Trust Management
description
Transcript of Trust Management
![Page 1: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/1.jpg)
Trust Management
Chen DingChen YueguoCheng Weiwei
![Page 2: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/2.jpg)
22
Outline
Introduction A computational Model
Managing Trust in a Peer-2-Peer System DMRep EigenRep
Security Concerns P2PRep XRep
Conclusion
![Page 3: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/3.jpg)
33
Trust Management
“ a unified approach to specifying and interpreting security policies, credentials, relationships [which] allows direct authorization of security-critical actions” – Blaze, Feigenbaum & Lacy
Trust Management is the capture, evaluation and enforcement of trusting intentions.
![Page 4: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/4.jpg)
44
Reputation: perception that an agent creates through past actions about its intentions and norms.
Trust: a subjective expectation an agent has about another's future behavior based on the history of their encounters.
Reciprocity: mutual exchange of deeds
Reputation, Trust and Reciprocity
reputation
trust reciprocity
Given social network A
Increase ai’s reputation
Increase aj’s trust of ai
Increase ai’s reciprocating actions
![Page 5: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/5.jpg)
55
A computational Model
Defines trust as a dyadic quantity between the trustor and trustee which can be inferred from reputation data about the trustee
Two simplifications The embedded social networks are taken to be static The action space is restrict to be:
Action: α {cooperate, defect}
![Page 6: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/6.jpg)
66
Notations for Model
Reputation: θji(c) [0,1] Let C be the set of all contexts of interest. Let θji(c) represent ai’s reputation in an embedded social
network of concern to aj for the context c C
History: Dji(c) = {E*} Dji(c) represents a history of encounters that aj has with
ai within the context c.
Trust: T (c) = E [ θ(c) | D(c)] The higher the trust level for agent ai, the higher the
expectation that ai will reciprocate agent aj’s actions.
![Page 7: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/7.jpg)
77
A Computational Model (cont…) θab : b’s reputation in the eyes of a.
Xab(i): the ith transaction between a and b.
After n transactions. We obtained the history data History: Dab = {Xab(1), Xab(2), … , Xab(n)}
Let p be the number of cooperations by agent b toward a in the n previous encounters.
a bContext c
otherwise 0
cooperate isaction sb' if 1 (i)Xab
![Page 8: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/8.jpg)
88
A Computational Model (cont…)
Beta distribution: p( ) = Beta(c1, c2) : estimator for θ c1 and c2: c1=c2=1 (by prior assumptions)
A simple estimator for θab
Assuming that each encounter’s cooperation probability is independent of other encounters between A and B. The likelihood for the n encounters:
L(Dab| )= p(1- )n-p
Posterior estimate for :P( |D) = Beta(c1+p, c2+n-p)
n
pab
![Page 9: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/9.jpg)
99
A Computational Model (cont…)
Trust towards b from a is the conditional expectation of given D.
Tab = p(xab(n+1)|D) = E[ |D]
Where
ncc
pcDE
21
1
]|[
![Page 10: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/10.jpg)
1010
Outline
Introduction A computational Model
Managing Trust in a Peer-2-Peer System DMRep EigenRep
Security Concerns of the communication channel P2pRep XRep
Conclusion
![Page 11: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/11.jpg)
1111
Reputation-based trust management
2 Examples Amazon.com
•Visitors usually look for customer reviews Visitors usually look for customer reviews before deciding to buy new books. before deciding to buy new books.
eBay
•Participants at eBay’s auctions can rate each Participants at eBay’s auctions can rate each other after each transaction.other after each transaction.
Both examples use completely centralized mechanism for storing and exploring reputation data.
![Page 12: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/12.jpg)
1212
P2P Properties
No central coordination No central database No peer has a global view of the system Global behavior emerges from local
interactions Peers are autonomous Peers and connections are unreliable
![Page 13: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/13.jpg)
1313
Design Considerations
The system should be self-policing The shared ethics of the user population are defined and
enforced by the peers themselves and not by some central authority
The system should maintain anonymity A peer’s reputation should be associated with an opaque
identifier rather with an externally associated identity The system should not assign any profit to newcomers The system should have minimal overhead in terms of
computation, infrastructure, storage, and message complexity
The system should be robust to malicious collectives of peers who know one another and attempt to collectively subvert the system.
![Page 14: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/14.jpg)
1414
DMRep [KZ2001]
An approach that addresses the problem of reputation-based trust management at both the data management and the semantic level
Behavioral data B: Observations t(q,p)
•a peer qa peer q P makes when he interacts with a P makes when he interacts with a peer ppeer p P.P.
B(p) = { t (p, q) or t (q, p) | q P} B
In a decentralized environment: How to access trust given B(p) and B How to obtain such B(p) and B to construct trust.
![Page 15: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/15.jpg)
1515
DMRep
In the decentralized environment, if a peer q has to determine trustworthiness of a peer p It has no access to global knowledge B and B(p) 2 ways to obtain data:
•DirectlyDirectly by interactions by interactions
BBqq(p) = { t (q, p) | t (q, p) (p) = { t (q, p) | t (q, p) B} B}
•Indirectly Indirectly through a limited number of referrals through a limited number of referrals from witnesses r from witnesses r WWqq P P
WWqq(p) = { t (r, p) | r (p) = { t (r, p) | r W Wqq, t (r, p) B}, t (r, p) B}
![Page 16: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/16.jpg)
1616
DMRep
Assumption: The probability of cheating within a society is
comparably low More difficult to hide malicious behavior.
Complaint c (p,q) An agent p can, in case of malicious behavior of q,
file a complaint c (p,q)
![Page 17: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/17.jpg)
1717
A simple situation
p and q interact and later on r wants to determine the trustworthiness of p and q. Assume p is cheating, q is honest After their interaction,
•q will file a complaint about pq will file a complaint about p
•p will file a complaint about q in order to p will file a complaint about q in order to hide its misbehavior. hide its misbehavior.
If p continues to cheat, r can conclude p is the cheater by observing the other complaints about p
![Page 18: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/18.jpg)
1818
Reputation calculation
T(p) = |{c(p,q) | q P| x |{c(q,p)| q P}| High value of T(p) indicate that p is not trustworthy Problem
•The reputation was determined based on the The reputation was determined based on the global knowledge on complains which is very global knowledge on complains which is very difficult to obtain.difficult to obtain.
![Page 19: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/19.jpg)
1919
The storage structure
P-Grid Insert (a, k, v), where a is an arbitrary agent in the
network, k is the key value to be searched for, and v is the data value associated with the key
Query (a, k): v, where a is an arbitrary agent in the network, which returns the data values v for a corresponding query k
Properties There exists an efficient decentralized bootstrap algorithm
which creates the access structure without central control The search algorithm consists of randomly forwarding the
requests from one peer to the other. All algorithms scale gracefully. Time and space complexity
are both O(logn)
![Page 20: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/20.jpg)
2020
Decentralized Data Management
1 6 2 3 4 5
1:301:2
Stores complaints about and
by 1
1:401:2
Stores complaints about and
by 2.3
1:501:2
Stores complaints about and
by 1
0:201:2
Stores complaints about and
by 4,5
0:601:2
Stores complaints about and
by 4,5
0:610:4
Stores complaints about and
by 6
0 1
00 01 10 11Query(6,100)
Query(5,100)
Query(4,100) found!
![Page 21: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/21.jpg)
2121
DMSRep
Access Problem: p still has to decide r’s trustworthiness
Even r is honest, it may not be reachable reliably over the network.
p q?
rq1
?
rqn
?
… rrq11rrq1n… rrqn1
rrqnn… …
? ? ? ?The exploration of the
whole network!
![Page 22: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/22.jpg)
2222
Local computation of Trust
Assume that the peers are only malicious with a certain probability pi <= pimax <1. If there are r replicas satisfies on average pirmax < ε,
where ε is an acceptable fault-tolerance. If we receive the same data about a specific peer
from a sufficient number of replicas we need no further checks.
It also limits the depth of the exploration of trustworthiness of peers to limit the search space.
![Page 23: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/23.jpg)
2323
Algorithm
p q
a1 a2 a3 an…
s1 s2 sw
?
a4
s3 …
Check ComplaintsW = {cri(q), cfi(q), si, fi |i=1,…w}
w: number of witness found
cri(q): number of complaints q received
cfi(q): number of complaints q filed
fi: the frequency with which si is found (non-uniformity of the P-Grid structure)
Normalized function
crcriinormnorm(q) = cr(q) = crii(q)(1-(s-f(q)(1-(s-fii/s)/s)ss), i=1,…,w), i=1,…,w
cfcfiinormnorm(q) = cf(q) = cfii(q)(1-(s-f(q)(1-(s-fii/s)/s)ss), i=1,…,w), i=1,…,w
![Page 24: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/24.jpg)
2424
Algorithm
Function to determine trustworthyDecidep(cri
norm(q) , cfinorm(q)) =
ifcri
norm(q)* cfinorm(q) ≤ crp
avgcfpavg
then 1 else -1
Exploring Trust. S= SUM(i=1 … w, decide(cr_i, cf_i) if S=0 Check the Trustworthy of single witness.
24
2
1
avgp
avgp cfcr
![Page 25: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/25.jpg)
2525
DMSRep Discussion
Strength An approach that addresses the problem at both the
data management and the semantic level The method can be implemented in a fully
decentralized peer-to-peer environment and scales well for large number of participants.
Limitations environment with low cheating rates. specific data management structure. Not robust to malicious collectives of peers
![Page 26: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/26.jpg)
2626
Outline
Introduction A computational Model
Managing Trust in a Peer-2-Peer System DMRep EigenRep
Security Concerns P2PRep XRep
Conclusion
![Page 27: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/27.jpg)
2727
How does one peer evaluate others?
Directly (by own experience) sat(i, j): +1, i downloads an authentic file from j. unsat(i, j): +1, i downloads an inauthentic file from j,
or i fails to download a file from j. local reputation value: sij=sat(i, j)- unsat(i, j).
Indirectly (by others’ experience) ask neighbors. ask friends (familiars). ask authorities (who are more reputable). ask witness.
![Page 28: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/28.jpg)
2828
Normalizing Local Reputation Value
j ij
ijij s
sc
)0,max(
)0,max(
Local reputation vector:
Most are 0
10 ijcT
iNii ccc ),...,( 1
1..,11
1
N
jiji ceic
ijc
![Page 29: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/29.jpg)
2929
Aggregating Local Reputation Values
Peer i asks its friends about their opinions on peer k.
Peer i asks its friends about their opinions on all peers.
Peer i asks its friends about their opinions about other peers again. (It seems like asking his friends’ friends) i
Ti cCt
2)(
j
jkijik cct
iT
i cCt
iN
ik
i
NNkNN
Nkkkk
Nk
iN
ik
i
c
c
c
ccc
ccc
ccc
t
t
t
...
...
......
......
......
......
......
...
...1
1
1
11111
11it
![Page 30: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/30.jpg)
3030
Global Reputation Vector
Continues in this manner,
If n is large, will converge to the left principal eigenvector of C for every peer i. (C is irreducible and aperiodic)
We call this eigenvector , the global reputation vector. , an element of , quantifies how much trust the
system as a whole places peer j.
Non-distributed Algorithm
inT
i cCt
)(
it
t
t
jt
until
tt
tCt
repeat
et
kk
kTk
)()1(
)()1(
)0(
;
;
![Page 31: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/31.jpg)
3131
Practical Issues
Pre-trust peers: P is a set of peers which are known to be trusted, is the pre-trusted vector of P, where,
Assign some trust on pre-trust peers : For new peers, who don’t know anybody else: Modified non-distributed algorithm:
othervise
PiifPpi
,0
,/1
pci
p
patCat kTk )()1( )1(
until
tt
patCat
tCt
repeat
pt
kk
kTk
kTk
)()1(
)1()1(
)()1(
)0(
)1(
;
;
![Page 32: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/32.jpg)
3232
Distributed Algorithm
All peers in the network cooperate to compute and store the global trust vector.
Each peer stores and computes its own global trust value.
Minimize the computation, storage, and message overhead.
ik
NNik
ik
i aptctcat )...)(1( )()(11
)1(
patCat kTk )()1( )1(
![Page 33: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/33.jpg)
3333
Distributed Algorithm (cont…)
Ai: set of peers which have downloaded files from peer i.
Bi: set of peers which peer i has downloaded files.
}
; until
return to peers allfor wait
; compute
; peers all to send
;)...)(1( compute
repeat
;for peers allquery
do{ ipeer each for
)1(
)()1(
)1(
)()(11
)1(
)0(
kjjii
ki
ki
ik
iij
ik
NNik
ik
i
jji
tcAj
tt
Bjtc
aptctcat
ptAj
i6
0
2
9
1
5
8
Predecessor: Ai
(downl oad f rom i )Successor: Bi
(downl oaded by i )
1011
7. . .
3
4
12
)(11
kitc
)(55
kitc
)(66
kitc
)(1111
kitc
)(kit
)1( kit
)1(2
kii tc
)1(7
kii tc
)1(9
kii tc
![Page 34: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/34.jpg)
3434
Message Traffic
Mean number of acquaintance per peer : m. Mean number of iteration: k. Mean number of messages per peer: O(mk).
![Page 35: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/35.jpg)
3535
Secure Algorithm
The trust value of one peer should be computed by more than one other peer. malicious peers report false trust values of their own. malicious peers compute false trust values for others.
Use multiple DHTs to assign mother peers. The number of mother peers for one peer is same to
all peers.
4
8
3
1
H1(1)
H2(1)
H3(1)
i
0
4
7
2
6
9
1
5
8
3
1011
12
. . .
H1(1)
H2(1)
H3(1)
![Page 36: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/36.jpg)
3636
i
0
4
7
2
6
9
1
5
8
3
Predecessor: Ai
(downl oad f rom i )Successor: Bi
(downl oaded by i )Mother: Mi
(compute for i )Daughter: Di
(computed by i )
1011
12
. . .
Secure Algorithm (cont…)
Ai, Bi
0 21 9
5 12 11 #
Ai
015
11
…
…
Ai
0ic
Bi
2 0. 21 9 0. 55 12 0. 3
11
Ai
0ic
Bi
2 0. 21 9 0. 55 12 0. 3
11
![Page 37: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/37.jpg)
3737
; Until
;return to peers allfor Wait
; Compute
; peers all to Send
;)...)(1( Compute
Repeat
;for peers allQuery
)1(
)()1(
)1(
)()(11
)1(
)0(
kjjii
ki
ki
ik
iij
ik
NNik
ik
i
jjijjii
tcAj
tt
Bjtc
aptctcat
pctcAj
Secure Algorithm (cont…)
i
0
4
7
2
6
9
1
5
8
3
Predecessor: Ai
(downl oad f rom i )Successor: Bi
(downl oaded by i )Mother: Mi
(compute for i )Daughter: Di
(computed by i )
1011
12
. . .
m Ai
0ic
Bi
2 0. 21 9 0. 55 12 0. 3
11
Ai
0ic
Bi
2 0. 21 9 0. 55 12 0. 3
11
)1(it
)2(it it...
![Page 38: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/38.jpg)
3838
Secure Algorithm (cont…)
Ai
Predecessors of iBi
Successor of i
j
h
m
c
k
n
e
a
b
f
l
i
. . .
d
gi
0
4
7
2
6
9
1
5
8
3
1011
12
. . .
Mothers of Ai Mothers of BiMothers of i
H1()
H2()
H3()
H1(i
)
H1(5) H1(0)
H1(1
1) H1(1)
H1(9) H1(1
2)
H1(2)
![Page 39: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/39.jpg)
3939
Modified Secure Algorithm
end
end
; until
;1
; compute
;for ,)( peers all to send
;)...)(1( compute
;return tofor ,)( peers allfor t wai
repeat
;for ,)( peers all to send
0;
);(
do each for
; daughters its from , ,collect
; mothers its to , , send
do ipeer each for
)()1(
)1(
)()(11
)1(
)(
)(
kk
tt
BjjHashtc
aptctcat
tcAjjHash
BjjHashpctc
k
dHashi
Dd
DcBA
McBA
ki
ki
itk
ddj
dk
NNdk
dk
d
kjjddt
itddjk
ddj
t
i
iddd
iiii
![Page 40: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/40.jpg)
4040
Message Traffic
Mean number of acquaintance per peer: m. Mean number of iteration: k. Number of mothers for one peer: t. Mean number of message per peer: O(tmk).
![Page 41: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/41.jpg)
4141
Using Global Reputation Values
Isolate malicious peers. download from reputable peers.
Incent peers to share file. reward reputation.
Allow the newcomers to build trust. provide a probability of 10% to be selected. reward new comers greatly.
Balance the load. download probabilistically based on trust values. set up maximum reputation (e.g. sij<MAX Value).
Reputati on Reputati on
Noraml Popul arMal i ci ous
![Page 42: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/42.jpg)
4242
Limitation of EigenRep
Cannot distinguish between newcomers and malicious peers.
Malicious peers can still cheat cooperatively A peer should not report its predecessors by itself.
Flexibility How to calculate reputation values when peers join
and leave, on line and off line.
When to update global reputation values? According to the new local reputation vector of all
peers.
Anonymous? A mother peer know its daughters.
![Page 43: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/43.jpg)
4343
Outline
Introduction A computational Model Trust management in P2P system
Managing Trust in a Peer-2-Peer System DMRep EigenRep
Security Concerns P2pRep XRep
Conclusion
![Page 44: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/44.jpg)
4444
P2PRep & XRep
Not focus on computation of reputations Security of exchanged messages
Queries Votes
How to prevent different security attacks
![Page 45: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/45.jpg)
4545
Using Gnutella for reference A fully P2P decentralized infrastructure Peers have low accountability and trust Security threats to Gnutella
•Distribution of tampered informationDistribution of tampered information
•Man in the middle attackMan in the middle attack
P2PRep & XRep
![Page 46: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/46.jpg)
4646
P select a peer among those who respond to P’s query
P polls its peers for opinions about the selected peer
Peers respond to the polling with votes P uses the votes to make its decision
Sketch of P2PRep
![Page 47: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/47.jpg)
4747
Sketch of P2PRep Cont’d
To ensure authenticity of offerers & voters, and confidentiality of votes
Use public-key encryption to provide integrity and confidentiality of messages
Require peer_id to be a digest of a public key, for which the peer knows the private key
![Page 48: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/48.jpg)
4848
P2PRep
Two approaches: Basic polling
•Voters do not provide Voters do not provide peer_id peer_id in votesin votes Enhanced polling
•Voters declare their Voters declare their peer_id peer_id in votesin votes
![Page 49: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/49.jpg)
4949
P2PRep – Basic Polling (a)
Peers SSInitiator P
QueryHit(IP,port,speed,Result,peer_id)
Query(search_string)
Select top list T of offerers
Generate key pair (PKpoll, SKpoll)
TrueVote( Votesj )
PollReply( {(IP,port,Votes)}PKpoll )
Remove suspicious votes
Select random subset V’
Poll(T, PKpoll)
TrueVoteReply(resonse)
If response is negative, discard Votes j
Select peer s for downloading
P *
P *
Si P, (Si S)S)
Vi P, (Vi V)V)
P Vj, (Vj V’)V’)D
Vj P, (Vj V’)V’)D
![Page 50: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/50.jpg)
5050
P2PRep – Basic Polling (b)
Peer sInitiator P
Response([r]SKs, PKs)
Challenge(r)
If h(PKs)=peer_ids &&{[r]SKs}PKs=r: download
Update experience_repository
Generate random string r
P sD
s PD
![Page 51: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/51.jpg)
5151
P2PRep
Two approaches: Basic polling
•Voters do not provide Voters do not provide peer_id peer_id in votesin votes Enhanced polling
•Voters declare their Voters declare their peer_id peer_id in votesin votes
![Page 52: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/52.jpg)
5252
P2PRep – Enhanced Polling (a)
Peers SSInitiator P
QueryHit(IP,port,speed,Result,peer_id)
Query(search_string)
Select top list T of offerers
Generate pairs (PKpoll, SKpoll)
AreYou( peer_idj )
PollReply( {[(IP,port,Votes,peer_idi)]SKi, PKi}PKpoll )
Remove suspicious votes
Select random subset V’
Poll(T, PKpoll)
AreYouReply(resonse)
If response is negative, discard Votes j
Select servent s for downloading
P *
P *
Si P, (Si S)S)
Vi P, (Vi V)V)
P Vj, (Vj V’)V’)D
Vj P, (Vj V’)V’)D
![Page 53: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/53.jpg)
5353
P2PRep – Enhanced Polling (b)
Peer sInitiator P
Response([r]SKs, PKs)
Challenge(r)
If h(PKs)=peer_ids &&{[r]SKs}PKs=r: download
Update experience_repository
Generate random string r
P sD
s PD
![Page 54: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/54.jpg)
5454
Comparison: Basic vs Enhanced
Basic polling all votes are considered equal
Enhanced polling peer_ids allow p to weight the votes based on v’s
trustworthiness
![Page 55: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/55.jpg)
5555
Discussion
In enhanced polling, voters also provide IP & port in PollReply message
Discussion: IP & port, and AreYou message can be omitted Explanation 1:
•basic polling needs basic polling needs IP & portIP & port to check truthfulness of to check truthfulness of VotesVotes
•voter’s private key guarantees this in enhanced pollingvoter’s private key guarantees this in enhanced polling Explanation 2:
•the paper explains that AreYou message checks the the paper explains that AreYou message checks the truthfulness of (IP,Port)truthfulness of (IP,Port)
•the the offerer’sofferer’s (IP,Port) needs to be checked as later we (IP,Port) needs to be checked as later we need download from it. For voter, we only need the need download from it. For voter, we only need the truthfulness of Votestruthfulness of Votes
![Page 56: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/56.jpg)
5656
P2PRep: Security Improvements (1)
Distribution of Tampered Information B responds to A with a fake resource
P2PRep Solution: A discovers the harmful content from B A updates B’s reputation, preventing further
interaction with B A become witness against B in pollings by others
![Page 57: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/57.jpg)
5757
P2PRep: Security Improvements (2)
Man in the Middle Attack Data from C to A can be modified by B, who is in the
path
•A broadcasts a Query and C respondsA broadcasts a Query and C responds
•B intercepts the QueryHit from C and B intercepts the QueryHit from C and rewrites it with B’s IP & portrewrites it with B’s IP & port
•A receives B’s replyA receives B’s reply
•A chooses B for downloadingA chooses B for downloading
•B downloads original content from C, B downloads original content from C, modifies it and passes it to Amodifies it and passes it to A
![Page 58: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/58.jpg)
5858
P2PRep: Security Improvements (2)
Man in the Middle Attack P2PRep addresses this problem by including a challenge-
response phase before downloading To impersonate C, B needs
•C’s private keyC’s private key
•To design a public key whose digest is C’s To design a public key whose digest is C’s identifieridentifier
Public key encryption strongly enhances the integrity of the exchanged messages
Both versions address this problem
![Page 59: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/59.jpg)
5959
XRep
Extended from P2PRep Combining servent-based & resource-based
reputations Servent-based Reputation
•Associated with Peer IdentifierAssociated with Peer Identifier Resource-based Reputation
•Coupled to resource’s contentCoupled to resource’s content
![Page 60: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/60.jpg)
6060
Two Requirements Peer_id is a digest of its public key Resource_id is a digest of its content
Each peer maintains two experience repositories Servent Repository Resource Repository
XRep
![Page 61: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/61.jpg)
6161
XRep protocol consists of 5 stages: Recource searching Rescource selection & Vote Polling Vote evaluation Best peer check Resource downloading
Sketch of XRep
![Page 62: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/62.jpg)
6262
XRep
Differences from P2PRep QueryHit contains resource digests in ResultSet Vote Polling: ask peers to vote on resource or on
the peers who offer the resource Vote Reply: each peer can respond with votes on
resources or peers
Similar to P2PRep, public key encryption is used
![Page 63: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/63.jpg)
6363
XRep: Security Consideration
Distribution of Tampered Information Man in the middle attack
![Page 64: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/64.jpg)
6464
XRep: Improvements (1)
Decoupling of resource from offerers permits parallel downloads P can ask different offerers for different resource
fragments
![Page 65: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/65.jpg)
6565
XRep: Improvements (2)
Combining servent-based & resource-based reputations Both have shortcomings and advantages
Servent-based Resource-based
Reputation’s life cycle
shorter due to peer_id changes
good resource always recognizable
Cold start avoid cold start for new resource
avoid cold start for new peers
Performance bottleneck
may direct all downloads to most reputable peers
avoids bottleneck for most reputable peers
![Page 66: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/66.jpg)
6666
Outline
Introduction A computational Model Trust management in P2P system
Managing Trust in a Peer-2-Peer System DMRep EigenRep
Security Concerns P2pRep XRep
Conclusion
![Page 67: Trust Management](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813c0b550346895da576f3/html5/thumbnails/67.jpg)
6767
Conclusion
Reputation-based Trust Management Reputation Computation & Management
DMRep EigenRep
Security Concerns P2PRep XRep