When transacting and interacting through open computer networks, traditional methods used in the physical world for establishing trust can no longer be used. Creating virtual network substitutes with which people, organisations and software agents can derive trust in other parties requires computerised analysis of the underlying trust networks. This article describes an approach to trust network analysis using subjective logic (TNA-SL), that consists of the three following elements. Firstly it uses a concise notation with which trust transitivity and parallel combination of trust paths can be expressed. Secondly it defines a method for simplifying complex trust networks so that they can be expressed in this concise form. Finally it allows trust measures to be expressed as beliefs, so that derived trust can be automatically and securely computed with subjective logic. We compare our approach with trust derivation algorithms that are based on normalisation such as PageRank and EigenTrust. We also provide a numerical example to illustrates how TNA-SL can be applied.

Abstract — P2P file-sharing systems have indexes, which users search to find locations of desired titles. In the index poisoning attack, the attacker inserts massive numbers of bogus records into the index for a set of targeted titles. As a result, when a user searches for a targeted title, the index returns bogus results, such as bogus file identifiers, bogus IP addresses, or bogus port numbers. In this paper we first show that both structured and unstructured P2P file-sharing systems are highly vulnerable to the index poisoning attack. We then develop a novel and efficient methodology for estimating index poisoning levels and pollution levels in file-sharing systems. The methodology is efficient in that involves neither the downloading nor the analysis of binary content files. We deploy data-harvesting platforms for FastTrack, an unstructured file-sharing system, and Overnet, a DHT-based file-sharing system. Applying our methodology to harvested data, we find that index poisoning is pervasive in both systems. We also outline a distributed blacklisting procedure for countering the index poisoning and pollution attacks. I.

... (MANET) is challenging when collaboration or cooperation is critical to achieving mission and system goals such as reliability, availability, scalability, and reconfigurability. In defining and managing trust in a military MANET, we must consider the interactions between the composite cognitive, social, information and communication networks, and take into account the severe resource constraints (e.g., computing power, energy, bandwidth, time), and dynamics (e.g., topology changes, node mobility, node failure, propagation channel conditions). We seek to combine the notions of “social trust ” derived from social networks with “quality-of-service (QoS) trust ” derived from information and communication networks to obtain a composite trust metric. We discuss the concepts and properties of trust and derive some unique characteristics of trust in MANETs, drawing upon social notions of trust. We provide a survey of trust management

This paper presents a performance study of BitTorrent-like P2P systems by modeling, based on extensive measurements and trace analysis. Existing studies on BitTorrent systems are single-torrent based and usually assume the process of request arrivals to a torrent is Poisson-like. However, in reality, most BitTorrent peers participate in multiple torrents and file popularity changes over time. Our study of representative BitTorrent traffic provides insights into the evolution of single-torrent systems and several new findings regarding the limitations of BitTorrent systems: (1) Due to the exponentially decreasing peer arrival rate in a torrent, the service availability of the corresponding file becomes poor quickly, and eventually it is hard to locate and download this file. (2) Client performance in the BitTorrent-like system is unstable, and fluctuates significantly with the changes of the number of online peers. (3) Existing systems could provide unfair services to peers, where a peer with a higher downloading speed tends to download more and upload less. Motivated by the analysis and modeling results, we have further proposed a graph based model to study interactions among multiple torrents. Our model quantitatively demonstrates that inter-torrent collaboration is much more effective than stimulating seeds to serve longer for addressing the service unavailability in BitTorrent systems. An architecture for inter-torrent collaboration under an exchange based instant incentive mechanism is also discussed and evaluated by simulations.

Reputation mechanisms harness the bi-directional communication capabilities of the Internet in order to engineer large-scale word-of-mouth networks. Best known so far as a technology for building trust and fostering cooperation in online marketplaces, such as eBay, these mechanisms are poised to have a much wider impact on organizations. This paper surveys our progress in understanding the new possibilities and challenges that these mechanisms represent. It discusses some important dimensions in which Internet-based reputation mechanisms differ from traditional word-of-mouth networks and surveys the most important issues related to their design, evaluation, and use. It provides an overview of relevant work in game theory and economics on the topic of reputation. It discusses how this body of work is being extended and combined with insights from computer science, marketing, and psychology in order to take into consid-eration the special properties of online environments. Finally, it identifies opportunities that this new area presents for information systems research. 1

In peer-to-peer (P2P) networks, reputation aggregation and peer ranking are the most time-consuming and spacedemanding operations. This paper proposes a gossip-based reputation system (GossipTrust) for fast aggregation of global reputation scores. It leverages a Bloom filter based scheme for efficient score ranking. GossipTrust does not require any secure hashing or fast lookup mechanism, thus is applicable to both unstructured and structured P2P networks. Randomized gossiping with effective use of power nodes enables fast aggregation and fast dissemination of global scores in O(log2 n) time steps, where n is the network size. The gossip-based protocol is designed to tolerate dynamic peer joining and departure, as well as to avoid possible peer collusions. The scheme has a considerably low gossiping message overhead, i.e. O(nlog2 n) messages for n nodes. Bloom filters reduce the memory overhead per node to 512 KB for a 10,000-node network. We evaluate the performance of GossipTrust with both P2P file-sharing and parameter-sweeping applications. The simulation results demonstrate that GossipTrust has small aggregation time, low memory demand, and high ranking accuracy. These results suggest promising advantages of using the GossipTrust system for trusted P2P computing.

The growth of web-based social networking and the properties of those networks have created great potential for producing intelligent software that integrates a user's social network and preferences. Our research looks particularly at assigning trust in web-based social nets and investigates how trust information can be mined and integrated into applications. This paper introduces a definition of trust suitable for use in web-based social networks with a discussion of the properties that will influence its use in computation. We then present two algorithms for inferring trust relationships between individuals that are not directly connected in the network. Both algorithms are shown theoretically and through simulation to produce calculated trust values that are highly accurate.. We then present TrustMail, a prototype email client that uses variations on these algorithms to score email messages in the user's inbox based on the user's participation and ratings in a trust network.

There exist many successful examples of online reputation (or rating) systems, such as on-line markets and e-tailer ratings. However, for peer-to-peer applications, an explicit ratings subsystem has often been ignored in system design because of the implicit assumption of trust and altruism among P2P users. This assumption might be true (or might not matter) when a P2P network is still in its infancy and is relatively small in size. But the assumption might break down with increase in the size and diversity of the P2P network. In this paper, we discuss issues in the design of rating schemes for P2P systems. In keeping with the design philosophy of many of these system, we consider the design of distributed rating systems. As a case study, we illustrate two different approaches to a distributed rating system aimed at tackling the free-rider problem in P2P networks. A key challenge in designing such rating schemes is to make them collusion-proof: we discuss our efforts in this direction.

Much work has been done to address the need for incentive models in real deployed peer-to-peer networks. In this paper, we discuss problems found with the incentive model in a large, deployed peer-to-peer network, Maze. We evaluate several alternatives, and propose an incentive system that generates preferences for wellbehaved nodes while correctly punishing colluders. We discuss our proposal as a hybrid between Tit-for-Tat and EigenTrust, and show its effectiveness through simulation of real traces of the Maze system.

Trusted Grid computing demands robust resource allocation with security assurance at all resource sites. Largescale Grid applications are being hindered by lack of security assurance from remote resource sites. We developed a security-binding scheme through site reputation assessment and trust integration across Grid sites. We do not treat the trust factor deterministically. Instead, we apply fuzzy theory to handle the fuzziness or uncertainties behind all trust attributes. The binding is achieved by periodic exchange of site security information and matchmaking to satisfy user job demands.