A survey on Security Issues of Reputation Management Systems for Peer-to-Peer Networks

The objective of this paper is to present a comprehensive survey of security issues in Reputation based Trust Management system (RTMS) also known in short as Reputation Management Systems for P2P networks. The wide adoption of P2P computing has enhanced content publishing, pervasive information collection, streaming of real-time sensed data and information sharing on an enormous global scale. At the same time, the open and anonymous nature of P2P makes it vulnerable to malicious attacks and the spread of malware. In this paper, we discuss in detail the different security attacks on P2P systems and have categorized them as network-related and peer-related attacks. RTMS helps to establish and evaluate Trust, which is the degree of belief that is established to prove that the right user is accessing the right resource. We have explained the different Trust Management schemes used in P2P networks and have compared them on the basis of trust establishment, security features, trust evaluation and weakness. We have surveyed the RTMSs currently in use and have compared them on the basis of reputation collection, aggregation, computation, storage and degree of centralization of reputation computation and management. We also present a comparison of protection provided by RTMs against the various security attacks discussed. Open research issues and challenges that have yet to be addressed in the design of current RTMs have been presented in detail. This survey can be used as a reference guide to understand Trust Management and RTMS for P2P networks and to further research in RTMSs to make them efficient, reliable and scalable to enable and promote the utilization of P2P systems for large communities and applications.

[1]  Ernesto Damiani,et al.  A reputation-based approach for choosing reliable resources in peer-to-peer networks , 2002, CCS '02.

[2]  Ronald L. Rivest,et al.  Certificate Chain Discovery in SPKI/SDSI , 2002, J. Comput. Secur..

[3]  Xuemin Shen,et al.  Handbook of Peer-to-Peer Networking , 2009 .

[4]  C. Costa,et al.  Reputation Systems for Fighting Pollution in Peer-to-Peer File Sharing Systems , 2007 .

[5]  Young Ik Eom,et al.  An Efficient Contents Discovery Mechanism in Pure P2P Environments , 2003, GCC.

[6]  Hector Garcia-Molina,et al.  Taxonomy of trust: Categorizing P2P reputation systems , 2006, Comput. Networks.

[7]  Marinho P. Barcellos,et al.  Attacking a Swarm with a Band of Liars: evaluating the impact of attacks on BitTorrent , 2007 .

[8]  Ramon Sangüesa,et al.  Extracting reputation in multi agent systems by means of social network topology , 2002, AAMAS '02.

[9]  Paolo Giaccone,et al.  Nash equilibria in bandwidth allocation for non-cooperative peer-to-peer networks , 2008, J. Syst. Archit..

[10]  Benjamin N. Grosof,et al.  A practically implementable and tractable delegation logic , 2000, S&P 2000.

[11]  Karl Aberer,et al.  Managing trust in a peer-2-peer information system , 2001, CIKM '01.

[12]  Mudhakar Srivatsa,et al.  Countering Targeted File Attacks Using LocationGuard , 2005, USENIX Security Symposium.

[13]  Yuguang Fang,et al.  A Fine-Grained Reputation System for Reliable Service Selection in Peer-to-Peer Networks , 2007, IEEE Transactions on Parallel and Distributed Systems.

[14]  Ersin Uzun,et al.  A reputation-based trust management system for P2P networks , 2004, IEEE International Symposium on Cluster Computing and the Grid, 2004. CCGrid 2004..

[15]  Ian Clarke,et al.  Freenet: A Distributed Anonymous Information Storage and Retrieval System , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[16]  Daniel Stutzbach,et al.  Characterizing files in the modern Gnutella network , 2006, Electronic Imaging.

[17]  Joan Feigenbaum,et al.  Compliance Checking in the PolicyMaker Trust Management System , 1998, Financial Cryptography.

[18]  Hector Garcia-Molina,et al.  Routing indices for peer-to-peer systems , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[19]  S. Buchegger,et al.  A Robust Reputation System for Mobile Ad-hoc Networks , 2003 .

[20]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[21]  Hector Garcia-Molina,et al.  Identity crisis: anonymity vs reputation in P2P systems , 2003, Proceedings Third International Conference on Peer-to-Peer Computing (P2P2003).

[22]  Aravind Srinivasan,et al.  Efficient lookup on unstructured topologies , 2005, IEEE Journal on Selected Areas in Communications.

[23]  Mark Handley,et al.  A scalable content-addressable network , 2001, SIGCOMM 2001.

[24]  Partha Dasgupta,et al.  P2P Reputation Management Using Distributed Identities and Decentralized Recommendation Chains , 2010, IEEE Transactions on Knowledge and Data Engineering.

[25]  Antony I. T. Rowstron,et al.  Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems , 2001, Middleware.

[26]  Paul Resnick,et al.  Trust among strangers in internet transactions: Empirical analysis of eBay' s reputation system , 2002, The Economics of the Internet and E-commerce.

[27]  Evangelos Kotsovinos,et al.  Pinocchio: Incentives for Honest Participation in Distributed Trust Management , 2004, iTrust.

[28]  Karl Aberer,et al.  P2P reputation management: Probabilistic estimation vs. social networks , 2006, Comput. Networks.

[29]  Paul Rayson,et al.  P2P-4-DL: digital library over peer-to-peer , 2004 .

[30]  Ernesto Damiani,et al.  Choosing reputable servents in a P2P network , 2002, WWW.

[31]  Ruben Torres,et al.  DDoS Attacks by Subverting Membership Management in P2P Systems , 2007, 2007 3rd IEEE Workshop on Secure Network Protocols.

[32]  Bin Zhou,et al.  Secure and Distributed P2P Reputation Management , 2008, J. Commun..

[33]  Dan S. Wallach,et al.  A Survey of Peer-to-Peer Security Issues , 2002, ISSS.

[34]  Aphrodite Tsalgatidou,et al.  Reputation-Based Trust Systems for P2P Applications: Design Issues and Comparison Framework , 2006, TrustBus.

[35]  Christos H. Papadimitriou,et al.  Free-riding and whitewashing in peer-to-peer systems , 2006, IEEE J. Sel. Areas Commun..

[36]  Heather Yu,et al.  Peer-to-Peer Networking and Applications: Synopsis and Research Directions , 2010 .

[37]  Hector Garcia-Molina,et al.  Improving search in peer-to-peer networks , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[38]  Jordi Sabater-Mir,et al.  Reputation and social network analysis in multi-agent systems , 2002, AAMAS '02.

[39]  Raouf Boutaba,et al.  A Reputation Management and Selection Advisor Schemes for Peer-to-Peer Systems , 2004, DSOM.

[40]  Eng Keong Lua,et al.  P2p Networking And Applications , 2009 .

[41]  Stephen Marsh,et al.  Formalising Trust as a Computational Concept , 1994 .

[42]  Ernesto Damiani,et al.  Managing and Sharing Servents' Reputations in P2P Systems , 2003, IEEE Trans. Knowl. Data Eng..

[43]  Shanshan Song,et al.  Trusted P2P transactions with fuzzy reputation aggregation , 2005, IEEE Internet Computing.

[44]  Jon Crowcroft,et al.  A survey and comparison of peer-to-peer overlay network schemes , 2005, IEEE Communications Surveys & Tutorials.

[45]  Mukesh Singhal,et al.  Trust Management in Distributed Systems , 2007, Computer.

[46]  Hector Garcia-Molina,et al.  Efficient search in peer to peer networks , 2004 .

[47]  Vegi Srinivas,et al.  An Effective Calculation of Reputation in P2P Networks , 2009, J. Networks.

[48]  Mostafa H. Ammar,et al.  A reputation system for peer-to-peer networks , 2003, NOSSDAV '03.

[49]  Rüdiger Schollmeier,et al.  A definition of peer-to-peer networking for the classification of peer-to-peer architectures and applications , 2001, Proceedings First International Conference on Peer-to-Peer Computing.

[50]  Emin Gün Sirer,et al.  Experience with an Object Reputation System for Peer-to-Peer Filesharing , 2006, NSDI.

[51]  Klara Nahrstedt,et al.  A trust management framework for service-oriented environments , 2009, WWW '09.

[52]  Ling Liu,et al.  A reputation-based trust model for peer-to-peer ecommerce communities , 2003, EC.

[53]  Stefano Leonardi,et al.  Combining Transitive Trust and Negative Opinions for better Reputation Management in Social Networks , 2008 .

[54]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[55]  Hector Garcia-Molina,et al.  EigenRep: Reputation Management in P2P Networks , 2003 .

[56]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[57]  Robert Morris,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM 2001.

[58]  Kai Hwang,et al.  Gossip-based Reputation Aggregation for Unstructured Peer-to-Peer Networks , 2007, 2007 IEEE International Parallel and Distributed Processing Symposium.

[59]  Seungjoon Lee,et al.  Cooperative peer groups in NICE , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[60]  Akbar Ghaffarpour Rahbar,et al.  PowerTrust: A Robust and Scalable Reputation System for Trusted Peer-to-Peer Computing , 2007, IEEE Transactions on Parallel and Distributed Systems.