reputation based trust

of 20/20
Reputation Based Trust Reputation Based Trust The using of reputation The using of reputation to accomplish trust to accomplish trust between users on the between users on the Internet Internet M.Vološin, R.Gore, Ibe2roč. PF UPJŠ, Košice, Slovakia

Post on 07-Jan-2016

45 views

Category:

Documents

0 download

Embed Size (px)

DESCRIPTION

Reputation Based Trust. The using of reputation to accomplish trust between users on the Internet. M.Volo šin, R.Gore, Ibe2roč. PF UPJŠ, Košice, Slovakia. Contents. What is Reputation Based Trust Various systems for Reputation Based Trust on Internet Human driven environments - PowerPoint PPT Presentation

TRANSCRIPT

  • Reputation Based TrustThe using of reputation to accomplish trust between users on the Internet M.Voloin, R.Gore, Ibe2ro. PF UPJ, Koice, Slovakia

  • ContentsWhat is Reputation Based TrustVarious systems for Reputation Based Trust on InternetHuman driven environmentsAuctions systemsEbayAmazon AuctionsYahoo Auctions (retired from June 2007)Expert Sites like www.Allexperts.com Reviews sites like www.Epinions.comOther Automated environmentsP2P networksComputing markets and grids (One such system we describe here in detail)

  • What is Reputation Based Trust?Anonymity on the Internet VirusesWhy we trust our friendsName + recorded past activities available and visible for everybody = Reputation Based Trust

  • EbayHow to sell goods somebody from Australia? How to make it secure?Feedback forum on EbayEbay is Auction systemBussiness on Ebay

  • Reputation Based Trust in Automated EnvironmentsP2P networksDistributed computation markets

  • Distributed Computation MarketsThe Servers provides service complicated time-consuming computations And the Clients pay for this.How to trust a server that it has least-costly, fastest service, how it advertised? How to ensure that Server performed all work and didn't give fake results?Solution: Proof by computation ringers and threshold witnessing mechanism

  • Step 1 Witness selectionStep 2 B sends service requestStep 3 Server selection processStep 4 Executing of computationStep 5 Returning the execution proofs and computation result Step 6 Signing new rating by witnesses

  • Building blocksRating Store managementEvery participant stores the most recent data for every other participant Reputation value can be created or changed only if at least c+1 participants agree. Witness SelectionB select 2c+1 witnesses randomlycreates a multicast channel for the witnesses sends the (signed) job description: f, the set of input values{x1...xa}, the maximum time B is willing to wait for job completion, the maximum amount B is willing to pay for the computation

  • Server SelectionThe 2c+1 witnesses selects the most suitable service provider (A)A is added to the witness multicast group.One of the witnesses multicasts the job description received from B.Threshold WitnessingRinger Generation Each witness (Wj) selects one random value xz from the input set specified by B in the job description and computes a ringer rj = H(f(xz)) Wj sends SWj(H(Id(Wj); sid; rj)), its identifier, sid, the ringer, together with the signed digest and Wj's public key certifcate to AA waits to receive 2c+1 valid messagesA sends a multicast message to all the witnesses with concatenation of all the signed ringers received The witnesse, inquire the remaining witnesses for their ringers.

  • Revealing the Ringers A performs the computation and reveals the input values xz hidden in the 2c+1 ringersA creates a single message containing Swj (H(Id(Wj); sid; rj)) and SA(H(Id(A); sid; z)), for j = 1...2c+1. There also are the results of the computation, f(x1),...,f(xA), along with its signed digest.Each witness Wj verifies the correctness of only its own ringer If any witness Wj discovers that rj H(f(xz)), Wj sends a multicast message to all the other witnesses revealing this fact The witnesses are able to verify the claim by computing the correct answer to Wj's ringer and compare it with the answer sent back by Alice

  • Signature Generationeach witness Wj is able to compute A's new rating Each Wj then generates a verifiable signature share of A's new reputation Wj sends this value, its certified verification key VKj and A's new rating in clear, to all the other witnesses, using the group's multicast channel Each witness waits to receive c correct signature shares for the same new reputation of A as the one generated by itself. each witness is able to generate the signed new rating of A locally Reputation DistributionThe results of the computation are returned to B and the new reputation of A is distributed (by the first witness is in charge on the broadcast channel to all the participants in the system)Note that a witness cannot simply send an incorrect reputation since it will be easily detectedPunishing Malicious Witnesses

  • Possible attacks?Bad-mouthing (incorrect negative feedback)Ballot-stuffing (un-earned positive feedback)Lazy behaviorImprovement: adding fake ringersSybil AttacksMobile Virus Attacks

  • ConclusionsWith reputation based trust we can make Internet more secure and usable in more areas of our activities. Thank you.