TrustMe: anonymous management of trust relationships in decentralized P2P systems

Decentralized peer to peer (P2P) networks offer both opportunities and threats. Its open and decentralized nature makes it extremely susceptible to malicious users spreading harmful content like viruses, trojans or, even just wasting valuable resources of the network. In order to minimize such threats, the use of community-based reputations as trust measurements is fast becoming a de-facto standard. The idea is to dynamically assign each peer a trust rating based on its performance in the network and store it at a suitable place. Any peer wishing to interact with another peer can make an informed decision based on such a rating. An important challenge in managing such trust relationships are to design a protocol to secure the placement and access of these trust ratings. Surprisingly, all the related work in this area either support very limited anonymity or assume anonymity to be an undesired feature and neglect it. We motivate the importance of anonymity, especially in such trust based systems. We then present TrustMe: a secure and anonymous underlying protocol for trust management. The protocol provides mutual anonymity for both the trust host and the trust querying peer. Through a series of simulation-based experiments, we show that the TrustMe protocol is extremely secure in the face of a variety of possible attacks and present a thorough analysis of the protocol.

[1]  Stephen Marsh,et al.  Formalising Trust as a Computational Concept , 1994 .

[2]  Munindar P. Singh,et al.  A Social Mechanism of Reputation Management in Electronic Communities , 2000, CIA.

[3]  Hector Garcia-Molina,et al.  EigenRep: Reputation Management in P2P Networks , 2003 .

[4]  Ling Liu,et al.  A reputation-based trust model for peer-to-peer ecommerce communities , 2003, EC.

[5]  Mark Handley,et al.  A scalable content-addressable network , 2001, SIGCOMM '01.

[6]  Ian Clarke,et al.  Freenet: A Distributed Anonymous Information Storage and Retrieval System , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[7]  Stephen Hailes,et al.  Supporting trust in virtual communities , 2000, Proceedings of the 33rd Annual Hawaii International Conference on System Sciences.

[8]  Ernesto Damiani,et al.  Choosing reputable servents in a P2P network , 2002, WWW.

[9]  Radia J. Perlman,et al.  Network security - private communication in a public world , 2002, Prentice Hall series in computer networking and distributed systems.

[10]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[11]  Roger Dingledine,et al.  The Free Haven Project: Distributed Anonymous Storage Service , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[12]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[13]  Karl Aberer,et al.  Managing trust in a peer-2-peer information system , 2001, CIKM '01.

[14]  Robert Tappan Morris,et al.  Security Considerations for Peer-to-Peer Distributed Hash Tables , 2002, IPTPS.

[15]  Li Xiao,et al.  Mutual anonymity protocols for hybrid peer-to-peer systems , 2003, 23rd International Conference on Distributed Computing Systems, 2003. Proceedings..