امروزه با پیشرفت فناوریهای ارتباطی، خصوصاً شبکههای کامپیوتری و اینترنت، تعاملات و فعالیتها در محیطهای مجازی فزونی یافته است. در تعاملات فیزیکی، اعتماد نقش مهمی را در شرایط نایقینی بازی میکند. در فضاهای مجازی تعاملی نیز هنگام تصمیمگیری در مورد ارتباطات، و انتخاب از میان محتواهای ارائه شده میتوان با ارائه تعریف مناسبی از اعتماد و به کارگیری آن، سیستمهای کاراتر و پویاتری طراحی کرد.
در این ارائه به بررسی نحوه تعریف و محاسبه اعتماد در حوزههای کاربردی مختلف میپردازیم. سپس با برخی کاربردهای این مباحث در ایجاد سامانههای کارا و پویا (نظیر سیستمهای توصیه، جمعآوری اخبار، فیلترکردن ایمیل و مسیریابی همتا به همتا) آشنا میشویم.
1. Trust in the Virtual World
By: Sadegh Dorri Nogoorani
http://ce.sharif.edu/~dorri
1390/8/2 – 2011/10/24
(ISC Monthly Seminar)
In the Name of Allah
2. Who Knows on the Net...?
A notion of trust similar to
real world trust is
needed in the virtual
world…
Coordinating Agent
Interactions without
Strict Control
Mechanisms
Fig. by Peter Steiner (The New Yorker, 5 July 1993)
1390/8/2 - 2011/10/24 2Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
3. Outline
Concepts
Definitions and basic terminology
Trust and Reputation in Action
Applications
Attacks
Trust Engines
Probabilistic, logic, …
Trust in CROWDS
A detailed example
1390/8/2 - 2011/10/24 3Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
5. Trust ()اعتماد
Definition [CF10]
The expectation/belief that…
… trustee will perform actions designed to produce
positive results in the future for the trustor…
… in situations of consistent perceived risk.
Properties
Subjective, context dependent, asymmetric, transitive,
dynamic
Calculation
Structural: organizational, category-membership
Relational: history-based, using trust transitivity
Cognitive: dispositional, trustee attributes
1390/8/2 - 2011/10/24 5Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
6. Trust Scenario
Trustor
(اعتمادگر)
Trustee
(معتمد)
Direct Trust (مستقیم )اعتماد
Functional
(عملکردی)
Referential
(ارجاعی)
Functional
Functional
Indirect Trust (Inference)
مستقیم غیر اعتماد(استنتاج)
1390/8/2 - 2011/10/24 6Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
Recommenders (گران)توصیه
7. Reputation ( شهرت/وجهه )
Definition (Concise Oxford Dictionary)
A widespread belief that someone or
something has a particular characteristic.
Common belief
Relationship with Trust
Trust is subjective and has more weight
“I trust you because of your good reputation”
“I trust you despite your bad reputation”
1390/8/2 - 2011/10/24 Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri) 7
9. Aspects of a Trust System [HZN09]
1390/8/2 - 2011/10/24 Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri) 9
10. Applications of Trust
Soft Security Mechanism against
Low quality services
Misrepresentation of services
Incorrect information
Fraud
Others
Recommender and filtering systems
Targets
Content, services, people
1390/8/2 - 2011/10/24 Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri) 10
11. Attacks on a Trust-Based System
Self-Promotion
Falsely increase the trust on the attacker(s)
Whitewashing ()الپوشانی
Restoring the broken trust
Slandering (کردن )الغر
Falsely reduce the trust on other nodes
Other
Hybrid of the above attacks, DoS, …
1390/8/2 - 2011/10/24 Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri) 11
12. Example: Reputation in a P2P
System
● Nodes have no information about most others
● Fake or virus infected content
● Free riders
● Challenges
● Anonymity -> selfish users
● Highly distributed
● Unreliable network connections
● Partial information (in unstructured topologies)
● Untrustworthiness of storage peers
1390/8/2 - 2011/10/24 12Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
13. Example: Email Filtering
● Blind delivery of messages
● In Jan.of 2008, 75% of Internet email was spam.
● Detecting spam after delivery wastes a lot of
resources and is error-prone.
● KarmaNET [SXMW09]
● Messages are routed through social paths
● Trust is defined in three aspects:
– Routing (against free-riders)
– Forwarding (distinguish malicious nodes from careless
forwarders)
– Initiation
● Bad messages penalize all related peers, so they
(automatically) tune their behavior
1390/8/2 - 2011/10/24 13Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
14. Example: Social Routing
● Blind routing
● Has inherent security problems such as DDoS
and Spam
● No separation between routing addr. & identity
● Lack of msg. receiver control
● Solutions are not scalable and/or inefficient
● DSL [BYHW09]
● Messages are routed through social paths
between sender and receiver, and based on the
keywords describing the intention of the
message.
1390/8/2 - 2011/10/24 14Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
15. Example: Security and Privacy with
Trust
Probabilistic Security
Security is not definite in many cases
Hard-to-break security: birthday attack
Trust can be used to tune the desired security
Access control
User levels are determined using trust metrics
(Advogato, StackExchange)
Hybrid security policy: super computer example
Privacy in Anonymity Networks
1390/8/2 - 2011/10/24 Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri) 15
16. Other Applications
● News syndication
● Using trust in order to resolve contradictions
in information
● Discard the statements from the least trusted
sources
● Recommender systems
● To use trust in place of similarity
● Users are significantly more similar to their
trusted peers than to the population as a
whole
1390/8/2 - 2011/10/24 16Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
18. Simple Summation or Average of
Ratings
● More advanced: weighted average
● Trustworthiness/reputation
● Age of the rating
● Distance between rating and current
score
1390/8/2 - 2011/10/24 18Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
i
ii
w
wr
19. Probabilistic Engines
Trust: Expected Probability of Success
Bayesian Approach [JI02]
Use the Bayes rule to update p
HMM Approach [ElS10]
Use a Hidden Markov Model to calculate p
1390/8/2 - 2011/10/24 Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri) 19
},{ xxR
),,|Pr( ,,
1
,, tetr
tn
tetr
t
tetr
t
tetr
t OOxOp
][ ,, tetr
t
tetr
t pE
2
1
sr
r
20. Trust Inference
● Trust in an unknown peer can be
inferred according to paths in social
networks
● Strongest path
● Weighted paths
● BFS-like (TidalTrust)
● Probabilistic and Bayesian methods
● Subjective logic operators
1390/8/2 - 2011/10/24 20Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
21. Subjective Logic [JHP06]
1390/8/2 - 2011/10/24 21Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
),,,( audbA
B B
C
A
B
BA
C : B
C
A
B
BA
C
22. Other Engines
Fuzzy Inference Engines
Direct trust: multi-criteria decision making
Trust inference: fuzzy aggregation operators
Game Theoretic Approaches
Try to defend strategic attacks
Many Proposals: or ?
Evaluation: human-based vs. utility-based
Must be related to human notion of trust
1390/8/2 - 2011/10/24 Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri) 22
24. The CROWDS Protocol [RR98]
Provides Anonymous Web Transactions
A user is either completely honest or dishonest
The originator passes the message to a randomly
selected path of users to reach destination (the reverse
for reply).
Probability of Forwarding
1-pf: forward to the end server
pf: forward to a random user
Privacy (Anonymity) Level: Probable Innocence
… the sender appears no more likely to be the
originator than to not be.
1390/8/2 - 2011/10/24 Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri) 24
25. CROWDS + Trust
Extended Protocol [SEH10]
The users may switch between honest and
dishonest.
Trust (reputation) info + forwarding policy
ti (in [0,1]): The Reputation of a User
Robustness of user i to becoming corrupt
(probability)
{q1,…,qn}: The Forwarding Policy
Common to all users
qi: The probability of forwarding to user i
1390/8/2 - 2011/10/24 Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri) 25
26. Anonymity in CROWDS + Trust
1390/8/2 - 2011/10/24 Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri) 26
Guaranteeing Probable Innocence
Idea: adjust the forwarding policy according to
reputation values
Solve the following system of linear inequalities
to find the desired forwarding policy(ies):
2
1
27. Anonymity in CROWDS + Trust (cont.)
Example with Three Principles
The equations yield two solutions:
A possible choice:
1390/8/2 - 2011/10/24 Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri) 27
28. Comparing with the Original CROWDS
Forwarding Policy of the original protocol:
Does not satisfy the innocence inequalities
Consequence:
If the users are partially honest, the CROWDS
may not provide probable innocence.
Trust information can be used to provide the
required anonymity.
1390/8/2 - 2011/10/24 Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri) 28
29. Conclusions
● Trust in the VW
● Translating social concepts to computational
methods
● Many applications
● Sound mathematical basis
● Trust as a Soft Security Mechanism
● Access control
● Probabilistic security
● …
● A Long Way in Front!
1390/8/2 - 2011/10/24 29Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
31. References
[BYHW09] L. Banks, S. Ye, Y. Huang, and S. F. Wu, “Davis social links: integrating
social networks with internet routing,” in Proceedings of the 2007 Workshop on
Large Scale Attack Defense (LSAD’07), New York, NY, USA, 2007, pp. 121–128.
[CF10] C. Castelfranchi and R. Falcone, Trust theory: a socio-cognitive and
computational model. Chichester, West Sussex, England: Wiley, 2010.
[ElS10] E. ElSalamouny, “HMM-based trust model,” Revised Selected Papers of the 6th
International Workshop on Formal Aspects in Security and Trust (FAST), Eindhoven,
The Netherlands, Nov. 2009, vol. 5983, pp. 21-35, 2010.
[Gol06] J. Golbeck, “Trust on the World Wide Web: A Survey”, Foundation and Trends
in Web Science, vol. 1, no. 2, pp. 131–197, 2006.
[HZN09] K. Hoffman, D. Zage, and C. Nita-Rotaru, “A survey of attack and defense
techniques for reputation systems,” ACM Computing Surveys, vol. 42, no. 1, pp. 1-
31, Dec. 2009.
[JHP06] A. Jøsang, R. Hayward, and S. Pope, “Trust network analysis with subjective
logic,” in Proceedings of the 29th Australasian Computer Science Conference -
Volume 48, Hobart, Australia, 2006, pp. 85-94.
[JI02] A. Jøsang and R. Ismail, “The Beta Reputation System,” in Proceedings of the
15th Bled Conference on Electronic Commerce, Bled, Slovenia, 2002.
1390/8/2 - 2011/10/24 31Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri)
32. References (cont’d)
[SEH10] V. Sassone, E. ElSalamouny, and S. Hamadou, “Trust in Crowds:
Probabilistic Behaviour in Anonymity Protocols,” in Trustworthly Global
Computing, vol. 6084, M. Wirsing, M. Hofmann, and A. Rauschmayer, Eds.
Berlin, Heidelberg: Springer Berlin Heidelberg, 2010, pp. 88-102.
[SXMW09] M. Spear, Xiaoming Lu, N. Matloff, and S. F. Wu, “KarmaNET:
Leveraging trusted social paths to create judicious forwarders,” in
Proceedings of the 1st International Conference on Future Information
Networks (ICFIN), Beinjin, China, 2009, pp. 218-223.
[RR98] M. K. Reiter and A. D. Rubin, “Crowds: anonymity for Web transactions,”
ACM Transactions on Information Systems Security, vol. 1, no. 1, pp. 66–92,
Nov. 1998.
1390/8/2 - 2011/10/24 Trust in the Virtual World - Sadegh Dorri N. (http://ce.sharif.edu/~dorri) 32