In the Name of Allah
Trust in the Virtual World
By: Sadegh Dorri Nogoorani
http://ce.sharif.edu/~dorri
1390/8/2 – 2011/10/24
(ISC Monthly Seminar)
Who Knows on the Net...?
A notion of trust similar to
real world trust is
needed in the virtual
world…
Coordinating Agent
Interactions without
Strict Control
Mechanisms
Fig. by Peter Steiner (The New Yorker, 5 July 1993)
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
2
Outline

Concepts
Definitions and basic terminology

Trust and Reputation in Action
Applications
Attacks

Trust Engines
Probabilistic, logic, …

Trust in CROWDS
A detailed example
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
3
CONCEPTS
4
Trust (‫)اعتماد‬

Definition [CF10]
The expectation/belief that…
… trustee will perform actions designed to produce
positive results in the future for the trustor…
… in situations of consistent perceived risk.

Properties
Subjective, context dependent, asymmetric, transitive,
dynamic

Calculation
Structural: organizational, category-membership
Relational: history-based, using trust transitivity
Cognitive: dispositional, trustee attributes
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
5
Trust Scenario
Direct Trust (‫)اعتماد مستقیم‬
Functional
)‫(عملکردی‬
Trustor
)‫(اعتمادگر‬
Indirect Trust (Inference)
)‫اعتماد غیر مستقیم (استنتاج‬
Functional
Referential
)‫(ارجاعی‬
Trustee
)‫(معتمد‬
Functional
Recommenders (‫)توصیهگران‬
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
6
Reputation (‫وجهه‬/‫)شهرت‬

Definition (Concise Oxford Dictionary)
A widespread belief that someone or
something has a particular characteristic.
Common belief

Relationship with Trust
Trust is subjective and has more weight
“I trust you because of your good reputation”
“I trust you despite your bad reputation”
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
7
TRUST AND REPUTATION
IN ACTION
8
Aspects of a Trust System [HZN09]
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
9
Applications of Trust

Soft Security Mechanism against
Low quality services
Misrepresentation of services
Incorrect information
Fraud

Others
Recommender and filtering systems

Targets
Content, services, people
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
10
Attacks on a Trust-Based System

Self-Promotion
Falsely increase the trust on the attacker(s)

Whitewashing (‫)الپوشانی‬
Restoring the broken trust

Slandering (‫)الغر کردن‬
Falsely reduce the trust on other nodes

Other
Hybrid of the above attacks, DoS, …
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
11
Example: Reputation in a P2P
System
●
●
Nodes have no information about most others
●
Fake or virus infected content
●
Free riders
Challenges
●
Anonymity -> selfish users
●
Highly distributed
●
Unreliable network connections
●
Partial information (in unstructured topologies)
●
Untrustworthiness of storage peers
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
12
Example: Email Filtering
●
Blind delivery of messages
●
●
●
In Jan.of 2008, 75% of Internet email was spam.
Detecting spam after delivery wastes a lot of
resources and is error-prone.
KarmaNET [SXMW09]
●
●
Messages are routed through social paths
Trust is defined in three aspects:
–
–
–
●
Routing (against free-riders)
Forwarding (distinguish malicious nodes from careless
forwarders)
Initiation
Bad messages penalize all related peers, so they
(automatically) tune their behavior
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
13
Example: Social Routing
●
Blind routing
●
●
Has inherent security problems such as DDoS
and Spam
●
No separation between routing addr. & identity
●
Lack of msg. receiver control
●
Solutions are not scalable and/or inefficient
DSL [BYHW09]
●
Messages are routed through social paths
between sender and receiver, and based on the
keywords describing the intention of the
message.
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
14
Example: Security and Privacy with
Trust

Probabilistic Security
Security is not definite in many cases
Hard-to-break security: birthday attack
Trust can be used to tune the desired security

Access control
User levels are determined using trust metrics
(Advogato, StackExchange)
Hybrid security policy: super computer example

Privacy in Anonymity Networks
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
15
Other Applications
●
News syndication
●
●
●
Using trust in order to resolve contradictions
in information
Discard the statements from the least trusted
sources
Recommender systems
●
●
To use trust in place of similarity
Users are significantly more similar to their
trusted peers than to the population as a
whole
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
16
TRUST ENGINES
17
Simple Summation or Average of
Ratings
●
More advanced: weighted average
●
Trustworthiness/reputation
●
Age of the rating
●
Distance between rating and current
score
r w


w
i
i
i
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
18
Probabilistic Engines

Trust: Expected Probability of Success
tr ,te
t
p
R  {x, x}
tr ,te
tr ,te
tr ,te
 Pr(Ot  x | Ot1 ,, Otn )


tr ,te
t
 E[ p
tr ,te
t
]
Bayesian Approach [JI02]
Use the Bayes rule to update p

HMM Approach [ElS10]
r 1

rs2
Use a Hidden Markov Model to calculate p
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
19
Trust Inference
●
Trust in an unknown peer can be
inferred according to paths in social
networks
●
Strongest path
●
Weighted paths
●
BFS-like (TidalTrust)
●
Probabilistic and Bayesian methods
●
Subjective logic operators
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
20
Subjective Logic [JHP06]
BA  (b, d , u, a)
1390/8/2 - 2011/10/24
CA:B  BA  CB
CAB  BA  CB
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
21
Other Engines

Fuzzy Inference Engines
Direct trust: multi-criteria decision making
Trust inference: fuzzy aggregation operators

Game Theoretic Approaches
Try to defend strategic attacks

Many Proposals:  or  ?
Evaluation: human-based vs. utility-based
Must be related to human notion of trust
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
22
Trust in CROWDS
A DETAILED EXAMPLE
23
The CROWDS Protocol [RR98]

Provides Anonymous Web Transactions
A user is either completely honest or dishonest
The originator passes the message to a randomly
selected path of users to reach destination (the reverse
for reply).

Probability of Forwarding
1-pf: forward to the end server
pf: forward to a random user

Privacy (Anonymity) Level: Probable Innocence
… the sender appears no more likely to be the
originator than to not be.
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
24
CROWDS + Trust

Extended Protocol [SEH10]
The users may switch between honest and
dishonest.
Trust (reputation) info + forwarding policy
 ti (in [0,1]): The Reputation of a User
Robustness of user i to becoming corrupt
(probability)

{q1,…,qn}: The Forwarding Policy
Common to all users
qi: The probability of forwarding to user i
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
25
Anonymity in CROWDS + Trust

Guaranteeing Probable Innocence
Idea: adjust the forwarding policy according to
reputation values
Solve the following system of linear inequalities
to find the desired forwarding policy(ies):
1
2
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
26
Anonymity in CROWDS + Trust (cont.)

Example with Three Principles
The equations yield two solutions:
A possible choice:
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
27
Comparing with the Original CROWDS

Forwarding Policy of the original protocol:
Does not satisfy the innocence inequalities

Consequence:
If the users are partially honest, the CROWDS
may not provide probable innocence.
Trust information can be used to provide the
required anonymity.
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
28
Conclusions
●
Trust in the VW
●
●
●
●
Trust as a Soft Security Mechanism
●
●
●
●
Translating social concepts to computational
methods
Many applications
Sound mathematical basis
Access control
Probabilistic security
…
A Long Way in Front!
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
29
THANKS!
More Info. on My Homepage:
http://ce.sharif.edu/~dorri
30
References
[BYHW09] L. Banks, S. Ye, Y. Huang, and S. F. Wu, “Davis social links: integrating
social networks with internet routing,” in Proceedings of the 2007 Workshop on
Large Scale Attack Defense (LSAD’07), New York, NY, USA, 2007, pp. 121–128.
[CF10] C. Castelfranchi and R. Falcone, Trust theory: a socio-cognitive and
computational model. Chichester, West Sussex, England: Wiley, 2010.
[ElS10] E. ElSalamouny, “HMM-based trust model,” Revised Selected Papers of the 6th
International Workshop on Formal Aspects in Security and Trust (FAST), Eindhoven,
The Netherlands, Nov. 2009, vol. 5983, pp. 21-35, 2010.
[Gol06] J. Golbeck, “Trust on the World Wide Web: A Survey”, Foundation and Trends
in Web Science, vol. 1, no. 2, pp. 131–197, 2006.
[HZN09] K. Hoffman, D. Zage, and C. Nita-Rotaru, “A survey of attack and defense
techniques for reputation systems,” ACM Computing Surveys, vol. 42, no. 1, pp. 131, Dec. 2009.
[JHP06] A. Jøsang, R. Hayward, and S. Pope, “Trust network analysis with subjective
logic,” in Proceedings of the 29th Australasian Computer Science Conference Volume 48, Hobart, Australia, 2006, pp. 85-94.
[JI02] A. Jøsang and R. Ismail, “The Beta Reputation System,” in Proceedings of the
15th Bled Conference on Electronic Commerce, Bled, Slovenia, 2002.
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
31
References (cont’d)
[SEH10] V. Sassone, E. ElSalamouny, and S. Hamadou, “Trust in Crowds:
Probabilistic Behaviour in Anonymity Protocols,” in Trustworthly Global
Computing, vol. 6084, M. Wirsing, M. Hofmann, and A. Rauschmayer, Eds.
Berlin, Heidelberg: Springer Berlin Heidelberg, 2010, pp. 88-102.
[SXMW09] M. Spear, Xiaoming Lu, N. Matloff, and S. F. Wu, “KarmaNET:
Leveraging trusted social paths to create judicious forwarders,” in
Proceedings of the 1st International Conference on Future Information
Networks (ICFIN), Beinjin, China, 2009, pp. 218-223.
[RR98] M. K. Reiter and A. D. Rubin, “Crowds: anonymity for Web transactions,”
ACM Transactions on Information Systems Security, vol. 1, no. 1, pp. 66–92,
Nov. 1998.
1390/8/2 - 2011/10/24
Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
32