- Email: [email protected]
A survey on Security Issues of Reputation Management Systems for Peer-to-Peer Networks
COMPUTER SCIENCE REVIEW
6 (2012) 145–160
Available online at www.sciencedirect.com
journal homepage: www.elsevier.com/locate/cosrev
Survey
A survey on Security Issues of Reputation Management Systems for Peer-to-Peer Networks Chithra Selvaraj a,∗ , Sheila Anand b a SSN College of Engineering, Anna University, Chennai, Tamil Nadu, India b Rajalakshmi Engineering College, Anna University, Chennai, Tamil Nadu, India
A R T I C L E
I N F O
A B S T R A C T
Article history:
The objective of this paper is to present a comprehensive survey of security issues in
Received 9 May 2011
Reputation based Trust Management system (RTMS) also known in short as Reputation
Received in revised form
Management Systems for P2P networks. The wide adoption of P2P computing has enhanced
29 March 2012
content publishing, pervasive information collection, streaming of real-time sensed data
Accepted 7 April 2012
and information sharing on an enormous global scale. At the same time, the open and anonymous nature of P2P makes it vulnerable to malicious attacks and the spread of
Keywords:
malware. In this paper, we discuss in detail the different security attacks on P2P systems
P2P
and have categorized them as network-related and peer-related attacks. RTMS helps to
Reputation Management System
establish and evaluate Trust, which is the degree of belief that is established to prove
Trust
that the right user is accessing the right resource. We have explained the different Trust
Security
Management schemes used in P2P networks and have compared them on the basis of trust establishment, security features, trust evaluation and weakness. We have surveyed the RTMSs currently in use and have compared them on the basis of reputation collection, aggregation, computation, storage and degree of centralization of reputation computation and management. We also present a comparison of protection provided by RTMs against the various security attacks discussed. Open research issues and challenges that have yet to be addressed in the design of current RTMs have been presented in detail. This survey can be used as a reference guide to understand Trust Management and RTMS for P2P networks and to further research in RTMSs to make them efficient, reliable and scalable to enable and promote the utilization of P2P systems for large communities and applications. c 2012 Elsevier Inc. All rights reserved. ⃝
Contents 1.
Introduction ................................................................................................................................................................................. 146
2.
P2P networking paradigm ............................................................................................................................................................. 146 2.1.
P2P architectures ............................................................................................................................................................... 146 2.1.1.
Unstructured overlays .......................................................................................................................................... 147
2.1.2.
Structured overlays............................................................................................................................................... 147
∗ Corresponding author. E-mail addresses: [email protected] (C. Selvaraj), [email protected] (S. Anand). c 2012 Elsevier Inc. All rights reserved. 1574-0137/$ - see front matter ⃝ doi:10.1016/j.cosrev.2012.04.001
146
COMPUTER SCIENCE REVIEW
2.2.
2.3. 3.
6 (2012) 145–160
Content search in P2P networks......................................................................................................................................... 148 2.2.1.
Centralized Indexing in P2P networks .................................................................................................................. 148
2.2.2.
Distributed Indexing in P2P networks................................................................................................................... 148
2.2.3.
Hybrid Indexing in P2P networks .......................................................................................................................... 148
P2P Applications ................................................................................................................................................................ 148
Security attacks in P2P networks .................................................................................................................................................. 150 3.1.
Network related attacks ..................................................................................................................................................... 150
3.2.
Peer related attacks............................................................................................................................................................ 151
4.
P2P Trust Management ................................................................................................................................................................. 151
5.
Reputation based Trust Management Systems ............................................................................................................................. 152
6.
5.1.
Reputation Collection ........................................................................................................................................................ 153
5.2.
Reputation Aggregation ..................................................................................................................................................... 153
5.3.
Reputation Computation ................................................................................................................................................... 153
5.4.
Reputation Exchange ......................................................................................................................................................... 154
Comparison of Reputation Management Systems ........................................................................................................................ 154 6.1.
RTMS based on a centralized approach.............................................................................................................................. 154
6.2.
RTMS based on decentralized approach............................................................................................................................. 154
6.3.
Security and Reputation Management Systems................................................................................................................. 156
7.
Open research issues in Reputation Systems................................................................................................................................ 156
8.
Conclusion.................................................................................................................................................................................... 158 References .................................................................................................................................................................................... 158
1.
Introduction
Peer-to-peer (P2P) is a distributed network architecture that provides resource sharing and collaboration between peers that are equally privileged, equipotent participants without the need for a central server or authority for coordination and control. The resources shared include processing power, data, content storage and network bandwidth. These resources are accessible by other peers directly, without the support of intermediary entities. P2P networks are self organizing distributed systems where peers join and leave the network dynamically. The open and unrestricted environment of P2P architecture makes it an ideal environment for unauthorized access to resources and information. P2P raises some serious security concerns for users as there is a complete lack of accountability for the content a peer puts on the network. P2P systems have to protect themselves from attacks by anonymous malicious peers who infect the network with unreliable resources that can potentially destroy data and infect programs on a peer’s computer system [1]. This paper presents a comprehensive survey of security issues in Reputation based Trust Management system (RTMS) also known in short as Reputation Management Systems for P2P networks. Attacks by anonymous malicious peers have become increasingly common in many of the popular P2P networks. Peers must be able to determine whether the requesting peers are who they claim to be and also be able to distinguish between reliable and malicious peers. Peers must be able to establish trust with the requesting peers before allowing them access to their shared resources and services. Many trust models have been proposed for P2P networks. This survey can be used as a reference guide to understand Trust Management in general and RTMS in particular detail. In addition, this paper attempts to address open research issues and challenges to further research in RTMSs that would enable them to be efficient, reliable and dynamically scalable.
The rest of the paper is organized as follows. Section 2 gives a brief introduction to P2P network architecture and discusses some popular P2P applications. Section 3 categorizes various types of security attacks on P2P networks and classifies them based on the entity (network or peer) that is attacked. Section 4 discusses the need for trust and trust management systems in P2P networks. Different types of trust management systems have been discussed and classified on various parameters. Sections 5 and 6 summarizes and compares the different reputation management systems. Section 7 discusses open research issues and challenges in designing reputation management systems and Section 8 gives the conclusion.
2.
P2P networking paradigm
2.1.
P2P architectures
The two primary types of network architecture are clientserver and peer-to-peer networks. In client-server networks, a central server handles all security and file transactions while in peer-to-peer networks; each machine shares its own resources and handles its own security. The comparison of client-server and peer-to-peer architecture models is given in Fig. 1 [2]. The primary advantage of P2P networks is that all clients contribute and share their own resources and all peers are both users and providers of resources. Hence in comparison to client–server networks, P2P networks are more robust and scalable as there are no central authorities or servers. The P2P overlay network consists of all the participating peers as network nodes. There are communication links between any two nodes that know each other: i.e. if a participating peer knows the location of another peer in the P2P network, then there is a directed edge from the former node to the latter in the overlay network. Based on how the nodes in the overlay
COMPUTER SCIENCE REVIEW
6 (2012) 145–160
147
Fig. 1 – Client–server and P2P models.
network are linked to each other, we can classify the P2P
2.1.2.
networks as unstructured or structured.
Structured Overlay is an architecture in which nodes cooperatively maintain routing information about how to reach all nodes in the overlay [7]. Structured overlay networks let the set of cooperating peers act as a distributed data structure with well-defined operations. A Distributed Hash Table (DHT) is a structured overlay that uses key-based routing for indexing in which each peer is assigned to maintain a portion of the DHT index. The address space is virtualized and addresses are randomly assigned. Peers that are neighbors in the overlay can be far-away in the underlying network. Structured overlays are differentiated according to a variety of dimensions such as: maximum number of hops for routing a request, routing algorithm, node degree with size of overlay, overlay geometry and lookup type. Chord, Pastry, Tapestry, Kademlia, HyperCup, P-Grid, Koorde, CAN are some of the P2P systems based on structured overlays [8]. Chord [9] is a well known DHT-based distributed protocol that is aimed to efficiently locate the peer node that stores a particular data item. Peer nodes are arranged in a ring that keeps the keys ranging from 0 to 2m − 1. A consistent hashing is used to assign items to nodes, which provides load balancing and only requires a small number of keys to change when nodes join or leave the network. The hash function assigns each node and each key an ID using SHA-1 hashing algorithm. Pastry [10] is a prefix-based routing system using a proximity metric. Each node in the Pastry network has a unique identifier (nodeId). When presented with a message and a key, a Pastry node efficiently routes the message to the node with a nodeId that is numerically closest to the key, among all the currently live Pastry nodes. Content-Addressable Network (CAN) [11] generalizes the DHT methods used in Chord and Pastry. A CAN identifier space can be looked at as a d-dimensional version of Chord and Pastry identifier space. Higher dimensions in the identifier space reduce the number of routing hops but slightly increase the size of routing table saved in each node. Hence, it can be seen that structured P2P networks use a global protocol to route search requests among the peers in the network and in DHT based P2P systems, “a set of keys is associated with addresses in the address space such that the
2.1.1.
Unstructured overlays
An unstructured overlay is an overlay in which a node relies only on its adjacent nodes for delivery of messages to other nodes in the overlay. Example message propagation strategies are flooding and random walk [3]. Unstructured P2P systems do not maintain network structure and establish links arbitrarily. Unstructured overlay designs of P2P systems include Freenet, Gnutella, FastTrack, Fast Freenet, Local Minima Search (LMS). Unstructured overlays are usually further distinguished by how search requests are propagated and by differences in link formation with neighboring peers. Flooding is the fundamental approach of search where queries are forwarded to all connected peer nodes to check whether they have the requested file. Gnutella adopts a flooding algorithm for searching files [4]. Random walk is another method of search which enables peer nodes to forward a query to a randomly chosen neighbor rather than broadcast the query to all its neighbors. For example, LMS is a P2P system which uses a Random Walk search in which the objects are proactively replicated using consistent hashing of object identifiers to place objects at close node identifiers [5]. Yang and Garcia [6] have presented an Iterative Deepening technique for resource discovery in Unstructured P2P systems. Iterative Deepening is a method of search which enables query originators to use successive Breadth First Search (BFS) queries with increasing depths, until the request is satisfied or the maximum depth is reached. Guided Search is a search method which enables peer nodes to maintain additional information about other peer nodes in the network like network topology and resource locations. For example, Napster uses a centralized server to maintain such additional information. KaZaa and JXTA utilize a set of supernodes to maintain the additional information about the leaves and other supernodes.
Structured overlays
148
COMPUTER SCIENCE REVIEW
6 (2012) 145–160
nearest peer to an address stores the values for the associated keys, and the routing algorithm treats keys as addresses” [12]. Structured Overlay networks provide a limit on the number of messages needed to find any object in the overlay as compared to unstructured overlays. To retrieve files that are accessed infrequently, more structured overlay links are required. Hence, topology-aware overlays use different methods and metrics for determining the neighbor peers in the overlay.
2.2.
Content search in P2P networks
Searching is an important step in data access. P2P networks take advantage of the distributed resources at peer nodes to scatter and duplicate data contents among the peers. The characteristics of the data content, the meta-data are also distributed. The capability of Content search schemes is largely dependent on content indexing and management schemes and also on the underlying P2P network [13]. Based on content indexing, the P2P networks can be categorized as Central Indexing, Decentralized Indexing and Hybrid Indexing P2P systems.
2.2.1.
Centralized Indexing in P2P networks
Some P2P models use a central server to store peer information and respond to the request for information stored on the server. However, in contrast to the traditional client server model, this model uses server to store only the metadata information about the files. In this model, a server is approached first to obtain meta-information as given in Fig. 2, such as the identity of the peer and other stored information that may be used to verify security credentials. From then on, the P2P communication for resource sharing happens directly between serving peer and requesting peer. Examples of centralized P2P networks include Napster, BitTorrent, Groove, Aimster, Magi, Softwax, and iMesh.
2.2.2.
Distributed Indexing in P2P networks
P2P networks are said to be pure P2P networks if a central server is not used for managing the network [14]. A query is forwarded to neighborhood peers based on a peer routing table until the target object index is found. A peer searches for resources by flooding the query through its neighboring peers. The peer(s) with the appropriate resource responds to the query. Resource sharing happens in a direct connection established between the serving and requesting peer. Dynamic routing table mechanisms may be adopted to avoid network flooding. This model is represented using Fig. 3. Most popular pure P2P models are Gnutella, eDonkey, FastTrack, Freenet, OverNet etc.
2.2.3.
Hybrid Indexing in P2P networks
Hybrid P2P networks follow a hierarchical architecture in which certain peers known as Super peers or Super nodes are designated with the responsibility of providing service to the other peers in the network. A super node is a temporary index server for other peer nodes. Peer nodes with high computing power and fast network connection automatically become super nodes. In this type of network, peers are organized
Fig. 2 – Centralized indexing in P2P networks.
into multiple groups. In each group, there is a special peer called Super Peer to serve the regular peers within the same group. Resource search query first searches locally at the local peer and the super node that is connected to the local peer directly. If content object is not found in local indices, the query is propagated to other super nodes according to the routing table until it is found or a predefined Time-ToLive (TTL) threshold is reached. Super Peer networks strike a balance between the inherent efficiency of centralized search, and the autonomy, load balancing and robustness to attacks provided by distributed search. This model is represented in Fig. 4. Examples of hybrid P2P networks are KaZaa, JXTA etc.
2.3.
P2P Applications
P2P networks are currently being used for a variety of applications such as file sharing, digital library, video and voice calls and video streaming. File sharing is perhaps one of the most commonly used applications of P2P networks. Peers share files and allow other peers to download these files. This differs from traditional file downloading where centralized servers hold the resources that users access to download the required data. Such servers must be capable of storing and retaining enormous amounts of data and have also to bear the high cost of providing such a service. P2P networks are decentralized distributed systems that are highly scalable and enable peers to share and integrate their computing resources, data and services. Some of the popular P2P file sharing applications include Napster, Gnutella, KaZaa, BitTorrent, eDonkey, eMule, Limewire, FastTrack, Freenet, OverNet etc. Napster was one of the first widely used P2P music sharing application. To participate in the Napster network, new users needed to register with the Napster server and publish a list of files that they were willing to share. To search for a required file in the network, users could refer to the server and retrieve the list of providers. File transfer takes place between the peers without the need for intervention by the Napster server. In contrast to Napster, the Gnutella network is a decentralized P2P file sharing network used not only for
COMPUTER SCIENCE REVIEW
6 (2012) 145–160
149
Fig. 3 – Decentralized Indexing in P2P networks.
Fig. 4 – Super peer based P2P system architecture.
file storage but also for content lookup and query routing. In the Gnutella network, each peer node uses a Breadth-First search mechanism to search the network by broadcasting the query to all connected peer nodes. Each peer node receiving the query will check the local file storage, and respond to the query if at least one matched filed is found [15]. BitTorrent is currently one of the widely used applications designed to distribute large amounts of data. In order to share a file or a group of files, users need to create a small (dot) .torrent file that contains the address of the tracker machine that launches the file distribution. The .torrent file is published on well known web sites and other users can find and download the .torrent file of interest. In order to facilitate efficient file download, a file is broken into smaller fragments. The client, attempting to download the file, simultaneously connects to these peer nodes that are participating in file transfer and downloads different pieces of the file from different peer nodes [16]. Freenet is a decentralized P2P data storage system designed to provide electronic document exchange. In contrast to Gnutella, Freenet acts as a P2P storage system that enables users to share unused local storage space for popular file replication and caching. The stored information is encrypted
and replicated across the participating computers [17]. KaZaa uses a hybrid P2P network in which it uses a two-level hierarchy with supernodes and leaves. A supernode is a temporary index server for other peer nodes. Any requesting peer can retrieve the index of the file from supernode. The supernode communicates with other supernodes if it does not have the requested file. Then the file is transferred directly between the requester and provider. Digital Library applications have been developed for searching the relevant content on P2P networks. P2P-4-DL is one of the widely used Digital Library applications that are widely used [18]. A typical DL may store documents, images, sounds and video media. References to the documents like title, authors and keywords are then registered with the index peer, allowing for a Napster style search system. Skype is a popular and widely used voice-over P2P (VoP2P) application. Skype provides services like P2P voice and video calls, voice calls to PSTN endpoints, file transfer, instant messaging and video conferencing [19]. Like KaZaa, the Skype protocol is encrypted and the specifications of the protocol have not been released for public consumption. Skype uses a super peer model, and the super peers support Network Address Translation (NAT) traversal for connecting
150
COMPUTER SCIENCE REVIEW
peers behind NATs. Super peers also act as media relays. Experimental studies of Skype have shown a significantly higher node life time when compared to P2P file sharing systems. P2PTV is an application software which is used for the redistribution of video streams in real time on P2P network. The distributed video streams are typically TV channels from all over the world. Various models are used including torrentstyle distribution, application layer multicasting and hybrid CDNs (Content Delivery Network). The architecture of many P2PTV networks can be thought of as real-time versions of BitTorrent. If a user wishes to view a certain channel, the P2PTV software contacts a “tracker server” for that channel in order to obtain addresses of peers who distribute that channel. The user then contacts these peers to receive the feed. Some of the P2PTV applications include TVUPlayer, PPLive, QQLive, PPStream, Abroadcasting, Zattoo, Octoshape, LiveStation, Joost and Babelgum.
3.
Security attacks in P2P networks
P2P networks provide a powerful platform for the construction of a variety of decentralized services. P2P networks offer many advantages to users but it becomes a challenge to resist and protect against various attacks on security. The security attacks on P2P systems have been broadly categorized and discussed as attacks on P2P networks and attacks on peers.
3.1.
Network related attacks
Sharing of resources and services is the principle application of P2P networks. There are a number of challenges associated with maintaining this shared feature because of the highly unstable nature of P2P networks. This section covers a wide range of network related issues starting from storage and indexing, replication and searching to security and privacy. The membership of P2P system is relatively unpredictable, ad-hoc and dynamic. It is necessary to maintain the location of resources using indices for decentralized structured P2P systems. An index in a P2P network is a set of mappings from keys to values [20]. For a P2P file sharing network, the keys are file hashes and the values are locations at which the file corresponding to the file hash is present. Index poisoning consists of inserting bogus records in P2P indices making the system fail to locate an existing file [21]. Data placement is largely demand driven and must be done in a distributed manner. Data Placement Problem highlights the need to place data in strategic locations for easy and fast access [15]. Freenet is a P2P system which consists of a network of peers that host encrypted documents. Peers use keys to access the contents of the requested documents. Each node, in addition to forwarding the document towards its destination can maintain a local copy of the document. The locally cached documents will not be encrypted and can be subjected to security attacks like unauthorized modification. For most of the applications, users require certain guarantees on the reliability or availability of system services. For example, a distributed data storage application would
6 (2012) 145–160
want to guarantee that data stored by a user will always be available to the user with high probability and that it will persist in the network with a much higher probability. The dynamic nature of the systems may impose limitations on data consistency and availability. If the rate of change of data is high, then the maintenance of globally accessible indexes becomes unaffordable as the number of peers in the system grows dynamically. The situation is made even more difficult when adversaries are actively attempting to corrupt the content that the peers provide. Objects may be modified by malicious peers leading to Object Corruption. Object Identifier corruption, [22] exploits weakness in pervasive environment to generate multiple false identifiers for a single object. Decoy insertions consist of inserting a polluted version of a file with the same metadata of the original file but with a different identifier. A common integrity attack in P2P is related to pollution which may lead to file-targeted DoS attack in which malicious peer announces one or more copies of a corrupted version of the content [23]. Examples of such attacks include creating an infinite loop in an application process, making it unavailable by tying up essential services, and the use of Zip bombs. A Zip bomb is a file containing multiple nested compressed files that expand exponentially when unzipped. A zip bomb, also known as decompression bomb, is a malicious archive file designed to crash or render useless the program or system reading it. In another integrity attack, the false attack reply, the malicious peer intercepts a reply from a query and announces itself as having the resource; if selected, the peer sends a corrupted copy [23]. P2P overlay networks are constructed in order to route messages to destinations not specified by IP addresses. Each node maintains a set of links to other nodes (its neighbors or routing table). Communication with remote nodes is provided by sending messages hop-to-hop across this overlay network. Poisoning the routing table of the peers leads to a Bandwidth Flooding DDoS attack. The incorrect lookup routing attack is the attack by which malicious nodes forward lookups to incorrect or nonexistent nodes [19]. A slow peer is a peer that cannot keep up with the rate at which the routing software is generating update messages. There are many reasons like less bandwidth, heavy CPU load for a peer to be slow peer. When a slow peer is present in an update group, the number of formatted updates pending transmission builds up [24]. The frequency and magnitude of peer-to-peer (P2P) enabled Denial-of-Service (DoS) attacks are increasing. For example, DC++ is a P2P file sharing software which has created an attack emanating from hundreds of thousands of Internet protocol addresses (IPs), with many of the attacks producing more than a gigabit of junk data every second. The sheer number of Internet addresses has caused problems for routers and firewalls [25]. Peers join and leave the network dynamically in large numbers. Accelerated arrival and departure may lead to excessive churn. For example, Rhea et al. [26] make use of a FreePastry implementation to discover that most lookups fail to complete when there is excessive churn. They claimed that short-lived peers leave the overlay with lookups that have
COMPUTER SCIENCE REVIEW
not yet timed out. A few Plaxton-based [27] schemes would perform well under churn and it has been proven that peer departures and arrivals would affect a logarithmic number of peers. Peer Anonymity is an attractive feature of P2P systems. Each peer connects to a small number of known nodes. Only the direct neighbors of a node know its IP address. However, anonymity adds to the security vulnerabilities and also enables malicious users to shelter and disguise themselves [28].
6 (2012) 145–160
can launch an eclipse attack, control must be gained over a certain amount of nodes along strategic routing paths. If successful, the attacker can mediate most or all communication to and from the victim and can isolate the node which is attacked [34]. Further, in scenarios where a large number of peers refuse to collaborate, honest peers may be eclipsed by malicious ones and the effects can be very damaging.
4. 3.2.
151
P2P Trust Management
Peer related attacks
One of the common problems is non-cooperative peer or selfish peers who act as free-riders. Most of the current P2P systems assume equal participation and that all peers are willing to contribute their resources. Such selfish peers frequently access and use the available shared resources but are not so forthcoming with sharing their own resources [29]. The risks associated with P2P unsolicited messaging, the speed with which they spread and the extent of potential damages are staggering, and increasing exponentially. Spammers, who can only survive if their messages get to the maximum number of people at the lowest possible cost, have started to use P2P networks to send unsolicited messages or turn PCs into spam gateways [30]. A Sybil attack is one in which an attacker subverts the reputation system of a peer-to-peer network by creating a large number of pseudonymous entities, using them to gain a disproportionately large influence. Entities in peer-to-peer networks use multiple identities for purposes of redundancy, resource sharing, reliability and integrity. A faulty node or an adversary may present multiple identities to a peerto-peer network in order to appear to be functioning as distinct nodes. By becoming part of the peer-to-peer network, the adversary may then overhear communications or act maliciously [31]. Peers may misbehave in the network and may gain a bad reputation. But those peers may leave the system and join with new identities leading to a White Washing attack. Whitewashers leave the system and rejoin with new identities to avoid reputational penalties [32]. Some peers who acquire a good reputation may try to misuse it and this may lead to a Traitor attack. This technique is effective when increased reputation gives a peer additional privileges, thus allowing malicious peers to do extra damage to the system when they defect. An example of traitor attack are eBay merchants that participate in many small transactions in order to build up a high positive reputation, and then defraud one or more buyers on a high-priced item [33]. In many situations multiple malicious peers acting together can cause more damage than each acting independently. This is termed as a Collision attack. The malicious peers acting together would try to provide false testimony to honest peers. This is especially true in peer-to-peer reputation systems, where covert affiliations are untraceable and the opinions of unknown peers impacts one’s decisions [31]. In an Eclipse attack, a set of malicious peers coordinates to isolate one or more honest peers. Before an attacker
P2P systems are decentralized in nature and hence it is difficult to implement security protections as compared to centrally administered systems. The absence of a well defined defensible border means that it is hard to distinguish malicious peers from honest peers. Strategies for tackling the security challenges also have to be decentralized in nature. Trust can serve as the metric to decide the accessibility of peers to shared resources. Trust in P2P systems is a peer’s belief in another peer’s identity, reliability and capability based on its own experiences [35]. Trust Management entails collecting the information necessary to establish a trust relationship and dynamically monitoring and adjusting the existing trust relationship [36]. Trust Management is a successful approach for encouraging honest and cooperative behavior among peers. Trust management systems can be broadly classified into three categories, policy-based trust systems, social network-based trust systems and reputation-based trust systems. The categories are represented in Fig. 5. Various Trust Models based on these trust systems have been introduced to evaluate peer trustworthiness and reliability of the shared resource. In credential and policy-based trust management systems, peers use credential verification to establish a trust relationship with other peers [37]. The primary goal of such systems is to enable access control; their concept of trust management is limited to verifying credentials and restricting access to resource according to application-defined policies. Resource sharing is based on the trust established from the credentials of the peers. PolicyMaker [38] is a trust management system that facilitates the development of security features including privacy and authenticity for different kinds of network applications. It provides each peer with local control to specify its policies: using PolicyMaker a peer may grant another peer access to its service if the providing peer can determine that the requesting peer’s credentials satisfy the policies. Other Policy based Trust systems like SPKI/SDSI [39], KeyNote [40], DelegationLogic [41] use credential verification to establish trust relationships for access control. These systems are based on the notion of delegation, whereby one entity gives some of its authority to other entities. Social network based trust systems uses the social relationship between peers for computing trust and reputation values. These systems are community based systems which provide access to the resource based on the analysis of the social relationship that the peer possesses within its community. Marsh [42] is among the first to try to give a formal treatment of trust that could be used in computer science.
152
COMPUTER SCIENCE REVIEW
6 (2012) 145–160
Fig. 5 – Categorization of trust management systems.
Table 1 – Comparison of trust management systems. Trust management systems
Policy based trust systems
Reputation based trust systems
Trust establishment
Based on credential verification
Primary security features
Access control, privacy, authentication
Based on recommendation of other peers Identification of malicious peers using recommendation
Trust evaluation Weakness
Local peer Trust worthiness if checked only for the service providers and the provided services. Trust of service requesters not taken into consideration PolicyMaker, SPKI/SDSI, KeyNote, DelegationLogic
Local and global trust evaluation Malicious peers can provide false recommendation and can also collude with other peers to falsify the recommendation DMRep, EigenRep, P2PRep, XRep, NICE, PowerTrust, PeerTrust
Examples
His model is based on social properties of trust and presents an attempt to integrate all the aspects of trust taken from sociology and psychology. Several limitations exist in his simple trust model: too strong a sociological foundation makes the model rather complex and it cannot be easily implemented; the agents cannot collectively build a network of trust because the model puts emphasis on an agent’s own experiences. Regret [43] and NodeRanking [44] are some of the social network based trust systems. Regret establishes peer communities and peer members are considered trustworthy. NodeRanking provides trust score ranking based on the social network behavior of peers. Reputation is the measure of trust collected from other peers through direct or indirect knowledge of earlier transactions with them. These recommendations serve as the metric to decide on the accessibility that is to be provided on the resources being shared. A reputation system in a fully decentralized environment must possess the ability to collect and aggregate the opinions of the users on the quality of the resources and services received by other users [45]. RTMs have been explained in greater detail in the next section. The comparison of various Trust Management Systems is represented in Table 1.
Social network based trust systems Based on social relationships between peers Anomaly detection, malicious peer detection based on behavioral measures Local peer The agents cannot collectively build a network of trust because the trust establishment depends on every peers’ own experiences Marsh, Regret and NodeRanking
5. Reputation based Trust Management Systems Reputation management has come into wide use with the recent advent of widespread P2P computing. Reputation is a measure that is derived from direct or indirect knowledge on earlier interactions with peers and is used to assess the level of trust a peer places on another peer [46]. Most P2P applications happen between users who are virtual strangers to each other. It is very difficult to figure out the ‘trustworthiness’ of other users and the chances of getting cheated are very high. In such a scenario, reputation systems help in making an informed decision regarding the ‘trustworthiness’ of other users based on their reputation [47]. The trust evaluation can be done via two approaches. In the first approach, only the direct transaction partners of a peer can express their opinion on the reputation of the peer [48]. A practical example is the eBay reputation system. After each transaction at eBay, the buyer and the seller rate each other with a positive, negative and neutral feedback. The reputation is calculated at a central server by assigning 1 point for each positive feedback, 0 point for each
COMPUTER SCIENCE REVIEW
neutral feedback and −1 point for each negative feedback. The reputation of a participant is computed as the sum of its points over a certain period. In the second approach, the reputation of a peer is computed based on the opinion of its direct transaction partners as well as some third-party peers [49]. In this approach, a peer A that wishes to know the reputation of another peer B, can ask some peers (e.g., its neighbors) to provide their opinion on B. A then combines the opinion from the peers to calculate B’s reputation. Clearly, this model is more like our real social networks, where third-party peers besides transaction partners can express their opinion on a peer. But it takes more cost to collect and aggregate thirdparty opinion. In a fully distributed P2P system involving numerous peers, a peer often cannot assess another peer’s reputation effectively, but rather must rely on collective opinions from other peers. RTMSs typically perform the trust evaluation in four phases of Reputation Collection, Reputation Aggregation, Reputation Computation and Reputation Exchange.
5.1.
Reputation Collection
The most common ways of collecting the reputation values are by the Transitive trust method, Collecting trust values from the neighbors, the Clustering method and Trusted Third Party. • Collecting from Neighbors—the requester peer can use its neighbors in the overlay network to get reputation information using polling algorithms as in the P2Prep protocol. • Transitive Trust method—Any trustworthy peer would query the trustworthy peers that they have interacted with. In the transitive trust method, a peer tends to trust those peers who have a high reputation in the opinion of trustworthy peers. For better reputation values, the transitive trust technique can also combine negative and positive opinions expressed by peers to reach a global consent on trust for each peer of the network [31]. The reputation information is available as metadata in the downloaded files. A peer sends a query to its neighboring peers to obtain the reputation information from files download by those peers. The requesting peer can then analyze the reputation information to decide the trustworthiness of peers [32]. • Clustering Method—In clustering method the peers are named as servents and Super Peers. The opinion about all the servent peers is collected and maintained by the Super Peer. The servents can collect the reputation about other peers from the Super Peer before processing a resource request [45]. • Trusted Third Party—Trusted Third party (TTP) maintains the reputation about every peer. It has to update the reputation periodically by querying the peers. Any peer that is interested in knowing the reputation of a peer can retrieve it from the TTP.
5.2.
Reputation Aggregation
Reputation is hard to quantify because many dynamic factors are involved. This also introduces other challenges such as
6 (2012) 145–160
153
how to determine the accuracy of the collected opinions and how to aggregate the conflicting opinions to yield a global reputation. RTMSs use various predefined criteria for processing complex data to report reputation. A reputation system in a fully decentralized environment must possess the ability to collect and aggregate the opinions of the users on the quality of the resources and services received by other users [28]. Various techniques available for aggregating the recommendations received from other peers. • Keeping track of past recommendations and weight the feedback according to the credibility of the recommender peers. • Use of suspicious transactions to measure the credibility of recommender peers. • Use of trust and reputation values as credibility metrics for the recommender peers as in EigenTrust, Fuzzy Trust. • Use of different score managers to compute the trust value and using the majority vote to eliminate the false reports by malicious score managers. • Multivariate Outlier detection technique—this technique is used to detect liar peers as in FineGrainedTrust [50]. • Use of Beta distribution based on previous recommendations. • Enforcing policies—in eBay, the net effect on seller’s feedback score is based on the number of negatives, neutrals and positive received [51]; when the seller receives multiple feedbacks from the same buyer within the same week.
5.3.
Reputation Computation
After filtering the feedback and getting rid of dishonest reports, the data gathered from different recommender peers along with the local trust data available at the requester peer is used for reputation computation. Different approaches have been proposed to aggregate and synthesize the trust values received from the recommender peers for the generation of reputation value for a provider peer. • Deterministic approach—A peer’s reputation is based on simple summation or average of collected ratings. In BinaryTrust, reputation is computed based on the number of negative complaints. The reputation scheme used in eBay is based on the sum of the number of positive and negative ratings, in Amazon, the reputation is computed based on the average of all the ratings. • Probabilistic approach: ◦ Bayesian approach: The Bayesian approach uses a probabilistic approach which is based on Bayes formula. Bayesian systems take binary ratings as input, and compute reputation scores based on statistical update of beta probability density functions. Power Trust [52] uses Bayesian method to generate local trust scores. ◦ Maximum Likelihood Estimation (MLE): MLE [53] uses a probabilistic approach to compute the reputation value based on the probability of recommender peers to provide inaccurate information.
154
COMPUTER SCIENCE REVIEW
• Fuzzy Logic—Reputation can be represented as Fuzzy values which are imprecise and not accurately quantified. Different factors can be represented by fuzzy sets and membership functions are used. In FuzzyTrust, fuzzy inferences are used to produce local trust values and aggregate them to global reputation values. P2Prep uses fuzzy values for local trust. • Flow Models—Systems that compute trust or reputation based on transitive iteration or arbitrarily long chains as in EigenTrust and FineGrainedTrust.
5.4.
Reputation Exchange
In Reputation Exchange phase, the reputation information about a peer has to be exchanged with other peers in a secured manner. Many reputation systems are built on positive reputation only [54], where false accusations are not an issue since no negative information is kept. However, the incorrect disseminated information may result in a good reputation for misbehaving nodes. Some reputation systems add privileges to accumulated good reputation like auctioning [55] and Beta reputation system [56] and these systems use a centralized approach for exchanging the reputation information. For distributed systems, Jurca and Faltings [57] aim for an incentive-compatible mechanism by introducing payment for reputation. The peers pay to receive reputation ratings from so-called R-agents, which in turn pay peers providing the information. To encourage the exchange of reputation information, Pinocchio [58] rewards participants that advertise their experience to others and uses a probabilistic honesty metric to detect dishonest users and deprive them their rewards. However, this method does not provide protection against conspiracies or bad-mouthing.
6. Comparison of Reputation Management Systems Reputation system uses different techniques for evaluating trust based on the reputation information. A number of RTMS have been suggested for P2P networks and these include DMRep [59], EigenRep [60], XRep [61], P2PRep [62] and NICE [63]. The role of the recommender in the domain of the target being recommended plays a major role in trust evaluation [64].
6.1.
RTMS based on a centralized approach
The RTMS based on a centralized approach needs a central server to compute the trust score based on the local reputation values stored with every peer. The model proposed by Gupta et al. [65] uses a centralized approach for tracking a positive peer’s contribution to the system using a credit–debit mechanism. Each peer computes the reputation based on its activity with other peers and stores it locally and the Reputation Computation Agent (RCA) periodically collects reputation from peers. Eigen Trust [48] makes use of a transitive definition of trust where any peer will have high opinion about those
6 (2012) 145–160
peers that have provided authentic files to it. The global reputation of each peer is given by the local trust values assigned to the peer by other peers, weighted by the global reputation of the assigning peers. This trust algorithm requires the aggregation of local trust values for computing the global trust score which assumes that a central server knows all local reputation values. Kamvar and Schlosser [60] projected the idea of computing a global reputation value for a peer by calculating the left principal eigenvector of a matrix of normalized local reputation values for a P2P file sharing application. This approach has been applied to satisfy the distributed nature of P2P systems and uses polling mechanism for reputation collection. Distributed Hash Table (DHTs) are used to store the trust values. However, for new peers, a centralized authority is required to assign a position in the hash space. Adrian Alexa [66] proposed a RTMS using an Eigen Trust algorithm to identify the sources of inauthentic files and disseminate the information to other peers. This is done by assigning the peers global trust values based on the previous peer’s behavior. The global trust value computation is centralized but it can compute the global trust values in a distributed way, where every peer has to compute its own global trust value. This may lead to malicious peers lying about their global trust value. This system does not fully support peer anonymity. Shanshan Song et al. [67] have proposed a P2P reputation system based on fuzzy logic inferences, for better handling of uncertainty, fuzziness, and incomplete information in peer trust reports. It was tested with eBay transactions which have a centralized reputation system. Peers perform fuzzy inference on local parameters to generate the local scores. The system uses fuzzy inference to obtain the global reputation aggregation weights. The fuzzy trust aggregation reduces the message overhead when compared to Eigen trust because of the usage of fuzzy inferences.
6.2.
RTMS based on decentralized approach
With decentralization, each peer will act as an agent and be allowed to take responsibility for trust evaluation based on trust policies. A peer’s trust policy is individualistic and need not be communicated to other peers, so this could lead to ambiguity in trust evaluation. Each agent then makes decision for itself, on its own policies. The disadvantage of decentralization is that more responsibility and expertise is required from the agent for managing trust policies. However this responsibility can be assigned to their trusted authority if needed. Decentralization does not completely replace current centralized approaches, but it gives agents a choice of managing their own trust policies. Loubna Mekouar et al. [68] have put forward an effort to develop a new and simple reputation management scheme for partially decentralized peer-to-peer systems. The reputation scheme helps to build trust between peers based on their past experiences and the feedback from other peers. They also proposed two selection advisor algorithms for helping peers to select the right peer for download, by collecting the reputation from neighboring peers. In
COMPUTER SCIENCE REVIEW
this technique, the system overhead will be high and the anonymity of the peer may not be maintained. Li Xiong, and Ling Liu [59] have proposed a trust model that uses community based reputations which can be computed through feedback received from other peers in the community about a peer’s transaction history. Trust context can vary from community to community and from transaction to transaction. They have introduced two adaptive factors, transaction context factor and community context factor as metrics to allow the system to adapt to different domains. However, this model does not address collision attacks and sudden and malicious attacks. Also, this model requires prior building of the community before transactions can happen and hence will not provide full anonymity. Ernesto Damiani [62] addresses the problem of spreading malicious information due to peer anonymity. A self regulating system is proposed to implement a reputation mechanism. Reputation sharing is realized through a distributed polling algorithm by which the resource requestors can assess the reliability of the resource. XRep [33] is a protocol introduced by Damiani which combines the resource and servents’ reputation. This work was proven to be secure against various security attacks like pseudo spoofing, Id stealth and Shilling. However, it requires the reputation information to be exchanged among peers in a secure manner. Natalia Stakhanova et al. [69] have proposed a fully decentralized approach that allows computing peers’ reputation based on the traffic between peers. This model does not employ a centralized storage of reputation score but computes it on demand. This approach relies entirely on a peer’s reputation and depends on the persistence of Peer ID which affects anonymity. It provides a mechanism of assigning minimum average trust for new comers which is based on the assumption that new comers are good peers. Shalendra Chhabra et al. [70] have proposed a reputation management protocol for Super peer based P2P networks. This approach uses clustering technique for reputation collection which is an extension of P2Prep protocol. They also have proposed the use of repeaters among Super Peers to facilitate interaction between servents behind the firewalls and also studied the case of malicious peers, Super Peers and repeaters. This system raises the issue of exposure of polling to security violations. Vladislav Jumppanen [71] has introduced the concept of combining file reputation with peer reputation. Combining peer reputation with file reputation increases the efficiency of the reputation system and consequently increases the efficiency of a P2P network with a reduced number of malicious peers, malicious transactions and malicious files. This system allows the peers to store their own reputation and also collect from the neighbors to obtain the reputation values of other peers. Since file reputation is used, the system overhead will be high when compared to a system that uses only peer reputation. Also the issue of secure reputation exchange and other security measures has not been addressed. Kevin Walsh [72] introduced Credence, a decentralized object reputation and ranking system for large-scale peerto-peer file sharing systems. This system enables peers to
6 (2012) 145–160
155
determine object authenticity, the degree to which an object’s data matches with its advertised description. It computes the reputation scores based on the statistical measure of the reliability of past voting habits. The peers can learn relationships even in the absence of direct observations or interactions since it uses a trust computation mechanism based on the flow. This system provides incentives for peers to participate honestly in voting. Runfang Zhou and Kai Hwang [52] have designed a P2P reputation system that is based on the Power Trust system. The system selects few nodes to be power nodes and assumes those nodes to be trustworthy. Those nodes will help in collecting locally-generated peer feedbacks and aggregate them to yield the global reputation scores. This paper uses a structured trust overlay network (TON) to model the trust relationships among peers and a power-law distribution in user feedbacks. However, in a large P2P system with frequent peer joining and leaving, we cannot assume that there always exist some static and predetermined power nodes. Runfang Zhou and Kai Hwang [55] have extended their work on unstructured P2P systems and designed a novel mechanism of GossipTrust which resorts to gossip protocols to aggregate global reputation scores. Each peer repeatedly contacts others at random, and exchanges reputation data with them. The power nodes are dynamically chosen after every reputation aggregation. There is a tradeoff that exists between gossip error and convergence overhead. Debora Donato et al. [45] proposed a new approach to the design of fully decentralized reputation mechanisms that combine negative and positive opinions expressed by peers to reach a global consensus on trust and distrust values for each peer of the network. This system concentrates on quick retrieval of the trust ratings of the peers and for an update of ratings based on feedback information. This system is able to detect malicious peers with a high degree of malicious activity. However, there is the danger of assuming peers with low malicious activity to be honest peers. Ali Aydın et al. [73] have proposed a reputation system to identify malicious peers and to prevent the spread of malicious content. The protocol is based on the query– response architecture in which the user evaluates the outcome of its past transactions and shares this information with other peers when requested. The system relies on the judgment of the users and is effective only against attacks that the users perceive. This protocol does not distinguish between malicious and careless peers. Jianli Hu et al. [74] have introduced a secure and effective reputation based distributed P2P global trust management model (DSRM), and presented its corresponding distributed storage mechanism of reputation information, and security protection protocol. This work is based on the clustering technique to collect the reputation values. It uses a terrace based distributed reputation storage mechanism in which a uni-hash function is used to provide the advantage of anonymity. This system provides protection against various malicious behaviors and collusions, suppresses Sybil attacks and trust information tampering. RVVSV Prasad et al. [75] in their work have introduced a reputation management system based on the similarities between the peers. Credibility factor was assigned to the peers
156
COMPUTER SCIENCE REVIEW
6 (2012) 145–160
Table 2 – Comparison of reputation management systems. Reputation based trust management systems
Reputation collection
Reputation aggregation
Global trust model
Agent based mechanism
Statistical data analysis of former transactions
EigenRep
Polling mechanism
Fuzzy trust
Query–response with the peers that meet a threshold Distributed polling algorithm
Use of trust and reputation values as credibility metrics for the recommender peers Fuzzy logic inferences of local trust scores Use of combined reputations of servents and resources Servent selection based on its own past experiences
XRep P2Prep
Gossip based trust
Enhanced polling mechanism to selected servents Polling mechanism of super peers Local trust score collection from neighbors or community members Distributed ranking of power nodes and applies look ahead random walk strategy Gossip protocol
PeerTrust
Public key infrastructure
NICE
Signed cookies
SupP2Prep Object reputation system
PowerTrust
Vote aggregation based on credibility of a peer Statistical measure of reliability of the peer’s past voting habits Applies power law distribution on user’s feedback Normalization of local scores using gossip aggregation protocol Weighted sum of feedback factors Decentralized trust inference scheme
based on its similarity. The reputation computation is based on feedback similarity, common vendor similarity, interaction similarity and age of transactions. The trustworthiness of any peer is viewed as the expectation of cooperative behavior from that peer. It is a community based reputation system which requires the cooperation of the peers in the community to which they belong. William Conner et al. [76] have presented a reputationbased trust management framework that enables services to make customized trust level assessment of feedback from many entities. This also provides a way of applying different scoring functions to each entity over the same feedback data. The trust framework provides a way of storing the feedback on previous service interactions with clients. However, the trust framework development is based on many assumptions which include the absence of a Sybil attack and that secure communication exists between the services and the trust management service instances. It only considers the attacks characterized by negative feedback. Dewan and Dasgupta [77] have suggested a cryptographic protocol for ensuring secure and timely availability of the reputation data of a peer to other peers at extremely low costs. The past behavior of the peer is encapsulated in its digital reputation, and is subsequently used to predict its future actions. The cryptographic protocol is coupled with self-certification and cryptographic mechanisms for identity management and countering Sybil attack. The approach in this paper is based on relative ranking of the peers. There might be some systems that need absolute values, which the proposed approach does not support.
Reputation computation
Reputation storage
Binary trust evaluation based on normalization of complaints Eigenvector of a matrix of normalized local reputation values Fuzzy inference on local parameters Vote evaluation using binary value Ordered weighted averaging of votes
Decentralized P-Grid
Weighted average of positive votes Flow based voting mechanism
Every peer’s repositories Every peer’s repositories
Bayesian approach
DHT
Matrix–vector computation
Bloom filters
Normalized rate on each transaction Weighted sum of strongest disjoint paths on trust graph
Decentralized P-Grid Every peer’s repositories
DHT
DHT Every peer’s repositories Every peer’s repositories
The various Reputation based Trust Management Systems are compared based on its functionality and tabulated using Table 2.
6.3.
Security and Reputation Management Systems
Most P2P systems work on the assumption of honest cooperation of peers. But in an anonymous P2P networks, it is difficult to make the participating peers cooperate. They may be selfish and unwilling to upload data to others. More seriously, some peers may launch attacks to disrupt the service or distribute viruses in the overlay network. We call these uncooperative, abnormal or attacking behavior malicious actions and the associated peers as malicious peers. In Table 3 we present a comparison of protection provided by the various reputation systems against different types of security attacks. As seen from the table, many of the reputation systems are able to differentiate malicious peers from normal peers. The P2P reputation systems that use Distributed hashing mechanism are able to solve the problem of Data Placement. The reputation systems, which are distributed and use hashing mechanism for indexing is secure against Index Poisoning attack.
7. Open research issues in Reputation Systems Reputation systems provide a way for building trust through social control by using community based feedback about
COMPUTER SCIENCE REVIEW
157
6 (2012) 145–160
Table 3 – Comparison of protection provided by RTMs against various security attacks. ✓—Secure, ×—Vulnerable. Reputation based trust management systems Global trust model EigenRep Fuzzy trust XRep P2PRep SupP2Prep Object reputation PowerTrust Gossip based trust PeerTrust NICE
Sybil attack
× ✓ × ✓ × ✓ × × × × ×
Collision Index Data attack poisoning placement problem × ✓ ✓ × × × × × × × ×
× × ✓ ✓ ✓ × × × × × ×
✓ ✓ ✓ × × × ✓ ✓ ✓ ✓ ✓
past experiences of peers to help make recommendation and judgment on quality and reliability of the transactions. The challenge of building such a reputation based trust mechanism in a P2P system is to effectively cope up with various malicious behaviors of peers such as providing fake or misleading feedback about other peers, collusion attack etc. Most existing reliable reputation mechanisms require a central server for storing and distributing the reputation information. A number of RTMSs for distributed and decentralized environment have been discussed. But it still remains a challenge to build a decentralized P2P trust management system that is efficient, scalable, reliable, and secure in both trust computation and trust data storage and distribution. We present some issues that need to be addressed in greater detail in the design of RTMSs. • Malicious reputation information There is a challenge in preserving anonymity while maintaining the privacy about a peer. The problem of securing hosts on P2P network while keeping the openness of the system has been studied extensively over last couple of years but still remains an open research issue that has not yet been fully resolved. Existing solutions based on reputation management either employ centralized algorithms or rely on peers’ cooperation in the network. To decrease the number of downloads of inauthentic files in a peer-to-peer file-sharing network each peer can be assigned with a unique global reputation value, based on the peer’s history of uploads. However, this also gives rise to the difficult problem of preserving the integrity of file metadata and to prevent false modification from malicious peers. • Free riding Free riders are peers who just download files but do not share anything to other peers. They significantly destroy the philosophy of P2P file-sharing networks. Research has to be focused on the development of acceptable mechanisms for rewarding good peers as a motivation for peers to share their resources and also to deter free riders. • Right peer selection A reputation system should provide effective mechanisms for identifying good peers who share reliable resources. As the reputation scheme helps to build trust between peers based on their past experience and transactions, it should also be able to identify low performing peers that fail to provide
Identifier DoS corruption attack
× × × ✓ × ✓ × × × × ×
× × × ✓ × ✓ ✓ × × × ✓
White washing attack × × × × × × × × × × ×
Traitor attack
✓ × × × × × × × ✓ × ×
Free riding
× ✓ × × × × × × × ✓ ×
Malicious peer detection ✓ ✓ ✓ × ✓ ✓ ✓ ✓ ✓ ✓ ✓
proper services. Hence right peer selection is an important aspect of any reputation system that remains still an area for further research focus. • Combining peer reputation with resource reputation It has been seen that combining peer reputation with file reputation increases the effectiveness of the reputation system and reduces malicious peers, resources and transactions. However, present systems have high overhead for trust information exchange and computation. Hence, this is an area where research could be focused on improving the efficiency of trust aggregation and evaluation. • Decentralized reputation storage Presently much of the work done on reputation storage uses a centralized database for storing the reputation information. Super peers or agents are used to collect and share the reputation information with other peers. However, P2P systems are essentially dynamic in nature with peers joining and leaving at random intervals. So, it is not feasible to assume some static and predetermined peer agents for maintaining reputation information. While there has been some work carried out on decentralized storage of reputation information, there is still plenty of scope for research for secure storage and distribution of reputation information. As global reputation scores are aggregated from local feedbacks, the proper distribution of feedbacks play a significant role in the design of an efficient reputation system. • Reputation exchange The manner in which reputation exchange is carried out is a major aspect of any reputation system. Existing techniques like Eigen Trust and Power Trust mechanisms aggregates trust information from peers by having them perform a distributed calculation for global trust reputation. However, peer anonymity is not fully maintained. Protocol based reputation systems use secure protocols for reputation exchange. But these protocol based approaches depend on traditional security mechanisms which are not fully appropriate for decentralized P2P systems. Hence, there is a need for research focus on secure exchange of distributed reputation information. • Witness anonymity A peer’s reputation should be associated with an opaque identifier rather than with an externally associated identity such as a peer’s IP address. There is a need for research
158
COMPUTER SCIENCE REVIEW
focus on witness anonymity which combines the seemingly conflicting requirements of anonymity for honest peers who report on the misbehavior of other peers and accountability for malicious peers that attempt to misuse the anonymity feature to deprecate honest peers.
8.
Conclusion
In this survey, we have presented an overview of P2P networks and reviewed currently available Reputation Trust Management Systems for P2P. P2P networks are open to various forms of attacks, break-ins, espionage, and malicious mischief. Trust Management Systems provide a proven, efficient and feasible mechanism for identifying malicious peers and provide security against malicious attacks. RTMSs have been studied and discussed in detail with respect to mathematical representation of reputation collection, aggregation, storage and exchange of reputation information and trust evaluation. We have presented a comparison of protection provided by RTMSs against various security attacks. Open research issues that need to be addressed in the design of RTMS to make them more reliable and robust have been discussed. These issues, properly addressed can enable P2P networks to be secure, reliable and trustworthy so that the benefits of scalability, efficiency, and resilience to failures and dynamics can be fully realized. The review can also be considered as a source for future research directions in RTMS for P2P systems. REFERENCES
[1] Dan S. Wallach, A survey of peer-to-peer security issues, in: International Symposium on Software Security, Tokyo, Japan, November 2002. [2] Robin Jan Maly, E.T.H. Zurich (Switzerland), Comparison of centralized (client–server) and decentralized (peer-to-peer) networking, Semester Thesis, March 2003. [3] J. Buford, H. Yu, E.K. Lua, P2P Networking and Applications, Morgan Kaufmann, 2008, p. 415. [4] S. Zhao, D. Stutzbach, R. Rejaie, Characterizing files in the modern gnutella network: a measurement study, in: SPIC/ACM, Multimedia Computing and Networking, San Jose, CA, 2006. [5] R. Morselli, B. Bhattacharjee, A. Srinivasan, M. Marsh, Efficient lookup on unstructured topologies, in: Proceedings of the Twenty-Fourth Annual ACM Symposium on Principles of Distributed Computing, Las Vegas, NV, USA, July 17–20, PODC’05, ACM Press, New York, NY, pp. 77–86, 2005. [6] B. Yang, H. Garcia-Molina, Efficient search in peer-topeer networks, in: International Conference on Distributed Computing Systems, Vienna, Austria, 2002. [7] John F. Buford, Heather Yu, X. Shen, et al., Peer-to-peer networking and applications: synopsis and research directions, c Springer Science in: Handbook of Peer-to-Peer Networking, ⃝ +Business Media, LLC, 2010, http://dx.doi.org/10.1007/978-0387-09751-0 1. [8] Sameh El-Ansary, Seif Haridi, An overview of structured P2P overlay networks, Thesis, Royal Institute of Technology— IMIT/KTH, Sweden, July 19, 2004. [9] I. Stoica, R. Morris, D.H. Karger, “Chord: a scalable Peerto-Peer lookup service for Internet applications”, in: ACM SIGCOMM, San Diego, 2001.
6 (2012) 145–160
[10] A. Rowstron, P. Druschel, Pastry: scalable, distributed object location and routing for large-scale peer to peer systems, in: IFIP/ACM International Conference on Distributed Systems Platforms, Heidelberg, Germany, 2001. [11] Sylvia Ratnasamy, Paul Francis, Mark Handley, Richard Karp, Scott Shenker, A scalable content addressable network, in: SIGCOMM’01, August 2001, San Diego, California, USA. [12] J. Buford, H. Yu, E.K. Lua, P2P Networking and Applications, Morgan Kaufmann, 2008. [13] A. Crespo, H. Garcia-Molina, Routing indices for peer-topeer systems, in: International Conference on Distributed Computing Systems, Vienna, Austrian, 2002. [14] In-suk Kim, Yong-hyeog Kang, Young Ik Eom, An efficient contents discovery mechanism in pure P2P environments, in: M. Li, et al. (Eds.), GCC 2003, in: LNCS, vol. 3032, Springer, 2004, pp. 420–427. [15] Srinivas Raaghav Kashyap, Algorithms for data placement, reconfiguration and monitoring in storage networks, Doctor Dissertation, 2007, University of Maryland ACM. ISBN: 978-0549-45087-0. [16] Johan Pouwelse, The BitTorrent P2P file-sharing system, Detailed Measurement Study, Published Saturday 18th December 2004. [17] I. Clarke, O. Sandberg, B. Wiley, T.W. Hong, Freenet: a distributed anonymous information storage and retrieval system, Lecture Notes in Computer Science (2001). [18] James Walkerdine, Paul Rayson, P2P-4-DL: digital library over peer-to-peer, in: Proceedings of the Fourth International Conference on Peer-to-Peer Computing, P2P’04, 0-7695-2156c 2004. 8/04 $20.00 ⃝ [19] Anil Saroliya, Vishal Shrivastava, Security problems and their upshots in routing protocols of DHT based overlay networks, Journal of Theoretical and Applied Information Technology (2005). [20] Eleni Koutrouli, Aphrodite Tsalgatidou, Reputation-based trust systems for P2P applications: design issues and comparison framework, in: TrustBus, LNCS, vol. 408, pp. 152–161, 2006. [21] Xin Sun, Ruben Torres, Sanjay Rao, DDoS attacks by subverting membership management in P2P systems, in: 3rd IEEE Workshop on Secure Network Protocols, 2007, NPSEC 2007, p. 1–6. [22] Cristiano Costa, Jussara Almeida, Reputation systems for fighting pollution in peer-to-peer file sharing systems, 07695-2986-0/07. http://dx.doi.org/10.1109/P2P.2007.15. [23] Mudhakar Srivatsa, Ling Liu, Countering targeted file attacks using location guard, in: Proceedings of the 14th Conference on USENIX Security Symposium, 2005—SSYM’05, vol. 14. [24] Detecting and mitigating a BGP slow peer Cisco IOS and NXOS software configuration guide, Updated July 2010. [25] http://www.p2pconsortium.com/index.php/topic/5078problems-with-dc. [26] S. Rhea, et al. Handling churn in a DHT, in: Proc. 2nd Int’l. Wksp. Peer-to-Peer, IPTPS 2003, February 2003. [27] Eng Keong Lua, Jon Crowcroft, Marcelo Pias, A survey and comparison of peer-to-peer overlay network schemes, in: IEEE Communications—1553-877X 72 IEEE Communications Surveys & Tutorials, Second Quarter, 2005. [28] Sergio Marti, Hector Garcia-Molina, Identity crisis: anonymity vs. reputation in P2P systems, in: Proceedings of the Third International Conference on Peer-to-Peer Computing, P2P’03. 0-7695-2023-5/03. [29] Krisztina Lója, Paolo Giaccone, Nash equilibria in bandwidth allocation for non-cooperative peer-to-peer networks, Journal of Systems Architecture 54 (2008) 81–96. [30] Lin Wang, Attacks against peer-to-peer networks and countermeasures, in: TKK T-110.5290 Seminar on Network Security 2006-12-11/12.
COMPUTER SCIENCE REVIEW
[31] Eng Keong Jua, Jon Crowcroft, Marcelo Pias, University— A survey and comparison of peer-to-peer overlay network schemes, IEEE Communications Surveys & Tutorials 7 (2) (2005) 1553–1877. Second quarter. [32] Michal Feldman, Christos Papadimitriou, John Chuang, Ion Stoica, Free-riding and whitewashing in peer-to-peer systems, IEEE Journal on Selected Areas in Communications 24 (5) (2006) 1010–1019. [33] Sergio Marti, Hector Garcia-Molina, Taxonomy of trust: categorizing P2P reputation systems, Computer Networks 50 (2006) 472–484. [34] Marlom A. Konrath, Marinho P. Barcellos, Rodrigo B. Mansilha, Attacking a Swarm with a Band of Liars: evaluating the impact of attacks on BitTorrent, in: Seventh IEEE International Conference on Peer-to-Peer Computing, 0-76952986-0/07, 2007, IEEE. http://dx.doi.org/10.1109/P2P.2007.14. [35] Riidiger Schollmeier, A definition of peer-to-peer networking for the classification of peer-to-peer architectures and applications, 0-7695-1503-7102, 2002, IEEE. [36] Huaizhi Li, Mukesh Singhal, Trust management in distributed systems, IEEE Journal (2007). [37] Matt Blaze, Joan Feigenbaum, Jack Lacy, Decentralized trust management, in: Proceedings of the 1996 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, 1996, pp. 164–173. [38] Matt Blaze, Joan Feigenbaum, Martin Strauss, Compliancechecking in the PolicyMaker trust management system, in: Proceedings of Second International Conference on Financial Cryptography, FC’98, in: Lecture Notes in Computer Science, vol. 1465, Springer, 1998, pp. 254–274. [39] D. Clarke, J. Elien, C. Ellison, M. Fredette, A. Morcos, R.L. Rivest, Certificate chain discovery in SPKI/SDSI, Journal of Computer Security 9 (4) (2001) 285–322. Proc. of the IEEE Symposium on Security and Privacy, May 2002, pp. 114–130. [40] Ninghui Li, John C. Mitchell, William H. Winsborough, Design of a role based trust management framework, in: Proc. of LMW02, 2004. [41] Ninghui Li, Benjamin N. Grosof, Joan Feigenbaum, A practically implementable and tractable delegation logic, in: Proceedings of the IEEE Symposium on Security and Privacy, IEEE Computer Society Press, pp. 27–42, 2000. [42] S. Marsh, Formalising trust as a computational concept, Ph.D. Thesis, University of Stirling, 1994. [43] J. Sabater, C. Sierra, Reputation and social network analysis in multi-agent systems, in: First International Joint Conference on Autonomous Agents and Multi-Agent Systems, Bologna, Italy, 2002. [44] J. Pujol, R. Sanguesa, Extracting reputation in multi agent systems by means of social network topology, in: First International Joint Conference on Autonomous Agents and Multi-Agent Systems, Bologna, Italy. [45] Debora Donato, Stefano Leonardi, Mario Paniccia, Combining transitive trust and negative opinions for better reputation management in social networks, in: Procs of SNAKDD, Las Vegas, Nevada, 2008, p. 10. [46] Karl Aberer, Zoran Despotovic, Managing trust in a peer-2peer information system, 2001. ISBN: 1-58113-436-3. [47] B.S. Jyothi, D. Janakiram, Robust sybil detection strategy for P2P reputation systems built over structured overlays, 2006. [48] Sepandar D. Kamvar, Mario T. Schlosser, Hector GarciaMolina, EigenRep: reputation management in P2P networks, 2003. ISBN: 1-58113-680-3. [49] F. Cornelli, E. Damiani, S. Vimercati, S. Paraboschi, P. Samarati, Choosing reputable servents in a P2P network, in: Proc. ACM WWW’02, 2002, pp. 376–386. [50] Yanchao Zhang, Yuguang Fang, A fine-grained reputation system for reliable service selection in peer-to-peer networks, IEEE Transactions on Parallel and Distributed Systems 18 (8) (2007) 1134–1145.
6 (2012) 145–160
159
[51] Paul Resnick, Richard Zeckhauser, Trust among strangers in Internet transactions: empirical analysis of Ebay’s reputation system, in: Working Paper for the NBER Workshop on Empirical Studies of Electronic Commerce, 2001. [52] Runfang Zhou, Kai Hwang, PowerTrust: a robust and scalable reputation system for trusted peer-to-peer computing, IEEE Transactions on Parallel and Distributed Systems 18 (4) (2007) http://dx.doi.org/10.1109/TPDS.2007.1021. [53] Z. Despotovic, K. Aberer, P2P reputation management: probabilistic estimation vs. social networks, Computer Networks 50 (4) (2006) 485–500. [54] Sonja Buchegger, Jean-Yves Le Boudec, A robust reputation system for P2P and mobile ad-hoc networks, EPFL IC Technical Report IC/2003/50. [55] Runfang Zhou, Kai Hwang, Gossip-based reputation aggregation for unstructured peer-to-peer networks, in: IEEE International on Parallel and Distributed Processing Symposium, IPDPS-2007. 1-4244-0910-1/07. [56] Audun Josang, Roslan Ismail, The beta reputation system, in: Proceedings of the 15th Bled Electronic Commerce Conference, Bled, Slovenia, June 2002. [57] R. Jurca, B. Faltings, An incentive compatible reputation mechanism, in: Proceedings of the IEEE Conference on ECommerce, Newport Beach, CA, USA, June 24–27, 2003. [58] Alberto Fernandes, Evangelos Kotsovinos, Sven String, Boris Dragovic, Incentives for honest participation in distributed trust management, in: Proceedings of iTrust 2004, Oxford, UK, March 2004. [59] Li Xing, Ling Liu, A reputation-based trust model for peerto-peer ecommerce communities, in: 2003 IEEE International Conference on E-Commerce Technology, CEC’03, 2003, p. 275. [60] D. kamvar, Mario T. Schlosser, Eigen trust algorithm for reputation management in P2P networks, May 2003. ACM 1-58113-680-3/03/0005. [61] F. Cornelli, E. Damiani, S.C. Vimercati, S. Paraboschi, P. Samarati, A reputation-based approach for choosing reliable resources in peer-to peer networks, in: CCS’02, USA, 2002. [62] E. Damiani, S.D.C. di Vimercati, S. Paraboschi, P. Samarati, Managing and sharing servents’ reputations in P2P systems, IEEE Transactions on Knowledge and Data Engineering 15 (4) (2003) 840–854. [63] S. Lee, R. Sherwood, Cooperative peer groups in NICE, in: IEEE Infocom, San Francisco, USA, 2003. [64] Yan Wang, Vijay Varadharajan, Role-based recommendation and trust evaluation, in: 4th IEEE International Conference on Enterprise Computing, E-Commerce and E-Services, CEC-EEE 2007. [65] M. Gupta, P. Judge, M. Ammar, A reputation system for peer to peer networks, in: Proceedings of NOSSDAV, 2003. [66] Adrian Alexa, Reputation management in P2P networks: the eigentrust algorithm, Thesis, Supervised by Anja Theobald. [67] Shanshan Song, Kai Hwang, Runfang Zhou, Trusted P2P Transactions with Fuzzy Reputation Aggregation, Published by the IEEE Computer Society, 2005, 1089-7801/05. [68] Loubna Mekouar, Youssef Iraqi, Raouf Boutaba, A reputation management and selection advisor schemes for peer-to-peer systems. [69] Natalia Stakhanovism, Sergio Ferrari, Johnny Wong, Ying Cai, A reputation-based trust management in peer-to-peer network systems, 2004. [70] Shalendra Chhabra, Ernesto Damiani, Sabrina De Capitani di Vimercati, Stefano Paraboschi, Pierangela Samarati, SupP2PRep: a protocol for reputation management via polling in P2P networks with superpeers, 2008. [71] Vladislav Jumppanen, File reputation in decentralized P2P reputation management, HUT T-110.551, 2005.
160
COMPUTER SCIENCE REVIEW
[72] Kevin Walsh, Emin Gun Sirer, Experience with an object reputation system for peer-to-peer filesharing, in: USENIX Association NSDI ’06: 3rd Symposium on Networked Systems Design & Implementation. [73] Ali Aydın Selçuk, Ersin Uzun, Mark Re¸sat Pariente, A reputation-based trust management system for P2P networks, International Journal of Network Security 6 (3) (2008) 235–245. [74] Jianli Hu, Quanyuan Wu, Bin Zhou, Secure and distributed P2P reputation management, Journal of Communication 3 (7) (2008).
6 (2012) 145–160
[75] R.V.V.S.V. Prasad, Vegi Srinivas, V. Valli Kumari, K.V.S.V.N. Raju, An effective calculation of reputation in P2P networks, Journal of Networks 4 (5) (2009). [76] William Conner, Arun Iyengar, Thomas Mikalsen, Isabelle Rouvellou, Klara Nahrstedt, A trust management framework for service-oriented environments, WWW 2009, April 20–24, 2009, Madrid, Spain. ACM 978-1-60558-487-4/09/04. [77] Prashant Dewan, Partha Dasgupta, P2P reputation management using distributed identities and decentralized recommendation chains, IEEE Transactions on Knowledge and Data Engineering 22 (7) (2010).
6 (2012) 145–160
Available online at www.sciencedirect.com
journal homepage: www.elsevier.com/locate/cosrev
Survey
A survey on Security Issues of Reputation Management Systems for Peer-to-Peer Networks Chithra Selvaraj a,∗ , Sheila Anand b a SSN College of Engineering, Anna University, Chennai, Tamil Nadu, India b Rajalakshmi Engineering College, Anna University, Chennai, Tamil Nadu, India
A R T I C L E
I N F O
A B S T R A C T
Article history:
The objective of this paper is to present a comprehensive survey of security issues in
Received 9 May 2011
Reputation based Trust Management system (RTMS) also known in short as Reputation
Received in revised form
Management Systems for P2P networks. The wide adoption of P2P computing has enhanced
29 March 2012
content publishing, pervasive information collection, streaming of real-time sensed data
Accepted 7 April 2012
and information sharing on an enormous global scale. At the same time, the open and anonymous nature of P2P makes it vulnerable to malicious attacks and the spread of
Keywords:
malware. In this paper, we discuss in detail the different security attacks on P2P systems
P2P
and have categorized them as network-related and peer-related attacks. RTMS helps to
Reputation Management System
establish and evaluate Trust, which is the degree of belief that is established to prove
Trust
that the right user is accessing the right resource. We have explained the different Trust
Security
Management schemes used in P2P networks and have compared them on the basis of trust establishment, security features, trust evaluation and weakness. We have surveyed the RTMSs currently in use and have compared them on the basis of reputation collection, aggregation, computation, storage and degree of centralization of reputation computation and management. We also present a comparison of protection provided by RTMs against the various security attacks discussed. Open research issues and challenges that have yet to be addressed in the design of current RTMs have been presented in detail. This survey can be used as a reference guide to understand Trust Management and RTMS for P2P networks and to further research in RTMSs to make them efficient, reliable and scalable to enable and promote the utilization of P2P systems for large communities and applications. c 2012 Elsevier Inc. All rights reserved. ⃝
Contents 1.
Introduction ................................................................................................................................................................................. 146
2.
P2P networking paradigm ............................................................................................................................................................. 146 2.1.
P2P architectures ............................................................................................................................................................... 146 2.1.1.
Unstructured overlays .......................................................................................................................................... 147
2.1.2.
Structured overlays............................................................................................................................................... 147
∗ Corresponding author. E-mail addresses: [email protected] (C. Selvaraj), [email protected] (S. Anand). c 2012 Elsevier Inc. All rights reserved. 1574-0137/$ - see front matter ⃝ doi:10.1016/j.cosrev.2012.04.001
146
COMPUTER SCIENCE REVIEW
2.2.
2.3. 3.
6 (2012) 145–160
Content search in P2P networks......................................................................................................................................... 148 2.2.1.
Centralized Indexing in P2P networks .................................................................................................................. 148
2.2.2.
Distributed Indexing in P2P networks................................................................................................................... 148
2.2.3.
Hybrid Indexing in P2P networks .......................................................................................................................... 148
P2P Applications ................................................................................................................................................................ 148
Security attacks in P2P networks .................................................................................................................................................. 150 3.1.
Network related attacks ..................................................................................................................................................... 150
3.2.
Peer related attacks............................................................................................................................................................ 151
4.
P2P Trust Management ................................................................................................................................................................. 151
5.
Reputation based Trust Management Systems ............................................................................................................................. 152
6.
5.1.
Reputation Collection ........................................................................................................................................................ 153
5.2.
Reputation Aggregation ..................................................................................................................................................... 153
5.3.
Reputation Computation ................................................................................................................................................... 153
5.4.
Reputation Exchange ......................................................................................................................................................... 154
Comparison of Reputation Management Systems ........................................................................................................................ 154 6.1.
RTMS based on a centralized approach.............................................................................................................................. 154
6.2.
RTMS based on decentralized approach............................................................................................................................. 154
6.3.
Security and Reputation Management Systems................................................................................................................. 156
7.
Open research issues in Reputation Systems................................................................................................................................ 156
8.
Conclusion.................................................................................................................................................................................... 158 References .................................................................................................................................................................................... 158
1.
Introduction
Peer-to-peer (P2P) is a distributed network architecture that provides resource sharing and collaboration between peers that are equally privileged, equipotent participants without the need for a central server or authority for coordination and control. The resources shared include processing power, data, content storage and network bandwidth. These resources are accessible by other peers directly, without the support of intermediary entities. P2P networks are self organizing distributed systems where peers join and leave the network dynamically. The open and unrestricted environment of P2P architecture makes it an ideal environment for unauthorized access to resources and information. P2P raises some serious security concerns for users as there is a complete lack of accountability for the content a peer puts on the network. P2P systems have to protect themselves from attacks by anonymous malicious peers who infect the network with unreliable resources that can potentially destroy data and infect programs on a peer’s computer system [1]. This paper presents a comprehensive survey of security issues in Reputation based Trust Management system (RTMS) also known in short as Reputation Management Systems for P2P networks. Attacks by anonymous malicious peers have become increasingly common in many of the popular P2P networks. Peers must be able to determine whether the requesting peers are who they claim to be and also be able to distinguish between reliable and malicious peers. Peers must be able to establish trust with the requesting peers before allowing them access to their shared resources and services. Many trust models have been proposed for P2P networks. This survey can be used as a reference guide to understand Trust Management in general and RTMS in particular detail. In addition, this paper attempts to address open research issues and challenges to further research in RTMSs that would enable them to be efficient, reliable and dynamically scalable.
The rest of the paper is organized as follows. Section 2 gives a brief introduction to P2P network architecture and discusses some popular P2P applications. Section 3 categorizes various types of security attacks on P2P networks and classifies them based on the entity (network or peer) that is attacked. Section 4 discusses the need for trust and trust management systems in P2P networks. Different types of trust management systems have been discussed and classified on various parameters. Sections 5 and 6 summarizes and compares the different reputation management systems. Section 7 discusses open research issues and challenges in designing reputation management systems and Section 8 gives the conclusion.
2.
P2P networking paradigm
2.1.
P2P architectures
The two primary types of network architecture are clientserver and peer-to-peer networks. In client-server networks, a central server handles all security and file transactions while in peer-to-peer networks; each machine shares its own resources and handles its own security. The comparison of client-server and peer-to-peer architecture models is given in Fig. 1 [2]. The primary advantage of P2P networks is that all clients contribute and share their own resources and all peers are both users and providers of resources. Hence in comparison to client–server networks, P2P networks are more robust and scalable as there are no central authorities or servers. The P2P overlay network consists of all the participating peers as network nodes. There are communication links between any two nodes that know each other: i.e. if a participating peer knows the location of another peer in the P2P network, then there is a directed edge from the former node to the latter in the overlay network. Based on how the nodes in the overlay
COMPUTER SCIENCE REVIEW
6 (2012) 145–160
147
Fig. 1 – Client–server and P2P models.
network are linked to each other, we can classify the P2P
2.1.2.
networks as unstructured or structured.
Structured Overlay is an architecture in which nodes cooperatively maintain routing information about how to reach all nodes in the overlay [7]. Structured overlay networks let the set of cooperating peers act as a distributed data structure with well-defined operations. A Distributed Hash Table (DHT) is a structured overlay that uses key-based routing for indexing in which each peer is assigned to maintain a portion of the DHT index. The address space is virtualized and addresses are randomly assigned. Peers that are neighbors in the overlay can be far-away in the underlying network. Structured overlays are differentiated according to a variety of dimensions such as: maximum number of hops for routing a request, routing algorithm, node degree with size of overlay, overlay geometry and lookup type. Chord, Pastry, Tapestry, Kademlia, HyperCup, P-Grid, Koorde, CAN are some of the P2P systems based on structured overlays [8]. Chord [9] is a well known DHT-based distributed protocol that is aimed to efficiently locate the peer node that stores a particular data item. Peer nodes are arranged in a ring that keeps the keys ranging from 0 to 2m − 1. A consistent hashing is used to assign items to nodes, which provides load balancing and only requires a small number of keys to change when nodes join or leave the network. The hash function assigns each node and each key an ID using SHA-1 hashing algorithm. Pastry [10] is a prefix-based routing system using a proximity metric. Each node in the Pastry network has a unique identifier (nodeId). When presented with a message and a key, a Pastry node efficiently routes the message to the node with a nodeId that is numerically closest to the key, among all the currently live Pastry nodes. Content-Addressable Network (CAN) [11] generalizes the DHT methods used in Chord and Pastry. A CAN identifier space can be looked at as a d-dimensional version of Chord and Pastry identifier space. Higher dimensions in the identifier space reduce the number of routing hops but slightly increase the size of routing table saved in each node. Hence, it can be seen that structured P2P networks use a global protocol to route search requests among the peers in the network and in DHT based P2P systems, “a set of keys is associated with addresses in the address space such that the
2.1.1.
Unstructured overlays
An unstructured overlay is an overlay in which a node relies only on its adjacent nodes for delivery of messages to other nodes in the overlay. Example message propagation strategies are flooding and random walk [3]. Unstructured P2P systems do not maintain network structure and establish links arbitrarily. Unstructured overlay designs of P2P systems include Freenet, Gnutella, FastTrack, Fast Freenet, Local Minima Search (LMS). Unstructured overlays are usually further distinguished by how search requests are propagated and by differences in link formation with neighboring peers. Flooding is the fundamental approach of search where queries are forwarded to all connected peer nodes to check whether they have the requested file. Gnutella adopts a flooding algorithm for searching files [4]. Random walk is another method of search which enables peer nodes to forward a query to a randomly chosen neighbor rather than broadcast the query to all its neighbors. For example, LMS is a P2P system which uses a Random Walk search in which the objects are proactively replicated using consistent hashing of object identifiers to place objects at close node identifiers [5]. Yang and Garcia [6] have presented an Iterative Deepening technique for resource discovery in Unstructured P2P systems. Iterative Deepening is a method of search which enables query originators to use successive Breadth First Search (BFS) queries with increasing depths, until the request is satisfied or the maximum depth is reached. Guided Search is a search method which enables peer nodes to maintain additional information about other peer nodes in the network like network topology and resource locations. For example, Napster uses a centralized server to maintain such additional information. KaZaa and JXTA utilize a set of supernodes to maintain the additional information about the leaves and other supernodes.
Structured overlays
148
COMPUTER SCIENCE REVIEW
6 (2012) 145–160
nearest peer to an address stores the values for the associated keys, and the routing algorithm treats keys as addresses” [12]. Structured Overlay networks provide a limit on the number of messages needed to find any object in the overlay as compared to unstructured overlays. To retrieve files that are accessed infrequently, more structured overlay links are required. Hence, topology-aware overlays use different methods and metrics for determining the neighbor peers in the overlay.
2.2.
Content search in P2P networks
Searching is an important step in data access. P2P networks take advantage of the distributed resources at peer nodes to scatter and duplicate data contents among the peers. The characteristics of the data content, the meta-data are also distributed. The capability of Content search schemes is largely dependent on content indexing and management schemes and also on the underlying P2P network [13]. Based on content indexing, the P2P networks can be categorized as Central Indexing, Decentralized Indexing and Hybrid Indexing P2P systems.
2.2.1.
Centralized Indexing in P2P networks
Some P2P models use a central server to store peer information and respond to the request for information stored on the server. However, in contrast to the traditional client server model, this model uses server to store only the metadata information about the files. In this model, a server is approached first to obtain meta-information as given in Fig. 2, such as the identity of the peer and other stored information that may be used to verify security credentials. From then on, the P2P communication for resource sharing happens directly between serving peer and requesting peer. Examples of centralized P2P networks include Napster, BitTorrent, Groove, Aimster, Magi, Softwax, and iMesh.
2.2.2.
Distributed Indexing in P2P networks
P2P networks are said to be pure P2P networks if a central server is not used for managing the network [14]. A query is forwarded to neighborhood peers based on a peer routing table until the target object index is found. A peer searches for resources by flooding the query through its neighboring peers. The peer(s) with the appropriate resource responds to the query. Resource sharing happens in a direct connection established between the serving and requesting peer. Dynamic routing table mechanisms may be adopted to avoid network flooding. This model is represented using Fig. 3. Most popular pure P2P models are Gnutella, eDonkey, FastTrack, Freenet, OverNet etc.
2.2.3.
Hybrid Indexing in P2P networks
Hybrid P2P networks follow a hierarchical architecture in which certain peers known as Super peers or Super nodes are designated with the responsibility of providing service to the other peers in the network. A super node is a temporary index server for other peer nodes. Peer nodes with high computing power and fast network connection automatically become super nodes. In this type of network, peers are organized
Fig. 2 – Centralized indexing in P2P networks.
into multiple groups. In each group, there is a special peer called Super Peer to serve the regular peers within the same group. Resource search query first searches locally at the local peer and the super node that is connected to the local peer directly. If content object is not found in local indices, the query is propagated to other super nodes according to the routing table until it is found or a predefined Time-ToLive (TTL) threshold is reached. Super Peer networks strike a balance between the inherent efficiency of centralized search, and the autonomy, load balancing and robustness to attacks provided by distributed search. This model is represented in Fig. 4. Examples of hybrid P2P networks are KaZaa, JXTA etc.
2.3.
P2P Applications
P2P networks are currently being used for a variety of applications such as file sharing, digital library, video and voice calls and video streaming. File sharing is perhaps one of the most commonly used applications of P2P networks. Peers share files and allow other peers to download these files. This differs from traditional file downloading where centralized servers hold the resources that users access to download the required data. Such servers must be capable of storing and retaining enormous amounts of data and have also to bear the high cost of providing such a service. P2P networks are decentralized distributed systems that are highly scalable and enable peers to share and integrate their computing resources, data and services. Some of the popular P2P file sharing applications include Napster, Gnutella, KaZaa, BitTorrent, eDonkey, eMule, Limewire, FastTrack, Freenet, OverNet etc. Napster was one of the first widely used P2P music sharing application. To participate in the Napster network, new users needed to register with the Napster server and publish a list of files that they were willing to share. To search for a required file in the network, users could refer to the server and retrieve the list of providers. File transfer takes place between the peers without the need for intervention by the Napster server. In contrast to Napster, the Gnutella network is a decentralized P2P file sharing network used not only for
COMPUTER SCIENCE REVIEW
6 (2012) 145–160
149
Fig. 3 – Decentralized Indexing in P2P networks.
Fig. 4 – Super peer based P2P system architecture.
file storage but also for content lookup and query routing. In the Gnutella network, each peer node uses a Breadth-First search mechanism to search the network by broadcasting the query to all connected peer nodes. Each peer node receiving the query will check the local file storage, and respond to the query if at least one matched filed is found [15]. BitTorrent is currently one of the widely used applications designed to distribute large amounts of data. In order to share a file or a group of files, users need to create a small (dot) .torrent file that contains the address of the tracker machine that launches the file distribution. The .torrent file is published on well known web sites and other users can find and download the .torrent file of interest. In order to facilitate efficient file download, a file is broken into smaller fragments. The client, attempting to download the file, simultaneously connects to these peer nodes that are participating in file transfer and downloads different pieces of the file from different peer nodes [16]. Freenet is a decentralized P2P data storage system designed to provide electronic document exchange. In contrast to Gnutella, Freenet acts as a P2P storage system that enables users to share unused local storage space for popular file replication and caching. The stored information is encrypted
and replicated across the participating computers [17]. KaZaa uses a hybrid P2P network in which it uses a two-level hierarchy with supernodes and leaves. A supernode is a temporary index server for other peer nodes. Any requesting peer can retrieve the index of the file from supernode. The supernode communicates with other supernodes if it does not have the requested file. Then the file is transferred directly between the requester and provider. Digital Library applications have been developed for searching the relevant content on P2P networks. P2P-4-DL is one of the widely used Digital Library applications that are widely used [18]. A typical DL may store documents, images, sounds and video media. References to the documents like title, authors and keywords are then registered with the index peer, allowing for a Napster style search system. Skype is a popular and widely used voice-over P2P (VoP2P) application. Skype provides services like P2P voice and video calls, voice calls to PSTN endpoints, file transfer, instant messaging and video conferencing [19]. Like KaZaa, the Skype protocol is encrypted and the specifications of the protocol have not been released for public consumption. Skype uses a super peer model, and the super peers support Network Address Translation (NAT) traversal for connecting
150
COMPUTER SCIENCE REVIEW
peers behind NATs. Super peers also act as media relays. Experimental studies of Skype have shown a significantly higher node life time when compared to P2P file sharing systems. P2PTV is an application software which is used for the redistribution of video streams in real time on P2P network. The distributed video streams are typically TV channels from all over the world. Various models are used including torrentstyle distribution, application layer multicasting and hybrid CDNs (Content Delivery Network). The architecture of many P2PTV networks can be thought of as real-time versions of BitTorrent. If a user wishes to view a certain channel, the P2PTV software contacts a “tracker server” for that channel in order to obtain addresses of peers who distribute that channel. The user then contacts these peers to receive the feed. Some of the P2PTV applications include TVUPlayer, PPLive, QQLive, PPStream, Abroadcasting, Zattoo, Octoshape, LiveStation, Joost and Babelgum.
3.
Security attacks in P2P networks
P2P networks provide a powerful platform for the construction of a variety of decentralized services. P2P networks offer many advantages to users but it becomes a challenge to resist and protect against various attacks on security. The security attacks on P2P systems have been broadly categorized and discussed as attacks on P2P networks and attacks on peers.
3.1.
Network related attacks
Sharing of resources and services is the principle application of P2P networks. There are a number of challenges associated with maintaining this shared feature because of the highly unstable nature of P2P networks. This section covers a wide range of network related issues starting from storage and indexing, replication and searching to security and privacy. The membership of P2P system is relatively unpredictable, ad-hoc and dynamic. It is necessary to maintain the location of resources using indices for decentralized structured P2P systems. An index in a P2P network is a set of mappings from keys to values [20]. For a P2P file sharing network, the keys are file hashes and the values are locations at which the file corresponding to the file hash is present. Index poisoning consists of inserting bogus records in P2P indices making the system fail to locate an existing file [21]. Data placement is largely demand driven and must be done in a distributed manner. Data Placement Problem highlights the need to place data in strategic locations for easy and fast access [15]. Freenet is a P2P system which consists of a network of peers that host encrypted documents. Peers use keys to access the contents of the requested documents. Each node, in addition to forwarding the document towards its destination can maintain a local copy of the document. The locally cached documents will not be encrypted and can be subjected to security attacks like unauthorized modification. For most of the applications, users require certain guarantees on the reliability or availability of system services. For example, a distributed data storage application would
6 (2012) 145–160
want to guarantee that data stored by a user will always be available to the user with high probability and that it will persist in the network with a much higher probability. The dynamic nature of the systems may impose limitations on data consistency and availability. If the rate of change of data is high, then the maintenance of globally accessible indexes becomes unaffordable as the number of peers in the system grows dynamically. The situation is made even more difficult when adversaries are actively attempting to corrupt the content that the peers provide. Objects may be modified by malicious peers leading to Object Corruption. Object Identifier corruption, [22] exploits weakness in pervasive environment to generate multiple false identifiers for a single object. Decoy insertions consist of inserting a polluted version of a file with the same metadata of the original file but with a different identifier. A common integrity attack in P2P is related to pollution which may lead to file-targeted DoS attack in which malicious peer announces one or more copies of a corrupted version of the content [23]. Examples of such attacks include creating an infinite loop in an application process, making it unavailable by tying up essential services, and the use of Zip bombs. A Zip bomb is a file containing multiple nested compressed files that expand exponentially when unzipped. A zip bomb, also known as decompression bomb, is a malicious archive file designed to crash or render useless the program or system reading it. In another integrity attack, the false attack reply, the malicious peer intercepts a reply from a query and announces itself as having the resource; if selected, the peer sends a corrupted copy [23]. P2P overlay networks are constructed in order to route messages to destinations not specified by IP addresses. Each node maintains a set of links to other nodes (its neighbors or routing table). Communication with remote nodes is provided by sending messages hop-to-hop across this overlay network. Poisoning the routing table of the peers leads to a Bandwidth Flooding DDoS attack. The incorrect lookup routing attack is the attack by which malicious nodes forward lookups to incorrect or nonexistent nodes [19]. A slow peer is a peer that cannot keep up with the rate at which the routing software is generating update messages. There are many reasons like less bandwidth, heavy CPU load for a peer to be slow peer. When a slow peer is present in an update group, the number of formatted updates pending transmission builds up [24]. The frequency and magnitude of peer-to-peer (P2P) enabled Denial-of-Service (DoS) attacks are increasing. For example, DC++ is a P2P file sharing software which has created an attack emanating from hundreds of thousands of Internet protocol addresses (IPs), with many of the attacks producing more than a gigabit of junk data every second. The sheer number of Internet addresses has caused problems for routers and firewalls [25]. Peers join and leave the network dynamically in large numbers. Accelerated arrival and departure may lead to excessive churn. For example, Rhea et al. [26] make use of a FreePastry implementation to discover that most lookups fail to complete when there is excessive churn. They claimed that short-lived peers leave the overlay with lookups that have
COMPUTER SCIENCE REVIEW
not yet timed out. A few Plaxton-based [27] schemes would perform well under churn and it has been proven that peer departures and arrivals would affect a logarithmic number of peers. Peer Anonymity is an attractive feature of P2P systems. Each peer connects to a small number of known nodes. Only the direct neighbors of a node know its IP address. However, anonymity adds to the security vulnerabilities and also enables malicious users to shelter and disguise themselves [28].
6 (2012) 145–160
can launch an eclipse attack, control must be gained over a certain amount of nodes along strategic routing paths. If successful, the attacker can mediate most or all communication to and from the victim and can isolate the node which is attacked [34]. Further, in scenarios where a large number of peers refuse to collaborate, honest peers may be eclipsed by malicious ones and the effects can be very damaging.
4. 3.2.
151
P2P Trust Management
Peer related attacks
One of the common problems is non-cooperative peer or selfish peers who act as free-riders. Most of the current P2P systems assume equal participation and that all peers are willing to contribute their resources. Such selfish peers frequently access and use the available shared resources but are not so forthcoming with sharing their own resources [29]. The risks associated with P2P unsolicited messaging, the speed with which they spread and the extent of potential damages are staggering, and increasing exponentially. Spammers, who can only survive if their messages get to the maximum number of people at the lowest possible cost, have started to use P2P networks to send unsolicited messages or turn PCs into spam gateways [30]. A Sybil attack is one in which an attacker subverts the reputation system of a peer-to-peer network by creating a large number of pseudonymous entities, using them to gain a disproportionately large influence. Entities in peer-to-peer networks use multiple identities for purposes of redundancy, resource sharing, reliability and integrity. A faulty node or an adversary may present multiple identities to a peerto-peer network in order to appear to be functioning as distinct nodes. By becoming part of the peer-to-peer network, the adversary may then overhear communications or act maliciously [31]. Peers may misbehave in the network and may gain a bad reputation. But those peers may leave the system and join with new identities leading to a White Washing attack. Whitewashers leave the system and rejoin with new identities to avoid reputational penalties [32]. Some peers who acquire a good reputation may try to misuse it and this may lead to a Traitor attack. This technique is effective when increased reputation gives a peer additional privileges, thus allowing malicious peers to do extra damage to the system when they defect. An example of traitor attack are eBay merchants that participate in many small transactions in order to build up a high positive reputation, and then defraud one or more buyers on a high-priced item [33]. In many situations multiple malicious peers acting together can cause more damage than each acting independently. This is termed as a Collision attack. The malicious peers acting together would try to provide false testimony to honest peers. This is especially true in peer-to-peer reputation systems, where covert affiliations are untraceable and the opinions of unknown peers impacts one’s decisions [31]. In an Eclipse attack, a set of malicious peers coordinates to isolate one or more honest peers. Before an attacker
P2P systems are decentralized in nature and hence it is difficult to implement security protections as compared to centrally administered systems. The absence of a well defined defensible border means that it is hard to distinguish malicious peers from honest peers. Strategies for tackling the security challenges also have to be decentralized in nature. Trust can serve as the metric to decide the accessibility of peers to shared resources. Trust in P2P systems is a peer’s belief in another peer’s identity, reliability and capability based on its own experiences [35]. Trust Management entails collecting the information necessary to establish a trust relationship and dynamically monitoring and adjusting the existing trust relationship [36]. Trust Management is a successful approach for encouraging honest and cooperative behavior among peers. Trust management systems can be broadly classified into three categories, policy-based trust systems, social network-based trust systems and reputation-based trust systems. The categories are represented in Fig. 5. Various Trust Models based on these trust systems have been introduced to evaluate peer trustworthiness and reliability of the shared resource. In credential and policy-based trust management systems, peers use credential verification to establish a trust relationship with other peers [37]. The primary goal of such systems is to enable access control; their concept of trust management is limited to verifying credentials and restricting access to resource according to application-defined policies. Resource sharing is based on the trust established from the credentials of the peers. PolicyMaker [38] is a trust management system that facilitates the development of security features including privacy and authenticity for different kinds of network applications. It provides each peer with local control to specify its policies: using PolicyMaker a peer may grant another peer access to its service if the providing peer can determine that the requesting peer’s credentials satisfy the policies. Other Policy based Trust systems like SPKI/SDSI [39], KeyNote [40], DelegationLogic [41] use credential verification to establish trust relationships for access control. These systems are based on the notion of delegation, whereby one entity gives some of its authority to other entities. Social network based trust systems uses the social relationship between peers for computing trust and reputation values. These systems are community based systems which provide access to the resource based on the analysis of the social relationship that the peer possesses within its community. Marsh [42] is among the first to try to give a formal treatment of trust that could be used in computer science.
152
COMPUTER SCIENCE REVIEW
6 (2012) 145–160
Fig. 5 – Categorization of trust management systems.
Table 1 – Comparison of trust management systems. Trust management systems
Policy based trust systems
Reputation based trust systems
Trust establishment
Based on credential verification
Primary security features
Access control, privacy, authentication
Based on recommendation of other peers Identification of malicious peers using recommendation
Trust evaluation Weakness
Local peer Trust worthiness if checked only for the service providers and the provided services. Trust of service requesters not taken into consideration PolicyMaker, SPKI/SDSI, KeyNote, DelegationLogic
Local and global trust evaluation Malicious peers can provide false recommendation and can also collude with other peers to falsify the recommendation DMRep, EigenRep, P2PRep, XRep, NICE, PowerTrust, PeerTrust
Examples
His model is based on social properties of trust and presents an attempt to integrate all the aspects of trust taken from sociology and psychology. Several limitations exist in his simple trust model: too strong a sociological foundation makes the model rather complex and it cannot be easily implemented; the agents cannot collectively build a network of trust because the model puts emphasis on an agent’s own experiences. Regret [43] and NodeRanking [44] are some of the social network based trust systems. Regret establishes peer communities and peer members are considered trustworthy. NodeRanking provides trust score ranking based on the social network behavior of peers. Reputation is the measure of trust collected from other peers through direct or indirect knowledge of earlier transactions with them. These recommendations serve as the metric to decide on the accessibility that is to be provided on the resources being shared. A reputation system in a fully decentralized environment must possess the ability to collect and aggregate the opinions of the users on the quality of the resources and services received by other users [45]. RTMs have been explained in greater detail in the next section. The comparison of various Trust Management Systems is represented in Table 1.
Social network based trust systems Based on social relationships between peers Anomaly detection, malicious peer detection based on behavioral measures Local peer The agents cannot collectively build a network of trust because the trust establishment depends on every peers’ own experiences Marsh, Regret and NodeRanking
5. Reputation based Trust Management Systems Reputation management has come into wide use with the recent advent of widespread P2P computing. Reputation is a measure that is derived from direct or indirect knowledge on earlier interactions with peers and is used to assess the level of trust a peer places on another peer [46]. Most P2P applications happen between users who are virtual strangers to each other. It is very difficult to figure out the ‘trustworthiness’ of other users and the chances of getting cheated are very high. In such a scenario, reputation systems help in making an informed decision regarding the ‘trustworthiness’ of other users based on their reputation [47]. The trust evaluation can be done via two approaches. In the first approach, only the direct transaction partners of a peer can express their opinion on the reputation of the peer [48]. A practical example is the eBay reputation system. After each transaction at eBay, the buyer and the seller rate each other with a positive, negative and neutral feedback. The reputation is calculated at a central server by assigning 1 point for each positive feedback, 0 point for each
COMPUTER SCIENCE REVIEW
neutral feedback and −1 point for each negative feedback. The reputation of a participant is computed as the sum of its points over a certain period. In the second approach, the reputation of a peer is computed based on the opinion of its direct transaction partners as well as some third-party peers [49]. In this approach, a peer A that wishes to know the reputation of another peer B, can ask some peers (e.g., its neighbors) to provide their opinion on B. A then combines the opinion from the peers to calculate B’s reputation. Clearly, this model is more like our real social networks, where third-party peers besides transaction partners can express their opinion on a peer. But it takes more cost to collect and aggregate thirdparty opinion. In a fully distributed P2P system involving numerous peers, a peer often cannot assess another peer’s reputation effectively, but rather must rely on collective opinions from other peers. RTMSs typically perform the trust evaluation in four phases of Reputation Collection, Reputation Aggregation, Reputation Computation and Reputation Exchange.
5.1.
Reputation Collection
The most common ways of collecting the reputation values are by the Transitive trust method, Collecting trust values from the neighbors, the Clustering method and Trusted Third Party. • Collecting from Neighbors—the requester peer can use its neighbors in the overlay network to get reputation information using polling algorithms as in the P2Prep protocol. • Transitive Trust method—Any trustworthy peer would query the trustworthy peers that they have interacted with. In the transitive trust method, a peer tends to trust those peers who have a high reputation in the opinion of trustworthy peers. For better reputation values, the transitive trust technique can also combine negative and positive opinions expressed by peers to reach a global consent on trust for each peer of the network [31]. The reputation information is available as metadata in the downloaded files. A peer sends a query to its neighboring peers to obtain the reputation information from files download by those peers. The requesting peer can then analyze the reputation information to decide the trustworthiness of peers [32]. • Clustering Method—In clustering method the peers are named as servents and Super Peers. The opinion about all the servent peers is collected and maintained by the Super Peer. The servents can collect the reputation about other peers from the Super Peer before processing a resource request [45]. • Trusted Third Party—Trusted Third party (TTP) maintains the reputation about every peer. It has to update the reputation periodically by querying the peers. Any peer that is interested in knowing the reputation of a peer can retrieve it from the TTP.
5.2.
Reputation Aggregation
Reputation is hard to quantify because many dynamic factors are involved. This also introduces other challenges such as
6 (2012) 145–160
153
how to determine the accuracy of the collected opinions and how to aggregate the conflicting opinions to yield a global reputation. RTMSs use various predefined criteria for processing complex data to report reputation. A reputation system in a fully decentralized environment must possess the ability to collect and aggregate the opinions of the users on the quality of the resources and services received by other users [28]. Various techniques available for aggregating the recommendations received from other peers. • Keeping track of past recommendations and weight the feedback according to the credibility of the recommender peers. • Use of suspicious transactions to measure the credibility of recommender peers. • Use of trust and reputation values as credibility metrics for the recommender peers as in EigenTrust, Fuzzy Trust. • Use of different score managers to compute the trust value and using the majority vote to eliminate the false reports by malicious score managers. • Multivariate Outlier detection technique—this technique is used to detect liar peers as in FineGrainedTrust [50]. • Use of Beta distribution based on previous recommendations. • Enforcing policies—in eBay, the net effect on seller’s feedback score is based on the number of negatives, neutrals and positive received [51]; when the seller receives multiple feedbacks from the same buyer within the same week.
5.3.
Reputation Computation
After filtering the feedback and getting rid of dishonest reports, the data gathered from different recommender peers along with the local trust data available at the requester peer is used for reputation computation. Different approaches have been proposed to aggregate and synthesize the trust values received from the recommender peers for the generation of reputation value for a provider peer. • Deterministic approach—A peer’s reputation is based on simple summation or average of collected ratings. In BinaryTrust, reputation is computed based on the number of negative complaints. The reputation scheme used in eBay is based on the sum of the number of positive and negative ratings, in Amazon, the reputation is computed based on the average of all the ratings. • Probabilistic approach: ◦ Bayesian approach: The Bayesian approach uses a probabilistic approach which is based on Bayes formula. Bayesian systems take binary ratings as input, and compute reputation scores based on statistical update of beta probability density functions. Power Trust [52] uses Bayesian method to generate local trust scores. ◦ Maximum Likelihood Estimation (MLE): MLE [53] uses a probabilistic approach to compute the reputation value based on the probability of recommender peers to provide inaccurate information.
154
COMPUTER SCIENCE REVIEW
• Fuzzy Logic—Reputation can be represented as Fuzzy values which are imprecise and not accurately quantified. Different factors can be represented by fuzzy sets and membership functions are used. In FuzzyTrust, fuzzy inferences are used to produce local trust values and aggregate them to global reputation values. P2Prep uses fuzzy values for local trust. • Flow Models—Systems that compute trust or reputation based on transitive iteration or arbitrarily long chains as in EigenTrust and FineGrainedTrust.
5.4.
Reputation Exchange
In Reputation Exchange phase, the reputation information about a peer has to be exchanged with other peers in a secured manner. Many reputation systems are built on positive reputation only [54], where false accusations are not an issue since no negative information is kept. However, the incorrect disseminated information may result in a good reputation for misbehaving nodes. Some reputation systems add privileges to accumulated good reputation like auctioning [55] and Beta reputation system [56] and these systems use a centralized approach for exchanging the reputation information. For distributed systems, Jurca and Faltings [57] aim for an incentive-compatible mechanism by introducing payment for reputation. The peers pay to receive reputation ratings from so-called R-agents, which in turn pay peers providing the information. To encourage the exchange of reputation information, Pinocchio [58] rewards participants that advertise their experience to others and uses a probabilistic honesty metric to detect dishonest users and deprive them their rewards. However, this method does not provide protection against conspiracies or bad-mouthing.
6. Comparison of Reputation Management Systems Reputation system uses different techniques for evaluating trust based on the reputation information. A number of RTMS have been suggested for P2P networks and these include DMRep [59], EigenRep [60], XRep [61], P2PRep [62] and NICE [63]. The role of the recommender in the domain of the target being recommended plays a major role in trust evaluation [64].
6.1.
RTMS based on a centralized approach
The RTMS based on a centralized approach needs a central server to compute the trust score based on the local reputation values stored with every peer. The model proposed by Gupta et al. [65] uses a centralized approach for tracking a positive peer’s contribution to the system using a credit–debit mechanism. Each peer computes the reputation based on its activity with other peers and stores it locally and the Reputation Computation Agent (RCA) periodically collects reputation from peers. Eigen Trust [48] makes use of a transitive definition of trust where any peer will have high opinion about those
6 (2012) 145–160
peers that have provided authentic files to it. The global reputation of each peer is given by the local trust values assigned to the peer by other peers, weighted by the global reputation of the assigning peers. This trust algorithm requires the aggregation of local trust values for computing the global trust score which assumes that a central server knows all local reputation values. Kamvar and Schlosser [60] projected the idea of computing a global reputation value for a peer by calculating the left principal eigenvector of a matrix of normalized local reputation values for a P2P file sharing application. This approach has been applied to satisfy the distributed nature of P2P systems and uses polling mechanism for reputation collection. Distributed Hash Table (DHTs) are used to store the trust values. However, for new peers, a centralized authority is required to assign a position in the hash space. Adrian Alexa [66] proposed a RTMS using an Eigen Trust algorithm to identify the sources of inauthentic files and disseminate the information to other peers. This is done by assigning the peers global trust values based on the previous peer’s behavior. The global trust value computation is centralized but it can compute the global trust values in a distributed way, where every peer has to compute its own global trust value. This may lead to malicious peers lying about their global trust value. This system does not fully support peer anonymity. Shanshan Song et al. [67] have proposed a P2P reputation system based on fuzzy logic inferences, for better handling of uncertainty, fuzziness, and incomplete information in peer trust reports. It was tested with eBay transactions which have a centralized reputation system. Peers perform fuzzy inference on local parameters to generate the local scores. The system uses fuzzy inference to obtain the global reputation aggregation weights. The fuzzy trust aggregation reduces the message overhead when compared to Eigen trust because of the usage of fuzzy inferences.
6.2.
RTMS based on decentralized approach
With decentralization, each peer will act as an agent and be allowed to take responsibility for trust evaluation based on trust policies. A peer’s trust policy is individualistic and need not be communicated to other peers, so this could lead to ambiguity in trust evaluation. Each agent then makes decision for itself, on its own policies. The disadvantage of decentralization is that more responsibility and expertise is required from the agent for managing trust policies. However this responsibility can be assigned to their trusted authority if needed. Decentralization does not completely replace current centralized approaches, but it gives agents a choice of managing their own trust policies. Loubna Mekouar et al. [68] have put forward an effort to develop a new and simple reputation management scheme for partially decentralized peer-to-peer systems. The reputation scheme helps to build trust between peers based on their past experiences and the feedback from other peers. They also proposed two selection advisor algorithms for helping peers to select the right peer for download, by collecting the reputation from neighboring peers. In
COMPUTER SCIENCE REVIEW
this technique, the system overhead will be high and the anonymity of the peer may not be maintained. Li Xiong, and Ling Liu [59] have proposed a trust model that uses community based reputations which can be computed through feedback received from other peers in the community about a peer’s transaction history. Trust context can vary from community to community and from transaction to transaction. They have introduced two adaptive factors, transaction context factor and community context factor as metrics to allow the system to adapt to different domains. However, this model does not address collision attacks and sudden and malicious attacks. Also, this model requires prior building of the community before transactions can happen and hence will not provide full anonymity. Ernesto Damiani [62] addresses the problem of spreading malicious information due to peer anonymity. A self regulating system is proposed to implement a reputation mechanism. Reputation sharing is realized through a distributed polling algorithm by which the resource requestors can assess the reliability of the resource. XRep [33] is a protocol introduced by Damiani which combines the resource and servents’ reputation. This work was proven to be secure against various security attacks like pseudo spoofing, Id stealth and Shilling. However, it requires the reputation information to be exchanged among peers in a secure manner. Natalia Stakhanova et al. [69] have proposed a fully decentralized approach that allows computing peers’ reputation based on the traffic between peers. This model does not employ a centralized storage of reputation score but computes it on demand. This approach relies entirely on a peer’s reputation and depends on the persistence of Peer ID which affects anonymity. It provides a mechanism of assigning minimum average trust for new comers which is based on the assumption that new comers are good peers. Shalendra Chhabra et al. [70] have proposed a reputation management protocol for Super peer based P2P networks. This approach uses clustering technique for reputation collection which is an extension of P2Prep protocol. They also have proposed the use of repeaters among Super Peers to facilitate interaction between servents behind the firewalls and also studied the case of malicious peers, Super Peers and repeaters. This system raises the issue of exposure of polling to security violations. Vladislav Jumppanen [71] has introduced the concept of combining file reputation with peer reputation. Combining peer reputation with file reputation increases the efficiency of the reputation system and consequently increases the efficiency of a P2P network with a reduced number of malicious peers, malicious transactions and malicious files. This system allows the peers to store their own reputation and also collect from the neighbors to obtain the reputation values of other peers. Since file reputation is used, the system overhead will be high when compared to a system that uses only peer reputation. Also the issue of secure reputation exchange and other security measures has not been addressed. Kevin Walsh [72] introduced Credence, a decentralized object reputation and ranking system for large-scale peerto-peer file sharing systems. This system enables peers to
6 (2012) 145–160
155
determine object authenticity, the degree to which an object’s data matches with its advertised description. It computes the reputation scores based on the statistical measure of the reliability of past voting habits. The peers can learn relationships even in the absence of direct observations or interactions since it uses a trust computation mechanism based on the flow. This system provides incentives for peers to participate honestly in voting. Runfang Zhou and Kai Hwang [52] have designed a P2P reputation system that is based on the Power Trust system. The system selects few nodes to be power nodes and assumes those nodes to be trustworthy. Those nodes will help in collecting locally-generated peer feedbacks and aggregate them to yield the global reputation scores. This paper uses a structured trust overlay network (TON) to model the trust relationships among peers and a power-law distribution in user feedbacks. However, in a large P2P system with frequent peer joining and leaving, we cannot assume that there always exist some static and predetermined power nodes. Runfang Zhou and Kai Hwang [55] have extended their work on unstructured P2P systems and designed a novel mechanism of GossipTrust which resorts to gossip protocols to aggregate global reputation scores. Each peer repeatedly contacts others at random, and exchanges reputation data with them. The power nodes are dynamically chosen after every reputation aggregation. There is a tradeoff that exists between gossip error and convergence overhead. Debora Donato et al. [45] proposed a new approach to the design of fully decentralized reputation mechanisms that combine negative and positive opinions expressed by peers to reach a global consensus on trust and distrust values for each peer of the network. This system concentrates on quick retrieval of the trust ratings of the peers and for an update of ratings based on feedback information. This system is able to detect malicious peers with a high degree of malicious activity. However, there is the danger of assuming peers with low malicious activity to be honest peers. Ali Aydın et al. [73] have proposed a reputation system to identify malicious peers and to prevent the spread of malicious content. The protocol is based on the query– response architecture in which the user evaluates the outcome of its past transactions and shares this information with other peers when requested. The system relies on the judgment of the users and is effective only against attacks that the users perceive. This protocol does not distinguish between malicious and careless peers. Jianli Hu et al. [74] have introduced a secure and effective reputation based distributed P2P global trust management model (DSRM), and presented its corresponding distributed storage mechanism of reputation information, and security protection protocol. This work is based on the clustering technique to collect the reputation values. It uses a terrace based distributed reputation storage mechanism in which a uni-hash function is used to provide the advantage of anonymity. This system provides protection against various malicious behaviors and collusions, suppresses Sybil attacks and trust information tampering. RVVSV Prasad et al. [75] in their work have introduced a reputation management system based on the similarities between the peers. Credibility factor was assigned to the peers
156
COMPUTER SCIENCE REVIEW
6 (2012) 145–160
Table 2 – Comparison of reputation management systems. Reputation based trust management systems
Reputation collection
Reputation aggregation
Global trust model
Agent based mechanism
Statistical data analysis of former transactions
EigenRep
Polling mechanism
Fuzzy trust
Query–response with the peers that meet a threshold Distributed polling algorithm
Use of trust and reputation values as credibility metrics for the recommender peers Fuzzy logic inferences of local trust scores Use of combined reputations of servents and resources Servent selection based on its own past experiences
XRep P2Prep
Gossip based trust
Enhanced polling mechanism to selected servents Polling mechanism of super peers Local trust score collection from neighbors or community members Distributed ranking of power nodes and applies look ahead random walk strategy Gossip protocol
PeerTrust
Public key infrastructure
NICE
Signed cookies
SupP2Prep Object reputation system
PowerTrust
Vote aggregation based on credibility of a peer Statistical measure of reliability of the peer’s past voting habits Applies power law distribution on user’s feedback Normalization of local scores using gossip aggregation protocol Weighted sum of feedback factors Decentralized trust inference scheme
based on its similarity. The reputation computation is based on feedback similarity, common vendor similarity, interaction similarity and age of transactions. The trustworthiness of any peer is viewed as the expectation of cooperative behavior from that peer. It is a community based reputation system which requires the cooperation of the peers in the community to which they belong. William Conner et al. [76] have presented a reputationbased trust management framework that enables services to make customized trust level assessment of feedback from many entities. This also provides a way of applying different scoring functions to each entity over the same feedback data. The trust framework provides a way of storing the feedback on previous service interactions with clients. However, the trust framework development is based on many assumptions which include the absence of a Sybil attack and that secure communication exists between the services and the trust management service instances. It only considers the attacks characterized by negative feedback. Dewan and Dasgupta [77] have suggested a cryptographic protocol for ensuring secure and timely availability of the reputation data of a peer to other peers at extremely low costs. The past behavior of the peer is encapsulated in its digital reputation, and is subsequently used to predict its future actions. The cryptographic protocol is coupled with self-certification and cryptographic mechanisms for identity management and countering Sybil attack. The approach in this paper is based on relative ranking of the peers. There might be some systems that need absolute values, which the proposed approach does not support.
Reputation computation
Reputation storage
Binary trust evaluation based on normalization of complaints Eigenvector of a matrix of normalized local reputation values Fuzzy inference on local parameters Vote evaluation using binary value Ordered weighted averaging of votes
Decentralized P-Grid
Weighted average of positive votes Flow based voting mechanism
Every peer’s repositories Every peer’s repositories
Bayesian approach
DHT
Matrix–vector computation
Bloom filters
Normalized rate on each transaction Weighted sum of strongest disjoint paths on trust graph
Decentralized P-Grid Every peer’s repositories
DHT
DHT Every peer’s repositories Every peer’s repositories
The various Reputation based Trust Management Systems are compared based on its functionality and tabulated using Table 2.
6.3.
Security and Reputation Management Systems
Most P2P systems work on the assumption of honest cooperation of peers. But in an anonymous P2P networks, it is difficult to make the participating peers cooperate. They may be selfish and unwilling to upload data to others. More seriously, some peers may launch attacks to disrupt the service or distribute viruses in the overlay network. We call these uncooperative, abnormal or attacking behavior malicious actions and the associated peers as malicious peers. In Table 3 we present a comparison of protection provided by the various reputation systems against different types of security attacks. As seen from the table, many of the reputation systems are able to differentiate malicious peers from normal peers. The P2P reputation systems that use Distributed hashing mechanism are able to solve the problem of Data Placement. The reputation systems, which are distributed and use hashing mechanism for indexing is secure against Index Poisoning attack.
7. Open research issues in Reputation Systems Reputation systems provide a way for building trust through social control by using community based feedback about
COMPUTER SCIENCE REVIEW
157
6 (2012) 145–160
Table 3 – Comparison of protection provided by RTMs against various security attacks. ✓—Secure, ×—Vulnerable. Reputation based trust management systems Global trust model EigenRep Fuzzy trust XRep P2PRep SupP2Prep Object reputation PowerTrust Gossip based trust PeerTrust NICE
Sybil attack
× ✓ × ✓ × ✓ × × × × ×
Collision Index Data attack poisoning placement problem × ✓ ✓ × × × × × × × ×
× × ✓ ✓ ✓ × × × × × ×
✓ ✓ ✓ × × × ✓ ✓ ✓ ✓ ✓
past experiences of peers to help make recommendation and judgment on quality and reliability of the transactions. The challenge of building such a reputation based trust mechanism in a P2P system is to effectively cope up with various malicious behaviors of peers such as providing fake or misleading feedback about other peers, collusion attack etc. Most existing reliable reputation mechanisms require a central server for storing and distributing the reputation information. A number of RTMSs for distributed and decentralized environment have been discussed. But it still remains a challenge to build a decentralized P2P trust management system that is efficient, scalable, reliable, and secure in both trust computation and trust data storage and distribution. We present some issues that need to be addressed in greater detail in the design of RTMSs. • Malicious reputation information There is a challenge in preserving anonymity while maintaining the privacy about a peer. The problem of securing hosts on P2P network while keeping the openness of the system has been studied extensively over last couple of years but still remains an open research issue that has not yet been fully resolved. Existing solutions based on reputation management either employ centralized algorithms or rely on peers’ cooperation in the network. To decrease the number of downloads of inauthentic files in a peer-to-peer file-sharing network each peer can be assigned with a unique global reputation value, based on the peer’s history of uploads. However, this also gives rise to the difficult problem of preserving the integrity of file metadata and to prevent false modification from malicious peers. • Free riding Free riders are peers who just download files but do not share anything to other peers. They significantly destroy the philosophy of P2P file-sharing networks. Research has to be focused on the development of acceptable mechanisms for rewarding good peers as a motivation for peers to share their resources and also to deter free riders. • Right peer selection A reputation system should provide effective mechanisms for identifying good peers who share reliable resources. As the reputation scheme helps to build trust between peers based on their past experience and transactions, it should also be able to identify low performing peers that fail to provide
Identifier DoS corruption attack
× × × ✓ × ✓ × × × × ×
× × × ✓ × ✓ ✓ × × × ✓
White washing attack × × × × × × × × × × ×
Traitor attack
✓ × × × × × × × ✓ × ×
Free riding
× ✓ × × × × × × × ✓ ×
Malicious peer detection ✓ ✓ ✓ × ✓ ✓ ✓ ✓ ✓ ✓ ✓
proper services. Hence right peer selection is an important aspect of any reputation system that remains still an area for further research focus. • Combining peer reputation with resource reputation It has been seen that combining peer reputation with file reputation increases the effectiveness of the reputation system and reduces malicious peers, resources and transactions. However, present systems have high overhead for trust information exchange and computation. Hence, this is an area where research could be focused on improving the efficiency of trust aggregation and evaluation. • Decentralized reputation storage Presently much of the work done on reputation storage uses a centralized database for storing the reputation information. Super peers or agents are used to collect and share the reputation information with other peers. However, P2P systems are essentially dynamic in nature with peers joining and leaving at random intervals. So, it is not feasible to assume some static and predetermined peer agents for maintaining reputation information. While there has been some work carried out on decentralized storage of reputation information, there is still plenty of scope for research for secure storage and distribution of reputation information. As global reputation scores are aggregated from local feedbacks, the proper distribution of feedbacks play a significant role in the design of an efficient reputation system. • Reputation exchange The manner in which reputation exchange is carried out is a major aspect of any reputation system. Existing techniques like Eigen Trust and Power Trust mechanisms aggregates trust information from peers by having them perform a distributed calculation for global trust reputation. However, peer anonymity is not fully maintained. Protocol based reputation systems use secure protocols for reputation exchange. But these protocol based approaches depend on traditional security mechanisms which are not fully appropriate for decentralized P2P systems. Hence, there is a need for research focus on secure exchange of distributed reputation information. • Witness anonymity A peer’s reputation should be associated with an opaque identifier rather than with an externally associated identity such as a peer’s IP address. There is a need for research
158
COMPUTER SCIENCE REVIEW
focus on witness anonymity which combines the seemingly conflicting requirements of anonymity for honest peers who report on the misbehavior of other peers and accountability for malicious peers that attempt to misuse the anonymity feature to deprecate honest peers.
8.
Conclusion
In this survey, we have presented an overview of P2P networks and reviewed currently available Reputation Trust Management Systems for P2P. P2P networks are open to various forms of attacks, break-ins, espionage, and malicious mischief. Trust Management Systems provide a proven, efficient and feasible mechanism for identifying malicious peers and provide security against malicious attacks. RTMSs have been studied and discussed in detail with respect to mathematical representation of reputation collection, aggregation, storage and exchange of reputation information and trust evaluation. We have presented a comparison of protection provided by RTMSs against various security attacks. Open research issues that need to be addressed in the design of RTMS to make them more reliable and robust have been discussed. These issues, properly addressed can enable P2P networks to be secure, reliable and trustworthy so that the benefits of scalability, efficiency, and resilience to failures and dynamics can be fully realized. The review can also be considered as a source for future research directions in RTMS for P2P systems. REFERENCES
[1] Dan S. Wallach, A survey of peer-to-peer security issues, in: International Symposium on Software Security, Tokyo, Japan, November 2002. [2] Robin Jan Maly, E.T.H. Zurich (Switzerland), Comparison of centralized (client–server) and decentralized (peer-to-peer) networking, Semester Thesis, March 2003. [3] J. Buford, H. Yu, E.K. Lua, P2P Networking and Applications, Morgan Kaufmann, 2008, p. 415. [4] S. Zhao, D. Stutzbach, R. Rejaie, Characterizing files in the modern gnutella network: a measurement study, in: SPIC/ACM, Multimedia Computing and Networking, San Jose, CA, 2006. [5] R. Morselli, B. Bhattacharjee, A. Srinivasan, M. Marsh, Efficient lookup on unstructured topologies, in: Proceedings of the Twenty-Fourth Annual ACM Symposium on Principles of Distributed Computing, Las Vegas, NV, USA, July 17–20, PODC’05, ACM Press, New York, NY, pp. 77–86, 2005. [6] B. Yang, H. Garcia-Molina, Efficient search in peer-topeer networks, in: International Conference on Distributed Computing Systems, Vienna, Austria, 2002. [7] John F. Buford, Heather Yu, X. Shen, et al., Peer-to-peer networking and applications: synopsis and research directions, c Springer Science in: Handbook of Peer-to-Peer Networking, ⃝ +Business Media, LLC, 2010, http://dx.doi.org/10.1007/978-0387-09751-0 1. [8] Sameh El-Ansary, Seif Haridi, An overview of structured P2P overlay networks, Thesis, Royal Institute of Technology— IMIT/KTH, Sweden, July 19, 2004. [9] I. Stoica, R. Morris, D.H. Karger, “Chord: a scalable Peerto-Peer lookup service for Internet applications”, in: ACM SIGCOMM, San Diego, 2001.
6 (2012) 145–160
[10] A. Rowstron, P. Druschel, Pastry: scalable, distributed object location and routing for large-scale peer to peer systems, in: IFIP/ACM International Conference on Distributed Systems Platforms, Heidelberg, Germany, 2001. [11] Sylvia Ratnasamy, Paul Francis, Mark Handley, Richard Karp, Scott Shenker, A scalable content addressable network, in: SIGCOMM’01, August 2001, San Diego, California, USA. [12] J. Buford, H. Yu, E.K. Lua, P2P Networking and Applications, Morgan Kaufmann, 2008. [13] A. Crespo, H. Garcia-Molina, Routing indices for peer-topeer systems, in: International Conference on Distributed Computing Systems, Vienna, Austrian, 2002. [14] In-suk Kim, Yong-hyeog Kang, Young Ik Eom, An efficient contents discovery mechanism in pure P2P environments, in: M. Li, et al. (Eds.), GCC 2003, in: LNCS, vol. 3032, Springer, 2004, pp. 420–427. [15] Srinivas Raaghav Kashyap, Algorithms for data placement, reconfiguration and monitoring in storage networks, Doctor Dissertation, 2007, University of Maryland ACM. ISBN: 978-0549-45087-0. [16] Johan Pouwelse, The BitTorrent P2P file-sharing system, Detailed Measurement Study, Published Saturday 18th December 2004. [17] I. Clarke, O. Sandberg, B. Wiley, T.W. Hong, Freenet: a distributed anonymous information storage and retrieval system, Lecture Notes in Computer Science (2001). [18] James Walkerdine, Paul Rayson, P2P-4-DL: digital library over peer-to-peer, in: Proceedings of the Fourth International Conference on Peer-to-Peer Computing, P2P’04, 0-7695-2156c 2004. 8/04 $20.00 ⃝ [19] Anil Saroliya, Vishal Shrivastava, Security problems and their upshots in routing protocols of DHT based overlay networks, Journal of Theoretical and Applied Information Technology (2005). [20] Eleni Koutrouli, Aphrodite Tsalgatidou, Reputation-based trust systems for P2P applications: design issues and comparison framework, in: TrustBus, LNCS, vol. 408, pp. 152–161, 2006. [21] Xin Sun, Ruben Torres, Sanjay Rao, DDoS attacks by subverting membership management in P2P systems, in: 3rd IEEE Workshop on Secure Network Protocols, 2007, NPSEC 2007, p. 1–6. [22] Cristiano Costa, Jussara Almeida, Reputation systems for fighting pollution in peer-to-peer file sharing systems, 07695-2986-0/07. http://dx.doi.org/10.1109/P2P.2007.15. [23] Mudhakar Srivatsa, Ling Liu, Countering targeted file attacks using location guard, in: Proceedings of the 14th Conference on USENIX Security Symposium, 2005—SSYM’05, vol. 14. [24] Detecting and mitigating a BGP slow peer Cisco IOS and NXOS software configuration guide, Updated July 2010. [25] http://www.p2pconsortium.com/index.php/topic/5078problems-with-dc. [26] S. Rhea, et al. Handling churn in a DHT, in: Proc. 2nd Int’l. Wksp. Peer-to-Peer, IPTPS 2003, February 2003. [27] Eng Keong Lua, Jon Crowcroft, Marcelo Pias, A survey and comparison of peer-to-peer overlay network schemes, in: IEEE Communications—1553-877X 72 IEEE Communications Surveys & Tutorials, Second Quarter, 2005. [28] Sergio Marti, Hector Garcia-Molina, Identity crisis: anonymity vs. reputation in P2P systems, in: Proceedings of the Third International Conference on Peer-to-Peer Computing, P2P’03. 0-7695-2023-5/03. [29] Krisztina Lója, Paolo Giaccone, Nash equilibria in bandwidth allocation for non-cooperative peer-to-peer networks, Journal of Systems Architecture 54 (2008) 81–96. [30] Lin Wang, Attacks against peer-to-peer networks and countermeasures, in: TKK T-110.5290 Seminar on Network Security 2006-12-11/12.
COMPUTER SCIENCE REVIEW
[31] Eng Keong Jua, Jon Crowcroft, Marcelo Pias, University— A survey and comparison of peer-to-peer overlay network schemes, IEEE Communications Surveys & Tutorials 7 (2) (2005) 1553–1877. Second quarter. [32] Michal Feldman, Christos Papadimitriou, John Chuang, Ion Stoica, Free-riding and whitewashing in peer-to-peer systems, IEEE Journal on Selected Areas in Communications 24 (5) (2006) 1010–1019. [33] Sergio Marti, Hector Garcia-Molina, Taxonomy of trust: categorizing P2P reputation systems, Computer Networks 50 (2006) 472–484. [34] Marlom A. Konrath, Marinho P. Barcellos, Rodrigo B. Mansilha, Attacking a Swarm with a Band of Liars: evaluating the impact of attacks on BitTorrent, in: Seventh IEEE International Conference on Peer-to-Peer Computing, 0-76952986-0/07, 2007, IEEE. http://dx.doi.org/10.1109/P2P.2007.14. [35] Riidiger Schollmeier, A definition of peer-to-peer networking for the classification of peer-to-peer architectures and applications, 0-7695-1503-7102, 2002, IEEE. [36] Huaizhi Li, Mukesh Singhal, Trust management in distributed systems, IEEE Journal (2007). [37] Matt Blaze, Joan Feigenbaum, Jack Lacy, Decentralized trust management, in: Proceedings of the 1996 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, 1996, pp. 164–173. [38] Matt Blaze, Joan Feigenbaum, Martin Strauss, Compliancechecking in the PolicyMaker trust management system, in: Proceedings of Second International Conference on Financial Cryptography, FC’98, in: Lecture Notes in Computer Science, vol. 1465, Springer, 1998, pp. 254–274. [39] D. Clarke, J. Elien, C. Ellison, M. Fredette, A. Morcos, R.L. Rivest, Certificate chain discovery in SPKI/SDSI, Journal of Computer Security 9 (4) (2001) 285–322. Proc. of the IEEE Symposium on Security and Privacy, May 2002, pp. 114–130. [40] Ninghui Li, John C. Mitchell, William H. Winsborough, Design of a role based trust management framework, in: Proc. of LMW02, 2004. [41] Ninghui Li, Benjamin N. Grosof, Joan Feigenbaum, A practically implementable and tractable delegation logic, in: Proceedings of the IEEE Symposium on Security and Privacy, IEEE Computer Society Press, pp. 27–42, 2000. [42] S. Marsh, Formalising trust as a computational concept, Ph.D. Thesis, University of Stirling, 1994. [43] J. Sabater, C. Sierra, Reputation and social network analysis in multi-agent systems, in: First International Joint Conference on Autonomous Agents and Multi-Agent Systems, Bologna, Italy, 2002. [44] J. Pujol, R. Sanguesa, Extracting reputation in multi agent systems by means of social network topology, in: First International Joint Conference on Autonomous Agents and Multi-Agent Systems, Bologna, Italy. [45] Debora Donato, Stefano Leonardi, Mario Paniccia, Combining transitive trust and negative opinions for better reputation management in social networks, in: Procs of SNAKDD, Las Vegas, Nevada, 2008, p. 10. [46] Karl Aberer, Zoran Despotovic, Managing trust in a peer-2peer information system, 2001. ISBN: 1-58113-436-3. [47] B.S. Jyothi, D. Janakiram, Robust sybil detection strategy for P2P reputation systems built over structured overlays, 2006. [48] Sepandar D. Kamvar, Mario T. Schlosser, Hector GarciaMolina, EigenRep: reputation management in P2P networks, 2003. ISBN: 1-58113-680-3. [49] F. Cornelli, E. Damiani, S. Vimercati, S. Paraboschi, P. Samarati, Choosing reputable servents in a P2P network, in: Proc. ACM WWW’02, 2002, pp. 376–386. [50] Yanchao Zhang, Yuguang Fang, A fine-grained reputation system for reliable service selection in peer-to-peer networks, IEEE Transactions on Parallel and Distributed Systems 18 (8) (2007) 1134–1145.
6 (2012) 145–160
159
[51] Paul Resnick, Richard Zeckhauser, Trust among strangers in Internet transactions: empirical analysis of Ebay’s reputation system, in: Working Paper for the NBER Workshop on Empirical Studies of Electronic Commerce, 2001. [52] Runfang Zhou, Kai Hwang, PowerTrust: a robust and scalable reputation system for trusted peer-to-peer computing, IEEE Transactions on Parallel and Distributed Systems 18 (4) (2007) http://dx.doi.org/10.1109/TPDS.2007.1021. [53] Z. Despotovic, K. Aberer, P2P reputation management: probabilistic estimation vs. social networks, Computer Networks 50 (4) (2006) 485–500. [54] Sonja Buchegger, Jean-Yves Le Boudec, A robust reputation system for P2P and mobile ad-hoc networks, EPFL IC Technical Report IC/2003/50. [55] Runfang Zhou, Kai Hwang, Gossip-based reputation aggregation for unstructured peer-to-peer networks, in: IEEE International on Parallel and Distributed Processing Symposium, IPDPS-2007. 1-4244-0910-1/07. [56] Audun Josang, Roslan Ismail, The beta reputation system, in: Proceedings of the 15th Bled Electronic Commerce Conference, Bled, Slovenia, June 2002. [57] R. Jurca, B. Faltings, An incentive compatible reputation mechanism, in: Proceedings of the IEEE Conference on ECommerce, Newport Beach, CA, USA, June 24–27, 2003. [58] Alberto Fernandes, Evangelos Kotsovinos, Sven String, Boris Dragovic, Incentives for honest participation in distributed trust management, in: Proceedings of iTrust 2004, Oxford, UK, March 2004. [59] Li Xing, Ling Liu, A reputation-based trust model for peerto-peer ecommerce communities, in: 2003 IEEE International Conference on E-Commerce Technology, CEC’03, 2003, p. 275. [60] D. kamvar, Mario T. Schlosser, Eigen trust algorithm for reputation management in P2P networks, May 2003. ACM 1-58113-680-3/03/0005. [61] F. Cornelli, E. Damiani, S.C. Vimercati, S. Paraboschi, P. Samarati, A reputation-based approach for choosing reliable resources in peer-to peer networks, in: CCS’02, USA, 2002. [62] E. Damiani, S.D.C. di Vimercati, S. Paraboschi, P. Samarati, Managing and sharing servents’ reputations in P2P systems, IEEE Transactions on Knowledge and Data Engineering 15 (4) (2003) 840–854. [63] S. Lee, R. Sherwood, Cooperative peer groups in NICE, in: IEEE Infocom, San Francisco, USA, 2003. [64] Yan Wang, Vijay Varadharajan, Role-based recommendation and trust evaluation, in: 4th IEEE International Conference on Enterprise Computing, E-Commerce and E-Services, CEC-EEE 2007. [65] M. Gupta, P. Judge, M. Ammar, A reputation system for peer to peer networks, in: Proceedings of NOSSDAV, 2003. [66] Adrian Alexa, Reputation management in P2P networks: the eigentrust algorithm, Thesis, Supervised by Anja Theobald. [67] Shanshan Song, Kai Hwang, Runfang Zhou, Trusted P2P Transactions with Fuzzy Reputation Aggregation, Published by the IEEE Computer Society, 2005, 1089-7801/05. [68] Loubna Mekouar, Youssef Iraqi, Raouf Boutaba, A reputation management and selection advisor schemes for peer-to-peer systems. [69] Natalia Stakhanovism, Sergio Ferrari, Johnny Wong, Ying Cai, A reputation-based trust management in peer-to-peer network systems, 2004. [70] Shalendra Chhabra, Ernesto Damiani, Sabrina De Capitani di Vimercati, Stefano Paraboschi, Pierangela Samarati, SupP2PRep: a protocol for reputation management via polling in P2P networks with superpeers, 2008. [71] Vladislav Jumppanen, File reputation in decentralized P2P reputation management, HUT T-110.551, 2005.
160
COMPUTER SCIENCE REVIEW
[72] Kevin Walsh, Emin Gun Sirer, Experience with an object reputation system for peer-to-peer filesharing, in: USENIX Association NSDI ’06: 3rd Symposium on Networked Systems Design & Implementation. [73] Ali Aydın Selçuk, Ersin Uzun, Mark Re¸sat Pariente, A reputation-based trust management system for P2P networks, International Journal of Network Security 6 (3) (2008) 235–245. [74] Jianli Hu, Quanyuan Wu, Bin Zhou, Secure and distributed P2P reputation management, Journal of Communication 3 (7) (2008).
6 (2012) 145–160
[75] R.V.V.S.V. Prasad, Vegi Srinivas, V. Valli Kumari, K.V.S.V.N. Raju, An effective calculation of reputation in P2P networks, Journal of Networks 4 (5) (2009). [76] William Conner, Arun Iyengar, Thomas Mikalsen, Isabelle Rouvellou, Klara Nahrstedt, A trust management framework for service-oriented environments, WWW 2009, April 20–24, 2009, Madrid, Spain. ACM 978-1-60558-487-4/09/04. [77] Prashant Dewan, Partha Dasgupta, P2P reputation management using distributed identities and decentralized recommendation chains, IEEE Transactions on Knowledge and Data Engineering 22 (7) (2010).