ABSTRACT



Abstract—Peer-to-peer (P2P) online communities are commonly perceived as an environment offering both opportunities and threats.One way to minimize threats in such communities is to use community-based reputations to help estimate the trustworthiness of peers.

This paper presents PeerTrust—a reputation-based trust supporting framework, which includes a coherent adaptive trust model for quantifying and comparing the trustworthiness of peers based on a transaction-based feedback system, and a decentralized implementation of such a model over a structured P2P network.

PeerTrust model has two main features. First, we introduce three basic trust parameters and two adaptive factors in computing trustworthiness of peers, namely, feedback a peer receives from other peers, the total number of transactions a peer performs, the credibility of the feedback sources, transaction context factor, and the community context factor.

Second, we define a general trust metric to combine these parameters. Other contributions of the paper include strategies used for implementing the trust model in a decentralized P2P environment, evaluation mechanisms to validate the effectiveness and cost of PeerTrust model, and a set of experiments that show the feasibility and benefit of our approach.


1. INTRODUCTION



PEER-TO-PEER (P2P) online communities can be seen as truly distributed computing applications in which peers (members) communicate directly with one another to exchange information, distribute tasks, or execute transactions.They can be implemented either on top of a P2P network or using a conventional client-server platform.

Gnutella is an example of P2P communities that are built on top of a P2P platform. Person-to-person online auction sites such as eBay and many business-to-business (B2B) services such as supply-chain-management networks are examples of P2P communities built on top of a client-server architecture. In eCommerce settings, P2P communities are often established dynamically with peers that are unrelated and unknown to each other.

Peers have to manage the risk involved with the transactions without prior experience and knowledge about each other’s reputation. One way to address this uncertainty problem is to develop strategies for establishing trust and develop systems that can assist peers in assessing the level of trust they should place on an eCommerce transaction. For example, in a buyer-seller market, buyers are vulnerable to risks because of potential incomplete or distorted information provided by sellers.

Trust is critical in such electronic markets as it can provide buyers with high expectations of satisfying exchange relationships.Recognizing the importance of trust in such communities,an immediate question to ask is how to build trust. There is an extensive amount of research focused on building trust for electronic markets through trusted third parties or intermediaries .However,it is not applicable to self-regulating P2P communities where peers are equal in their roles and there are no entities that can serve as trusted third parties or intermediaries.

Reputation systems provide a way for Building trust through social control by utilizing community based feedback about past experiences of peers to help making recommendation and judgment on quality and reliability of the transactions. The challenge of building such a reputation based trust mechanism in a P2P system is how to effectively cope with various malicious behavior of peers such as providing fake or misleading feedback about other peers. Another challenge is how to incorporate various contexts in building trust as they vary in different communities and transactions. Further, the effectiveness of a trust system depends not only on the factors and metrics for building trust, but also on the implementation of the trust model in a P2P system.

Most existing reputation mechanisms require a central server for storing and distributing the reputation information. It remains a challenge to build a decentralized P2P trust management system that is efficient, scalable, and secure in both trust computation and trust data storage and dissemination. Last, there is also a need for experimental evaluation methods of a given trust model in terms of the effectiveness and benefits.

With these research problems in mind, we develop PeerTrust, a P2P reputation-based trust supporting framework.The paper has a number of unique contributions. First,by analyzing a variety of common problems encountered in today’s online communities , we introduce Peer-Trust model with five important parameters and a general trust metric combining these parameters for evaluating the trustworthiness of a peer in an evolving P2P community.We also present the trust information dissemination architecture, the usage of the trust model, and the design and implementation considerations of PeerTrust .

Finally, we describe a series of simulation-based experiments that are carefully designed to evaluate PeerTrust by showing its accuracy, robustness, cost, and efficiency. We conclude the paper with analysis of PeerTrust in the context of the common problems in P2P systems and online communities , a brief overview of the related work , a summary, and a description of some futurework





2. APPLICATION SCENARIOS AND RESEARCH CHALLENGES


P2P electronic communities are increasingly gaining acceptance on the Internet as they provide an infrastructure in which the desired information and products can be located and traded while preserving the anonymity of both requestor peers and provider peers. As recent experience with P2P systems such as Gnutella shows, anonymity opens the door to possible misuses and abuses by malicious peers exploiting the overlay network as a way to spread tampered with information, including malicious programs, such as Trojan Horses and viruses.

One way to minimize threats in an open community as such is to use community-based reputations,which can be computed through feedback about peers’ transaction histories.

2.1 Common Problems in Current Electronic Communities.

A variety of online community sites have reputation management built in, such as eBay, Amazon, Yahoo!Auction, Edeal, Slashdot, and Entrepreneur.com. From our experience with these sites, and the survey provided in , we summarize a list of common problems and risks observed in the current P2P e-commerce communities.

• Most existing reputation systems lack the ability to differentiate dishonest feedback from honest ones and, hence, are vulnerable to malicious manipulations of peers who provide dishonest feedback.

• Most systems provide no support to incorporate various contexts in evaluating the trustworthiness of peers. For example, a peer can develop a good reputation by being honest for numerous small transactions and then tries tomakea profit by cheating for large transactions.

• Most systems do not provide incentives for a peer to rate others and suffer from insufficient feedback.. Most systems cannot deal with strategic dynamic personality of peers. For example, malicious peers can build a reputationand then start cheating or oscillating between building and milking the reputation.


2.2 Common Security Threats in P2P Environments.

Most of the security threats presented in P2P information sharing environments are due to two main features of the P2P design: anonymous P2P communication (for example, Gnutella servants (peers) are anonymous and are only identified by a self-identified servant id) and variety of the shared information (e.g., the files authorized to be shared in Gnutella can include all media types, including executable and binary files). The former feature involves a weakness due to the combination of low accountability and low trust of the individual peers. The latter feature combined with the former make the P2P environments more vulnerable to certain security attacks. Below, we list a number of security threats common in distributed systems.

• Distribution of tampered with information. The simplest version of this attack is for a peer u to provide a fake resource with the same name as the real resource peer v is looking for. The actual file could be a Trojan Horse program or a virus like the well-known VBS.Gnutella worm.

• Man in the middle attack. The malicious peer can intercept the message from the provider peer to the requestor and rewrite it with his IP address and port instead of the provider’s. Now, the malicious peer can infect the original content from the provider and pass it on to the requestor.

• Peers are easily compromised. Peers in an online community with distributed P2P management are more easily compromised. For instance, the well known VBS.Gnutella worm spreads by making a copy of itself in the Gnutella program directory; then it modifies the Gnutella.ini file to allow sharing of .vbs files in the Gnutella program folder.


3. THE TRUST MODEL

The main focus of this paper is the design and development of PeerTrust—a dynamic P2P trust model for quantifying and assessing the trustworthiness of peers in P2P e-commerce communities. A unique characteristic of our trust model is the identification of five important factors for evaluating the trustworthiness of a peer in an evolving P2P e-commerce community.

3.1 Trust Parameters

In PeerTrust, a peer’s trustworthiness is defined by an evaluation of the peer it receives in providing service to other peers in the past. Such reputation reflects the degree of trust that other peers in the community have on the given peer based on their past experiences. We identify five important factors for such evaluation:

1. The feedback a peer obtains from other peers,
2. The feedback scope, the total no.of transactions that a peer has with other peer
3. The credibility factor for the feedback source,
4. The transaction context factor for discriminating mission-critical transactions from
less or noncritical ones, and
5. The community context factor for addressing community-related characteristics and
vulnerabilities.

We now illustrate the importance of these parameters through a number of example scenarios.

3.1.1 Feedback in Terms of Amount of Satisfaction.
Reputation-based systems rely on feedback to evaluate a peer. Feedback in terms of amount of satisfaction a peer receives during a transaction reflects how well this peer has fulfilled its part of the service agreement. Some existing reputationbased systems use this factor alone and compute a peer u’s trust value by a summation of all the feedback u receives through its transactions with other peers in the community.

For example, buyers and sellers in eBay can rate each other after each transaction (+1, 0, -1) and the overall reputation is the sum of these ratings over the last six months. We can clearly see that these feedback-only metrics are flawed. A peer who has performed dozens of transactions and cheated one out of every four cases will have a steadily rising reputation in a given time duration whereas a peer who has only performed 10 transactions during the given time duration, but has been completely honest, will be treated as less reputable if the reputation measures of peers are computed by a simple sum of the feedback they receive.

3.1.2 Number of Transactions.
As described above, a peer may increase its trust value by increasing its transaction volume to hide the fact that it frequently misbehaves at a certain rate when a simple summation of feedback is used to model the trustworthiness of peers. The number of transactions is an important scope factor for comparing the feedback in terms of degree of satisfaction among different peers.

An updated metric can be defined as the ratio of the total amount of satisfaction peer u receives over the total number of transactions peer u has, i.e., the average amount of satisfaction peer u receives for each transaction. However, this is still not sufficient to measure a peer’s trustworthiness. When considering reputation information, we often account for the source of information and context.

3.1.3 Credibility of Feedback.
The feedback peer u receives from another peer v during a transaction is simply a statement from v regarding how satisfied v feels about the quality of the information or service provided by u. A peer may make false statements about another peer’s service due to jealousy or other types of malicious motives. Consequently, a trustworthy peer may end up getting a large number of false statements and may be evaluated incorrectly because of them even though it provides satisfactory service in every transaction.

In PeerTrust, we introduce the credibility of feedback as a basic trust building parameter, which is equally important as the number of transactions and the feedback. The feedback from those peers with higher credibility should be weighted more than those with lower credibility. We have developed two mechanisms for measuring the credibility of a peer in providing feedback.




3.1.4 Transaction Context Factor.
Transaction context is another important factor when aggregating the feedback from each transaction as transactions may differ from one another. For example, if a community is business savvy, the size of a transaction is an important context that should be incorporated to weight the feedback for that transaction.

It can act as a defense against some of the subtle malicious attacks, such as the example we mentioned earlier where a seller develops a good reputation by being honest for small transactions and tries to make a profit by being dishonest for large transactions. It can be seen as a simplified mechanism for more sophisticated risk management in e-Commerce . In addition to using the value of the transaction, the functionality of the transactions is another important transaction context as one might trust another to supply books but not supply medical advice.

3.1.5 Community Context Factor.
Community contexts can be used to address some of the community-specific issues and vulnerabilities. One example is to add a reward as a community context for peers who submit feedback. This may, to some extent, alleviate the feedback incentive problem. As another example, if a trust authority or pretrusted peers (e.g., with digital certificate from the community) are available, then incorporating these community- specific context factors into the trust computation can make the trust metric more robust against certain manipulation of malicious peers.

3.2 General Trust Metric

We have discussed the importance of each of the five trust parameters used in PeerTrust. In this section, we formalize these parameters, present a general trust metric that combines these parameters in a coherent scheme, and describe the formula we use to compute the values for each of the parameters given a peer and the community it belongs to.

Given a recent time window, let I(u,v) denote the total number of transactions performed by peer u with v, I(u) denote the total number of transactions performed by peer u with all other peers, p(u,i) denote the other participating peer in peer u’s ith transaction, S(u,i) denote the normalized amount of satisfaction peer u receives from p(u, i) in its ith transaction, Cr(v) denote the credibility of the feedback submitted by v, TF(u, i) denote the adaptive transaction context factor for peer u’s ith transaction, and CF(u) denote the adaptive community context factor for peer u. The trust value of peer u denoted by T(u), is defined in (1).

I(u)
T(u) =α * ∑ S(u,i) * Cr(p(u,i)) * TF(u,i) + β*CF(u), (1)
i=1
where α and β denote the normalized weight factors for the collective evaluation and the community context factor.

The metric consists of two parts. The first part is a weighted average of amount of satisfaction a peer receives for each transaction. The weight takes into account the credibility of feedback source to counter dishonest feedback, and transaction context to capture the transaction-dependent characteristics. This history-based evaluation can be seen as a prediction for peer u’s likelihood of a successful transaction in the future. A confidence value can be computed and associated with the trust metric that may reflect the number of transactions, the standard deviation of the ratings depending on different communities.

The second part of the metric adjusts the first part by an increase or decrease of the trust value based on community-specific characteristics and situations. The α and β parameters can be used to assign different weights to the feedback-based evaluation and community context according to different situations. For instance, the α and β values can be assigned properly so the trust value is set to be either the feedback-based evaluation when the peer has enough transactions and feedback, or a default value otherwise.

Important to note is that this general trust metric may have different appearances depending on which of the parameters are turned on and how the parameters and weight factors are set. The design choices depend on characteristics of online communities. We argue that the first three parameters—the feedback, the number of transactions, and the credibility of feedback source are important basic trust parameters that should be considered in computation of a peer’s trustworthiness in any P2P communities.

[attachment=13986]