Attack-Resistance of Computational Trust Models

نویسندگان

  • Andrew Twigg
  • Nathan Dimmock
چکیده

The World Wide Web encourages widely-distributed, open, decentralised systems that span multiple administrative domains. Recent research has turned to trust management [4] as a framework for decentralising security decisions in such systems. However, whilst traditional security measures such as cryptography and encryption are well-understood (theoretically and empirically), the same cannot be said for computational trust models. This paper describes the attack-resistance of several well-referenced trust models, in a move toward a possible framework and terminology for such analyses. We present a number of open questions, and consider possible future directions in the area. 1 Why Computational Trust Models? The World Wide Web encourages widelydistributed, open systems that span multiple administrative domains. Unfortunately, the characteristics of such systems mean that one cannot rely solely on traditional security measures. These ‘open distributed systems’ have a number of characteristics: • relationships are on a peer-to-peer basis; • many peers will have never previously interacted; • multiple administrative domains; • the lack of any globally trusted third party. The concept of trust management [4] provides a framework for decentralising security decisions, which appears able to provide a different ‘paradigm of security’ in such systems. However, whilst traditional security measures such as cryptography and encryption are well-understood (theoretically and empirically), the same cannot be said for computational trust models. We start by sampling a number of well-referenced trust metrics, then present some terminology for assessing and reasoning about their attack-resistance. 2 A Sampling of Trust Metrics At its heart, a computational trust model contains a trust metric. Reiter and Stubblebine [12] consider the problem of authenticating entities using public-key certification in a large-scale, open, distributed system with no trusted third party to manage the name-key bindings of entities. In this context, a trust model takes as input a set of certificates between keys, a source node and a target node, where the source wishes to determine the name-key binding for the target. A trust metric operates over a certification graph that encodes the trust (certificate) relationships between keys, and returns a trust value which represents how trustworthy the source deems the target name-key binding to be. The problem is this: an attacker wishes to introduce a false name-key binding (to impersonate another entity), known as a forgery. The goal of the trust metric is to resist such attacks by rejecting the forgery. The remainder of this section is devoted to a sampling of trust metrics, concentrating on their attack-resistance. However, trust metrics have a much wider field of application than avoiding forged name-key bindings. We consider trust metrics which operate in the following sense. There is a directed graph G where nodes represent principals and weighted edges represent trust relationships between principles, weighted by a trust value. The metric takes a source and a target principle and determines a trust value between them. As an example, consider recommendation-based trust metrics. The graph is a ‘recommendation graph’ where nodes represent principals and an edge (u, v) with label r means that the current node has a recommendation r from principal u, about principal v. Before investigating trust metrics, we present a brief set of terminology. An attack on a graph G is represented by a new graph G′ which contains at least one new target node, known as the forgery, e.g. a certification graph attack G′ on the set of keys V (known as the victims) allows new or changed edges only from the victims (corresponding to stealing nodes’ secret keys). Figure 1

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Robust Trust Establishment Scheme for Wireless Sensor Networks

Security techniques like cryptography and authentication can fail to protect a network once a node is compromised. Hence, trust establishment continuously monitors and evaluates node behavior to detect malicious and compromised nodes. However, just like other security schemes, trust establishment is also vulnerable to attack. Moreover, malicious nodes might misbehave intelligently to trick trus...

متن کامل

Rendering unto Cæsar the Things That Are Cæsar's: Complex Trust Models and Human Understanding

In this position paper we examine some of the aspects of trust models, deployment, use and ‘misuse,’ and present a manifesto for the application of computational trust in sociotechnical systems. Computational Trust formalizes the trust processes in humans in order to allow artificial systems to better make decisions or give better advice. This is because trust is flexible, readily understood, a...

متن کامل

IMNTV-Identifying Malicious Nodes using Trust Value in Wireless Sensor Networks

Security is the major area of concern in communication channel. Security is very crucial in wireless sensor networks which are deployed in remote environments. Adversary can disrupt the communication within multi hop sensor networks by launching the attack. The common attacks which disrupt the communication of nodes are packet dropping, packet modification, packet fake routing, badmouthing atta...

متن کامل

On the computational complexity of finding a minimal basis for the guess and determine attack

Guess-and-determine attack is one of the general attacks on stream ciphers. It is a common cryptanalysis tool for evaluating security of stream ciphers. The effectiveness of this attack is based on the number of unknown bits which will be guessed by the attacker to break the cryptosystem. In this work, we present a relation between the minimum numbers of the guessed bits and uniquely restricted...

متن کامل

Numerical simulation of hydrodynamic properties of Alex type gliders

Simulation of an underwater glider to investigate the effect of angle of attack on the hydrodynamic coefficients such as lift, drag, and torque. Due to the vital role of these coefficients in designing the controllers of a glider and to obtain an accurate result, this simulation has been studied at a range of operating velocities. The total length of the underwater glider with two wings is 900 ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2003