Comparison of Trust Model in Peer to Peer System

Transcription

1 Comparison of Trust Model in Peer to Peer System Hai Ren Helsinki University of Technology Abstract In a peer-to-peer system, one of the most important issues should be paid attention on is trust managing. Since such system always encounters some unknown agents. At present, the existing models for trust management, that are based on reputation. They do not either rely on a central database or require to maintain global knowledge at each agent to provide data on earlier interactions. In this paper we present some main trust models based on reputation. Through comparing with several different existing trust models in P2P systems, you will understand what they are, what characters they have. We expect that, the trust models which we presented could be considered carefully, if you plan to implement a certain P2P reputation system. KEYWORDS: trust model, reputation, peer-to-peer systems, securitys 1 Introduction With the increasing availability of high bandwidth Internet connections and low price of computers, peer-to-peer (P2P) networks have become very popular in resource sharing and exchange. There are no fixed clients and servers. Any node could be a client or a server. The architecture of P2P lively differs with the client-server model where the communication is via operation of the central server. For example, the FTP (File Transfer Protocol)system is a typical example of non peer-to-peer file transfer [3], there are fixed a server and aclient. The FTP server, running FTP server software, listens on the network for connection requests from other computers. The client computer, running FTP client software, initiates a connection to the server. Once connected, the client can do a number of file manipulation operations such as uploading files to the server, download files from the server and so on. The purposes of P2P are sharing files containing digital formats, communications and other applications [8]. Anyone can provides content and services to other users on the scalable mechanism provided by such system; anyone also can search and request resources from this kind of system. But, at the same time, since the open attribute of this system, which opens a door to the malicious users who wish to poison the system with corrupted data or harmful services for personal or commercial gain [6]. So that, it is required for user to be ware about the quality or validity of the resources of services the purchase through the system. How to distinguish the validity of a resource and how to verify the authenticity of the content of a file or document are both problems, that should to be faced. The simplest case to solve these problems is using a digest, which may be available for the file from a trusted authority who owns the file in fact. Calculating a hash and comparing it to the digest validity of this file. However, locating the resource s authority is rather difficult. In order to solve this problem, reputation system is stimulated in this background [2]. This kind of system is used for detecting misbehavior and circumvent malicious nodes, it can be used for collecting information on the trustworthiness of resource providers, provide some help for the peer to locate good provider. In this paper, we would try to find out the existing trust models used in Peer-to Peer reputation system, show their own attributes of every one. For differet situtations, different trust models could be adopted, get a general idea of the model s mechanism. Then, make a comparision among the exiting alogrithms in trust models. Lastly, make a short conclusion of trust models in P2P reputation system. 2 Some issues about P2P System There are three main parts in this section. The first one, list some existing applications of P2P System, what services does a P2P System provide; the second one, an introduction of some thing about the advantages of peer-to-peer, why it is becoming much more popular; the last one, what kinds of attacks could be found in peer-to-peer networks, and the attributes of these attacks. 2.1 Applications of P2P System Current applications of P2P can be divided into three categories: 1. File Sharing: Such as Napster, Gnutella, FreeNet, KaZaA and others that make it possible for Internet users to share their photos, video, files and other kinds of digital information [7]. 2. Distributed Processing: In a P2P system, the distributed processing share the computing power of their nodes. For instance, SETI@Home is a such application [7] ( SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence), and some other online auction sites also adopt P2P communities to build on top of a client server computing architecture.

2 3. Instant Messaging: Such as MSN Messageer, Yahoo [7], and AOL Instant Messenger allow the peers to send instant messages immediately with out a fixed central server. 2.2 Advantages of P2P system The main features of peer-to-peer system are that: all of the clients provide not only their own data, but also their storage space and computing power. So, when one node joins in a P2P system, the total ability of the system will be increased as well. Since there is no fixed server in the system, adding more clients could improve the speed of data transmission for all users. 2.3 Attacks in P2P system Because there is no centralized node acting as an authority, the behaviors of another node could not be monitored and controled. Some bug or malicious services could be motivated by the attackers, and the attackers can get away without any attention after doing some ugly things. There are three main types of attacks as follow: Poisoning attacks: the content provided in the files is different from the description. Insertion of viruses to carried data: the viruses are hidden in the carring data, downloading or carried files maybe infected with the viruses [3]. Identity attacks: track the users of the network, harassing or legally attack the users [4]. 3 Existing Trust Models in Peer to Peer System Before examining some main existing Trust Models in Peerto-Peer reputation System, let s focus on four issues firstly, which are vital to address in any P2P system [10]. These characteristics are that a peer-to-peer shoulld possess. Since, all of them directly affect the quality of reputation mechanism in a P2P system. 1. Self-policing: it means that, the shared moral of the user population are defined and enforced by itself, but not by other central authority. The system can dominate itself. 2. Anonymity maintaining: In order to main the anonymity, the peer s reputation should be associated with an opacity identifier, but not with an seemingly associated identity (for example, a peer s IP address). 3. Do not assign any profit to newcomers: that is the consistent good behavior can get the reputation via several transactions [10], this does not mean the advantageous for malicious peers with poor reputations to continuously change their opacity identifiers to get freshmen status. 4. To the system, it should have minimal overhead in terms of infrastructure and message complexity. For the malicious collectives of peers who know one another and attempt to collectively disturb the system, the system should also be very energetic to them. 3.1 Global Trust Model This model is based on binary trust. In other words, an agent could be either trustworthy or not. The transactions are performed by the agents, and each of them t(p,q) [11] can be performed correctly or not. If there is one agent p cheating within a transaction, the agent will become from the global perspective untrustworthy. For distributing the information about transactions agent, these information is forwarded by agents to other agents. In this model, it is assumed that the trust exists and malicious behavior are just exceptions. If there is a malicious behavior of q, an agent is able to file a complaint c(p,q). Firstly, let s consider a simple situation. If there are two agents p and q, they interact with each other very well. After for a while, another agentr, which wants to get the trustworthiness of p and q. As p, it is cheating, but q is honest. After their interaction, the complaint about p will be filed by q, that is pretty fair. On the other side, p will also do the similar thing as q does, so that to hide its misbehavior. To an outside observer r, it can not distinguish whether p is honest or q is honest, it is very hard for r to tell the truth. There is another new trouble for P continues to cheat. p is a cheater which can be distinguished in the following way. Assume that, p is cheating in another interaction with s. Then, agent r will detect that p complaints about q and s. In contract, both q and s all complaint about p. So we can get a conclusion, p is the cheater. Generalizing the above idea by the below equation: T(p) = { c(p,q) q P } {c(q,p) q P } [11] (1) The higher values of T(p), the trustworthy of p is lower. The above simple situation is directly forward for an agent. The agent can collect all information about its own interactions with other agents. But for some other specific agents, it is very hard to collect all of the complaints. Then, from the data management can solve the problem. The details of decentralized data management could be found from reference [11]. 3.2 NICE Model In order to determine good peers in P2P system, and establish steady cooperation with other peers, NICE model is inspired in this background. This model is used to guard against malicious peers. Each peer at the ends of an interaction, creating a cookie with feedback about the other peer assign it. The signed cookies are exchange among them. If the transaction is successful, the value of the cookie is positive, otherwise, the value is negative. NICE model differs other models lively. For other models, it is required for them to be in change of the requestor is trusted. For NICE model, if one peer wants to request a certain data or other things. The peer can just show the provider with a cookie signed by

3 C 0.6 D A 0.9 B E Figure 1: Directed Graph in NICE [8] the provider itself. The validity of the cookies provided will be justify by the provider. If the cookie is right, then, it is regarded as a evidence of the requestor peer s trustworthiness. Howerver, if the requesting peer does not have a direct cookie, what it is going to do next? It will check a path of trust between itself and the provider peer, and shows this path to the provider. Figure1 shows a directed graph with trust paths between peers A and B, which can be presented by B to A in support of B s trustworthiness [8]. Positive cookies will be exchanged by interacting peers, negative cookies are retained by the peer that creates it. To guarantee the negative cookies are untampered and available to other peers in the system. To avoid any other attacks perpetrated by colluding peers, the peers will create robust cooperative groups with other good peers. In this way, every peer has a preference list of good peers, and maintaining it based on the past interaction history. 3.3 EIGENTRUST EigenTrust model is designed for the reputation management of P2P system. The global reputation of each peer i is marked by the local trust values assigned to peer i by other peers, and it is weighted by the gobal reputation of the assigned peers [10]. For normalizing local trust value Cij[10], the definition is as follow:sij is meant for each peer enable to store the number satisfactory transactions it has had with peer j, and it is also meant for the number of unsatisfactory transactions it has had with peer. (2) C ij = max(s ij, 0) max(s ij, 0) j However, there are some shorting comings in this normalizing. For instance, the normalized trust values can not distinguish between a peer with whom peer i [10] did not interact and a peer with whom peer i has bad experience. Aggregating local trust Values, after normalizing local trust value, it is required to aggregate the normalized local trust valus. In a distributed environment, one common way to do this is as follow: for the peer i will ask its acquaintances about their opinions about other peers. There is a notable probabilistic interpretation of this method. Suppose that, one agent is looking for reputable peers, it can roam in the network following this rule: it crawls to peer j with probability Cij After a roaming for a while, the agent is more possible to be at reputation peers than unreputable peers [5]. 3.4 Trust in Large-Scale Peer-to-Peer Systems For large-scale P2P systems, one major challenge is how to build up trust between different peers without the benefit trusted third parties or authorities. In general, the peers do not have any pre-existing relationship. Even if there are some authorities are available, such as an authentication server or certification authority, it can guarantee these authorities enable lookup transactions, and then declare the trustworthiness of different peers. Generally, this trust model aims to a distributed reputation mechanism for P2P system, e.g., multiagent systems, the binary ratings cannot accurately model a peer s experience of the quality of service (QoS) with other peers in this system. In P2P systems, the peers interact with each other by forming ratings. In order to evaluate the trustworthiness of a given party, especially prior to any frequent direct interactions, the peers would depend on cooperation the knowledge of other peers - termed witness, these peers interacted with the same party via the reputation mechanisms. In this model, each peer has its own a set of acquaintances, a subset of which are identified as its neighbors [4]. The neighbors are such peers that the given peer would contact and the peers that it would refer others to. A peer maintains a model of each acquaintance. The acquaintance s reliability and credibility are included in this model. Reliability is used for providing high-quality services, credibility is used for providing trustworthy ratings to other peers. Ratings Generation, In the binary ratings, a peer rates the services from another peer as one of two values, commonly interpreted as either one (e.g., positive or satisfactory) or zero (e.g., negative, unsatisfactory). Binary ratings work pretty well for file sharing systems where a file is either the definitive correct version or is wrong, but cannot accurately model richer services in other settings such as web services and electronic commerce, where a boolean may not adequately represent a peer s experience of the quality of service (QoS) with other peers [4], e.g., the quality of products the peer sends and the expected delivery time. Ratings Discovery: the polling algorithms for rating discovery in Large-Scale Peer-to-Peer Systems are based on Gnutella protocols, in which the requesting peer broadcasts the message to all other peers within the horizon of a given TTL (Time to Live)[4]. Polling processes waste much bandwidth and processing power since each peer queries all of its neighbors. Ratings Aggregation: although some of the existing approaches consider the credibilities of voters (or witnesses) in the enhanced polling protocol, they don t consider how to effectively aggregate the noisy ratings in presence of dishonest or unreliable voters. Aggregate rating is used for telling whether the peer is trustworth, but this can not be propagated to other peers.

4 3.5 A reputation-based trust Model for Peerto-Peer ecommerce Communities This trust model is designed based on the Peer-to-Peer (P2P) electronic commerce. The kind of electronic commerce communities can be seen as truly distributed computing application, and the peers in this application communicates directly with one another to exchange information, distribute tasks, or execute transactions. There are two computing architectures choices for such communications, one is on top of a P2P network, the other one is on a conventional clientserver platform. In ecommerce, the P2P communications are always established dynamically with other peers. However, these peers are unrelated and unknown to each other. To the peers, how to manage the risk in such communications without prior experience and knowledge about each other s reputation [9]. One solution to this uncertainly is to develop strategies for establishing community-based trust through reputation [3]. The importance in communications is that, trust can provide buyers with high satisfying exchange relationships. This peer-to-peer trust model is for quantifying and assessing the trustworthiness of peers in P2P ecommerce communities. The goal of this model is to establish a general trust metrics which can provide an effective measure for capturing the trustworthiness of peers, address the fake or misleading feedbacks [1]. The metrics [3] can also adapt to different communities and situations. This model has the unique five import factors for evaluating the trustworthiness of a peer in an evolving P2P ecommerce community: The feedback in terms of amount of satisfaction a peer obtains from other peers through transactions. The feedback scope, such as the total number of transactions that a peer performs with other peers in the community, The credibility factor for the feedback source. The transaction context factor for discriminating missioncritical transactions from less or non-critical ones, and Items Global Trust Model NICE Model EIGENTRUST Model Trust in large-scale A reputation-based trust Base binary trust Cookie Trust value A set of acquintances quantify and access the trustworth Table 1: Comparsion of Base in some trust models Items Global Trust Model NICE Model EIGENTRUST Model Trust in large-scale A reputation-based trust Scope As a part of any model guard agaist malicious peers Reputation is assigned by each other large-scale ecommernce Table 2: Comparsion of Scope in some trust models peers according to their trustworthiness [10] [3]. The core of the protocol is that, a special normalization process where the trust ratings held by a peer are normalized to have their sum equal to 1. Its shortcoming is that this normalization could occurs the loss of important trust information. Another proposal with a similar scope is the protocol of Damiani et al. [3]. This protocol is used for assessing the trustability of a file to be downloaded by "voting" of the peers. There is no distinction between the votes from trustworthy in this algorithm, and there is no authentication of thc vote messages. Also, no quantitative trust metric is specified for choosing among altemativc versions. Table1, 2 below show two comparision of five trust models mentioned above, from base and scope sides. Except for the above comparision, there are some disadvantages of them should be paid much attention. It is very hard to ditingish normalized trust values in EIGNTRUST Model. The trust model in large-scale, much more work is needed for computing trust values. In the reputation-based trust model, only partly deception can be prevented. The community context factor for addressing communityrelated characteristics and vulnerabilities. 4 Comparison of the Trust algorithms There are some algorithms which have been proposed for reputation-based trust management in P2P systems. In this section, let s to examine the differences among them. As one of the earliest works in this area, the algorithm designed by Aberer and Despotovic is to identify dishonest peers by a complaint-based system. The disadvantage of this algorithm is that, it can not provide any means for a trustworthy peer to the distinguished a new peer, only the negative feedbacks is maintained. Its trust evaluation is very simple, distinguish every peer either as trustworthy or or untrustworthy. EigenTrust scheme is proposed by Kamvaret al., which can be used for evaluating the trust information provided by 5 Discussion P2P systems have been adopted to distribute the responsibilities traditionally held by centralized servers across the network, delegating them to the clients. But, as P2P systems decompose resources into the network, they also disperse security weaknesses.the issue of secure score management in P2P networks is an important problem, with implications for reputation management, incentive systems, and P2P micropayment schemes, among others. It is important to note that the core EigenTrust algorithm may be used with many different secure score management schemes. There are some possible attacks of reputation mechanisms. These attacks aim at utilizing the weakness of reputationbased approaches, such as rumor, deception and pseudonyms [4]. Rumors There is no discussion about the problem of ru-

5 mors in other reputation-based approaches. Rumor is not same to the deception. If the witness returns the ratings not from its direct interaction, then romors occurs. The ratings aggregating can be used in the P2P systems and maybe by some malicious peers, e.g., attacking the reputation of normal peers. Deception If one witness returns multiple ratings or wrong ratings toward a peer, then deception happens. The trouble of multiple ratings is very simple. Suppose that, the malicious peer encrypt the message with the same key K. To the requesting peer, which just simply discards all the messages encrypted with key K. Sometimes the malicious peer may filch the keys of others. Pseudonyms It is not so hard to hide themself (the peers) and re-enter under a completely different identity with zero or very low cost. The general case of pseudonyms is that, peers can establish a reputation, use it by cheating or attacking others, and then access the system aganin with its new identity. For EigenTrust, the security issues are that: Firstly, the peer s current trust value must not be calculated by and reside at the peer itself. If it likes that, the peer can easily to be manipulated. Thus, we adopt a different peer in the network compute the trust value of a peer. Secondly, it will be in the interest of malicious peers to return wrong results when they are supposed to compute any peer s trust value. So, if in order to compute the trust value of one peer in the network, you will have to get more than one other peers. For Trust in Large-Scale Peer-to-Peer Systems, the security issues are that:. For Rumors: it is very dangerous to double counting of evidence in a distributed system, sicne it can cause to rumors: peers holding opinions about others, just because they heard them from someone. For Deception: It focuses on the deception from a colluding group, the ratings in deception are from a cluster of malicious peers, however, they are not from a clique of IP addresses. This approach can partially prevents this kind of attack with tracking the weights of different witnesses in the colluding group. If there is one witness found cheating, testimonies from the deceptive witness will have a reduced, which effects on the aggregated ratings in the future. 6 Conclusions Enable peers to develop trust and among themselves is important in a peer-to-peer system where resources (such as files) of different quality are offered. It will become increasingly important in systems for peer-to-peer computation, where trust mechanisms can provide a way for protection of unreliable, infected or ugly peers. We presented some main repuation-based trust models in P2P system. Although, there is not enough details about the algorithm in each models, we still can get the general idea about them, how they operate in some certain situtation. Thougth the compaison among the existing trust protocols (trust algorithms), we get the differneces of them, what specific goals of their design and their characters. Security of the trust model in peer-to-peer system is another issue we focus on, we tried to list the common attack means and two security issues in EigenTrust and Trust in Large-Scale Peerto-Peer Systems. Each of them has its own consideration of the seucrity. References [1] Li Xiong and Ling Liu. A Reputation-Based Trust Model for Peer-to-Peer ecommerce Communities. Proceedings of the IEEE International Conference on E-Commerce. [2] Yao Wang and Julita Vassileva. Trust and Reputation Model in Peer-to-Peer Networks. IEEE Proceedings of the Third International Conference on Peer-to-Peer Computing (P2Paŕ03),2003. [3] Ali Aydin Selpk, Ersin Uzun and Mark Regat Pariente. A Reputation-Based Trust Management System for P2P Networks. In IEEE International Symposium on Cluster Computing and the Grid, [4] Bin Yu, Munindar P. Singh and Katia Sycara. Developing Trust in Large-Scale Peer-to-Peer Systems. IEEE [5] Yan Wang and Vijay Varadharajan. Dynamicnust: The Trust Development in Peer-to-Peer Environments. In IEEE Proceedings of the IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC O6), [6] Roger Dingledine, Nick Mathewson and Paul Syverson. Reputation in P2P Anonymity Systems. [7] Ernesto Damiani, Sabrina De Capitani di Vimercati and Stefano Paraboschi. A ReputationBased Approach for Choosing Reliable Resources in PeertoPeer Networks. CCSąŕ02, November 1822,2002, Washington, DC, USA. [8] Girish Suryanarayana, Mamadou H. Diallo, Justin R. Erenkrantz, and Richard N. Taylor. Architectural Support for Trust Models in Decentralized Applications. In ICSE 06, May, 2006, Shanghai, China. [9] Sergio Marti and Hector Garcia-Molina. Limited Reputation Sharing in P2P Systems. In EC 04 May20.08, 2004, New York, New York, USA. [10] Sepandar D. Kamvar, Mario T. Schlosser and Hector GarciaMolina. The EigenTrust Algorithm for Reputation Management in P2P Networks. [11] Karl Aberer and Zoran Despotovic Managing Trust in a Peer-2-Peer Information System. In CIKM 01, November S-10,2001, Atlanta, Georgia, USA.