Reputation, Trust and Risk:
Bibliographic overview
Orfeas Stefanos Thyfronitis Litos
olitos@corelab.ntua.gr
Webs of trust
- PGP [1]
- Trust over correspondence of physical identity and public key
- Single transitivity step
- Freenet [2]
- File sharing decentralized platform with spam protection
- No explicit trust definitions
- PGP Pathfinder finds transitive closure: http://pgp.cs.uu.nl
- Nodes and files have unique keys
- File key requests directed to node with closest node key
- Popular files replicated, old files forgotten in LRU fashion
Decentralized systems with explicit trust
Frameworks
Trust Models
Centralized trust systems
- CA-based PKI [3]
- Certification Authorities vouch for website authenticity
- Requires trust to central third parties
- Bazaar [4]
- Users' undirected graph created out of their interactions
- A successful interaction between A and B leads to
increased weight of the edge (A, B) and the opposite
- Need for centralized storage and graph secrecy
- Can reduce frauds in online marketplaces
Trust Models (1)
- A Computational Model of Trust and Reputation [5]
Trust
Reciprocity
Reputation
- The Beta Reputation System [6]
- Users can make binary choices which are recorded
- FIRE [7]
- Trust is the average of the ratings available to the user
- Future user behaviour predicted with Beta distribution
Trust Models (2)
- CORE [8]
- Decentralized Trust Management for Ad-hoc Peer-to-Peer Networks [9]
- Global ratings stored by each user's neighbours
- Decentralized Trust Management in Peer-to-Peer Systems [10]
- Hierarchical trust system: Nodes in tree structure,
parents more trustworthy than children
- Suitable for collaborating hardware and software with
variable specifications and no central coordinator
Trust Models (3)
- Walking the web of trust [11]
- An integrative model of organizational trust [12]
- Trust from A to B factors:
A's Propensity and B's Ability, Benevolence and Integrity
- Bartercast [13]
- BitTorrent peer trust calculation using maximum flows
- Explicitly assigned trust percentages pertaining to
responsible use of PGP tools, web of trust is created
- Beaver [14]
- Decentralized marketplace
- Single review per purchase - global rankings
- Fees to discourage fraud by rational players
Frameworks
- Pace [16]
- Decentralized Reputation Management for Cooperating Software Agents in Open Multi-Agent Systems [15]
- Global rankings generated per transaction
- Open Reputation [17]
- Decentralized rating system for IoT appliances
- Requires trust value assignment per incoming message
- A Generic Framework for Modeling Decentralized Reputation-Based Trust Models [18]
- 4C's: Content, Communication, Computation and Counteraction
Quotes from sociological works
- "Willingness to take risks may be one of the few characteristics common to all trust situations" [19]
- "Trust is not taking risk per se, but rather it is a willingness to take risk." [20]
Trust and social collateral [21] (1)
- Sociological work
- Creates a trust network using known trust values between aquaintances
- Trust between unknown parties is calculated as the maximum flow between those parties
Trust and social collateral [21] (2)
- Dynamics in job recommendation networks can be successfully explained intuitively with this model
- Informal borrowing data from two shantytowns in Peru confirms theory
- The weight of the edge (Alice, Bob) is the time Alice and
Bob have spent together
- Actual borrowing between unknown parties predicted
very accurately through maximum flow calculation
The Risk-based view of Trust: A conceptual framework [22]
Trust
Propensity
Risk
Propensity
Subjective
Trust
Goodwill Trust
Competence Trust
Perceived
Risk
Relational Risk
Performance Risk
-1
-1
Behavioural
Trust
Risk
Taking
Money as IOUs in Social Trust Networks & A Proposal for a Decentralized Currency Network Protocol [23] (1)
- IOU-based economy
- Each player transacts by giving her personal IOUs to players ready to accept them
- Each player's IOU is considered a different currency
- Conventional currencies are IOUs issued by the government
- Each player maintains a custom list of acceptable IOUs
- A player can choose to accept limited IOUs from another player
- If Alice wants to buy from Bob, but Bob does not accept her IOUs, they can search for a trust path from Bob to Alice so that Bob gets IOUs he trusts and Alice gives IOUs to someone that trusts her.
- Used by Ripple [24] and Stellar [25] payment networks
Money as IOUs in Social Trust Networks & A Proposal for a Decentralized Currency Network Protocol [23] (2)
A
B
C
2
4
1) Initially
2) Trust path found. C buys a product of value 1 from D
3) Finally
A
B
C
1
3
Example:
- D does not accept C's IOUs but
- B accepts A's IOUs and initially has 2 of A's IOUs
- C accepts B's IOUs and initially has 4 of B's IOUs
- D accepts A's IOUs
- C wants to buy a product of value 1 from D
D
D
1
A, B are even, D gained 1 and C lost 1
TrustDavis [26]
- Reference/insurance decentralized network
- Each player can publish an insurance statement for others
- Insurance costs a certain premium so that the insurer has gains
- A player insured/referred to by many other well-insured players inspires greater confidence to third parties for business
A Survey of Trust and Reputation Systems for
Online Service Provision [27]
- Bibliographic research
- Discussion on notions of trust and reputation
- Security implications
- Trust semantics
- Presentation of the results of various works from technical and sociological backgrounds
- Centralized and decentralized settings
- Trust models analysis
- Implementations
- Thorough related work
References
- Zimmermann P.: PGP Source Code and Internals. The MIT Press (1995)
- Clarke I., Sandberg O., Wiley B., Hong T. W.: Freenet: A Distributed Anonymous Information Storage and Retrieval System. H. Federrath, Designing Privacy Enhancing Technologies pp. 46-66, Berkeley, USA: Springer-Verlag Berlin Heidelberg (2001)
- Adams C., Lloyd S.: Understanding PKI: concepts, standards, and deployment considerations. Addison-Wesley Professional (2003)
- Post A., Shah V., Mislove A.: Bazaar: Strengthening User Reputations in Online Marketplaces. Proceedings of NSDI’11: 8th USENIX Symposium on Networked Systems Design and Implementation, p. 183 (2011)
- Mui L., Mohtashemi M., Halberstadt A.: A Computational Model of Trust and Reputation. System Sciences, 2002. HICSS. Proceedings of the 35th Annual Hawaii International Conference, pp. 2431-2439 IEEE (2002)
- Jøsang A., Ismail R.: The Beta Reputation System. Proceedings of the 15th Bled Electronic Commerce Conference (2002)
- Huynh T. D., Jennings N. R., Shadbolt N. R.: An Integrated Trust and Reputation Model for Open Multi-Agent Systems. Autonomous Agents and Multi-Agent Systems, 13(2), pp. 119-154 (2006)
- Michiardi P., Molva R.: Core: a Collaborative Reputation Mechanism to Enforce Node Cooperation in Mobile Ad-hoc Networks. Advanced Communications and Multimedia Security, pp. 107-121, Springer US (2002)
- Repantis T., Kalogeraki V.: Decentralized Trust Management for Ad-hoc Peer-to-Peer Networks. Proceedings of the 4th International Workshop on Middleware for Pervasive and Ad-hoc Computing, MPAC 2006, p. 6, ACM (2006)
- Visan A., Pop F., Cristea V.: Decentralized Trust Management in Peer-to-Peer Systems. 10th International Symposium on Parallel and Distributed Computing, pp. 232-239, IEEE (2011)
- Caronni G.: Walking the web of trust. Enabling Technologies: Infrastructure for Collaborative Enterprises, WET ICE 2000, Proceedings, IEEE 9th International Workshops, pp. 153-158 (2000)
- Mayer R. C., Davis J. H., Schoorman, F. D.: An integrative model of organizational trust. Academy of management review, 20(3), 709-734 (1995)
- Meulpolder M., Pouwelse J., Epema D., Sips, H.: Bartercast: Fully distributed sharing-ratio enforcement in bittorrent. Delft University of Technology-Parallel and Distributed Systems Report Series (2008)
- Soska K., Kwon A., Christin N., Devadas S.: Beaver: A Decentralized Anonymous Marketplace with Secure Reputation (2016)
- Grünert A., Hudert S., König S., Kaffille S., Wirtz G.: Decentralized Reputation Management for Cooperating Software Agents in Open Multi-Agent Systems. ITSSA, 1(4), pp. 363-368 (2006)
- Suryanarayana G., Erenkrantz J. R., Taylor R. N.: An Architectural Approach for Decentralized Trust Management. IEEE Internet Computing, 9(6), pp. 16-23 (2005)
- Cannon L.: Open Reputation: the Decentralized Reputation Platform (2015)
- Suryanarayana G., Diallo M., Taylor R. N.: A Generic Framework for Modeling Decentralized Reputation-Based Trust Models. 14th ACM SigSoft Symposium on Foundations of Software Engineering (2006)
- Johnson-George C., Swap W. C.: Measurement of specific interpersonal trust: Construction and validation of a scale to assess trust in a specific other. Journal of personality and social psychology, 43(6), 1306 (1982)
- Mayer R. C., Davis J. H., Schoorman, F. D.: An integrative model of organizational trust. Academy of management review, 20(3), 709-734 (1995)
- Karlan D., Mobius M., Rosenblat T., Szeidl A.: Trust and social collateral. The Quarterly Journal of Economics, pp. 1307-1361 (2009)
-
Das, T. K., Teng, B. S.: The risk-based view of trust: A conceptual framework. Journal of Business and Psychology, 19(1), 85-116 (2004)
-
Fugger R.: Money as IOUs in Social Trust Networks & A Proposal for a Decentralized Currency Network Protocol (2004)
-
Schwartz D., Youngs N., Britto, A.: The Ripple protocol consensus algorithm. Ripple Labs Inc White Paper, 5 (2014)
-
Mazieres, D.: The stellar consensus protocol: A federated model for internet-level consensus. Stellar Development Foundation (2015)
-
DeFigueiredo D. D. B., Barr E. T.: TrustDavis: A Non-Exploitable Online Reputation System. CEC, Vol. 5, pp. 274-283 (2005)
-
Jøsang A., Ismail R., Boyd C.: A Survey of Trust and Reputation Systems for Online Service Provision. Decision Support Systems, 43(2), pp. 618-644 (2007)
Thank You!
Questions?
Trust bibliography
By orfeas
Trust bibliography
- 689