Trust in the Virtual World

Trust in the Virtual World
By: Sadegh Dorri Nogoorani
http://ce.sharif.edu/~dorri
1390/8/2 – 2011/10/24
(ISC Monthly Seminar)
In the Name of Allah

Who Knows on the Net...?
A notion of trust similar to
real world trust is
needed in the virtual
world…
Coordinating Agent
Interactions without
Strict Control
Mechanisms
Fig. by Peter Steiner (The New Yorker, 5 July 1993)
1390/8/2 - 2011/10/24 2Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)

Outline
 Concepts
Definitions and basic terminology
 Trust and Reputation in Action
Applications
Attacks
 Trust Engines
Probabilistic, logic, …
 Trust in CROWDS
A detailed example

Trust (‫)اعتماد‬
 Definition [CF10]
The expectation/belief that…
… trustee will perform actions designed to produce
positive results in the future for the trustor…
… in situations of consistent perceived risk.
 Properties
Subjective, context dependent, asymmetric, transitive,
dynamic
 Calculation
Structural: organizational, category-membership
Relational: history-based, using trust transitivity
Cognitive: dispositional, trustee attributes

Trust Scenario
Trustor
(‫اعتمادگر‬)
Trustee
(‫معتمد‬)
Direct Trust (‫مستقیم‬ ‫)اعتماد‬
Functional
(‫عملکردی‬)
Referential
(‫ارجاعی‬)
Functional
Functional
Indirect Trust (Inference)
‫مستقیم‬ ‫غیر‬ ‫اعتماد‬(‫استنتاج‬)
Recommenders (‫گران‬‫)توصیه‬

Reputation ( ‫شهرت‬/‫وجهه‬ )
 Definition (Concise Oxford Dictionary)
A widespread belief that someone or
something has a particular characteristic.
Common belief
 Relationship with Trust
Trust is subjective and has more weight
“I trust you because of your good reputation”
“I trust you despite your bad reputation”
1390/8/2 - 2011/10/24 Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri) 7

TRUST AND REPUTATION
IN ACTION
8

Aspects of a Trust System [HZN09]

Applications of Trust
 Soft Security Mechanism against
Low quality services
Misrepresentation of services
Incorrect information
Fraud
 Others
Recommender and filtering systems
 Targets
Content, services, people

Attacks on a Trust-Based System
 Self-Promotion
Falsely increase the trust on the attacker(s)
 Whitewashing (‫)الپوشانی‬
Restoring the broken trust
 Slandering (‫کردن‬ ‫)الغر‬
Falsely reduce the trust on other nodes
 Other
Hybrid of the above attacks, DoS, …

Example: Reputation in a P2P
System
● Nodes have no information about most others
● Fake or virus infected content
● Free riders
● Challenges
● Anonymity -> selfish users
● Highly distributed
● Unreliable network connections
● Partial information (in unstructured topologies)
● Untrustworthiness of storage peers

Example: Email Filtering
● Blind delivery of messages
● In Jan.of 2008, 75% of Internet email was spam.
● Detecting spam after delivery wastes a lot of
resources and is error-prone.
● KarmaNET [SXMW09]
● Messages are routed through social paths
● Trust is defined in three aspects:
– Routing (against free-riders)
– Forwarding (distinguish malicious nodes from careless
forwarders)
– Initiation
● Bad messages penalize all related peers, so they
(automatically) tune their behavior

Example: Social Routing
● Blind routing
● Has inherent security problems such as DDoS
and Spam
● No separation between routing addr. & identity
● Lack of msg. receiver control
● Solutions are not scalable and/or inefficient
● DSL [BYHW09]
● Messages are routed through social paths
between sender and receiver, and based on the
keywords describing the intention of the
message.

Example: Security and Privacy with
Trust
 Probabilistic Security
Security is not definite in many cases
Hard-to-break security: birthday attack
Trust can be used to tune the desired security
 Access control
User levels are determined using trust metrics
(Advogato, StackExchange)
Hybrid security policy: super computer example
 Privacy in Anonymity Networks

Other Applications
● News syndication
● Using trust in order to resolve contradictions
in information
● Discard the statements from the least trusted
sources
● Recommender systems
● To use trust in place of similarity
● Users are significantly more similar to their
trusted peers than to the population as a
whole

Simple Summation or Average of
Ratings
● More advanced: weighted average
● Trustworthiness/reputation
● Age of the rating
● Distance between rating and current
score

 

i
ii
w
wr


Probabilistic Engines
 Trust: Expected Probability of Success
 Bayesian Approach [JI02]
Use the Bayes rule to update p
 HMM Approach [ElS10]
Use a Hidden Markov Model to calculate p
},{ xxR 
),,|Pr( ,,
1
,, tetr
tn
tetr
t
tetr
t
tetr
t OOxOp 
][ ,, tetr
t
tetr
t pE
2
1



sr
r


Trust Inference
● Trust in an unknown peer can be
inferred according to paths in social
networks
● Strongest path
● Weighted paths
● BFS-like (TidalTrust)
● Probabilistic and Bayesian methods
● Subjective logic operators

Subjective Logic [JHP06]
),,,( audbA
B  B
C
A
B
BA
C  : B
C
A
B
BA
C  

Other Engines
 Fuzzy Inference Engines
Direct trust: multi-criteria decision making
Trust inference: fuzzy aggregation operators
 Game Theoretic Approaches
Try to defend strategic attacks
 Many Proposals:  or  ?
Evaluation: human-based vs. utility-based
Must be related to human notion of trust

A DETAILED EXAMPLE
Trust in CROWDS
23

The CROWDS Protocol [RR98]
 Provides Anonymous Web Transactions
A user is either completely honest or dishonest
The originator passes the message to a randomly
selected path of users to reach destination (the reverse
for reply).
 Probability of Forwarding
1-pf: forward to the end server
pf: forward to a random user
 Privacy (Anonymity) Level: Probable Innocence
… the sender appears no more likely to be the
originator than to not be.

CROWDS + Trust
 Extended Protocol [SEH10]
The users may switch between honest and
dishonest.
Trust (reputation) info + forwarding policy
 ti (in [0,1]): The Reputation of a User
Robustness of user i to becoming corrupt
(probability)
 {q1,…,qn}: The Forwarding Policy
Common to all users
qi: The probability of forwarding to user i

Anonymity in CROWDS + Trust
 Guaranteeing Probable Innocence
Idea: adjust the forwarding policy according to
reputation values
Solve the following system of linear inequalities
to find the desired forwarding policy(ies):
2
1

Anonymity in CROWDS + Trust (cont.)
 Example with Three Principles
The equations yield two solutions:
A possible choice:

Comparing with the Original CROWDS
 Forwarding Policy of the original protocol:
Does not satisfy the innocence inequalities
 Consequence:
If the users are partially honest, the CROWDS
may not provide probable innocence.
Trust information can be used to provide the
required anonymity.

Conclusions
● Trust in the VW
● Translating social concepts to computational
methods
● Many applications
● Sound mathematical basis
● Trust as a Soft Security Mechanism
● Access control
● Probabilistic security
● …
● A Long Way in Front!

THANKS!
More Info. on My Homepage:
http://ce.sharif.edu/~dorri
30

References
[BYHW09] L. Banks, S. Ye, Y. Huang, and S. F. Wu, “Davis social links: integrating
social networks with internet routing,” in Proceedings of the 2007 Workshop on
Large Scale Attack Defense (LSAD’07), New York, NY, USA, 2007, pp. 121–128.
[CF10] C. Castelfranchi and R. Falcone, Trust theory: a socio-cognitive and
computational model. Chichester, West Sussex, England: Wiley, 2010.
[ElS10] E. ElSalamouny, “HMM-based trust model,” Revised Selected Papers of the 6th
International Workshop on Formal Aspects in Security and Trust (FAST), Eindhoven,
The Netherlands, Nov. 2009, vol. 5983, pp. 21-35, 2010.
[Gol06] J. Golbeck, “Trust on the World Wide Web: A Survey”, Foundation and Trends
in Web Science, vol. 1, no. 2, pp. 131–197, 2006.
[HZN09] K. Hoffman, D. Zage, and C. Nita-Rotaru, “A survey of attack and defense
techniques for reputation systems,” ACM Computing Surveys, vol. 42, no. 1, pp. 1-
31, Dec. 2009.
[JHP06] A. Jøsang, R. Hayward, and S. Pope, “Trust network analysis with subjective
logic,” in Proceedings of the 29th Australasian Computer Science Conference -
Volume 48, Hobart, Australia, 2006, pp. 85-94.
[JI02] A. Jøsang and R. Ismail, “The Beta Reputation System,” in Proceedings of the
15th Bled Conference on Electronic Commerce, Bled, Slovenia, 2002.

References (cont’d)
[SEH10] V. Sassone, E. ElSalamouny, and S. Hamadou, “Trust in Crowds:
Probabilistic Behaviour in Anonymity Protocols,” in Trustworthly Global
Computing, vol. 6084, M. Wirsing, M. Hofmann, and A. Rauschmayer, Eds.
Berlin, Heidelberg: Springer Berlin Heidelberg, 2010, pp. 88-102.
[SXMW09] M. Spear, Xiaoming Lu, N. Matloff, and S. F. Wu, “KarmaNET:
Leveraging trusted social paths to create judicious forwarders,” in
Proceedings of the 1st International Conference on Future Information
Networks (ICFIN), Beinjin, China, 2009, pp. 218-223.
[RR98] M. K. Reiter and A. D. Rubin, “Crowds: anonymity for Web transactions,”
ACM Transactions on Information Systems Security, vol. 1, no. 1, pp. 66–92,
Nov. 1998.

Trust in the Virtual World

More Related Content

Similar to Trust in the Virtual World (20)

More from Sadegh Dorri N. (11)

Recently uploaded (20)

Trust in the Virtual World