Trust and Reputation System

1
Trust and Reputation System
S. Felix Wu University of California,
Davis wu_at_cs.ucdavis.edu http//www.cs.ucdavis.edu
/wu/
2
OCC, TSO, 2PL

• T1 r X
• T1 r Y
• T1 w X
• T1 r Z
• T1 w Y

3
Trust in P2P

• The Service Provider provides a management system
  for trust and reputation
• Googles PageRank
• Antivirus system
• eBays seller reputation system
• PKI
• P2P -- everything hopefully to be P2P
• Decentralized model for trust

4
Cheating Incentives

• Selfish users in Gnutella and Bittorrent
• eBay flaw seller ranking
• Google page rank
• Selfishness or Reputation boost

5
P2P Trust Model

• Less vulnerable?
• Harder to implement? In a decentralized setting?

6
Problem

• Problem
• Reduce inauthentic files distributed by malicious
  peers on a P2P network.
• Motivation

Major record labels have launched an aggressive
new guerrilla assault on the underground music
networks, flooding online swapping services with
bogus copies of popular songs. -Silicon Valley
Weekly
7
Problem

• Goal To identify sources of inauthentic files
  and bias peers against downloading from them.
• Method Give each peer a trust value based on its
  previous behavior.

8
Some approaches

• Past History
• Friends of Friends
• EigenTrust
• PeerTrust
• TrustDavis

9
Terminology
Peer 3

• Local trust value cij. The opinion that peer i
  has of peer j, based on past experience.
• Global trust value ti. The trust that the
  entire system places in peer i.

Peer 1
Peer 2
Peer 4
10
Local Trust Values

• Each time peer i downloads an authentic file from
  peer j, cij increases.
• Each time peer i downloads an inauthentic file
  from peer j, cij decreases.

Cij
Peer i
Peer j
11
Normalizing Local Trust Values

• All cij non-negative
• ci1 ci2 . . . cin 1

12
Local Trust Vector

• Local trust vector ci contains all local trust
  values cij that peer i has of other peers j.

13
Past history

• Each peer biases its choice of downloads using
  its own opinion vector ci.
• If it has had good past experience with peer j,
  it will be more likely to download from that
  peer.
• Problem Each peer has limited past experience.
  Knows few other peers.

14
Friends of Friends

• Ask for the opinions of the people who you trust.

15
Friends of Friends

• Weight their opinions by your trust in them.

16
The Math
17
Problem with Friends

• Either you know a lot of friends, in which case,
  you have to compute and store many values.
• Or, you have few friends, in which case you wont
  know many peers, even after asking your friends.

18
Dual Goal

• We want each peer to
• Know all peers.
• Perform minimal computation (and storage).

19
Knowing All Peers

• Ask your friends tCTci.
• Ask their friends t(CT)2ci.
• Keep asking until the cows come home t(CT)nci.

20
Minimal Computation

• Luckily, the trust vector t, if computed in this
  manner, converges to the same thing for every
  peer!
• Therefore, each peer doesnt have to store and
  compute its own trust vector. The whole network
  can cooperate to store and compute t.

21
Non-distributed Algorithm

• Initialize
• Repeat until convergence

22
Distributed Algorithm

• No central authority to store and compute t.
• Each peer i holds its own opinions ci.
• For now, lets ignore questions of lying, and let
  each peer store and compute its own trust value.

23
Distributed Algorithm
For each peer i -First, ask peers who know
you for their opinions of you. -Repeat until
convergence -Compute current trust value
ti(k1) c1j t1(k) cnj tn(k) -Send your
opinion cij and trust value ti(k) to your
acquaintances. -Wait for the peers who know you
to send you their trust values and opinions.

24
Probabilistic Interpretation
25
Malicious Collectives
26
Pre-trusted Peers

• Battling Malicious Collectives
• Inactive Peers
• Incorporating heuristic notions of trust
• Convergence Rate

27
Pre-trusted Peers

• Battling Malicious Collectives
• Inactive Peers
• Incorporating heuristic notions of trust
• Convergence Rate

28
Secure Score Management

• Two basic ideas
• Instead of having a peer compute and store its
  own score, have another peer compute and store
  its score.
• Have multiple score managers who vote on a peers
  score.

Score Manager
Distributed Hash Table
Score Managers
29
PeerTrust System Architecture
30
How to use the trust values ti

• When you get responses from multiple peers
• Deterministic Choose the one with highest trust
  value.
• Probabilistic Choose a peer with probability
  proportional to its trust value.

31
Load Distribution
Deterministic Download Choice
Probabilistic Download Choice
32
Threat Scenarios

• Malicious Individuals
• Always provide inauthentic files.
• Malicious Collective
• Always provide inauthentic files.
• Know each other. Give each other good opinions,
  and give other peers bad opinions.

33
More Threat Scenarios

• Camouflaged Collective
• Provide authentic files some of the time to trick
  good peers into giving them good opinions.
• Malicious Spies
• Some members of the collective give good files
  all the time, but give good opinions to malicious
  peers.

34
Malicious Individuals
35
Malicious Collective
36
Camouflaged Collective
37
P2P Electronic Communities
38
Motivation
39
Motivation

• Should we buy?
• How do we decide?

40
Motivation
41
Motivation

• Should we buy?
• How do we decide?
• What we want
• accurately estimate risk of default
• minimize the risk of default
• minimize losses due to pseudonym change
• avoid trusting a centralized authority
• How do we achieve these goals?

42
Motivation

• TrustDavis is a reputation system that realizes
  these goals.
• It recasts these goals as the following
  properties

43
Motivation

• Agents can accurately estimate risk
• Third parties provide accurate ratings
• Honest buyer/seller avoids risk (if possible)
• Insure transactions
• No advantage in obtaining multiple identities
• Agents can cope with pseudonym change
• No need to trust a centralized authority
• No centralized services needed

44
Motivation

• Incentive Compatibility
• Each player should have incentives to perform
  the actions that enable the system to achieve a
  desired global outcome.

45
Motivation

• Agents can accurately estimate risk
• Third parties provide accurate ratings
• Honest buyer/seller avoids risk (if possible)
• Insure transactions
• No advantage in obtaining multiple identities
• Agents can cope with pseudonym change
• No need to trust a centralized authority
• No centralized services needed
• Incentive Compatibility!

46
Motivation

• A Reference is
• Acceptance of Limited Liability.

47
Motivation

• Agents can accurately estimate risk
• Third parties provide accurate ratings
• Parties are liable for the references they
  provide
• Honest buyer/seller avoids risk (if possible)
• Insure transactions
• Buyers/sellers pay for references to insure their
  transactions
• No advantage in obtaining multiple identities
• Agents can cope with pseudonym change
• References are issued only to trusted identities
• No need to trust a centralized authority
• No centralized services needed
• Anyone can issue a reference
• Use References!

48
Outline

• TrustDavis leverages social networks
• For now, examples assume No False Claims (NFC)
• The use of TrustDavis does NOT preclude trade
  outside the system.

49
Paying for References
50
Paying for References

• How much is vb willing to pay to insure the
  transaction? (No riskless profitable arbitrage
  criterion)
• Example

• vb wants to buy three shirts.
• Shirts cost 100 each from a trustworthy seller
• Unknown seller offers shirts for 50 each (but
  maybe they are only worth 25).
• vb would risk 3 x 50 150 in the transaction
• vb can borrow and lend money at rate r1.25
  through the period of the transaction
• For 30, vb can insure herself!

51
Paying for References

• To insure herself vb buys the shirts and a
  hedging portfolio as follows
• Instead of buying 3 shirts for 50 each she buys
  only 2, saving 50.
• The buyer, vb , adds 30 of her own money and
  lends the resulting 80 at rate r 1.25.

52
Paying for References

• On Success
• vb obtains 100 from the loan and buysthe 3rd
  shirt
• On failure
• vb sells the two shirts for 25 each
• gets 100 from the loan.
• She obtains a total of 150
• Thus, vb can insure herself for 30.

53
Selling References
54
Selling References

• Seen as an investment
• On Success the ROI is
• On failure the ROI is
• If repeated many times the insurer may go
  bankrupt. Assume the insurer has W dollars
  available to insure this transaction.

55
Selling References

• Insurer maximizes the expected value of the
  growth rate of capital (Kelly Criterion).
• For given
• probability of failure p,
• a desired growth rate of capital R and,
• fraction of the total funds W being risked in a
  transaction.
• The insurer can obtain a lower bound on the
  premium C.

56
Selling References
Minimum Return/Risk Ration for Different Failure
Probabilities
Cost/Insured Value C/K
Insured Value as a fraction of total funds f
57
A Non-Exploitable Strategy

• Two Scenarios
• No False Claims - NFC
• With False Claims - FC
• False claims only change the probability p.
• We can incorporate the cost of verification.
• Key Idea
• Save part of the money obtained in successful
  transactions in excess of the opportunity cost.

58
A Non-Exploitable Strategy

• Example.
• The buyer, vb, has 190 to spend on 1 of 3
  options
• Buying 3 shirts from an unknown seller for 50
  each and insuring the transaction for 40. She
  values each shirt at 100.
• Buying 2 pairs of shoes from a reliable retailer
  for 70 each. She thinks each pair is worth 90.
• Buying 1 game console for 150, from a reliable
  online shop. She values the console at 240.

59
A Non-Exploitable Strategy

• vbs valuation for each of the 3 options is
• Shirts 100 x 3 0 (no cash leftover) 300
• Pairs of Shoes 90 x 2 50 (cash) 230
• Console 240 x 1 40 (cash) 280
• Gains in excess of the opportunity cost
  are300-28020.
• Part of these 20 should be saved to insure
  future transactions.

60
A Non-Exploitable Strategy

• The Strategy
• Initially only provide references to known agents
  or those that leave a security deposit.
• Insure all trade through references provided by
  trusted agents.
• Do not provide more insurance than you can
  recover. Charge at least the lower bound for
  providing a reference.
• Save part of the money received in excess of the
  opportunity cost.

61
A Non-Exploitable Strategy
OK! 10 saved to provide future insurance
Failed! Payment made automatically by v1
62
Outline

• Motivation
• The Model
• Buying references
• Selling references
• A Non-Exploitable Strategy
• Future Work
• Conclusion
• Key ideas

63
Future Work

• Simulation
• sensitivity to estimates of p
• growth rate of capital
• dynamic behavior
• Price Negotiation
• should avoid double spending problem
• fair distribution among insurers of the premium
  paid

64
Outline

• Motivation
• The Model
• Buying references
• Selling references
• A Non-Exploitable Strategy
• Future Work
• Conclusion
• Key ideas

65
Conclusion

• TrustDavis provides
• Accurate Ratings
• Non-exploitable strategy for honest agents
• Pseudonym change tolerance
• Decentralized infrastructure
• Through the use of References.

66
Conclusion

• Key Ideas
• Incentive Compatibility
• Incentive to accurately rate
• Incentive to insure
• No incentive to change pseudonym
• Saving gains in excess of the opportunity cost to
  insure future transactions.

67
The End

• Questions?
• Thank you!
• defigueiredo,etbarr_at_ucdavis.edu