Taxonomy of attacks and defense mechanisms in P2P reputation systems - Lessons for reputation system designers

A B S T R A C T Robust and credible reputation systems are essential for the functionality of Peer-to-Peer (P2P) applications. However, they themselves are susceptible to various types of attacks. Since most current efforts lack an exploration of a comprehensive adversary model, we try to fi ll in this gap by providing a thorough view of the various credibility threats against a decentralized reputation system and the respective defense mechanisms. Therefore, we explore and classify the types of potential attacks against reputation systems for P2P applications. We also study and classify the defense mechanisms which have been proposed for each type of attack and identify confl icts between defense mechanisms and/or desirable characteristics of credible reputations systems. We fi nally propose a roadmap for reputation system designers on how to use the results of our survey for the design of robust reputation systems for P2P applications. c

[1]  Tharam S. Dillon,et al.  Managing the dynamic nature of trust , 2004 .

[2]  Kurt Rothermel,et al.  Architecture and Algorithms for a Distributed Reputation System , 2003, iTrust.

[3]  Michael Kaminsky,et al.  SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks , 2008, S&P 2008.

[4]  Ling Liu,et al.  PeerTrust: supporting reputation-based trust for peer-to-peer electronic communities , 2004, IEEE Transactions on Knowledge and Data Engineering.

[5]  Aphrodite Tsalgatidou,et al.  Reputation-Based Trust Systems for P2P Applications: Design Issues and Comparison Framework , 2006, TrustBus.

[6]  Karl Aberer,et al.  Maximum Likelihood Estimation of Peers" Performance in P2P Networks , 2004 .

[7]  Sachin Agarwal,et al.  Jiminy: A Scalable Incentive-Based Architecture for Improving Rating Quality , 2006, iTrust.

[8]  Nicholas R. Jennings,et al.  Certified reputation: how an agent can trust a stranger , 2006, AAMAS '06.

[9]  Kai Hwang,et al.  Gossip-Based Reputation Management for Unstructured Peer-to-Peer Networks* , 2007 .

[10]  Emin Gün Sirer,et al.  KARMA : A Secure Economic Framework for Peer-to-Peer Resource Sharing , 2003 .

[11]  Christian Damsgaard Jensen,et al.  Trading Privacy for Trust , 2004, iTrust.

[12]  Zhimin Gu,et al.  Restraining False Feedbacks in Peer-to-Peer Reputation Systems , 2007 .

[13]  Zhimin Gu,et al.  Restraining False Feedbacks in Peer-to-Peer Reputation Systems , 2007, International Conference on Semantic Computing (ICSC 2007).

[14]  Girish Suryanarayana TREF : A Threat-centric Comparison Framework for Decentralized Reputation Models , 2002 .

[15]  A. Jøsang,et al.  Filtering Out Unfair Ratings in Bayesian Reputation Systems , 2004 .

[16]  Zaobin Gan,et al.  A Novel Reputation Computing Model for Mobile Agent-Based E-Commerce Systems , 2008, 2008 International Conference on Information Security and Assurance (isa 2008).

[17]  Akbar Ghaffarpour Rahbar,et al.  PowerTrust: A Robust and Scalable Reputation System for Trusted Peer-to-Peer Computing , 2007, IEEE Transactions on Parallel and Distributed Systems.

[18]  Nicolas Christin,et al.  Content availability, pollution and poisoning in file sharing peer-to-peer networks , 2005, EC '05.

[19]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[20]  Alptekin Küpçü,et al.  Making p2p accountable without losing privacy , 2007, WPES '07.

[21]  Kai Hwang,et al.  PowerTrust: A Robust and Scalable Reputation System for Trusted Peer-to-Peer Computing , 2007, IEEE Transactions on Parallel and Distributed Systems.

[22]  T. Mexia,et al.  Author ' s personal copy , 2009 .

[23]  Mark Handley,et al.  A scalable content-addressable network , 2001, SIGCOMM '01.

[24]  Michael Kaminsky,et al.  SybilGuard: Defending Against Sybil Attacks via Social Networks , 2008, IEEE/ACM Transactions on Networking.

[25]  Chrysanthos Dellarocas,et al.  Reputation Mechanism Design in Online Trading Environments with Pure Moral Hazard , 2005, Inf. Syst. Res..

[26]  Ian Clarke,et al.  Freenet: A Distributed Anonymous Information Storage and Retrieval System , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[27]  David Ingram,et al.  An Evidence Based Architecture for Efficient, Attack-Resistant Computational Trust Dissemination in Peer-to-Peer Networks , 2005, iTrust.

[28]  Nicholas R. Jennings,et al.  An integrated trust and reputation model for open multi-agent systems , 2006, Autonomous Agents and Multi-Agent Systems.

[29]  Hector Garcia-Molina,et al.  Taxonomy of trust: Categorizing P2P reputation systems , 2006, Comput. Networks.

[30]  Alice Cheng,et al.  Sybilproof reputation mechanisms , 2005, P2PECON '05.

[31]  Sarvapali D. Ramchurn,et al.  DEVISING A TRUST MODEL FOR MULTI-AGENT INTERACTIONS USING CONFIDENCE AND REPUTATION , 2004, Appl. Artif. Intell..

[32]  Christian Damsgaard Jensen,et al.  Trust Transfer: Encouraging Self-recommendations Without Sybil Attack , 2005, iTrust.

[33]  A. Chehab,et al.  Trust-privacy tradeoffs in distributed systems , 2008, 2008 International Conference on Innovations in Information Technology.

[34]  Weisong Shi,et al.  PET: A PErsonalized Trust Model with Reputation and Risk Evaluation for P2P Resource Sharing , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[35]  Karl Aberer,et al.  Beyond "Web of trust": enabling P2P e-commerce , 2003, EEE International Conference on E-Commerce, 2003. CEC 2003..

[36]  Shanshan Song,et al.  Trusted P2P transactions with fuzzy reputation aggregation , 2005, IEEE Internet Computing.

[37]  Roger Wattenhofer,et al.  Havelaar: A Robust and Efficient Reputation Systemfor Active Peer-to-Peer Systems , 2006 .

[38]  George D. Stamoulis,et al.  An incentives' mechanism promoting truthful feedback in peer-to-peer systems , 2005, CCGrid 2005. IEEE International Symposium on Cluster Computing and the Grid, 2005..

[39]  Audun Jøsang,et al.  An Algebra for Assessing Trust in Certification Chains , 1999, NDSS.

[40]  Bharat K. Bhargava,et al.  SORT: A Self-ORganizing Trust Model for Peer-to-Peer Systems , 2013, IEEE Transactions on Dependable and Secure Computing.

[41]  S. Buchegger,et al.  A Robust Reputation System for Peer-to-Peer and Mobile Ad-hoc Networks , 2004 .

[42]  Audun J sang,et al.  An Algebra for Assessing Trust in Certi cation Chains , 1998 .

[43]  Ling Liu,et al.  TrustMe: anonymous management of trust relationships in decentralized P2P systems , 2003, Proceedings Third International Conference on Peer-to-Peer Computing (P2P2003).

[44]  Giorgos Zacharia,et al.  Trust management through reputation mechanisms , 2000, Appl. Artif. Intell..

[45]  Lea Kutvonen,et al.  Reputation Management Survey , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[46]  Mary Baker,et al.  Impeding attrition attacks in P2P systems , 2004, EW 11.

[47]  Xiaolin Li,et al.  H-Trust: A Robust and Lightweight Group Reputation System for Peer-to-Peer Desktop Grid , 2008, 2008 The 28th International Conference on Distributed Computing Systems Workshops.

[48]  Flavio D. Garcia,et al.  Off-Line Karma: A Decentralized Currency for Peer-to-peer and Grid Applications , 2005, ACNS.

[49]  Karl Aberer,et al.  Managing trust in a peer-2-peer information system , 2001, CIKM '01.

[50]  Yan Wang,et al.  Reputation-Oriented Trustworthy Computing in E-Commerce Environments , 2008, IEEE Internet Computing.

[51]  Ersin Uzun,et al.  A reputation-based trust management system for P2P networks , 2004, IEEE International Symposium on Cluster Computing and the Grid, 2004. CCGrid 2004..

[52]  Robert Tappan Morris,et al.  Security Considerations for Peer-to-Peer Distributed Hash Tables , 2002, IPTPS.

[53]  John S. Baras,et al.  Trust evaluation in ad-hoc networks , 2004, WiSe '04.

[54]  Evangelos Kotsovinos,et al.  Pinocchio: Incentives for Honest Participation in Distributed Trust Management , 2004, iTrust.

[55]  Yong Chen,et al.  End-to-End Trust Starts with Recognition , 2003, SPC.

[56]  Atul Singh,et al.  Eclipse Attacks on Overlay Networks: Threats and Defenses , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[57]  Radu Sion,et al.  Uncheatable Reputation for Distributed Computation Markets , 2006, Financial Cryptography.

[58]  Seungjoon Lee,et al.  Cooperative peer groups in NICE , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[59]  Stephen Hailes,et al.  Supporting trust in virtual communities , 2000, Proceedings of the 33rd Annual Hawaii International Conference on System Sciences.

[60]  Sandro Etalle,et al.  Trust Management - Proceedings of IFIPTM 2007: Joint iTrust and PST Conferences on Privacy, Trust Management and Security, July 30- August 2, 2007, Moncton, New Brunswick, Canada , 2007, IFIPTM.

[61]  Zhu Han,et al.  A trust evaluation framework in distributed networks: Vulnerability analysis and defense against attacks , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[62]  E. Friedman,et al.  The Social Cost of Cheap Pseudonyms , 2001 .

[63]  Weisong Shi,et al.  Analysis of ratings on trust inference in open environments , 2008, Perform. Evaluation.

[64]  Mudhakar Srivatsa,et al.  TrustGuard: countering vulnerabilities in reputation management for decentralized overlay networks , 2005, WWW '05.

[65]  Daniele Quercia,et al.  TATA: Towards Anonymous Trusted Authentication , 2006, iTrust.

[66]  George Danezis,et al.  SybilInfer: Detecting Sybil Nodes using Social Networks , 2009, NDSS.

[67]  Nicholas R. Jennings,et al.  A Probabilistic Trust Model for Handling Inaccurate Reputation Sources , 2005, iTrust.

[68]  Andreas Gutscher Reasoning with Uncertain and Conflicting Opinions in Open Reputation Systems , 2009, Electron. Notes Theor. Comput. Sci..

[69]  Chrysanthos Dellarocas,et al.  Self-Interest, Reciprocity, and Participation in Online Reputation Systems , 2004 .

[70]  Nicholas R. Jennings,et al.  On Handling Inaccurate Witness Reports , 2005 .

[71]  Miguel Castro,et al.  Secure routing for structured peer-to-peer overlay networks , 2002, OSDI '02.

[72]  Kai Hwang,et al.  GossipTrust for Fast Reputation Aggregation in Peer-to-Peer Networks , 2008, IEEE Transactions on Knowledge and Data Engineering.

[73]  Audun Jøsang,et al.  A survey of trust and reputation systems for online service provision , 2007, Decis. Support Syst..

[74]  Nahid Shahmehri,et al.  Dynamic trust metrics for peer-to-peer systems , 2005, 16th International Workshop on Database and Expert Systems Applications (DEXA'05).

[75]  M. Lynn Hawaii International Conference on System Sciences , 1996 .

[76]  Jordi Sabater-Mir,et al.  Reputation and social network analysis in multi-agent systems , 2002, AAMAS '02.

[78]  Mostafa H. Ammar,et al.  A reputation system for peer-to-peer networks , 2003, NOSSDAV '03.

[79]  Boi Faltings,et al.  An incentive compatible reputation mechanism , 2003, AAMAS '03.

[80]  Özgür Kafal,et al.  Trust strategies for ART Testbed , 2006 .

[81]  Boi Faltings,et al.  Towards Incentive-Compatible Reputation Management , 2002, Trust, Reputation, and Security.

[82]  Cristina Nita-Rotaru,et al.  A survey of attack and defense techniques for reputation systems , 2009, CSUR.

[83]  Hector Garcia-Molina,et al.  Identity crisis: anonymity vs reputation in P2P systems , 2003, Proceedings Third International Conference on Peer-to-Peer Computing (P2P2003).

[84]  David Ingram Trust-Based Filtering for Augmented Reality , 2003, iTrust.

[85]  E. Chang,et al.  Trust and Reputation for Service-Oriented Environments: Technologies For Building Business Intelligence And Consumer Confidence , 2006 .

[86]  Ashish Goel,et al.  Avoiding ballot stuffing in eBay-like reputation systems , 2005, P2PECON '05.

[87]  Chrysanthos Dellarocas,et al.  Mechanisms for coping with unfair ratings and discriminatory behavior in online reputation reporting systems , 2000, ICIS.

[88]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[89]  Andreas Gutscher,et al.  A Trust Model for an Open, Decentralized Reputation System , 2007, IFIPTM.

[90]  Karl Aberer,et al.  P2P reputation management: Probabilistic estimation vs. social networks , 2006, Comput. Networks.

[91]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[93]  Sarvapali D. Ramchurn,et al.  Trust evaluation through relationship analysis , 2005, AAMAS '05.

[94]  Jongpil Yoon,et al.  Trust management with delegation in grouped peer-to-peer communities , 2006, SACMAT '06.

[95]  R. Dingledine,et al.  Reputation in P2P Anonymity Systems , 2003 .

[96]  A. K. Somani,et al.  Reputation management framework and its use as currency in large-scale peer-to-peer networks , 2004 .

[97]  George D. Stamoulis,et al.  Enforcing Truthful-Rating Equilibria in Electronic Marketplaces , 2006, 26th IEEE International Conference on Distributed Computing Systems Workshops (ICDCSW'06).