1

The EigenTrust Algorithm for Reputation Management in P2P NetworksSepandar D.Kamvar, Mario T.Schlosser, Hector Garc

ia-MolinaStanford University

Appeared in WWW 2003, Budapest, Hungary

Speaker : Yu-Hsin Shih

Date : 2007/09/04

2

Outline

Problem

Basic EigenTrust

Distributed EigenTrust

Secure EigenTrust

Global Trust Value

Experiments and Results

3

Problem

Motivation: Reduce inauthentic files

distributed by malicious peers in a P2P network

Goal: Identify sources of

inauthentic files and malicious peers against downloading from them

4

Problem (cont.)

Problem How to aggregate local trust value without a centr

alized server From a few peers – cannot get a wide view of P2P netw

ork From all peers – may congest the network

5

Problem (cont.)

Method Each peer i is assigned a global

trust value, which reflects the experiences of all peers in the network with peer i

6

Outline

Problem

Basic EigenTrust

Distributed EigenTrust

Secure EigenTrust

Global Trust Value

Experiments and Results

7

Terminology

Local trust value: cij

The opinion that peer i has on peer j, based on past experience

Global trust value: ti

The trust that the entire system places on peer i

Peer 1

Peer 3

Peer 2

Peer 4

C21=0.3

C23=0.7

C14=0.01

C12=0.6

t3=0.55

t2=0.3

t1=0.15

t4=0

8

Basic EigenTrust

1. Compute local trust value

2. Normalize local trust value

3. Aggregate local trust value

9

Basic EigenTrust

1. Compute local trust value

2. Normalize local trust value

3. Aggregate local trust value

10

Compute Local Trust Value

Step 1: Peer i downloads a file from peer j

Positive transaction tr(i,j) = 1

Negative transaction tr(i,j) = -1

Step 2: Local trust value sij = sum of ratings of individual transactions that peer i has downloaded from peer j

sij = Σ tr(i,j)

11

Basic EigenTrust

1. Compute local trust value

2. Normalize local trust value

3. Aggregate local trust value

12

Normalize Local Trust Value

..

All cij are non-negative

ci1 + ci2 + . . . + cin = 1 C14=0.1

C12=0.9

Peer 1

Peer 2

Peer 4

13

Normalize Local Trust Value (cont.) Local trust vector ci :

contains all local trust values cij that peer i has on other peers j

C14=0.1

C12=0.9

Peer 1

Peer 2

Peer 4

1.0

0

9.0

0

Peer 1

c1

0

0

Peer 2

Peer 4

14

Normalize Local Trust Value (cont.) Drawback

Normalized values do not distinguish between peers with no interaction and peers with poor experience

Normalized values are relative, not absolute interpretation

15

Basic EigenTrust

1. Compute local trust value

2. Normalize local trust value

3. Aggregate local trust value

16

Past History

Each peer biases its choice of downloads using its own opinion vector ci.

If it has had good past experience with peer j, it will be more likely to download from that peer.

Problem – Each peer has limited past experience. Knows few other peers.

0

0

0

0

0

0

Peer 4

Peer 1

???

?

??

Peer 6

17

Friends of Friends

Ask for the opinions of people who you trust

Weight their opinions by your trust in them

0

0

0

0

0

0

Peer 4

Peer 1

0

0

0

0

0

0

Peer 2

Peer 8

Peer 6

18

The Math

j

jkijik cct

Ask your friends j

Weight each friend’s opinion by how much you trust him.

What your friends think of peer k

0.2 0.3 0.5 1 0 0

.1

.3

.2

.3

.1

.1

.2 .1.6 0 0 0.2

'it i

T tC

19

Problems with Friends

Either you know a lot of friends, in which case you have to compute and store many values.

Or, you have few friends, in which case you won’t know many peers, even after asking your friends.

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

20

Goals

Want each peer to Know all peers Perform minimal computation and storage

21

To Know All Peers

Ask your friends:

t = CTci

Ask friends’ friends:

t = (CT)2ci

Keep asking until t converges:

t = (CT)nci

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

22

Minimal Computation

Luckily, the global trust vector t, if is computed in this manner, converge to the same thing for every peer!

Therefore, each peer doesn’t have to store and computes its own global trust vector. The whole network can cooperate to store and compute t.

23

Non-distributed Algorithm

Initialize:

Repeat until converges

T(0)t

nn

1...

1

(k)T1)(k tCt

24

Practical Issues

A priori notions of trust

Inactive Peers

Malicious Collectives

25

A Priori Notions of Trust

Assuming that some peers in the network are trustworthy

Define a distribution p over pre-trusted peers P, such that pi = 1 / |P|

In the presence of malicious peers, t = (CT)n p will converge faster so p is used as the start vector

26

Inactive Peers

If peer i doesn’t download from anybody else or assigns 0 to all peers, cij will be undefined:

Redefine cij. If a peer i doesn’t know anyone or doesn’t trust anyone, he will choose to trust per-trusted peers

27

Malicious Collectives

Break collectives by having each peer place at least some trust in the peers P that are not a part of the collective

How? Probabilistically, an agent crawling the network is less likely to get stuck crawling a malicious collective

Challenge: Make sure that no pre-trusted peer is a member of malicious collective

28

Outline

Problem

Basic EigenTrust

Distributed EigenTrust

Secure EigenTrust

Global Trust Value

Experiments and Results

29

Distributed EigenTrust

Each peer i stores its local trust vector ci and global trust vector ti

Computation, storage, message overheads are minimal

In P2P networks, each peer has limited interactions with other peers. So most of the trust values will be 0.

In the case of a network with heavily active peers, limit the number of local trust values cij that each peer can report

30

Distributed EigenTrust AlgorithmFor each peer i {

-First, ask peers who know you for their opinions of you.

-Repeat until convergence {

-Compute current trust value: ti(k+1) = (1-a)(c1i t1

(k) +…+

cni tn(k))+api

-Send your opinion cij and trust value ti(k+1) to your

acquaintances.

-Wait for the peers who know you to send you their trust

values and opinions.

}

}

31

Algorithm Complexity

Algorithm converges fast: around 100 query cycles for a network of 1000 peers

Computed global trust values do not change significantly any more after a low number of iterations

32

Outline

Problem

Basic EigenTrust

Distributed EigenTrust

Secure EigenTrust

Global Trust Value

Experiments and Results

33

Secure EigenTrust

Previously, each peer computes and reports its own global trust value ti.

Drawback: Malicious peers can easily report false trust values

Secure EigenTrust

A peer’s trust value must not be computed by and reside at the peer itself.

Trust value of one peer will be computed by more than one peer. (use majority vote to avoid malicious results)

34

Secure EigenTrust

M peers (score managers) compute trust value of peer i Use Distributed Hash Table (DHT) to get M score mangers

Hash unique ID of peer (IP address, TCP port) using hash functions h1, h2, h3 into points in the logical coordinate space

The peers corresponding to the points become the score managers.

35

Secure EigenTrust : Properties Anonymity

A peer at a specific coordinate cannot find out for whom it computes the trust value

Randomization Peers that enter the system cannot select at which

coordinates in the hash space they want to be located

Redundancy Several score managers compute the trust value for one

peer

36

Outline

Problem

Basic EigenTrust

Distributed EigenTrust

Secure EigenTrust

Global Trust Value

Experiments and Results

37

Global Trust Value

When you get responses from multiple peers

DeterministicChoose the one with highest trust value

ProbabilisticChoose a peer with probability proportional to its trust value

38

Deterministic Download

Choose the one with highest trust value

Advantage High probability to access authentic files

Disadvantage Highly trusted peers will be overloaded.

Newcomers have little chance to build up reputation

39

Deterministic Download

Choose the one with highest trust value

40

Probabilistic Download

Choose a peer with probability proportional to its trust value

Advantage Limit number of unsatisfactory downloads

Balance network load

Allow newcomers to build up reputation

41

Probabilistic Download

Choose a peer with probability proportional to its trust value

43

Using Global Trust Values

Isolating Malicious Peers

Select peers probabilistically based on trust value

, where d is a constant between 0 and 1.

In this way, a peer avoid downloading from another peer who gives it bad discriminatory service.

44

Using Global Trust Values

Stimulating Free-riders to Share

Reward reputable peers Increase connectivity, greater bandwidth

Effect

Incentive to share files Give non-malicious peers an incentive to delete

inauthentic files

45

Outline

Problem

Basic EigenTrust

Distributed EigenTrust

Secure EigenTrust

Global Trust Value

Experiments and Results

46

Threat Scenarios

Malicious Individuals Always provide inauthentic

files

Malicious Collective Always provide inauthentic

files Know each other. Give each

other good opinions and give other bad opinions.

47

Threat Scenarios (cont.)

Camouflaged Collective Provide authentic files some of

the time to trick good peers into giving them good opinions.

Malicious Spies Some members of the collective

give good files all the time, but give good opinions to malicious peers.

48

Malicious Individuals

49

Malicious Collective

50

Camouflaged Collective

51

Malicious Spies

52

Summary

EigenTrust Dramatically reduce number of inauthentic file do

wnloads in the network Robust to malicious peers Low overhead

53

Reference

Kamvar’s slides & paper http://www.stanford.edu/~sdkamvar/talks/EigenTrust.ppt http://www.stanford.edu/~sdkamvar/papers/eigentrust.pdf

54

Thank you!