedfrom other important aspects like morality and justice [16].There are several approaches to represent trust on which agents base their deci-sions. Most of them use a numerical representation of several trust states. Marshfor example represent trust as a continuous variable in a defined interval wherecertain subintervals imply how much an entity is trusted. Bionets uses a quitesimilar approach. They utilize a scale from 0 to 1 where 0 means not trustwor-thy and 1 completely trustworthy [4]. Each agent can then interpret those valuesdifferent based on several additional factors.

3.2 Reputation

Reputation in general is an estimation how an agent will behave in the futurebased on observations of its past behaviour. Reputation can either be the accu-mulation of several observations from different communicating agents or it canbe based only on the experience a single agent has made in the past.Reputation is used because it offers an additional source for agents to rely onwhen making trust decisions. This source is necessary because it is hardly pos-sible for an agent to consider every aspect when making a trust decision. Inaddition Reputation can consist of experiences from several agents as mentionedbefore which can be an advantage because those accumulated experiences offerinformation a single agent could not obtain [15].

3.3 General Function

In general most of the Trust and Reputation systems use the following fivegeneric steps [12].Gathering InformationThe first steps consists of gathering information from different sources aboutentities in the system. Those information consist of behaviour of those entitiesin the past and is an indicator of how trustworthy and entity is. Sources of thisinformation can be entities with first hand experience which means that thoseentities interacted with the relevant entity in the past. Other possible sourcesare that entities can be pre-trusted or recommendations from entities with nofirst hand experience.Scoring and RankingAfter gathering and weighting a certain amount of information about an entitya reputation score is calculated based on the chosen algorithm like fuzzy logicor Bayesian networks. Afterwards this score is put in a ranking and representsa certain trust level. This score is the basis for the entity selection.Entity SelectionIn this step an entity selects an other entity from a pool which offer the same

service. For example several merchants offer the same goods on an online mar-ketplace. Each of them has now a score because of the previous two steps. Thecustomer can now select from those merchants based on their score.At this point usually the entity with the best score which means the trust wor-thiest is chosen but aspects like additional information or policies can influencethis decision.TransactionA transaction can now take place between the two entities which has a serviceor good as result. For example if we continue the example above the customerpays the merchant and receives a good in the form of the bought article.Reward and PunishIn the last step the entities rate the transaction based on their experience. Ex-perience in this case are certain defined factors on which the transaction is rated.

Although most of the trust and reputation systems share those generic steps theimplementation of those can be very different and is based on the used architec-ture. The figure below shows the main architectures for Trust and Reputationsystems.

Fig. 2: Diversification of Trust and Reputation [17]

3.4 Centralized Architecture

The specific characteristic of centralized Trust and Reputation systems is thatratings from first hand experience are collected by a central device which thengenerates a reputation score from those ratings. Those scores are available to thewhole network. Participants of the network can request those scores from thecentral device about certain entities and can take this score into considerationwhen looking for a transaction partner [18]. Those steps can be seen in the figurebelow.

Fig. 3: Centralized Architecture [18]

There are several different centralized approaches and implementations. In thefollowing section we will present and explain in general the function of two actualimplementations.Online ReputationOnline Reputation systems are Trust and Reputation systems often found ine-commerce like Amazon or Ebay. In this case we will present the reputationsystem used by Ebay. In this system the participating entities are retailers andcustomers. The trust value is based on the feedback each participant can giveafter a transaction based on the past behaviour of the other participant. Thisfeedback or rating can either be negative, positive or neutral and includes a tex-tual comment. Those ratings are stored on a central device which computes thetrust value as the sum of the ratings from the past six months where each ratingis weighted equally. This single global value represents the trustworthiness andreliability of a certain entity [7].SporasSporas is a centralized Trust and Reputation system for connected communi-ties similar to the Online Reputation systems. In Sporas each agent starts witha minimum reputation value which is 0. After each transaction both involvedagents can rate their counterpart on a scale from 0.1 for terrible to 1 for perfectat a central device. The reputation value for each agent is then updated based onthe feedback and can reach a maximum of 3000. If two agents interact more thanonce only the most recent rating is kept by the system. Another characteristicof Sporas is that agents with hight reputation values have a much smaller rat-ing change than agents with low values. Finally the weight of ratings decreasesover time which makes recent ratings a more important factor for the reputationvalue [21].

3.5 Decentralized Architecture

In decentralized Trust and Reputation systems each agents computes and storesrating informations about past transactions. Entities then must request and col-lect those informations from these agents in order to get reliable trust scores tobase their decisions on [18]. Those information can be obtained by agents period-ically contact all other agents in order to exchange trust values or by designatedagents responsible for certain entities which share information or requests inconjunction with these certain entities [4].Those steps can be seen in the figure below.

Fig. 4: Decentralized Architecture [18]

There are also several decentralized Trust and Reputation implementations. Inthe following section we will present and explain in general the function of twoactual implementations.EigenTrustThe EigenTrust algorithm is a distributed Trust and Reputation security mech-anism for peer-to-peer file sharing networks [19]. In this system like in mostdecentralized systems each agent or peer in rate each other after each transac-tion. The rating can either be positive or negative and is local to the peer whichrated the transaction. After normalizing the local trust values they can be ag-gregated by the peers. In order to aggregate those values a peer must query aspecified number of acquaintances to get their trust values. In addition to thosetrust values there are also a number of pre trusted peers within the network.Trust decisions are based on those aggregated values and policies each peer candefine for itself.RegretThe second decentralized Reputation model is REGRET from Jordi Sabater andCarles Sierra [20]. Characteristic for this model is that trust information arisefrom various sources. The main information source is first hand experience ordirect trust. Each agent rates transactions based on the counterparts behaviourand stores it in its local database. Those trust value are weighted by recency

and by a reliability value for each trust value. This reliability value is basedon the number of ratings and the deviation of these ratings for a certain entity.Those information can be shared with other agents which is the next informationsource. Those second hand experiences are witness reports and can be found viasocial network. Neighbourhood reputation is a special form of witness informa-tion because they arise from neighbours of the target in the social network. Thelast source is system trust which is a default trust value based on the targetssocial role in the transaction. An agents decision is based on the combination ofthese information sources [7].

4 Trust and Reputation in the Internet of Things

In this section we analyse how the introduced Trust and Reputation systems canbe applied to the Internet of Things. At first we take a look at the challengeswhich emerge from the Internet of Things. Afterwards we select an implementa-tion of the major architectures and analyse them in the context of the Internetof Things. That means that we first present the particular system which we willthen transfer into an Internet of Things environment in order to analyse it inregard of the challenges defined previously.

4.1 Challenges

The Internet of Things creates several new challenges in addition to those al-ready know from the internet. In this section we present and define the majorchallenges for a Trust and Reputation system in the Internet of Things. Theperformance of the Trust and Reputation systems will be based on how thosesystems deal with the following challenges.

HeterogeneityHeterogeneity originates from the concept of the Internet of Things. The Inter-net of Things interacts with the physical world with a large number of differentthings which only have an interface in common in order to communicate. Theremaining components of those things can vary based on the domain of a certainthing. Differences between those things can be the operating system, connec-tivity, I/O channels and performance. A cause of these differences is the usedhardware of the things which leads to different computational power, storagecapacity and energy consumption [9]. In the analysis of the following approacheswe will check if these differences are taken into account.ScalabilityThe increasing number of things connected to the Internet of Things leads toan increasing number of communication, transactions and data [23]. Because ofthis growth each Trust and Reputation system has to scale with the growingnumber of devices in order to stay fully functional. The following approacheswill be analysed based on their capability of dealing with an increasing numberof things in the network.

InfrastructureInfrastructure is a challenge in terms of availability and finding other entitiesin order to interact with them. Trust and Reputation systems must considerthis challenge because entities need others in order to collect informations andinteract with them and they also must be able to find them within the network[6]. Because of this the following approaches are analysed based on their abilityto deal with this challenge.IdentityIdentity is not only a challenge in the context of the internet of things but also inthe current internet. Identity management is an important part of the internetof things which must be taken into account by Trust and Reputation systems.Important aspects of this challenge are that the identity of a things is not thesame as the underlying mechanism, things can have a core identity and severalfurther identities and it is also possible that things hide their true identity [24].The following approaches will be analysed based on if and how they managethose different and probably false identitiesIntegrityIntegrity is not only a challenge for the Internet of Things but for every sys-tem which has to deal with hardware, software or data. In order to identify thechallenges which arise from integrity we first need to define it: "The conceptof integrity ensures that unauthorized modification to software and hardwareis prevented, unauthorized modification is not made to data by authorized andunauthorized personnel and/or processes and that data is internally and exter-nally consistent." [22] Based on this definition we can identify several challengesfrom hardware to data integrity which a Trust and Reputation system has totake into consideration and which will be analysed in the following approaches.Network resourcesThe last challenge arises from the different network capabilities and connectionsof the various things. This means that availability, bandwidth, and latency differand must be taken into account especially if certain aspects of the interactionsare time critical [6].The following approaches are analysed based on their abilityto deal with entities which are problematic in terms of network resources.

4.2 Online Reputation

Now we want to transfer the concept of Online Reputation Systems into a typicalInternet of Things environment. The following diagram shows the componentsand their interactions in the type of system we consider:

Fig. 5: Online Reputation System

As we can see, there are 3 different kinds of entities to be distinguished. Buyers,sellers, and a central server, making it clear we’re dealing with a centralized ar-chitecture. After every transaction between a buyer and a seller, both can sendthe central server ratings of each other. The central server collects and accumu-lates all these feedbacks to calculate a so called Trust Score, as an indicator forthe trustworthiness of each entity. This Trust Score corresponds to our earliermentioned Reputation.This enables the entities to evaluate the risks in transactions with specific part-ners simply by requesting the reputation, built upon the feedback of past trans-actions, from the central server before the transaction.Since at Online Reputation Systems usually the buyers are the only ones incharge of deciding if they want to make a transaction or not, only reputationsof sellers need to be stored at the central server.Now we try to adapt this diagram to our new environment. All we need to dohere is replacing all entities (except the central server) with Things:

Fig. 6: Online Reputation in the Internet of Things

We immediately realize the central server solves our availability problem, since,in contrast to our energy-saving and geographically moving Things the centralserver will run 24/7, giving this approach a convenient infrastructure. Howeverthe server creates a bottle-neck interfering with our need for scalability.Furthermore, this system requires the Things to give proper feedback. Unfortu-nately, not all Things might be able to accurately evaluate what they receive.Since Things are supposed to be very heterogeneous, some Things might be ca-pable of giving feedback, while others don’t, what would lead to ’privileging’Things with higher functionalities by paying more attention to their satisfac-tion. This uneven weighting of satisfaction also makes it easier to fake positivereputations.Evaluating the identification problem here is a little bit tricky. Of course, theThings can introduce themselves with different Id?s. However that is not a prob-lem at all, since the reputations is assigned to the Id?s and not the Thingsdirectly. So when a participant uses a high-reputation ID, it is very likely toconfirm it’s reliability. Otherwise it would loose the hard earned reputation ofthis ID. And es soon as the Thing introduces itself with a ’fake’ ID, any requestabout that ID to the central server will return the low reputation of that ID.Nevertheless we need to make sure that it’s not possible to steal Id?s. Hence,high security standards regarding the authentication will be required. One verysimple approach would be to use encryption for the communications and involvethe examined Thing in the trust-score request. For example the central servercould verify the true identity of the Thing via intern serial-number only theoriginal Things will know. And only when it’s correct, answer the trust-score

request.The following figure shall visualize this mechanism:

Fig. 7: Identification Process

But although this mechanism makes our system a little bit more complicated,it is still very efficient in terms of network resources, since our communicationonly depends on sending trust-scores and identification.Depending on the processing-power of our central server, our approach of usingthe idea of online reputation systems could even tackle the challenges of integrityissues: In the Internet of Things, we’re dealing with huge amounts of devices withvery low hardware. This makes it very likely that devices might show inconsis-tent behaviour. For example when they suddenly break, or are confronted withenvironmental changes they’re not prepared for.Since all the data of past behaviour is stored in only one place, our central server,the server could spot these errors and broadcast warnings to all affected devices(the ones interacting with the broken device as well entities responsible for re-placement or repair). And of course, regard this anomaly in future trust-scorecalculations.

ConclusionThis reputation system only meets our needs in settings where bottle-necks are

no knock out criterion and the major part of participating Things is capable ofgiving feedback. Nevertheless, in these environments our approach demonstrateshigh potential and seems to handle most of our Internet of Things-specific chal-lenges very well.

4.3 Travos

After we presented and evaluated a centralised Trust and Reputation system,we now take a look at a fully distributed system. The system we want to presentis TRAVOS which stands for "Trust and Reputation model for Agentbased Vir-tual OrganisationS" [25].Before we can analyse and rate the system based on thedefined challenges, we first present the system and its features in general.

FunctionTravos is a Trust and Reputation system for distributed networks consisting ofself interested and autonomous agents which interact in order to maximize theirown gain. Those agents can be combined in groups in order to execute certaintasks. Those groups are formed if one agent does not have enough resources tofull fill a certain task.Travos is build on three principles. The first is that a trust metric is needed inorder to compare agents and their trustworthiness. This metric must include thepresence and absence of personal experience. The second is that the individualsconfidence in the trust level for other agents must be considered. This meansthat a higher confidence in the trust level has a bigger impact than a lowerconfidence. The third principal is that an agent has to consider that providedopinions on other agents may be not based on actual experience or are not reli-able.First of all we have to differentiate between the agent who is seeking a servicefrom an other agent and the agent which provides this service. In this contextthe seeking agent is called truster and the providing agent is called trustee.The truster has two methods for assessing the trustworthiness of an trustee.The first is based on direct experience, the second is based on reputation re-ports from other agents. The outcome of transactions on which these experiencesare based is binary. That means that either a transaction was successful whichmeans that everything the truster expected was fullfilled or that the transactionwas unsuccessful which means that some expectations were missed. A successfultransaction is represented by 1 or was unsuccessful which is represented by 0.The trust value is the computed from those collected values. For example a trustvalue of 0.5 for a trustee means that half of the transactions with this trusteewere unsuccessful.The trustworthiness of a trustee can be based on personal experience only whichmeans the probability of a trustee to fullfill its obligations. The trust value iscalculated by applying the standard equation for the expected value of a betadistribution. The differentiation between cases with different amount of obser-vations is also integrated by introducing confidence as a factor.

If a truster has an insufficient number of observations he needs to query otheragents in order to gain reputation reports about the trustee. This is indicated ifthe confidence is below a predefined minimum confident level. When a sufficientnumber of reputation reports is gathered a single trust value is calculated basedon these values.The third principal is now applied which filters certain inappropriate reputationreports. Two steps are needed in order to find such misbehaving agents. At firstthe probability that an agent will provide an accurate opinion is calculated thenreduce the distance between this value and the probability that all possible val-ues for an agents behaviour are equally probably.The figure below shows strongly simplified the general communication betweenthe participants.

Fig. 8: Decentralized communication

We now transfer this approach into the Internet of Things. That means eachtask fullfilled by generic agents has to be performed by things. From the tasksabove we can derive the requirements for each agent. First of all the things mustbe able to find other things via a predefined algorithm in order to find possibletransaction partners and reputation reports. The thing also has to store directexperiences from previous transactions and if needed from second hand experi-ence from other things. Computational power must also be high enough in orderto calculate trust values with the given algorithms based on the stored values.Another demand on the capabilities of the things is that the must be able to

rate each transaction that means that they have to check for themselves if everyaspect of the transaction was fullfilled by the transaction partner.We can visualize this they same way we did in the online Reputation section.

Fig. 9: Decentralized communication in the Internet of Things

In the last step we rate the presented approach based on their performancein the previously defined challenges.

HeterogeneityHeterogeneity is a weak point for decentralized architectures in general. In cen-tralized architectures a specialised device is available which calculates trust val-ues best on the given input and algorithm and also stores them. In decentralizedsystems like Travos each device now has to store and calculate those values foroneself which increases the requirements for each device in terms of computa-tional power and storage capacity. In addition the hardware must be able tostore and communicate addresses in order to find other agents within the net-work. Favourable for Travos is that the number of calculations and stored valuesis relatively low which makes it accessible a greater number of devices but is stillproblematic for very simple things.ScalabilityWith the absence of a bottleneck in the form of a central device scalability isa strong point for decentralized architectures. There is no upper bound for thenumber of devices secured by a decentralized approach. The reasons for this ad-

vantage is that each device only has to take care for itself and in order to do sodoes not need to know the whole network.InfrastructureWith the benefit of an almost infinite scalability comes the problem in findingcertain agents in an adequate time and communication. The problem with in-frastructure is that each thing only knows a small portion of the whole networkwhich means that the number of potential transaction partners is rather low justas the number of available witnesses. There are several approaches used in peerto peer networks in order to find more a suitable partners or reputation scoresbut those require either a large amount of communication within the network ortime without the guarantee to find the perfect existing transaction partner oran appropriate number of values.IdentityThe Travos Trust and Reputation system does not cover the identity problem-atic. That means the system can not identify or assign certain identities and canalso not recognize if a false or stolen identity is used. The system balances thisfault with an algorithm which identifies inappropriate reputation reports andfilters them from the results.IntegrityThe same problem as in identity also applies to Integrity. With the absence ofa control mechanism in order to check reputation values or their originator theonly possibility of finding malicious or misbehaving agents is the algorithm whichidentifies inappropriate reputation reports.Network resourcesNetwork resources are not critical for Travos. The reason why Travos mastersthis challenge rather good is the absence of time critical applications as well asthe rather low amount of data sent and received by each individual agent.

5 Conclusion

Our goal was to analyse Trust and Reputation and its various architectures inthe context of the Internet of Things. A problem we discovered was that it israther difficult to define challenges on which we base our analysis because ofthe huge amount of approaches and the problems each of those covers. Thatmeans that some approaches cover close to all challenges while other shift thoseto additional systems.As conclusion we can say that centralized Trust and Reputation systems whichare today?s preferred systems are strong in most of the aspects we analysed butare rather weak in terms of scalability. That means with an increasing numberof devices the use of such systems is rather problematic.Decentralized architectures on the other hand are already strong in the fieldswere centralized approaches fail but have to deal with additional problems whicharise from the decentralization like Infrastructure.In summary we can say that each approach has is right to exist and its perfor-mance is dependent on the composition of the network.A simplified comparison between the presented approaches can be found in thefollowing figure.

Table 1: Comparison of the approaches(’+++’ > ’++’ > ’+’ > ’-’ , where ’+++’ =optimal suitability, ’-’ = very low suitability)

Online Reputation TRAVOSHeterogeneity + +

Scalability - +++Infrastructure +++ -

Identity +++ +Integrity +++ +

Network resources +++ ++

References

1. Kevin Ashton, That ’Internet of Things’ Thing, In the real world, things mattermore than ideas, http://www.rfidjournal.com, Accessed on May, 2013.

2. Bin Ma, Cross-layer trust model and algorithm of Node Selection in WirelessSensor Networks, 2009 International Conference on Communication Software andNetworks.

3. A. Boukerch, L. Xu, K. EL-Khatib, Trust-based security for wireless ad hoc andsensor networks, ScienceDirect ,Computer Communications 30 (2007) 2413-2427.

4. Anurag Garg, Roberto Battiti, Roberto Cascella, Alberto Montresor, MauroBrunato, BIONETS, WP 4 - SECURITY, D4.1 Trust and Reputation Manage-mentSystem Definition, June 18, 2007.

5. J. Robinson, I. Wakeman, D. Chalmers, B. Horsfall, Trust and the Internet ofThings, in: Joint International Workshop on Trust in Location and Communica-tions in Decentralised Computing (TruLoco’10), Morioka, Japan, 2010.

6. J.-H. Cho, A. Swami, I.-R. Chen, A Survey on Trust Management for Mobile AdHoc Networks, IEEE Communications Surveys & Tutorials 13 (4) (2011) 562-583.

7. Trung Dong Huynh, Nicholas R. Jennings, Nigel R. Shadbolt, An integrated trustand reputation model for open multi-agent systems, Published online: 10 March2006, Springer Science+Business Media, LLC 2006

8. Aifarez Abdui-Rahman, Stephen Hailes, A Distributed Trust Model, 1997 NewSecurity Paradigms Workshop Langdale, Cumbria UK.

9. CERP-IoT Cluster, Visions and Challenges for Realising the Internet of Things,European Commission, 2010.

10. O. Vermesan, P. Friess, P. Guillemin, S. Gusmeroli, H. Sundmaeker, A. Bassi, I.S. Jubert, M. Mazura, M. Harrison, M. Eisenhauer, P. Doody, Internet of ThingsStrategic Research Roadmap, Cluster of European Research Projects on the In-ternet of Things, CERP-IoT, 2011.

11. Thomas Repantis, Vana Kalogeraki, Decentralized Trust Management for Ad-Hoc Peer-to-Peer Networks. Department of Computer Science & Engineering,University of California, Riverside (The de?nitive version was published in 1-59593-421-9/06/11, MPAC 2006. http://doi.acm.org/10.1145/1169075.1169081,Accessed on May 2013).

12. Nils Gruschka & Dennis Gessner, Internet of Things Architecture (IoT-A) ProjectDeliverable D4.2 - Concepts and Solutions for Privacy and Security in the Reso-lution Infrastructure. V1.0, 2012-02-10.

13. Internet-of-Things Architecture (IoT-A), Project Deliverable D1.2 /96 Initial Ar-chitectural Reference Model for IoT, Joachim W. Walewski (Siemens), 2011-06-16

14. Gambetta, Diego (2000) Can We Trust Trust?, in Gambetta, Diego (ed.)Trust: Making and Breaking Cooperative Relations, electronic edition, De-partment of Sociology, University of Oxford, chapter 13, pp. 213-237,<http://www.sociology.ox.ac.uk/papers/ gambetta213-237.pdf>.

15. Alfarez Abdul-Rahman and Stephen Hailes. 2000. Supporting Trust in VirtualCommunities. In Proceedings of the 33rd Hawaii International Conference on Sys-tem Sciences-Volume 6 - Volume 6 (HICSS ’00), Vol. 6. IEEE Computer Society,Washington, DC, USA, 6007-.

16. S. Marsh, Formalising Trust as a Computational Concept, Department of Com-puting Science and Mathematics University of Stirling, April 1994

17. Yao Wang, Julita Vassileva, A Review on Trust and Reputation for Web ServiceSelection, Department of Computer Science, University of Saskatchewan. .2 -Concepts and Solutions for Privacy and Security in the Resolution Infrastructure.

18. Josang, Audun and Ismail, Roslan and Boyd, Colin A. (2007) A survey of trustand reputation systems for online service provision. Decision Support Systems43(2):pp. 618-644.

19. Sepandar D. Kamvar, Mario T. Schlosser, Hector GarciaMolina, The Eigen-Trust Algorithm for Reputation Management in P2P Networks, WWW2003, May20?24, 2003, Budapest, Hungary.

20. abater, J., & Sierra, C. (2001). REGRET: A reputation model for gregarioussocieties. In Fourth workshop on deception fraud and trust in agent societies (pp.61?70). Montreal, Canada.

21. Zacharia, G., & Maes, P. (2000). Trust management through reputation mecha-nisms. Applied Artificial Intelligence, 14 (9), 881?908.

22. Jule Hintzbergen, Kees Hintzbergen, André Smulders, Hans Baars, Foundationsof IT Security Based on ISO27001/27002, Best Practice, Second edition, firstimpression, May 2010, p. 8.

23. Dave Evans, The Internet of Things How the Next Evolution of the Internet IsChanging Everything, April 2011.

24. Rodrigo Roman, Pablo Najera, and Javier Lopez, Securing the Internet of Things,Article published in IEEE Computer, vol. 44, no. 9, pp. 51-58, September 2011.

25. Teacy, W. T. L., Patel, J., Jennings, N. R., & Luck, M. (2005). Coping with inac-curate reputation sources: Experimental analysis of a probabilistic trust model.In proceedings of fourth international joint conference on autonomous agents andmultiagent systems (pp. 997?1004).