Trust and Reputation System - PowerPoint PPT Presentation

About This Presentation
Title:

Trust and Reputation System

Description:

Each peer i holds its own opinions ci. ... Provide authentic files some of the time to trick good peers into giving them good opinions. ... – PowerPoint PPT presentation

Number of Views:63
Avg rating:3.0/5.0
Slides: 68
Provided by: feli6
Category:

less

Transcript and Presenter's Notes

Title: Trust and Reputation System


1
Trust and Reputation System
S. Felix Wu University of California,
Davis wu_at_cs.ucdavis.edu http//www.cs.ucdavis.edu
/wu/
2
OCC, TSO, 2PL
  • T1 r X
  • T1 r Y
  • T1 w X
  • T1 r Z
  • T1 w Y

3
Trust in P2P
  • The Service Provider provides a management system
    for trust and reputation
  • Googles PageRank
  • Antivirus system
  • eBays seller reputation system
  • PKI
  • P2P -- everything hopefully to be P2P
  • Decentralized model for trust

4
Cheating Incentives
  • Selfish users in Gnutella and Bittorrent
  • eBay flaw seller ranking
  • Google page rank
  • Selfishness or Reputation boost

5
P2P Trust Model
  • Less vulnerable?
  • Harder to implement? In a decentralized setting?

6
Problem
  • Problem
  • Reduce inauthentic files distributed by malicious
    peers on a P2P network.
  • Motivation

Major record labels have launched an aggressive
new guerrilla assault on the underground music
networks, flooding online swapping services with
bogus copies of popular songs. -Silicon Valley
Weekly
7
Problem
  • Goal To identify sources of inauthentic files
    and bias peers against downloading from them.
  • Method Give each peer a trust value based on its
    previous behavior.

8
Some approaches
  • Past History
  • Friends of Friends
  • EigenTrust
  • PeerTrust
  • TrustDavis

9
Terminology
Peer 3
  • Local trust value cij. The opinion that peer i
    has of peer j, based on past experience.
  • Global trust value ti. The trust that the
    entire system places in peer i.

Peer 1
Peer 2
Peer 4
10
Local Trust Values
  • Each time peer i downloads an authentic file from
    peer j, cij increases.
  • Each time peer i downloads an inauthentic file
    from peer j, cij decreases.

Cij
Peer i
Peer j
11
Normalizing Local Trust Values
  • All cij non-negative
  • ci1 ci2 . . . cin 1

12
Local Trust Vector
  • Local trust vector ci contains all local trust
    values cij that peer i has of other peers j.

13
Past history
  • Each peer biases its choice of downloads using
    its own opinion vector ci.
  • If it has had good past experience with peer j,
    it will be more likely to download from that
    peer.
  • Problem Each peer has limited past experience.
    Knows few other peers.

14
Friends of Friends
  • Ask for the opinions of the people who you trust.

15
Friends of Friends
  • Weight their opinions by your trust in them.

16
The Math
17
Problem with Friends
  • Either you know a lot of friends, in which case,
    you have to compute and store many values.
  • Or, you have few friends, in which case you wont
    know many peers, even after asking your friends.

18
Dual Goal
  • We want each peer to
  • Know all peers.
  • Perform minimal computation (and storage).

19
Knowing All Peers
  • Ask your friends tCTci.
  • Ask their friends t(CT)2ci.
  • Keep asking until the cows come home t(CT)nci.

20
Minimal Computation
  • Luckily, the trust vector t, if computed in this
    manner, converges to the same thing for every
    peer!
  • Therefore, each peer doesnt have to store and
    compute its own trust vector. The whole network
    can cooperate to store and compute t.

21
Non-distributed Algorithm
  • Initialize
  • Repeat until convergence

22
Distributed Algorithm
  • No central authority to store and compute t.
  • Each peer i holds its own opinions ci.
  • For now, lets ignore questions of lying, and let
    each peer store and compute its own trust value.

23
Distributed Algorithm
For each peer i -First, ask peers who know
you for their opinions of you. -Repeat until
convergence -Compute current trust value
ti(k1) c1j t1(k) cnj tn(k) -Send your
opinion cij and trust value ti(k) to your
acquaintances. -Wait for the peers who know you
to send you their trust values and opinions.

24
Probabilistic Interpretation
25
Malicious Collectives
26
Pre-trusted Peers
  • Battling Malicious Collectives
  • Inactive Peers
  • Incorporating heuristic notions of trust
  • Convergence Rate

27
Pre-trusted Peers
  • Battling Malicious Collectives
  • Inactive Peers
  • Incorporating heuristic notions of trust
  • Convergence Rate

28
Secure Score Management
  • Two basic ideas
  • Instead of having a peer compute and store its
    own score, have another peer compute and store
    its score.
  • Have multiple score managers who vote on a peers
    score.

Score Manager
Distributed Hash Table
Score Managers
29
PeerTrust System Architecture
30
How to use the trust values ti
  • When you get responses from multiple peers
  • Deterministic Choose the one with highest trust
    value.
  • Probabilistic Choose a peer with probability
    proportional to its trust value.

31
Load Distribution
Deterministic Download Choice
Probabilistic Download Choice
32
Threat Scenarios
  • Malicious Individuals
  • Always provide inauthentic files.
  • Malicious Collective
  • Always provide inauthentic files.
  • Know each other. Give each other good opinions,
    and give other peers bad opinions.

33
More Threat Scenarios
  • Camouflaged Collective
  • Provide authentic files some of the time to trick
    good peers into giving them good opinions.
  • Malicious Spies
  • Some members of the collective give good files
    all the time, but give good opinions to malicious
    peers.

34
Malicious Individuals
35
Malicious Collective
36
Camouflaged Collective
37
P2P Electronic Communities
38
Motivation
39
Motivation
  • Should we buy?
  • How do we decide?

40
Motivation
41
Motivation
  • Should we buy?
  • How do we decide?
  • What we want
  • accurately estimate risk of default
  • minimize the risk of default
  • minimize losses due to pseudonym change
  • avoid trusting a centralized authority
  • How do we achieve these goals?

42
Motivation
  • TrustDavis is a reputation system that realizes
    these goals.
  • It recasts these goals as the following
    properties

43
Motivation
  • Agents can accurately estimate risk
  • Third parties provide accurate ratings
  • Honest buyer/seller avoids risk (if possible)
  • Insure transactions
  • No advantage in obtaining multiple identities
  • Agents can cope with pseudonym change
  • No need to trust a centralized authority
  • No centralized services needed

44
Motivation
  • Incentive Compatibility
  • Each player should have incentives to perform
    the actions that enable the system to achieve a
    desired global outcome.

45
Motivation
  • Agents can accurately estimate risk
  • Third parties provide accurate ratings
  • Honest buyer/seller avoids risk (if possible)
  • Insure transactions
  • No advantage in obtaining multiple identities
  • Agents can cope with pseudonym change
  • No need to trust a centralized authority
  • No centralized services needed
  • Incentive Compatibility!

46
Motivation
  • A Reference is
  • Acceptance of Limited Liability.

47
Motivation
  • Agents can accurately estimate risk
  • Third parties provide accurate ratings
  • Parties are liable for the references they
    provide
  • Honest buyer/seller avoids risk (if possible)
  • Insure transactions
  • Buyers/sellers pay for references to insure their
    transactions
  • No advantage in obtaining multiple identities
  • Agents can cope with pseudonym change
  • References are issued only to trusted identities
  • No need to trust a centralized authority
  • No centralized services needed
  • Anyone can issue a reference
  • Use References!

48
Outline
  • TrustDavis leverages social networks
  • For now, examples assume No False Claims (NFC)
  • The use of TrustDavis does NOT preclude trade
    outside the system.

49
Paying for References
50
Paying for References
  • How much is vb willing to pay to insure the
    transaction? (No riskless profitable arbitrage
    criterion)
  • Example
  • vb wants to buy three shirts.
  • Shirts cost 100 each from a trustworthy seller
  • Unknown seller offers shirts for 50 each (but
    maybe they are only worth 25).
  • vb would risk 3 x 50 150 in the transaction
  • vb can borrow and lend money at rate r1.25
    through the period of the transaction
  • For 30, vb can insure herself!

51
Paying for References
  • To insure herself vb buys the shirts and a
    hedging portfolio as follows
  • Instead of buying 3 shirts for 50 each she buys
    only 2, saving 50.
  • The buyer, vb , adds 30 of her own money and
    lends the resulting 80 at rate r 1.25.

52
Paying for References
  • On Success
  • vb obtains 100 from the loan and buysthe 3rd
    shirt
  • On failure
  • vb sells the two shirts for 25 each
  • gets 100 from the loan.
  • She obtains a total of 150
  • Thus, vb can insure herself for 30.

53
Selling References
54
Selling References
  • Seen as an investment
  • On Success the ROI is
  • On failure the ROI is
  • If repeated many times the insurer may go
    bankrupt. Assume the insurer has W dollars
    available to insure this transaction.

55
Selling References
  • Insurer maximizes the expected value of the
    growth rate of capital (Kelly Criterion).
  • For given
  • probability of failure p,
  • a desired growth rate of capital R and,
  • fraction of the total funds W being risked in a
    transaction.
  • The insurer can obtain a lower bound on the
    premium C.

56
Selling References
Minimum Return/Risk Ration for Different Failure
Probabilities
Cost/Insured Value C/K
Insured Value as a fraction of total funds f
57
A Non-Exploitable Strategy
  • Two Scenarios
  • No False Claims - NFC
  • With False Claims - FC
  • False claims only change the probability p.
  • We can incorporate the cost of verification.
  • Key Idea
  • Save part of the money obtained in successful
    transactions in excess of the opportunity cost.

58
A Non-Exploitable Strategy
  • Example.
  • The buyer, vb, has 190 to spend on 1 of 3
    options
  • Buying 3 shirts from an unknown seller for 50
    each and insuring the transaction for 40. She
    values each shirt at 100.
  • Buying 2 pairs of shoes from a reliable retailer
    for 70 each. She thinks each pair is worth 90.
  • Buying 1 game console for 150, from a reliable
    online shop. She values the console at 240.

59
A Non-Exploitable Strategy
  • vbs valuation for each of the 3 options is
  • Shirts 100 x 3 0 (no cash leftover) 300
  • Pairs of Shoes 90 x 2 50 (cash) 230
  • Console 240 x 1 40 (cash) 280
  • Gains in excess of the opportunity cost
    are300-28020.
  • Part of these 20 should be saved to insure
    future transactions.

60
A Non-Exploitable Strategy
  • The Strategy
  • Initially only provide references to known agents
    or those that leave a security deposit.
  • Insure all trade through references provided by
    trusted agents.
  • Do not provide more insurance than you can
    recover. Charge at least the lower bound for
    providing a reference.
  • Save part of the money received in excess of the
    opportunity cost.

61
A Non-Exploitable Strategy
OK! 10 saved to provide future insurance
Failed! Payment made automatically by v1
62
Outline
  • Motivation
  • The Model
  • Buying references
  • Selling references
  • A Non-Exploitable Strategy
  • Future Work
  • Conclusion
  • Key ideas

63
Future Work
  • Simulation
  • sensitivity to estimates of p
  • growth rate of capital
  • dynamic behavior
  • Price Negotiation
  • should avoid double spending problem
  • fair distribution among insurers of the premium
    paid

64
Outline
  • Motivation
  • The Model
  • Buying references
  • Selling references
  • A Non-Exploitable Strategy
  • Future Work
  • Conclusion
  • Key ideas

65
Conclusion
  • TrustDavis provides
  • Accurate Ratings
  • Non-exploitable strategy for honest agents
  • Pseudonym change tolerance
  • Decentralized infrastructure
  • Through the use of References.

66
Conclusion
  • Key Ideas
  • Incentive Compatibility
  • Incentive to accurately rate
  • Incentive to insure
  • No incentive to change pseudonym
  • Saving gains in excess of the opportunity cost to
    insure future transactions.

67
The End
  • Questions?
  • Thank you!
  • defigueiredo,etbarr_at_ucdavis.edu
Write a Comment
User Comments (0)
About PowerShow.com