1 the eigentrust algorithm for reputation management in p2p networks sepandar d.kamvar, mario...
TRANSCRIPT
1
The EigenTrust Algorithm for Reputation Management in P2P NetworksSepandar D.Kamvar, Mario T.Schlosser, Hector Garc
ia-MolinaStanford University
Appeared in WWW 2003, Budapest, Hungary
Speaker : Yu-Hsin Shih
Date : 2007/09/04
2
Outline
Problem
Basic EigenTrust
Distributed EigenTrust
Secure EigenTrust
Global Trust Value
Experiments and Results
3
Problem
Motivation: Reduce inauthentic files
distributed by malicious peers in a P2P network
Goal: Identify sources of
inauthentic files and malicious peers against downloading from them
4
Problem (cont.)
Problem How to aggregate local trust value without a centr
alized server From a few peers – cannot get a wide view of P2P netw
ork From all peers – may congest the network
5
Problem (cont.)
Method Each peer i is assigned a global
trust value, which reflects the experiences of all peers in the network with peer i
6
Outline
Problem
Basic EigenTrust
Distributed EigenTrust
Secure EigenTrust
Global Trust Value
Experiments and Results
7
Terminology
Local trust value: cij
The opinion that peer i has on peer j, based on past experience
Global trust value: ti
The trust that the entire system places on peer i
Peer 1
Peer 3
Peer 2
Peer 4
C21=0.3
C23=0.7
C14=0.01
C12=0.6
t3=0.55
t2=0.3
t1=0.15
t4=0
8
Basic EigenTrust
1. Compute local trust value
2. Normalize local trust value
3. Aggregate local trust value
9
Basic EigenTrust
1. Compute local trust value
2. Normalize local trust value
3. Aggregate local trust value
10
Compute Local Trust Value
Step 1: Peer i downloads a file from peer j
Positive transaction tr(i,j) = 1
Negative transaction tr(i,j) = -1
Step 2: Local trust value sij = sum of ratings of individual transactions that peer i has downloaded from peer j
sij = Σ tr(i,j)
11
Basic EigenTrust
1. Compute local trust value
2. Normalize local trust value
3. Aggregate local trust value
12
Normalize Local Trust Value
..
All cij are non-negative
ci1 + ci2 + . . . + cin = 1 C14=0.1
C12=0.9
Peer 1
Peer 2
Peer 4
13
Normalize Local Trust Value (cont.) Local trust vector ci :
contains all local trust values cij that peer i has on other peers j
C14=0.1
C12=0.9
Peer 1
Peer 2
Peer 4
1.0
0
9.0
0
Peer 1
c1
0
0
Peer 2
Peer 4
14
Normalize Local Trust Value (cont.) Drawback
Normalized values do not distinguish between peers with no interaction and peers with poor experience
Normalized values are relative, not absolute interpretation
15
Basic EigenTrust
1. Compute local trust value
2. Normalize local trust value
3. Aggregate local trust value
16
Past History
Each peer biases its choice of downloads using its own opinion vector ci.
If it has had good past experience with peer j, it will be more likely to download from that peer.
Problem – Each peer has limited past experience. Knows few other peers.
0
0
0
0
0
0
Peer 4
Peer 1
???
?
??
Peer 6
17
Friends of Friends
Ask for the opinions of people who you trust
Weight their opinions by your trust in them
0
0
0
0
0
0
Peer 4
Peer 1
0
0
0
0
0
0
Peer 2
Peer 8
Peer 6
18
The Math
j
jkijik cct
Ask your friends j
Weight each friend’s opinion by how much you trust him.
What your friends think of peer k
0.2 0.3 0.5 1 0 0
.1
.3
.2
.3
.1
.1
.2 .1.6 0 0 0.2
'it i
T tC
19
Problems with Friends
Either you know a lot of friends, in which case you have to compute and store many values.
Or, you have few friends, in which case you won’t know many peers, even after asking your friends.
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
20
Goals
Want each peer to Know all peers Perform minimal computation and storage
21
To Know All Peers
Ask your friends:
t = CTci
Ask friends’ friends:
t = (CT)2ci
Keep asking until t converges:
t = (CT)nci
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
22
Minimal Computation
Luckily, the global trust vector t, if is computed in this manner, converge to the same thing for every peer!
Therefore, each peer doesn’t have to store and computes its own global trust vector. The whole network can cooperate to store and compute t.
23
Non-distributed Algorithm
Initialize:
Repeat until converges
T(0)t
nn
1...
1
(k)T1)(k tCt
24
Practical Issues
A priori notions of trust
Inactive Peers
Malicious Collectives
25
A Priori Notions of Trust
Assuming that some peers in the network are trustworthy
Define a distribution p over pre-trusted peers P, such that pi = 1 / |P|
In the presence of malicious peers, t = (CT)n p will converge faster so p is used as the start vector
26
Inactive Peers
If peer i doesn’t download from anybody else or assigns 0 to all peers, cij will be undefined:
Redefine cij. If a peer i doesn’t know anyone or doesn’t trust anyone, he will choose to trust per-trusted peers
27
Malicious Collectives
Break collectives by having each peer place at least some trust in the peers P that are not a part of the collective
How? Probabilistically, an agent crawling the network is less likely to get stuck crawling a malicious collective
Challenge: Make sure that no pre-trusted peer is a member of malicious collective
28
Outline
Problem
Basic EigenTrust
Distributed EigenTrust
Secure EigenTrust
Global Trust Value
Experiments and Results
29
Distributed EigenTrust
Each peer i stores its local trust vector ci and global trust vector ti
Computation, storage, message overheads are minimal
In P2P networks, each peer has limited interactions with other peers. So most of the trust values will be 0.
In the case of a network with heavily active peers, limit the number of local trust values cij that each peer can report
30
Distributed EigenTrust AlgorithmFor each peer i {
-First, ask peers who know you for their opinions of you.
-Repeat until convergence {
-Compute current trust value: ti(k+1) = (1-a)(c1i t1
(k) +…+
cni tn(k))+api
-Send your opinion cij and trust value ti(k+1) to your
acquaintances.
-Wait for the peers who know you to send you their trust
values and opinions.
}
}
31
Algorithm Complexity
Algorithm converges fast: around 100 query cycles for a network of 1000 peers
Computed global trust values do not change significantly any more after a low number of iterations
32
Outline
Problem
Basic EigenTrust
Distributed EigenTrust
Secure EigenTrust
Global Trust Value
Experiments and Results
33
Secure EigenTrust
Previously, each peer computes and reports its own global trust value ti.
Drawback: Malicious peers can easily report false trust values
Secure EigenTrust
A peer’s trust value must not be computed by and reside at the peer itself.
Trust value of one peer will be computed by more than one peer. (use majority vote to avoid malicious results)
34
Secure EigenTrust
M peers (score managers) compute trust value of peer i Use Distributed Hash Table (DHT) to get M score mangers
Hash unique ID of peer (IP address, TCP port) using hash functions h1, h2, h3 into points in the logical coordinate space
The peers corresponding to the points become the score managers.
35
Secure EigenTrust : Properties Anonymity
A peer at a specific coordinate cannot find out for whom it computes the trust value
Randomization Peers that enter the system cannot select at which
coordinates in the hash space they want to be located
Redundancy Several score managers compute the trust value for one
peer
36
Outline
Problem
Basic EigenTrust
Distributed EigenTrust
Secure EigenTrust
Global Trust Value
Experiments and Results
37
Global Trust Value
When you get responses from multiple peers
DeterministicChoose the one with highest trust value
ProbabilisticChoose a peer with probability proportional to its trust value
38
Deterministic Download
Choose the one with highest trust value
Advantage High probability to access authentic files
Disadvantage Highly trusted peers will be overloaded.
Newcomers have little chance to build up reputation
39
Deterministic Download
Choose the one with highest trust value
40
Probabilistic Download
Choose a peer with probability proportional to its trust value
Advantage Limit number of unsatisfactory downloads
Balance network load
Allow newcomers to build up reputation
41
Probabilistic Download
Choose a peer with probability proportional to its trust value
43
Using Global Trust Values
Isolating Malicious Peers
Select peers probabilistically based on trust value
, where d is a constant between 0 and 1.
In this way, a peer avoid downloading from another peer who gives it bad discriminatory service.
44
Using Global Trust Values
Stimulating Free-riders to Share
Reward reputable peers Increase connectivity, greater bandwidth
Effect
Incentive to share files Give non-malicious peers an incentive to delete
inauthentic files
45
Outline
Problem
Basic EigenTrust
Distributed EigenTrust
Secure EigenTrust
Global Trust Value
Experiments and Results
46
Threat Scenarios
Malicious Individuals Always provide inauthentic
files
Malicious Collective Always provide inauthentic
files Know each other. Give each
other good opinions and give other bad opinions.
47
Threat Scenarios (cont.)
Camouflaged Collective Provide authentic files some of
the time to trick good peers into giving them good opinions.
Malicious Spies Some members of the collective
give good files all the time, but give good opinions to malicious peers.
48
Malicious Individuals
49
Malicious Collective
50
Camouflaged Collective
51
Malicious Spies
52
Summary
EigenTrust Dramatically reduce number of inauthentic file do
wnloads in the network Robust to malicious peers Low overhead
53
Reference
Kamvar’s slides & paper http://www.stanford.edu/~sdkamvar/talks/EigenTrust.ppt http://www.stanford.edu/~sdkamvar/papers/eigentrust.pdf
54
Thank you!