Taxonomy of attacks and defense mechanisms in P2P reputation systems—Lessons for reputation system designers

Gnutella, 2011. The Gnutella web site: http://wiki.limewire.org/. Kazaa, 2011. The Kazaa website: http://www.kazaa.com/. Freenet, 2011. The Freenet website: http://freenetproject.org/. I. Clarke, O. Sandberg, B. Wiley, T.W. Hong, Freenet: a distributed anonymous information storage and retrieval system, in: Proceedings of the ICSI Workshop on Design Issues in Anonymity and Unobservability, Berkeley, CA, 2000. Jabber, 2011. The Jabber website: http://www.jabber.org/. Seti@Home 2011. The Seti@Home website: http://setiathome.berkeley.edu/. Z. Despotovic, J.-C. Usunier, K. Aberer, Towards peer-to-peer double auctioning, in: Proceedings of the 37th annual Hawaii International Conference on System Sciences, HICSS-37, Waikoloa, Island of Hawai, January 5–8, 2004, pp. 289–296. A. Datta, M. Hauswirth, K. Aberer, Beyond web of trust: enabling P2P E-commerce, in: Proceedings of the, IEEE International Conference on E-Commerce Technology, CEC’03, Newport Beach, CA, USA, 24–27 June 2003, pp. 303–312. M. Castro, P. Druschel, A. Ganesh, A. Rowstron, D.S. Wallach, Secure routing for structured peer-to-peer overlay networks, in: Proceedings of the 5th Symposium on Operating Systems Design and Implementation, OSDI 2002, Boston, MA, vol. 36, pp. 299–314. E. Sit, R. Morris, Security considerations for peer-to-peer distributed hash tables, in: Proceedings of the 1st International Workshop on Peer-to-Peer Systems, IPTPS 2002, March 2002, pp. 261–269. P. Maniatis, T.J. Giuli, M. Roussopoulos, D.S.H. Rosenthal, M. Baker, Impeding attrition attacks on P2P systems, in: Proceedings of the 11th ACM SIGOPS European Workshop, Leuven, Belgium, September 2004. K. Walsh, E.G. Sirer, Thwarting peer-to-peer pollution using object reputation, Technical Report TR2005-1980, Cornell University, Computer Science Department, Ithaca, New York, February 2005. N. Christin, A.S. Weigend, J. Chuang, Content availability, pollution and poisoning in file sharing peer-to-peer networks, in: Proceedings of the 6th ACM Conference on Electronic Commerce (EC’05), Vancouver, BC, Canada, June 2005, ACM, New York, NY, pp. 68–77. doi:10.1145/1064009.1064017. A. Singh, T.-W. Ngan, P. Druschel, D.S. Wallach, Eclipse attacks on overlay networks: threats and defenses, in: Proceedings of the 25th IEEE International Conference on Computer Communications INFOCOM 2006, Barcelona, Spain, April 2006. J.R. Douceur, The Sybil attack, in: Proceedings of the First International Workshop on Peer-To-Peer Systems, March 07–08, 2002, pp. 251–260. A.A. Selcuk, E. Uzun, M.R. Pariente, A reputation-based trust management system for P2P networks, in: Proceedings of the 4th International Workshop on Global and Peer-to-Peer Computing, GP2PC, 2004. Jøsang, 2007, A survey of trust and reputation systems for online service provision, Decision Support Systems, 43, 618, 10.1016/j.dss.2005.05.019 Marti, 2006, Taxonomy of trust: categorizing P2P reputation systems, Computer Networks, 50, 472, 10.1016/j.comnet.2005.07.011 Despotovic, 2006, P2P reputation management: probabilistic estimation vs. social networks, In Computer Networks, 50, 485, 10.1016/j.comnet.2005.07.003 Liang, 2008, Analysis of ratings on trust inference in open environments, Performance Evaluation, 65, 99, 10.1016/j.peva.2007.04.001 Wang, 2008, Reputation-oriented trustworthy computing in E-commerce environments, IEEE Internet Computing, 12, 55, 10.1109/MIC.2008.84 G. Suryanarayana, R.N. Taylor, TREF: a threat-centric comparison framework for decentralized reputation models, ISR Technical Report UCI-ISR-06-2, January 2006. S. Ruohomaa, L. Kutvonen, E. Koutrouli, Reputation management survey, in: Proceedings of the 2nd International Conference on Availability, Reliability and Security, ARES 2007, Vienna, April 2007, pp. 103–111. A. Baker, et al. Reputation-based system: a security analysis, European Network on Information Security Agency, ENISA, Position Paper, October 2007. Hoffman, 2009, A survey of attack and defense techniques for reputation systems, ACM Computing Surveys, 42, 1, 10.1145/1592451.1592452 eBay 2010. The eBay website: http://www.ebay.com/. Xiong, 2004, PeerTrust: supporting reputation-based trust for peer-to-peer electronic communities, IEEE Transactions on Knowledge and Data Engineering, 16, 843, 10.1109/TKDE.2004.1318566 Song, 2005, Trusted P2P transactions with fuzzy reputation aggregation, IEEE Internet Computing Magazine, 24, 10.1109/MIC.2005.136 Dillon, 2004, Managing the dynamic nature of trust, IEEE Journal of Intelligent Systems, 19, 79 S. Kamvar, M. Schlosser, H. Garcia-Molina, The eigentrust algorithm for reputation management in P2P networks, in: Proceedings of the World Wide Web Conference 2003, Budapest, Hungary, May 2003. C. Dellarocas, Mechanisms for coping with unfair ratings and discriminatory behavior in online reputation reporting systems, in: Proceedings of the 21st International Conference on Information Systems, ICIS 2000, Brisbane, Australia, December 2000, pp. 520–525. R. Gupta, A.K. Somani, Reputation management framework and its use as currency in large-peer networks, in: Proceedings of the 4th International Conference on Peer-to-Peer Computing, P2P’04, August 2004, pp. 124–132. M. Gupta, P. Judge, M. Ammar, A reputation system for peer-to-peer networks, in: Proceedings of the 13th International Workshop on Network and Operating Systems Support for Digital Audio and Video, Monterey, CA, USA, 2003, pp. 144–152. J. Sabater, C. Sierra, Reputation and social network analysis in multi-agent systems, in: Proceedings of the 1st International Joint Conference on Autonomous Agents and MultiAgent Systems, Bologna, 2002, pp. 475–482. K. Aberer, Z. Despotovic, Managing trust in a peer-2-peer information system, in: Proceedings of the 10th International Conference on Information and Knowledge Management, CIKM, Atlanta, 2001. Th.G. Papaioannou, G.D. Stamoulis, Enforcing truthful-rating equilibria in electronic marketplaces, in: Proceedings of the IEEE ICDCS Workshop on Incentive-Based Computing, Lisbon, Portugal, July 2006. Z. Despotovic, K. Aberer, Maximum likelihood estimation of peers’ performance in P2P networks, in: Proceedings of the 2nd Workshop on the Economics of Peer-to-Peer Systems, Cambridge, MA, USA, 2004. Z. Liang, W. Shi, Pet: a personalized trust model with reputation and risk evaluation for P2P resource sharing, in: Proceedings of the 38th Annual Hawaii International Conference on System Sciences, HICSS 2005, vol. 07, January 03–06, 2005. Zhou, 2008, Gossip-based reputation management for unstructured peer-to-peer networks, IEEE Transactions on Knowledge and Data Engineering, 20, 1282, 10.1109/TKDE.2008.48 Zhou, 2007, Powertrust: a robust and scalable reputation system for trusted peer-to-peer computing, IEEE Transactions on Parallel and Distributed Systems, 18, 460, 10.1109/TPDS.2007.1021 A. Singh, L. Liu, TrustMe: anonymous management of trust relationships in decentralized P2P systems, in: Proceedings of the IEEE International Conference on Peer-to-Peer Computing, September 2003. I. Stoica, R. Morris, D. Karger, M.F. Kaashoek, H. Balakrishnan, Chord: a scalable peer-to-peer lookup service for Internet applications, in: Proceedings of the ACM SIGCOMM 2001 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, August 27–31, 2001, pp. 149–160. S. Ratnasamy, P. Francis, M. Handley, R. Karp, S. Shenker, A scalable content-addressable network, in: Proceedings of the ACM SIGCOMM 2001 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, August 27–31, 2001, pp. 161–172. S. Lee, R. Sherwood, B. Bhattacharjee, Cooperative peer groups in nice, in: Proceedings of the 22nd Annual Joint Conference on the IEEE Computer and Communications Societies, IEEE Infocom’03, San Francisco, CA, USA, March 30–April 3, 2003. Ingram, 2003, Trust-based filtering for augmented reality, vol. 2692, 108 Chang, 2006 E. Koutrouli, A. Tsalgatidou, Reputation-based trust systems for P2P applications: design issues and comparison framework, in: Proceedings of the 3rd International Conference on Trust, Privacy and Security in Digital Business, TRUSTBUS 2006, Krakow, Poland, September 2006, pp. 152–161. Dellarocas, 2005, Reputation mechanism design in online trading environments with pure moral hazard, Information Systems Research, 16, 209, 10.1287/isre.1050.0054 C. Dellarocas, M. Fan, C. Wood, Self-interest, reciprocity, and participation in online reputation systems, MIT Sloan Working Papers No. 4500-04, February 2004. Available at SSRN: http://ssrn.com/abstract=585402. D. Masclet, T. Pénard, Is the eBay feedback mechanism truly efficient: an experimental study, CREM Université Rennes, 2007. Fernandes, 2004, Pinocchio: incentives for honest participation in distributed trust management, vol. 2995, 63 PKI page. http://www.pki-page.info/ (accessed in January, 2012). M. Kinadeter, K. Rothermel, Architecture and algorithms for a distributed reputation system, in: Proceedings of the 1st International Conference on Trust Management, iTrust 2003, Heraklion, Crete, Greece, May 28–30, 2003, pp. 1–16. D. Quercia, S. Hailes, L. Capra, TATA: towards anonymous trusted authentication, in: Proceedings of the 4th International Conference on Trust Management, iTrust 2006, Pisa, 2006, pp. 313–323. Patel, 2005, A probabilistic trust model for handling inaccurate reputation sources, vol. 3477, 193 A. Whitby, A. Jøsang, J. Indulska, Filtering out unfair ratings in Bayesian reputation systems, in: Proceedings of the Workshop on Trust in Agent Societies, at the 3rd International Joint Conference on Autonomous Agents & Multi Agent Systems, AAMAS2004, New York, NY, USA, 2004. D. Grolimund, L. Meisser, S. Schmid, R. Wattenhoffer, Havelaar: a robust and efficient reputation system for active peer-to-peer systems, in: Proceedings of the 1st Workshop on the Economics of Networked Systems, NetEcon2006, June 2006. A. Abdul-Rahman, S. Hailes, Supporting trust in virtual communities, in: Proceedings of the 33rd Hawaii International Conference on System Sciences, HICSS 2000, Maui, HW, USA, vol. 6, p. 6007. H. Zhao, X. Li, H-trust: a robust and lightweight group reputation system for peer-to-peer desktop grid, in: Proceedings of the 28th International Conference on Distributed Computing Systems Workshops, Los Alamitos, CA, USA, pp. 235–240. T.D. Huynh, N.R. Jennings, N. Shadbolt, On handling inaccurate witness reports, in: Proceedings of the 8th International Workshop on Trust in Agent Societies, Utrecht, Netherlands, 2005. D. Ingram, An evidence based architecture for efficient, attack-resistant computational trust dissemination in peer-to-peer networks, in: Proceedings of the 3rd International Conference on Trust Management, iTrust2005, Paris, May 2005, pp. 273–288. Y. Jin, Z. Gu, Z. Ban, Restraining false feedbacks in peer-to-peer reputation systems, in: Proceedings of the 1st International Conference on Semantic Computing, ICSC 2007, Irvine, CA, USA, September 17–19, 2007, pp. 304–312. R. Ashri, S.D. Ramchurn, J. Sabater, M. Luck, N.R. Jennings, Trust evaluation through relationship analysis, in: Proceedings of the 4th International Joint Conference on Autonomous Agents and Multiagent Systems, AAMAS’05, Utrecht, The Netherlands, 2005, pp. 1005–1011. B. Carbunar, R. Sion, Uncheatable reputation for distributed computation markets, in: Proceedings of the Financial Cryptography and Data Security Conference FC 2006, Anguilla, British West Indies, February 2006. M. Srivatsa, L. Xiong, L. Liu, TrustGuard: countering vulnerabilities in reputation management for decentralized networks, in: Proceedings of the 14th World Wide Web Conference, WWW 2005, Japan, May, 2005, pp. 422–431. Y.L. Sun, Z. Han, W. Yu, K.J.R. Liu, A trust evaluation framework in distributed networks: vulnerability analysis and defense against attacks, in: Proceedings of the 25th IEEE International Conference on Computer Communications, INFOCOM 2006, Barcelona, Spain, April 2006, pp. 1–13. G. Theodorakopoulos, J.S. Baras, Trust evaluation in ad-hoc networks, in: Proceedings of the 3rd ACM workshop on Wireless security, WiSe 2004, Philadelphia, PA, USA, 2004, pp. 1–10. A.B. Can, B. Bhargava, SORT: a self-organizing trust model for peer-to-peer systems, Technical Report TR-016-0016, Department of Computer Sciences, Purdue University, West Lafayette, Indiana, August 2006. O. Kafali, P. Yolum, Trust strategies for ART testbed, in: Proceedings of the 9th Workshop on Trust in Agent Societies at the 5th International Conference on Autonomous Agents and Multiagent Systems, AAMAS-06, Hakodate, Japan, May 2006, pp. 43–50. N. Mogens, M. Carbone, K. Krukow, An operational model, SECURE deliverable 1.2, 2004. http://secure.dsg.cs.tcd.ie. Buchegger, 2004, A robust reputation system for peer-to-peer and mobile ad-hoc networks A. Jøsang, An algebra for assessing trust in certification chains, in: Proceedings of the Network and Distributed Systems Security Symposium, NDSS 1999, San Diego, California, February 3–5, 1999. A. Gutscher, Reasoning with uncertain and conflicting opinions in open reputation systems, in: Proceedings of the 4th International Workshop on Security and Trust Management 2008, STM 2008, Trondheim, 2008. T.D. Huynh, N.R. Jennings, N.R. Shadbolt, Certified reputation—how an agent can trust a stranger, in: Proceedings of the Fifth International Joint Conference on Autonomous Agents and Multiagent Systems, AAMAS’06, Hakodate, Japan, May 08–12, 2006, pp. 1217–1224. Th.G. Papaioannou, G.D. Stamoulis, An incentives’ mechanism promoting truthful feedback in peer-to-peer systems, in: Proceedings of the IEEE/ACM International Symposium on Cluster Computing and the Grid, CCGRID 2005, Workshop on Global P2P Computing, May 2005. E. Kotsovinos, P. Zerfos, N. Piratla, N. Cameron, S. Agarwal, Jiminy: a scalable incentive-based architecture for improving rating quality, in: Proceedings of the 4th International Conference on Trust Management, iTrust 2006, Pisa, Tuscany, Italy, May 16–19, pp. 454–457. R. Bhattacharjee, A. Goel, Avoiding ballot stuffing in eBay-like reputation systems, in: Proceedings of the 2005 ACM SIGCOMM workshop on Economics of Peer-to-Peer Systems, Philadelphia, Pennsylvania, USA, August 22, 2005, pp. 133–137. Jurca, 2003, Towards incentive-compatible reputation management, vol. 2631, 138 Th. Dariotaki, A. Delis, Detecting reputation variations in P2P networks, in: Proceedings of the 6th Workshop on Distributed Data and Structures, WDAS’04, Lausanne, Switzerland, July 2004. Z. Gan, Y. Li, G. Xiao, D. Wei, A novel reputation computing model for mobile agent-based E-commerce systems, in: Proceedings of the 2008 International Conference on information Security and Assurance, ISA 2008, April 24–26, 2008, pp. 253–260. Huynh, 2006, An integrated trust and reputation model for open multi-agent systems, Journal of Autonomous Agents and Multiagent Systems, 13, 119, 10.1007/s10458-005-6825-4 A. Ravichandran, J. Yoon, Trust management with delegation in grouped peer-to-peer communities, in: Proceedings of the11th ACM Symposium on Access Control Models and Technologies, Lake Tahoe, California, USA, June 7–9, 2006, pp. 71–80. Ramchurn, 2004, Devising a trust model for multi-agent interactions using confidence and reputation, Applied Artificial Intelligence, 18, 833, 10.1080/0883951049050904509045 C. Duma, N. Shahmehri, G. Caronni, Dynamic trust metrics for peer-to-peer systems, in: Proceedings of the 2nd International Workshop on P2P Data Management, Security and Trust, PDMST’05, Copenhagen, Denmark, August 2005, pp. 776–781. R. Jurca, B. Faltings, An incentive compatible reputation mechanism, in: Proceedings of the IEEE Conference on E-Commerce, Newport Beach, CA, USA, 2003, pp. 285–292. A. Gutscher, A trust model for an open, decentralized reputation system, in: Proceedings of the Joint iTrust and PST Conferences on Privacy Trust Management and Security, IFIPTM 2007, Moncton, New Brunswick, 2007. Friedman, 2001, The social cost of cheap pseudonyms, Journal of Economics and Management Strategy, 10, 173, 10.1162/105864001300122476 G. Zacharia, Trust management through reputation mechanisms, in: Proceedings of the 2nd Workshop in Deception, Fraud and Trust in Agent Societies, 3rd International Conference on Autonomous Agents, Agents 1999, Seattle, Washington, May 1999. Seigneur, 2005, Trust transfer: encouraging self-recommendations without Sybil attack, 321 H. Yu, M. Kaminsky, P.B. Gibbons, A.D. Flaxman, SybilGuard: defending against Sybil attacks via social networks, in: Proceedings of the 2006 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM 2006, Pisa, Italy, September 2006, pp. 267–278. H. Yu, P.B. Gibbons, M. Kaminsky, F. Xiao, SybilLimit: a near-optimal social network defense against Sybil attacks, in: Proceedings of the 2008 IEEE Symposium on Security and Privacy, INFOCOM 2008. G. Danezis, P. Mittal, SybilInfer: detecting Sybil nodes using social networks, in: Proceedings of the 16th Annual Network & Distributed System Security Symposium NDSS 2009, San Diego, CA. A. Cheng, E. Friedman, Sybilproof reputation mechanisms, in: Proceedings of the 2005 ACM SIGCOMM Workshop on Economics of Peer-to-Peer Systems, P2PECON’05, Philadelphia, Pennsylvania, USA, August 22, 2005, pp. 128–132. Seigneur, 2004, Trading privacy for trust, 93 Seigneur, 2003, End-to-end trust starts with recognition, 251 R. Deghaili, A. Chehab, A. Kayssi, Trust-privacy tradeoffs in distributed systems, in: Proceedings of the International Conference on Innovations in Information Technology 2008, IIT 2008, Al Ain, United Arab Emirates, December 16–18, 2008, pp. 39–43. S. Marti, H. Garcia-Molina, Identity crisis: anonymity vs. reputation in P2P systems, in: Proceedings of the 3rd IEEE International Conference on Peer-to-Peer Computing, Linköping, Sweden, September 2003, pp. 134–141. R. Dingledine, N. Mathewson, P. Syverson, Reputation in P2P anonymity systems, in: Proceedings of the 1st Workshop on Economics of Peer-to-Peer Systems, June 5–6, 2003. M. Belenkiy, M. Chase, C.C. Erway, J. Jannotti, A. Küpçü, A. Lysyanskaya, E. Rachlin, Making P2P accountable without losing privacy, in: Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society, Alexandria, Virginia, USA, October 29–29, 2007, New York, NY, pp. 31–40. doi:10.1145/1314333.1314339. V. Vishnumurthy, S. Chandrakumar, E.G. Sirer, KARMA: a secure economic framework for P2P resource sharing, in: Proceedings of the Workshop on the Economics of Peer-to-Peer Systems 2003, Berkeley, California. F.D. Garcia, J.-H. Hoepman, Off-line karma: a decentralized currency for peer-to-peer and grid applications, in: Proceedings of the 3rd Applied Cryptography and Network Security, ACNS 2005, pp. 364–377.