a next generation reputation system based on the blockchain
TRANSCRIPT
Rep on the block : A next generation reputation system based on the blockchain
BY: MAGED MOHAMED ELGAZZAR@MMELJAZZAR
LINKEDIN.COM/IN/MMJAZZAR
7/11/2016 1
Conference The 10th International Conference for Internet Technology and Secured Transactions (ICITST-2015)
7/11/2016 2
Agenda Introduction. Attacks on reputation systems Current reputation systems. blockchain reputation system. Limitation. Conclusion.
7/11/2016 3
Introduction eBay has the most widely used reputation system and processes over a billion transactions per day.
Multidimensional reputations.
Reliability of reputations.
7/11/2016 4
The common Attacks on reputation systems
7/11/2016 5
Types of attacks Unfair ratings attack.
Collusion attack.
The Sybil attack.
The re-entry attack.
7/11/2016 6
Unfair ratings attack. prove and prevent is the unfair ratings attack.
comparing ratings of users to ratings left by higher trustedusers on the network
7/11/2016 7
Collusion attackA group of nodes who collude between each other.
aim of lowering a target node’s reputation.
One solution is to calculate the reputation score based on the average of all reputations.
7/11/2016 8
The Sybil attack A single user gains access to multiple legal identities.
depends on the cost of obtaining an identity.
It makes entrance to the network expensive for the network.
7/11/2016 9
The re-entry attackWith this attack, an attacker can choose to behave maliciously.
They have a low reputation that impacts their attack, they stop using that account and generate a new account.
7/11/2016 10
The proposed blockchain reputation system
7/11/2016 11
Goal of the new system Withstand previously documented attacks on reputation systems.
provide a generalized reputation system that can beimplemented into any network.
7/11/2016 12
Transaction Store single dimensional reputation
1 for a positive transaction, or a 0 for a non satisfactory transaction
Classify a transaction, signed by the sender’s private key to a user who requested it.
7/11/2016 13
The unfair ratings attack The user sends a transaction consisting of the reputation score, a timestamp, and a hash of the received file.
This data is encrypted with the receiver’s private key and is sent to the miners.
This ensures the reputation left by a user is based on a real transaction.
7/11/2016 14
The unfair ratings attack
7/11/2016 15
The Sybil attack Link the indemnity creation to the IP address of a user.
While this method does not prevent an attacker from creating multiple identities,
It makes the cost of doing so much more expensive.
7/11/2016 16
Multiple identities The ability to prevent multiple identities from a singlemachine, is key in preventing a Sybil attack.
The data sent to the miners would be transaction hash sender public key receiver public key.
7/11/2016 17
Malicious transactions A user with a low reputation stakes a small amount of currency into a triple signed wallet.
Sending a small amount of currency to the wallet set up especially for this transaction.
7/11/2016 18
Malicious transactions This would mean if the user were to behave dishonestly and send a malicious file.
The amount stored in the wallet would be sent to a pool which the network uses to act as a reward for miners finding blocks.
7/11/2016 19
Multidimensional reputation The also stores reputation from peers it has had previous interactions with.
This could be done to enhance speed of the transaction, quality of file, etc.
10/24/2016 20
The limitations of the reputation blockchain
system
10/24/2016 21
limitations of the system Number of transactions per sec. Large scale development. Low resourced users. Trustworthiness of a peer. Latency. Technical flaws.
10/24/2016 22
Number of transactions per sec. A maximum block size, our network would only be able to process 10 transactions a second
Malicious colluding nodes would spam the miners withtransactions.
10/24/2016 23
Number of transactions per sec. Remove the maximum size of a block.
Increase the transactions per second, is to reduce the time required for each block to be created.
10/24/2016 24
large scale development The required resources on each node make this expensive to implement, with the proposed 1MB block size.
the blockchain could increase at a rate of 144MB a day (53GBa year).
10/24/2016 25
Low resourced users Greater bandwidth to receive blocks. This would also further limit the participation of low-resourced nodes such as mobile devices.
Solution: propose that each node is no longer required to download the entire blockchain.
10/24/2016 26
Trustworthiness of a peer It would take several months from deployment for thereputation system to become effective.
Gaining the necessary data and feedback from users that would allow other users on the network to make informed decisions on the trustworthiness of a peer.
10/24/2016 27
Latency The network latency Validation of any request would add additional delay.
10/24/2016 28
Technical flaws The risk of unknown technical flaws in the cryptography used could undermine security on the network.
An intelligent colluding attack. it might still be possible for an attacker to profit from the system.
10/24/2016 29
Conclusion As now a malicious peer would be able to be detected 50% faster than before.
The increased resources (storage space for the blockchain) on the miners could result in fewer miners on the network; this would in turn lower the security of the network.
10/24/2016 30
Conclusion The proposed reputation system is client controlled.
The client can calculate the reputation score based on parameters set by them.
For example, a user could only view reputations from users on a specific network. To prevent against the collusion attack,
10/24/2016 31
Benefits of the system Each user will only be given a reputation score based on the average of all their reputation score.
This ensures if two nodes are transacting together, they will get the same reputation scores whether they send one transaction or a thousand transactions to each other
10/24/2016 32