67
Trust Management Chen Ding Chen Yueguo Cheng Weiwei
Trust Management
Chen DingChen YueguoCheng Weiwei
22
Outline
Introduction A computational Model
Managing Trust in a Peer-2-Peer System DMRep EigenRep
Security Concerns P2PRep XRep
Conclusion
33
Trust Management
“ a unified approach to specifying and interpreting security policies, credentials, relationships [which] allows direct authorization of security-critical actions” – Blaze, Feigenbaum & Lacy
Trust Management is the capture, evaluation and enforcement of trusting intentions.
44
Reputation: perception that an agent creates through past actions about its intentions and norms.
Trust: a subjective expectation an agent has about another's future behavior based on the history of their encounters.
Reciprocity: mutual exchange of deeds
Reputation, Trust and Reciprocity
reputation
trust reciprocity
Given social network A
Increase ai’s reputation
Increase aj’s trust of ai
Increase ai’s reciprocating actions
55
A computational Model
Defines trust as a dyadic quantity between the trustor and trustee which can be inferred from reputation data about the trustee
Two simplifications The embedded social networks are taken to be static The action space is restrict to be:
Action: α {cooperate, defect}
66
Notations for Model
Reputation: θji(c) [0,1] Let C be the set of all contexts of interest. Let θji(c) represent ai’s reputation in an embedded social
network of concern to aj for the context c C
History: Dji(c) = {E*} Dji(c) represents a history of encounters that aj has with
ai within the context c.
Trust: T (c) = E [ θ(c) | D(c)] The higher the trust level for agent ai, the higher the
expectation that ai will reciprocate agent aj’s actions.
77
A Computational Model (cont…) θab : b’s reputation in the eyes of a.
Xab(i): the ith transaction between a and b.
After n transactions. We obtained the history data History: Dab = {Xab(1), Xab(2), … , Xab(n)}
Let p be the number of cooperations by agent b toward a in the n previous encounters.
a bContext c
otherwise 0
cooperate isaction sb' if 1 (i)Xab
88
A Computational Model (cont…)
Beta distribution: p( ) = Beta(c1, c2) : estimator for θ c1 and c2: c1=c2=1 (by prior assumptions)
A simple estimator for θab
Assuming that each encounter’s cooperation probability is independent of other encounters between A and B. The likelihood for the n encounters:
L(Dab| )= p(1- )n-p
Posterior estimate for :P( |D) = Beta(c1+p, c2+n-p)
n
pab
99
A Computational Model (cont…)
Trust towards b from a is the conditional expectation of given D.
Tab = p(xab(n+1)|D) = E[ |D]
Where
ncc
pcDE
21
1
]|[
1010
Outline
Introduction A computational Model
Managing Trust in a Peer-2-Peer System DMRep EigenRep
Security Concerns of the communication channel P2pRep XRep
Conclusion
1111
Reputation-based trust management
2 Examples Amazon.com
•Visitors usually look for customer reviews Visitors usually look for customer reviews before deciding to buy new books. before deciding to buy new books.
eBay
•Participants at eBay’s auctions can rate each Participants at eBay’s auctions can rate each other after each transaction.other after each transaction.
Both examples use completely centralized mechanism for storing and exploring reputation data.
1212
P2P Properties
No central coordination No central database No peer has a global view of the system Global behavior emerges from local
interactions Peers are autonomous Peers and connections are unreliable
1313
Design Considerations
The system should be self-policing The shared ethics of the user population are defined and
enforced by the peers themselves and not by some central authority
The system should maintain anonymity A peer’s reputation should be associated with an opaque
identifier rather with an externally associated identity The system should not assign any profit to newcomers The system should have minimal overhead in terms of
computation, infrastructure, storage, and message complexity
The system should be robust to malicious collectives of peers who know one another and attempt to collectively subvert the system.
1414
DMRep [KZ2001]
An approach that addresses the problem of reputation-based trust management at both the data management and the semantic level
Behavioral data B: Observations t(q,p)
•a peer qa peer q P makes when he interacts with a P makes when he interacts with a peer ppeer p P.P.
B(p) = { t (p, q) or t (q, p) | q P} B
In a decentralized environment: How to access trust given B(p) and B How to obtain such B(p) and B to construct trust.
1515
DMRep
In the decentralized environment, if a peer q has to determine trustworthiness of a peer p It has no access to global knowledge B and B(p) 2 ways to obtain data:
•DirectlyDirectly by interactions by interactions
BBqq(p) = { t (q, p) | t (q, p) (p) = { t (q, p) | t (q, p) B} B}
•Indirectly Indirectly through a limited number of referrals through a limited number of referrals from witnesses r from witnesses r WWqq P P
WWqq(p) = { t (r, p) | r (p) = { t (r, p) | r W Wqq, t (r, p) B}, t (r, p) B}
1616
DMRep
Assumption: The probability of cheating within a society is
comparably low More difficult to hide malicious behavior.
Complaint c (p,q) An agent p can, in case of malicious behavior of q,
file a complaint c (p,q)
1717
A simple situation
p and q interact and later on r wants to determine the trustworthiness of p and q. Assume p is cheating, q is honest After their interaction,
•q will file a complaint about pq will file a complaint about p
•p will file a complaint about q in order to p will file a complaint about q in order to hide its misbehavior. hide its misbehavior.
If p continues to cheat, r can conclude p is the cheater by observing the other complaints about p
1818
Reputation calculation
T(p) = |{c(p,q) | q P| x |{c(q,p)| q P}| High value of T(p) indicate that p is not trustworthy Problem
•The reputation was determined based on the The reputation was determined based on the global knowledge on complains which is very global knowledge on complains which is very difficult to obtain.difficult to obtain.
1919
The storage structure
P-Grid Insert (a, k, v), where a is an arbitrary agent in the
network, k is the key value to be searched for, and v is the data value associated with the key
Query (a, k): v, where a is an arbitrary agent in the network, which returns the data values v for a corresponding query k
Properties There exists an efficient decentralized bootstrap algorithm
which creates the access structure without central control The search algorithm consists of randomly forwarding the
requests from one peer to the other. All algorithms scale gracefully. Time and space complexity
are both O(logn)
2020
Decentralized Data Management
1 6 2 3 4 5
1:301:2
Stores complaints about and
by 1
1:401:2
Stores complaints about and
by 2.3
1:501:2
Stores complaints about and
by 1
0:201:2
Stores complaints about and
by 4,5
0:601:2
Stores complaints about and
by 4,5
0:610:4
Stores complaints about and
by 6
0 1
00 01 10 11Query(6,100)
Query(5,100)
Query(4,100) found!
2121
DMSRep
Access Problem: p still has to decide r’s trustworthiness
Even r is honest, it may not be reachable reliably over the network.
p q?
rq1
?
rqn
?
… rrq11rrq1n… rrqn1
rrqnn… …
? ? ? ?The exploration of the
whole network!
2222
Local computation of Trust
Assume that the peers are only malicious with a certain probability pi <= pimax <1. If there are r replicas satisfies on average pirmax < ε,
where ε is an acceptable fault-tolerance. If we receive the same data about a specific peer
from a sufficient number of replicas we need no further checks.
It also limits the depth of the exploration of trustworthiness of peers to limit the search space.
2323
Algorithm
p q
a1 a2 a3 an…
s1 s2 sw
?
a4
s3 …
Check ComplaintsW = {cri(q), cfi(q), si, fi |i=1,…w}
w: number of witness found
cri(q): number of complaints q received
cfi(q): number of complaints q filed
fi: the frequency with which si is found (non-uniformity of the P-Grid structure)
Normalized function
crcriinormnorm(q) = cr(q) = crii(q)(1-(s-f(q)(1-(s-fii/s)/s)ss), i=1,…,w), i=1,…,w
cfcfiinormnorm(q) = cf(q) = cfii(q)(1-(s-f(q)(1-(s-fii/s)/s)ss), i=1,…,w), i=1,…,w
2424
Algorithm
Function to determine trustworthyDecidep(cri
norm(q) , cfinorm(q)) =
ifcri
norm(q)* cfinorm(q) ≤ crp
avgcfpavg
then 1 else -1
Exploring Trust. S= SUM(i=1 … w, decide(cr_i, cf_i) if S=0 Check the Trustworthy of single witness.
24
2
1
avgp
avgp cfcr
2525
DMSRep Discussion
Strength An approach that addresses the problem at both the
data management and the semantic level The method can be implemented in a fully
decentralized peer-to-peer environment and scales well for large number of participants.
Limitations environment with low cheating rates. specific data management structure. Not robust to malicious collectives of peers
2626
Outline
Introduction A computational Model
Managing Trust in a Peer-2-Peer System DMRep EigenRep
Security Concerns P2PRep XRep
Conclusion
2727
How does one peer evaluate others?
Directly (by own experience) sat(i, j): +1, i downloads an authentic file from j. unsat(i, j): +1, i downloads an inauthentic file from j,
or i fails to download a file from j. local reputation value: sij=sat(i, j)- unsat(i, j).
Indirectly (by others’ experience) ask neighbors. ask friends (familiars). ask authorities (who are more reputable). ask witness.
2828
Normalizing Local Reputation Value
j ij
ijij s
sc
)0,max(
)0,max(
Local reputation vector:
Most are 0
10 ijcT
iNii ccc ),...,( 1
1..,11
1
N
jiji ceic
ijc
2929
Aggregating Local Reputation Values
Peer i asks its friends about their opinions on peer k.
Peer i asks its friends about their opinions on all peers.
Peer i asks its friends about their opinions about other peers again. (It seems like asking his friends’ friends) i
Ti cCt
2)(
j
jkijik cct
iT
i cCt
iN
ik
i
NNkNN
Nkkkk
Nk
iN
ik
i
c
c
c
ccc
ccc
ccc
t
t
t
...
...
......
......
......
......
......
...
...1
1
1
11111
11it
3030
Global Reputation Vector
Continues in this manner,
If n is large, will converge to the left principal eigenvector of C for every peer i. (C is irreducible and aperiodic)
We call this eigenvector , the global reputation vector. , an element of , quantifies how much trust the
system as a whole places peer j.
Non-distributed Algorithm
inT
i cCt
)(
it
t
t
jt
until
tt
tCt
repeat
et
kk
kTk
)()1(
)()1(
)0(
;
;
3131
Practical Issues
Pre-trust peers: P is a set of peers which are known to be trusted, is the pre-trusted vector of P, where,
Assign some trust on pre-trust peers : For new peers, who don’t know anybody else: Modified non-distributed algorithm:
othervise
PiifPpi
,0
,/1
pci
p
patCat kTk )()1( )1(
until
tt
patCat
tCt
repeat
pt
kk
kTk
kTk
)()1(
)1()1(
)()1(
)0(
)1(
;
;
3232
Distributed Algorithm
All peers in the network cooperate to compute and store the global trust vector.
Each peer stores and computes its own global trust value.
Minimize the computation, storage, and message overhead.
ik
NNik
ik
i aptctcat )...)(1( )()(11
)1(
patCat kTk )()1( )1(
3333
Distributed Algorithm (cont…)
Ai: set of peers which have downloaded files from peer i.
Bi: set of peers which peer i has downloaded files.
}
; until
return to peers allfor wait
; compute
; peers all to send
;)...)(1( compute
repeat
;for peers allquery
do{ ipeer each for
)1(
)()1(
)1(
)()(11
)1(
)0(
kjjii
ki
ki
ik
iij
ik
NNik
ik
i
jji
tcAj
tt
Bjtc
aptctcat
ptAj
i6
0
2
9
1
5
8
Predecessor: Ai
(downl oad f rom i )Successor: Bi
(downl oaded by i )
1011
7. . .
3
4
12
)(11
kitc
)(55
kitc
)(66
kitc
)(1111
kitc
)(kit
)1( kit
)1(2
kii tc
)1(7
kii tc
)1(9
kii tc
3434
Message Traffic
Mean number of acquaintance per peer : m. Mean number of iteration: k. Mean number of messages per peer: O(mk).
3535
Secure Algorithm
The trust value of one peer should be computed by more than one other peer. malicious peers report false trust values of their own. malicious peers compute false trust values for others.
Use multiple DHTs to assign mother peers. The number of mother peers for one peer is same to
all peers.
4
8
3
1
H1(1)
H2(1)
H3(1)
i
0
4
7
2
6
9
1
5
8
3
1011
12
. . .
H1(1)
H2(1)
H3(1)
3636
i
0
4
7
2
6
9
1
5
8
3
Predecessor: Ai
(downl oad f rom i )Successor: Bi
(downl oaded by i )Mother: Mi
(compute for i )Daughter: Di
(computed by i )
1011
12
. . .
Secure Algorithm (cont…)
Ai, Bi
0 21 9
5 12 11 #
Ai
015
11
…
…
Ai
0ic
Bi
2 0. 21 9 0. 55 12 0. 3
11
Ai
0ic
Bi
2 0. 21 9 0. 55 12 0. 3
11
3737
; Until
;return to peers allfor Wait
; Compute
; peers all to Send
;)...)(1( Compute
Repeat
;for peers allQuery
)1(
)()1(
)1(
)()(11
)1(
)0(
kjjii
ki
ki
ik
iij
ik
NNik
ik
i
jjijjii
tcAj
tt
Bjtc
aptctcat
pctcAj
Secure Algorithm (cont…)
i
0
4
7
2
6
9
1
5
8
3
Predecessor: Ai
(downl oad f rom i )Successor: Bi
(downl oaded by i )Mother: Mi
(compute for i )Daughter: Di
(computed by i )
1011
12
. . .
m Ai
0ic
Bi
2 0. 21 9 0. 55 12 0. 3
11
Ai
0ic
Bi
2 0. 21 9 0. 55 12 0. 3
11
)1(it
)2(it it...
3838
Secure Algorithm (cont…)
Ai
Predecessors of iBi
Successor of i
j
h
m
c
k
n
e
a
b
f
l
i
. . .
d
gi
0
4
7
2
6
9
1
5
8
3
1011
12
. . .
Mothers of Ai Mothers of BiMothers of i
H1()
H2()
H3()
H1(i
)
H1(5) H1(0)
H1(1
1) H1(1)
H1(9) H1(1
2)
H1(2)
3939
Modified Secure Algorithm
end
end
; until
;1
; compute
;for ,)( peers all to send
;)...)(1( compute
;return tofor ,)( peers allfor t wai
repeat
;for ,)( peers all to send
0;
);(
do each for
; daughters its from , ,collect
; mothers its to , , send
do ipeer each for
)()1(
)1(
)()(11
)1(
)(
)(
kk
tt
BjjHashtc
aptctcat
tcAjjHash
BjjHashpctc
k
dHashi
Dd
DcBA
McBA
ki
ki
itk
ddj
dk
NNdk
dk
d
kjjddt
itddjk
ddj
t
i
iddd
iiii
4040
Message Traffic
Mean number of acquaintance per peer: m. Mean number of iteration: k. Number of mothers for one peer: t. Mean number of message per peer: O(tmk).
4141
Using Global Reputation Values
Isolate malicious peers. download from reputable peers.
Incent peers to share file. reward reputation.
Allow the newcomers to build trust. provide a probability of 10% to be selected. reward new comers greatly.
Balance the load. download probabilistically based on trust values. set up maximum reputation (e.g. sij<MAX Value).
Reputati on Reputati on
Noraml Popul arMal i ci ous
4242
Limitation of EigenRep
Cannot distinguish between newcomers and malicious peers.
Malicious peers can still cheat cooperatively A peer should not report its predecessors by itself.
Flexibility How to calculate reputation values when peers join
and leave, on line and off line.
When to update global reputation values? According to the new local reputation vector of all
peers.
Anonymous? A mother peer know its daughters.
4343
Outline
Introduction A computational Model Trust management in P2P system
Managing Trust in a Peer-2-Peer System DMRep EigenRep
Security Concerns P2pRep XRep
Conclusion
4444
P2PRep & XRep
Not focus on computation of reputations Security of exchanged messages
Queries Votes
How to prevent different security attacks
4545
Using Gnutella for reference A fully P2P decentralized infrastructure Peers have low accountability and trust Security threats to Gnutella
•Distribution of tampered informationDistribution of tampered information
•Man in the middle attackMan in the middle attack
P2PRep & XRep
4646
P select a peer among those who respond to P’s query
P polls its peers for opinions about the selected peer
Peers respond to the polling with votes P uses the votes to make its decision
Sketch of P2PRep
4747
Sketch of P2PRep Cont’d
To ensure authenticity of offerers & voters, and confidentiality of votes
Use public-key encryption to provide integrity and confidentiality of messages
Require peer_id to be a digest of a public key, for which the peer knows the private key
4848
P2PRep
Two approaches: Basic polling
•Voters do not provide Voters do not provide peer_id peer_id in votesin votes Enhanced polling
•Voters declare their Voters declare their peer_id peer_id in votesin votes
4949
P2PRep – Basic Polling (a)
Peers SSInitiator P
QueryHit(IP,port,speed,Result,peer_id)
Query(search_string)
Select top list T of offerers
Generate key pair (PKpoll, SKpoll)
TrueVote( Votesj )
PollReply( {(IP,port,Votes)}PKpoll )
Remove suspicious votes
Select random subset V’
Poll(T, PKpoll)
TrueVoteReply(resonse)
If response is negative, discard Votes j
Select peer s for downloading
P *
P *
Si P, (Si S)S)
Vi P, (Vi V)V)
P Vj, (Vj V’)V’)D
Vj P, (Vj V’)V’)D
5050
P2PRep – Basic Polling (b)
Peer sInitiator P
Response([r]SKs, PKs)
Challenge(r)
If h(PKs)=peer_ids &&{[r]SKs}PKs=r: download
Update experience_repository
Generate random string r
P sD
s PD
5151
P2PRep
Two approaches: Basic polling
•Voters do not provide Voters do not provide peer_id peer_id in votesin votes Enhanced polling
•Voters declare their Voters declare their peer_id peer_id in votesin votes
5252
P2PRep – Enhanced Polling (a)
Peers SSInitiator P
QueryHit(IP,port,speed,Result,peer_id)
Query(search_string)
Select top list T of offerers
Generate pairs (PKpoll, SKpoll)
AreYou( peer_idj )
PollReply( {[(IP,port,Votes,peer_idi)]SKi, PKi}PKpoll )
Remove suspicious votes
Select random subset V’
Poll(T, PKpoll)
AreYouReply(resonse)
If response is negative, discard Votes j
Select servent s for downloading
P *
P *
Si P, (Si S)S)
Vi P, (Vi V)V)
P Vj, (Vj V’)V’)D
Vj P, (Vj V’)V’)D
5353
P2PRep – Enhanced Polling (b)
Peer sInitiator P
Response([r]SKs, PKs)
Challenge(r)
If h(PKs)=peer_ids &&{[r]SKs}PKs=r: download
Update experience_repository
Generate random string r
P sD
s PD
5454
Comparison: Basic vs Enhanced
Basic polling all votes are considered equal
Enhanced polling peer_ids allow p to weight the votes based on v’s
trustworthiness
5555
Discussion
In enhanced polling, voters also provide IP & port in PollReply message
Discussion: IP & port, and AreYou message can be omitted Explanation 1:
•basic polling needs basic polling needs IP & portIP & port to check truthfulness of to check truthfulness of VotesVotes
•voter’s private key guarantees this in enhanced pollingvoter’s private key guarantees this in enhanced polling Explanation 2:
•the paper explains that AreYou message checks the the paper explains that AreYou message checks the truthfulness of (IP,Port)truthfulness of (IP,Port)
•the the offerer’sofferer’s (IP,Port) needs to be checked as later we (IP,Port) needs to be checked as later we need download from it. For voter, we only need the need download from it. For voter, we only need the truthfulness of Votestruthfulness of Votes
5656
P2PRep: Security Improvements (1)
Distribution of Tampered Information B responds to A with a fake resource
P2PRep Solution: A discovers the harmful content from B A updates B’s reputation, preventing further
interaction with B A become witness against B in pollings by others
5757
P2PRep: Security Improvements (2)
Man in the Middle Attack Data from C to A can be modified by B, who is in the
path
•A broadcasts a Query and C respondsA broadcasts a Query and C responds
•B intercepts the QueryHit from C and B intercepts the QueryHit from C and rewrites it with B’s IP & portrewrites it with B’s IP & port
•A receives B’s replyA receives B’s reply
•A chooses B for downloadingA chooses B for downloading
•B downloads original content from C, B downloads original content from C, modifies it and passes it to Amodifies it and passes it to A
5858
P2PRep: Security Improvements (2)
Man in the Middle Attack P2PRep addresses this problem by including a challenge-
response phase before downloading To impersonate C, B needs
•C’s private keyC’s private key
•To design a public key whose digest is C’s To design a public key whose digest is C’s identifieridentifier
Public key encryption strongly enhances the integrity of the exchanged messages
Both versions address this problem
5959
XRep
Extended from P2PRep Combining servent-based & resource-based
reputations Servent-based Reputation
•Associated with Peer IdentifierAssociated with Peer Identifier Resource-based Reputation
•Coupled to resource’s contentCoupled to resource’s content
6060
Two Requirements Peer_id is a digest of its public key Resource_id is a digest of its content
Each peer maintains two experience repositories Servent Repository Resource Repository
XRep
6161
XRep protocol consists of 5 stages: Recource searching Rescource selection & Vote Polling Vote evaluation Best peer check Resource downloading
Sketch of XRep
6262
XRep
Differences from P2PRep QueryHit contains resource digests in ResultSet Vote Polling: ask peers to vote on resource or on
the peers who offer the resource Vote Reply: each peer can respond with votes on
resources or peers
Similar to P2PRep, public key encryption is used
6363
XRep: Security Consideration
Distribution of Tampered Information Man in the middle attack
6464
XRep: Improvements (1)
Decoupling of resource from offerers permits parallel downloads P can ask different offerers for different resource
fragments
6565
XRep: Improvements (2)
Combining servent-based & resource-based reputations Both have shortcomings and advantages
Servent-based Resource-based
Reputation’s life cycle
shorter due to peer_id changes
good resource always recognizable
Cold start avoid cold start for new resource
avoid cold start for new peers
Performance bottleneck
may direct all downloads to most reputable peers
avoids bottleneck for most reputable peers
6666
Outline
Introduction A computational Model Trust management in P2P system
Managing Trust in a Peer-2-Peer System DMRep EigenRep
Security Concerns P2pRep XRep
Conclusion
6767
Conclusion
Reputation-based Trust Management Reputation Computation & Management
DMRep EigenRep
Security Concerns P2PRep XRep
