Agenda

Motivation & Goals

Background

Bio-inspired trust models

Trust models simulator

Conclusions & future work

Security threats

Trust models taxonomy

Motivation• Internet and WWW have changed our lives

• Despite their several advantages, there are also many security risks

• Traditional security solutions are very effective but not always applicable

• Trust and reputation management has been proposed as an accurate alternative

• Oneself can make his/her own opinion about how trustworthy or reputable another member of the community is

• Increases the probability of a successful transaction while reducing the opportunities of being defrauded

• European Union supported this research field in several projects

Goals

• Analyse the current state of the art

• Identify possible deficiencies

• Design and suggest innovative and original alternatives

• Make an analysis of the intrinsic nature of these models

• Study those threats specifically applicable in these systems

• Develop a tool to implement trust and reputation models

• Survey some real and final scenarios

• Compare our alternatives with other representative models

• Propose and develop our own trust models

Background

Fuzzy BayesianBio-

inspiredAnalytic

AgentPATROL-F

AFRAS

MTrust

BNBTMAntRep

ATRM

ATSN

Sporas

Regret

P2PPATROL-F

PTM

BNBTM

PTM

RRS

AntRep

TDTM

DWTrust

TPOD

GroupRep

EigenTrust

Ad-hocPTM

RRSATRM

WSN RFSN

ATRM

DRBTS

ATSN

• Lack of mature bio-inspired approaches

• Lack of taxonomy analysis

• Lack of security threats study

• Lack of generic testing tools

Trust and Reputation Management in Distributed and Heterogeneous Systems

SimulatorSimulator

Bio-inspired Bio-inspired TRMTRM

Trust ModelsTrust ModelsTaxonomy Taxonomy

Security Security ThreatsThreats

Application Application ScenariosScenarios

Bio-inspired Trust and Reputation Models

SimulatorSimulator

Bio-inspired Bio-inspired TRMTRM

Trust ModelsTrust ModelsTaxonomy Taxonomy

Security Security ThreatsThreats

Application Application ScenariosScenarios

• TACSTACS• META-TACSMETA-TACS• BTRM-WSNBTRM-WSN

Ant Colony System

• Optimisation algorithm• Problems represented as graphs (like TSP)• Quite accurate and efficient

Stop condition

Ants transition Pheromone updating

Path quality evaluation

Reward/punish

TACS, Trust Model for P2P Networks

• Aimed to work in P2P networks• A client applies for a certain service• There are benevolent and malicious service providers• Ants find the most trustworthy server offering the requested service• Pheromone traces represent the credibility of finding such server

TACS, Trust Model for P2P Networks

• TACS adaptation• Pheromone updating

• Path quality evaluation

• Punishment

• Ants transition and stop condition

• Reward

• Experiments carried out• Over static networks• Over dynamic networks• Over oscillating networks

• Capability of managing multi-service networks• Sourceforge project

TACS, Trust Model for P2P Networks

Static networks Oscillating networksDynamic networks

META-TACS: a Trust Model Demonstration of Robustness through a Genetic Algorithm

• TACS had several parameters• Was it too complex?• Was it too dependent?

META-TACS: a Trust Model Demonstration of Robustness through a Genetic Algorithm

• Search for the optimal parameters configuration• Genetic algorithm CHC

META-TACS: a Trust Model Demonstration of Robustness through a Genetic Algorithm

• Not one unique optimal parameters configuration• Each parameter had a wide range of values• Demonstration of robustness against parameters initialisation

BTRM-WSN, Bio-inspired Trust and Reputation Model for Wireless Sensor Networks

• Application to WSNs• Enhancements with regard to TACS

• Several clients management• Enhanced pheromone updating• Enhanced punish & reward

• Two proposed models• Multi-service• Not multi-service

BTRM-WSN, Bio-inspired Trust and Reputation Model for Wireless Sensor Networks

• Experiments

Static Networks Dynamic Networks Oscillating Networks Collusion Networks

Accu

racy

Path

leng

th

Trust Models Taxonomy

SimulatorSimulator

Bio-inspired Bio-inspired TRMTRM

Trust ModelsTrust ModelsTaxonomyTaxonomy

Security Security ThreatsThreats

Application Application ScenariosScenarios

Trust Models Taxonomy

• Generic steps• Generic interfaces• Generic data structures

Trust Models Taxonomy

• 10 design advices• Anonymous recommendations• Higher weight to more recent transactions• Recommendations subjectivity• Redemption of past malicious entities• Opportunity to participate for benevolent newcomers• Avoid abuse of a high achieved reputation• Benevolent nodes should have more opportunities than newcomers• Different trust/reputation scores for different services• Take into account bandwidth, energy consumption, scalability...• Consider the importance or associated risk of a transaction

Trust Models Security Threats

SimulatorSimulator

Bio-inspired Bio-inspired TRMTRM

Trust ModelsTrust ModelsTaxonomyTaxonomy

Security Security ThreatsThreats

Application Application ScenariosScenarios

Trust Models Security Threats

Malicious collectives with camouflage• Resilience mostly depends on malicious peers behavioral patterns• Not always considered as a threat• Manage recommenders reliability• Keep a transactions history to detect and punish variable behavior

• Commonly neglected issue• Lack of a comprehensive

analysis• 9 studied threats

Malicious spies• Spies may achieve a high reputation• Manage recommenders reliability• More difficult to distinguish malicious

peers and malicious spies

Sybil attack• Underestimated but great risk• One single entity generates a disproportionate number of identities• Associate a cost to the generation of new identities

• Security threats taxonomy• Attack intent• Targets• Required knowledge• Cost• Algorithm dependence• Detectability

Trust Models Security Threats

• Tackling summary• EigenTrust• PeerTrust• BTRM-WSN• PowerTrust• ATSN• DWTrust

Simulator

SimulatorSimulator

Bio-inspired Bio-inspired TRMTRM

Trust ModelsTrust ModelsTaxonomyTaxonomy

Security Security ThreatsThreats

Application Application ScenariosScenarios

Simulator

• Generic tool• Easy to implement and add

new models• V0.4 includes 5 models

• BTRM-WSN• EigenTrust• PeerTrust• PowerTrust• LFTM

• Sourceforge project• + 2300 downloads

• World wide interest• Models comparison

Conclusions

• Distributed and heterogeneous systems are nowadays developing very quickly, leading to new unresolved security risks

• Trust and reputation management has been proposed in this PhD Thesis as an effective solution in certain environments

• Our original bio-inspired trust and reputation models have been proved to have a high performance, while solving some of the previous issues

• Taxonomy and design advices & security threats analysis might be quite helpful for future researchers

• Appealing field with much more to do

• Extensible and easy to use simulator, enabling models comparison

Future Work

• Ongoing work• Trust and reputation models comparison• Real scenarios

• Identity Management Systems• Wireless Sensors and Actuators Networks

• Fuzzy logic, fuzzy sets and linguistic labels

• Future work• Improve TRMSim-WSN

• New Trust & Reputation models• New security threats

• Vehicular-to-Vehicular (V2V)• Internet of Things (IoT)

Publications derived from the PhD Thesis

Publications derived from the PhD Thesis

1.Félix Gómez Mármol, Gregorio Martínez Pérez, “State of the art in trust and reputation models in P2P networks”, Handbook of Peer-to-Peer Networking, Eds: X. Shen, H. Yu, J. Buford, M. Akon, Publisher: Springer, ISBN: 978-0-387-09750-3, pp 761-784, 2010 http://dx.doi.org/10.1007/978-0-387-09751-0 26

• Book chapters

Publications derived from the PhD Thesis

1.Félix Gómez Mármol, Gregorio Martínez Pérez, Antonio F. Gómez Skarmeta, “TACS, a Trust Model for P2P Networks”, Wireless Personal Communications, vol. 51, no. 1, pp 153-164, 2009 http://dx.doi.org/10.1007/s11277-008-9596-9

2.Félix Gómez Mármol, Gregorio Martínez Pérez, Javier Gómez Marín-Blázquez, “META-TACS: a Trust Model Demonstration of Robustness through a Genetic Algorithm”, Intelligent Automation and Soft Computing (Autosoft) Journal, 2010 (in press)

3.Félix Gómez Mármol, Gregorio Martínez Pérez, “Providing Trust in Wireless Sensor Networks using a Bio-Inspired Technique”, Telecommunication Systems Journal, vol. 46, no. 2, 2010 (in press) http://dx.doi.org/10.1007/s11235-010-9281-7

• Journals with impact factor (included in the JCR)

1.Félix Gómez Mármol, Gregorio Martínez Pérez, "Providing Trust in Wireless Sensor Networks using a Bio-inspired Technique", Networking and Electronic Commerce Research Conference (NAEC 08), pp. 415-430, ISBN: 978-0-9820958-0-5, Lake Garda, Italy, 25-28 September 2008

• International conferences

Publications derived from the PhD Thesis

1.Félix Gómez Mármol, Gregorio Martínez Pérez, “Towards Pre-Standardization of Trust and Reputation Models for Distributed and Heterogeneous Systems”, Computer Standards & Interfaces, Special Issue on Information and Communications Security, Privacy and Trust: Standards and Regulations, vol. 32, no. 4, pp. 185-196, 2010 http://dx.doi.org/10.1016/j.csi.2010.01.003

• Journals with impact factor (included in the JCR)

Publications derived from the PhD Thesis

1.Félix Gómez Mármol, Gregorio Martínez Pérez, “Security Threats Scenarios in Trust and Reputation Models for Distributed Systems”, Elsevier Computers & Security, vol. 28, no. 7, pp. 545-556, 2009 http://dx.doi.org/10.1016/j.cose.2009.05.005

• Journals with impact factor (included in the JCR)

1.Félix Gómez Mármol, Gregorio Martínez Pérez, “TRMSim-WSN, Trust and Reputation Models Simulator for Wireless Sensor Networks”, IEEE International Conference on Communications (IEEE ICC 2009), Communication and Information Systems Security Symposium, Dresden, Germany, 14-18 June 2009 http://dx.doi.org/10.1109/ICC.2009.5199545

• International conferences

Publications derived from the PhD Thesis

1.Félix Gómez Mármol, Javier Gómez Marín-Blázquez, Gregorio Martínez Pérez, "Linguistic Fuzzy Logic Enhancement of a Trust Mechanism for Distributed Networks", Third IEEE International Symposium on Trust, Security and Privacy for Emerging Applications (TSP-10), Bradford, UK, June 29-July 1, 2010

1.Félix Gómez Mármol, Gregorio Martínez Pérez, “Trust and Reputation Models Comparison”, submitted to Emerald Internet Research on the 16th of August, 2009

2.Félix Gómez Mármol, Joao Girao , Gregorio Martínez Pérez, “TRIMS, a Privacy-aware Trust and Reputation Model for Identity Management Systems”, submitted to Elsevier Computer Networks on the 15th of December, 2009 (currently in a 2nd revision)

3.Félix Gómez Mármol, Joao Girao , Gregorio Martínez Pérez, “Identity Management: In privacy we trust”, submitted to IEEE Internet Computing Magazine on the 15th of February, 2010

4.Félix Gómez Mármol, Christoph Sorge, Osman Ugus, Gregorio Martínez Pérez, “WSANRep, WSAN Reputation-Based Selection in Open Environments”, submitted to IEEE Wireless Communications Magazine on the 21st of January, 2010

• International conferences

• Journals with impact factor (included in the JCR), under review

Publications derived from the PhD Thesis

Publications derived from the PhD Thesis

•Summary• Book chapters: 1• Journals with impact factor: 9 (5 published and 4 under current review)• International conferences: 3• Open-source software projects protected with IPR: 2• Patent applications: 1

• Experiments carried out• Over static networks• Over dynamic networks• Over oscillating networks

• Capability of managing multi-service networks

TACS, Trust Model for P2P Networks

Static networks Oscillating networksDynamic networks

)ln()ln(

1.00.1

1.01.0

98.01 0

NANI

cs

NNNN

q

TACS, Trust Model for P2P Networks

1. Client C executes TACS in order to find the most trustworthy server S offering the service s2. TACS launches the ACS algorithm and ants modify the pheromone traces of the network3. TACS finishes, having selected the “optimum” path to server S'4. TACS informs the client C that the most trustworthy server found is S'5. Client C requests service s to the server S'6. Server S' provides service s' to the client C7. Client C evaluates his satisfaction with the received service s'8. If client C is not satisfied with the received service s', he punishes the server S' evaporating the pheromone of the

edges that lead from C to S'

Trust Models Taxonomy

• Anonymous recommendations• Hiding real-world identities behind pseudonyms• Cryptographically generated unique identifiers• Secure hardware modules

• Higher weight to more recent transactions

• Recommendations subjectivity

• Redemption of past malicious entities

Trust Models Taxonomy

• Opportunity to participate for benevolent newcomers

• Benevolent nodes should have more opportunities than newcomers

• Avoid abuse of a high achieved reputation

Trust Models Taxonomy

• Different trust/reputation scores for different services

• Take into account bandwidth, energy consumption, scalability...• Wireless Sensor Networks

• Consider the importance or associated risk of a transaction• Transaction importance Punish/Reward

Trust Models Security Threats

• Individual malicious peers• Simplest threat• Decrease trust in malicious peers

• Malicious collectives• Collusion is often an important risk• Manage recommenders reliability

• Malicious collectives with camouflage• Resilience mostly depends on malicious peers behavioral patterns• Not always considered as a threat• Manage recommenders reliability• Keep a transactions history to detect and punish variable behavior

Trust Models Security Threats

• Malicious spies• Spies may achieve a high reputation• Manage recommenders reliability• More difficult to distinguish malicious peers and malicious spies

• Sybil attack• Underestimated but great risk• One single entity generates a disproportionate number of identities• Associate a cost to the generation of new identities

• Man in the middle attack• Traditionally not associated with trust and reputation management• Authenticate each peer through cryptographic mechanisms• Solution not always feasible

Trust Models Security Threats

• Driving down the reputation of a reliable peer• A benevolent peer may be isolated forever• Manage recommenders reliability

• Partially malicious collectives• One peer might be benevolent providing a certain service, but malicious

provisioning a different service• Different trust scores for different services

• Malicious pre-trusted peers• Only applicable in some trust models• Not always easy to find peers to be pre-trusted• Dynamically select the set of pre-trusted peers

Trust models comparison

Static networks Dynamic networks

Oscillating networks Collusion networks

TRIMS, a Privacy-aware Trust and Reputation Model for Identity Management Systems

• Several domains• Users identity information exchange• Application of a reputation mechanism• Preservation of recommenders privacy

• WSC provides the requested service• WSP provides user identity information• IdPs act as recommendation aggregators

• Developed during 1st NEC internship• Led to an international patent

WSANRep, WSAN Reputation-Based Selection in Open Environments

• Mobile users looking for services• Several WSAN offering such services• Application of a reputation mechanism• Users form groups to preserve their privacy• FP acts as recommendations aggregator• One RP per group storing recommendations• Developed during 2nd NEC internship

Linguistic Fuzzy Logic Enhancement of a Trust Mechanism for Distributed Networks

• Fuzzy sets, fuzzy logic and linguistic labels

• Enhanced interpretability• Improved accuracy