Probabilistic trust models in network security

FACULTY OF ENGINEERING AND APPLIED SCIENCE DEPARTMENT OF ELECTRONICS AND COMPUTER SCIENCE Doctor of Philosophy by Ehab M. ElSalamouny One of the dominant properties of a global computing network is the incomplete information available to principals about each other. This was the motivation of using the notion of probabilistic trust as an approach to security sensitive decision making in modern open and global computing systems. In such systems any principal A uses the outcomes of past interactions with another principal B to construct a probabilistic model approximating the behaviour of B. Using this model, the principal A can take decisions regarding interactions with B by estimating its future actions. Many existing frameworks adopt the so-called ‘Beta model’. The main limitation of these frameworks is that they assume the behaviour of any principal to be fixed, which is not realistic in many cases. In this thesis, we first address the application of probabilistic trust to optimise security protocols, and specifically give an example where the Crowds anonymity protocol is extended to use trust information. We then address the problem of evaluating probabilistic trust in principals exhibiting dynamic behaviours. In this respect, we formally analyse the ‘exponential decay’ technique as an approach to coping with principals’ dynamic behaviours. Given the identified limitations of this technique, a more general framework for trust and reputation is introduced. In this framework, Hidden Markov Models (HMMs) are used for modelling the dynamic behaviours of principals. This framework is formally analysed in terms of a notion of ‘estimation error’. Using an experimental approach based on Monte-Carlo methods to evaluate the expected estimation error, the introduced HMM-based framework for trust and reputation is compared to the existing Beta framework. The results show in general that the latter is getting more promising in evaluating trust in principals (‘trustees’) having dynamic behaviours as longer sequences of observations are available about such trustees.

[1]  K.E. Seamons,et al.  Automated trust negotiation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[2]  Glynn Winskel,et al.  Probabilistic event structures and domains , 2004, Theor. Comput. Sci..

[3]  Agostino Dovier,et al.  Designing the Minimal Structure of Hidden Markov Model by Bisimulation , 2001, EMMCVPR.

[4]  L. Prasanth,et al.  HMM-Based Online Handwriting Recognition System for Telugu Symbols , 2007 .

[5]  G. Casella,et al.  Statistical Inference , 2003, Encyclopedia of Social Network Analysis and Mining.

[6]  C. Caramanis What is ergodic theory , 1963 .

[7]  I. J. Myung,et al.  Tutorial on maximum likelihood estimation , 2003 .

[8]  Vladimiro Sassone,et al.  An analysis of the exponential decay principle in probabilistic trust models , 2009, Theor. Comput. Sci..

[9]  Nicholas R. Jennings,et al.  TRAVOS: Trust and Reputation in the Context of Inaccurate Information Sources , 2006, Autonomous Agents and Multi-Agent Systems.

[10]  Ravi S. Sandhu,et al.  Binding identities and attributes using digitally signed certificates , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[11]  Marianne Winslett,et al.  Negotiating Trust on the Web , 2002, IEEE Internet Comput..

[12]  Anders Krogh,et al.  Hidden Markov models for sequence analysis: extension and analysis of the basic method , 1996, Comput. Appl. Biosci..

[13]  Audun Jøsang,et al.  AIS Electronic Library (AISeL) , 2017 .

[14]  D. Rubin,et al.  Maximum likelihood from incomplete data via the EM - algorithm plus discussions on the paper , 1977 .

[15]  Lalit R. Bahl,et al.  Estimating hidden Markov model parameters so as to maximize speech recognition accuracy , 1993, IEEE Trans. Speech Audio Process..

[16]  Stephen M. Omohundro,et al.  Best-First Model Merging for Dynamic Learning and Recognition , 1991, NIPS.

[17]  I. Good,et al.  Ergodic theory and information , 1966 .

[18]  Pasquale Malacaria,et al.  Lagrange multipliers and maximum information leakage in different observational models , 2008, PLAS '08.

[19]  Joan Feigenbaum,et al.  Compliance Checking in the PolicyMaker Trust Management System , 1998, Financial Cryptography.

[20]  Andreas Pfitzmann,et al.  Networks without user observability , 1987, Comput. Secur..

[21]  Piero A. Bonatti,et al.  Driving and monitoring provisional trust negotiation with metapolicies , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[22]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[23]  Vladimiro Sassone,et al.  Trust models in ubiquitous computing , 2008, Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[24]  John Skilling,et al.  Data analysis : a Bayesian tutorial , 1996 .

[25]  R. Baierlein Probability Theory: The Logic of Science , 2004 .

[26]  Andreas Stolcke,et al.  Hidden Markov Model} Induction by Bayesian Model Merging , 1992, NIPS.

[27]  Roni Rosenfeld,et al.  Learning Hidden Markov Model Structure for Information Extraction , 1999 .

[28]  Jr. G. Forney,et al.  The viterbi algorithm , 1973 .

[29]  Vladimiro Sassone,et al.  A Bayesian Model for Event-based Trust , 2022 .

[30]  Christel Baier,et al.  Deciding Bisimilarity and Similarity for Probabilistic Processes , 2000, J. Comput. Syst. Sci..

[31]  G. Schwarz Estimating the Dimension of a Model , 1978 .

[32]  Prakash Panangaden,et al.  Anonymity protocols as noisy channels , 2008, Inf. Comput..

[33]  Yossi Matias,et al.  How to Make Personalized Web Browising Simple, Secure, and Anonymous , 1997, Financial Cryptography.

[34]  Francisco Casacuberta,et al.  Probabilistic finite-state machines - part I , 2005, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[35]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[36]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[37]  Yong Chen,et al.  Using Trust for Secure Collaboration in Uncertain Environments , 2003, IEEE Pervasive Comput..

[38]  S. Buchegger,et al.  A Robust Reputation System for Peer-to-Peer and Mobile Ad-hoc Networks , 2004 .

[39]  Vladimiro Sassone,et al.  Towards a Formal Framework for Computational Trust , 2006, FMCO.

[40]  Gerhard Rigoll,et al.  Hidden Markov model based continuous online gesture recognition , 1998, Proceedings. Fourteenth International Conference on Pattern Recognition (Cat. No.98EX170).

[41]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[42]  Vladimiro Sassone,et al.  HMM-Based Trust Model , 2009, Formal Aspects in Security and Trust.

[43]  H. Akaike A new look at the statistical model identification , 1974 .

[44]  Vladimiro Sassone,et al.  Trust in Crowds: Probabilistic Behaviour in Anonymity Protocols , 2010, TGC.

[45]  L. Baum,et al.  Statistical Inference for Probabilistic Functions of Finite State Markov Chains , 1966 .

[46]  G. Grimmett,et al.  Probability and random processes , 2002 .

[47]  John Odentrantz,et al.  Markov Chains: Gibbs Fields, Monte Carlo Simulation, and Queues , 2000, Technometrics.

[48]  Mogens Nielsen,et al.  Towards a formal notion of trust , 2003, PPDP '03.

[49]  Prakash Panangaden,et al.  Probability of Error in Information-Hiding Protocols , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[50]  Ravi S. Sandhu,et al.  Rationale for the RBAC96 family of access control models , 1996, RBAC '95.

[51]  Peter Sewell,et al.  Cassandra: distributed access control policies with tunable expressiveness , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[52]  Catuscia Palamidessi,et al.  Probable Innocence Revisited , 2005, Formal Aspects in Security and Trust.

[53]  Jim Freeman Probability Metrics and the Stability of Stochastic Models , 1991 .

[54]  Francisco Casacuberta,et al.  Probabilistic finite-state machines - part II , 2005, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[55]  Pierre Dupont,et al.  Links between probabilistic automata and hidden Markov models: probability distributions, learning models and induction algorithms , 2005, Pattern Recognit..

[56]  Biing-Hwang Juang,et al.  Fundamentals of speech recognition , 1993, Prentice Hall signal processing series.

[57]  L. Mui,et al.  A computational model of trust and reputation , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[58]  Vladimiro Sassone,et al.  A formal model for trust in dynamic networks , 2003, First International Conference onSoftware Engineering and Formal Methods, 2003.Proceedings..

[59]  Catuscia Palamidessi,et al.  Probabilistic Anonymity , 2005, CONCUR.

[60]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[61]  Carolyn Pillers Dobler,et al.  Mathematical Statistics , 2002 .

[62]  Ling Liu,et al.  PeerTrust: supporting reputation-based trust for peer-to-peer electronic communities , 2004, IEEE Transactions on Knowledge and Data Engineering.

[63]  Diego Gambetta Can We Trust Trust , 2000 .

[64]  L. Baum,et al.  A Maximization Technique Occurring in the Statistical Analysis of Probabilistic Functions of Markov Chains , 1970 .

[65]  Vladimiro Sassone,et al.  Probable Innocence in the Presence of Independent Knowledge , 2009, Formal Aspects in Security and Trust.

[66]  Prakash Panangaden,et al.  On the Bayes risk in information-hiding protocols , 2008, J. Comput. Secur..

[67]  Joseph Y. Halpern,et al.  Anonymity and information hiding in multiagent systems , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[68]  Marianne Winslett,et al.  PeerTrust: Automated Trust Negotiation for Peers on the Semantic Web , 2004, Secure Data Management.

[69]  Audun Jøsang,et al.  Dirichlet Reputation Systems , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[70]  Jeff A. Bilmes,et al.  A gentle tutorial of the em algorithm and its application to parameter estimation for Gaussian mixture and hidden Markov models , 1998 .

[71]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[72]  Vitaly Shmatikov,et al.  Measuring relationship anonymity in mix networks , 2006, WPES '06.

[73]  Charles R. Johnson,et al.  Matrix analysis , 1985, Statistical Inference for Engineers and Data Scientists.

[74]  Joan Feigenbaum,et al.  KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) , 1998, Security Protocols Workshop.

[75]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[76]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[77]  Kim G. Larsen,et al.  Bisimulation through Probabilistic Testing , 1991, Inf. Comput..