1. Improving PGP Web of Trust through
the Expansion of Trusted Neighborhood
Guibing Guo, Jie Zhang, Julita Vassileva*
School of Computer Engineering, Nanyang Technological University,
Singapore
* Department of Computer Science, University of Saskatchewan,
Canada
25/8/2011

2. Agenda
• Motivation
• Related Work
• Proposed Methodology
– Majority Rule
– Confidence Measurement
• Result Diagrams
• Q&A

3. Motivation
• PGP Web of Trust
– Mechanism to make cryptography freely
• Publish certificate
• Sign on other certificate
• Keep a list of trusted users
– Often used to secure emails and files
transmitted on the Internet

4. Limitations
• Limited apps due to
– Positive feedback only
• No one is able to state clearly opposite
opinions
– Direct trust only
• Do not take into account trust transitivity
• Our work relaxes these constrains

5. Related Work
• Guha et al. report trust can be propagated
– Proposed 4 types of trust propagation
• Direct : A->B, B->C => A->C
• Co-citation: A1->B/C, A2->B => A2->C
• Transpose: B->C, A->C => A->B
• Coupling: B/C->D, A->B =>A->C
Ours: A->B, B~C => A->C

6. Related Work
• Huang and Nicol have applied the direct trust
propagation method on PGP web of trust
• Assumption: That A is highly similar to B
implies that A can trust B’s taste for
recommendations

7. Model the problem
• Feedback: S={1}
• Directed neighbors:
1 if p is completely trusted

Be ( p)   1 / 2 if p is marginally trusted
0 if p is untrusted or unknown

• Trusted neighborhood:
TNe  { p  P : Be ( p)  1 / 2}

8. Model the problem
• For a target certificate t 0
1 if cc  1 or mc  2

re (t0 )  1 / 2 if cc  0 and 0  mc  2
0 if cc  0 and mc  0

Certificate is authentic if
re (t0 )  1

9. Modification (MPGP)
• Add negative feedback: S={1, -1}
• Evaluation metric
w1  w1
re (t 0 ) 
w1  w1
where
w1 |  Be ( p) * s p |, w1 |  Be ( p' ) * s p ' |

10. Extension (EPGP)
• Trust Propagation
– Maximum length: m= 4
– For i-th chain of trust:
m 1
CTi  Be ( p2 )  B p j ( p j  1)
j 2
– Aggregation
1 n
Be ( p)  i 1 CTi
n

11. Extension (EPGP)
• New Trusted Neighborhood:
TNe '  TNe  { p  P : p TNe , Be ( p)   }
Where t  1 / 2 in this paper

12. Further expansion (EPGP+)
• Merging the directed trust neighbors into a
single agent, Fe
– Majority rule:
1 if w1  w1
f (t )  
  1 otherwise
– Confidence on the feedback:
1 x w1 (1  x) w1
c( w1 , w1 )   | 1
 1 | dx
 x w1 (1  x) w1 dx
0
0
c( w1 , w1 )   c

13. EPGP+
• Search for new neighbors:
– Compute Cosine Similarity

k
f e (t ) f u (t )
Sim ( Fe, Fu )  i 1
i1 f e (t ) i1
k 2 k
f u (t ) 2
– New neighbor if
Sim( Fe, Fu )    : similarity threshold

14. Experiments
• Simulation set-up
– 500 users, each creates a certificate; a
certain % of them are inauthentic
– 3 groups of users in terms of honest
• Honest (Trustfully sign 80-100%)
• dishonest (40-60%), neutral, (0-20%)
– 3 groups of users in terms of experience
• Experienced (Sign 15-20% certificates)
• Medium (8-13%) and Newbies (0-5%)

15. Experiments
• Simulation set-up
– 3 groups of users in terms of correctness
• TOW make heavy mistakes (sign wrongly)
–80-100%
• TOW make neutral mistakes
–40-60%
• TOW make few mistakes
–0-20%

16. Scenarios
• Vary the percentages of
– Honest, dishonest, neutral
– Experienced, medium, newbie
• Performance
– Accuracy:
– Coverage

17. Choose Proper parameters
• Fix   0.8 and vary  c

18. Choose Proper parameters
• Fix  c  0.7 and vary 

19. Choose Proper parameters
• Fix  c  0.2 and vary 

20. Scenarios
• Uniform Scenario
• Ideal Scenario
• Sparse Scenario
• Sufficient Information
• Many Mistake
• Highly Malicious

22. Conclusions
• Negative feedback is allowed
• Trust propagation is applied
• Further expansion of trusted neighborhood by
merging feedbacks and finding nearest nodes
• Experimental simulations are performed

23. Q & A?
Thank you!