Abstract
Most of the current reputation models suffer from some common vulnerabilities. This means that malicious agents may be able to perform attacks that exploit these vulnerabilities, which has the potential to cause much harm such as monetary losses and to place the whole system in jeopardy. In this chapter we detail some of the most important vulnerabilities of current reputation models. We also detail examples of attacks that take advantage of these vulnerabilities in order to achieve strategic manipulation of reputation models. Moreover, we review works that partially/fully address these vulnerabilities, and thus, prevent possible attacks from being successful.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We assume that agents are running on top of a secure Agent Platform that provides authentication to the agents running on top of them, such as Such et al. (2011a).
- 2.
Last.fm http://www.last.fm
- 3.
Identity attributes can describe a great range of topics (Rannenberg et al., 2009). For instance, entity names, biological characteristics (only for human beings), location (permanent address, geo-location at a given time), competences (diploma, skills), social characteristics (affiliation to groups, friends), and even behaviors (personality or mood).
References
Androulaki, E., S. G. Choi, S. M. Bellovin, and T. Malkin. 2008. Reputation systems for anonymous networks. In PETS ’08: Proceedings of the 8th international symposium on privacy enhancing technologies, 202–218. Berlin/Heidelberg: Springer
Bhattacharjee, R., and A. Goel. 2005. Avoiding ballot stuffing in ebay-like reputation systems. In Proceedings of the 2005 ACM SIGCOMM workshop on economics of peer-to-peer systems, P2PECON ’05, 133–137. New York: ACM
Buchegger, S., and J. Y. L. Boudec. 2003. A robust reputation system for mobile ad-hoc networks. Techincal Report IC/2003/50, EPFL-IC-LCA
Carrara, E., and G. Hogben. 2007. Reputation-based systems: a security analysis. ENISA Position Paper. Heraklion, Crete: Greece
Chaum, D., A. Fiat, and M. Naor. 1990. Untraceable electronic cash. In CRYPTO ’88: Proceedings on advances in cryptology, 319–327. New York: Springer
Chen, M., and J. P. Singh. 2001. Computing and using reputations for internet ratings. In Proceedings of the 3rd ACM conference on electronic Commerce, EC ’01, 154–162. New York: ACM. doi:http://doi.acm.org/10.1145/501158.501175.
Cheng, A., and E. Friedman. 2005. Sybilproof reputation mechanisms. In Proceedings of the 2005 ACM SIGCOMM workshop on economics of peer-to-peer systems, P2PECON ’05, 128–132. New York: ACM. doi:http://doi.acm.org/10.1145/1080192.1080202.
Dellarocas, C. 2000. Immunizing online reputation reporting systems against unfair ratings and discriminatory behavior. In Proceedings of the 2nd ACM conference on Electronic commerce, EC ’00, 150–157. New York: ACM
Fasli, M. 2007. Agent technology For E-Commerce. Hoboken: Wiley
Friedman, E. J., and P. Resnick. 1998. The social cost of cheap pseudonyms. Journal of Economics and Management Strategy 10: 173–199
Gal-Oz, N., E. Gudes, and D. Hendler. 2008. A robust and knots-aware trust-based reputation model. In Proceedings of the 2nd joint iTrust and PST conferences on privacy, trust management and security (IFIPTM’08), 167–182. Springer
Gudes, E., N. Gal-Oz, and A. Grubshtein. 2009. Methods for computing trust and reputation while preserving privacy. In Proceedings of the 23rd annual IFIP WG 11.3 working conference on data and applications security XXIII, 291–298. Berlin/Heidelberg: Springer
Hoffman, K., D. Zage, and C. Nita-Rotaru. 2009. A survey of attack and defense techniques for reputation systems. ACM Comput. Surv. 42: 1:1–1:31. doi:10.1145/1592451.1592452.
Jøsang, A., R. Ismail, and C. Boyd. 2007. A survey of trust and reputation systems for online service provision. Decision Support Systems 43(2): 618–644
Jøsang, A., and J. Golbeck. 2009. Challenges for Robust trust and reputation systems. In Proceedings of the 5th international workshop on security and trust management (STM), 1–12. Springer
Jurca, R., and B. Faltings. 2007. Collusion-resistant, incentive-compatible feedback payments. In Proceedings of the 8th ACM conference on electronic commerce, EC ’07, 200–209. New York: ACM
Kerr, R., and R. Cohen. 2009. Smart cheaters do prosper: defeating trust and reputation systems. In Proceedings of The 8th international conference on autonomous agents and multiagent systems (AAMAS), 993–1000. Richland: IFAAMAS
Kerr, R., and R. Cohen. 2010. Trust as a tradable commodity: A foundation for safe electronic marketplaces. Computational Intelligence 26(2): 160–182
Littlestone, N., and M. Warmuth. 1994. The weighted majority algorithm. Information and Computation 108: 212–261
Pavlov, E., J. S. Rosenschein, and Z. Topol. 2004. Supporting privacy in decentralized additive reputation systems. In iTrust, 108–119
Pfitzmann, A., and M. Hansen. 2010. A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. http://dud.inf.tu-dresden.de/Anon\_Terminology.shtml. V0.34
Pinyol, I., and J. Sabater-Mir. 2011. Computational trust and reputation models for open multi-agent systems: a review. Artificial Intelligence Review (In press). doi:10.1007/s10, 462–011–9277–z
Rannenberg, K., D. Royer, and A. Deuker (eds.). 2009. The future of identity in the information society: Challenges and opportunities. Berlin/New York: Springer
Rasmusson, L., and S. Jansson. 1996. Simulated social control for secure internet commerce. In NSPW ’96: Proceedings of the 1996 workshop on new security paradigms, 18–25. New York: ACM. doi:http://doi.acm.org/10.1145/304851.304857
Resnick, P., and R. Zeckhauser. 2002. Trust among strangers in Internet transactions: Empirical analysis of eBay’s reputation system. In The economics of the Internet and E-Commerce. Advances in Applied Microeconomics, vol. 11, ed. M. R. Baye, 127–157. Emerald Group Publishing Limited, Bingley, United Kingdom
Sabater, J., and C. Sierra. 2005. Review on computational trust and reputation models. Artificial Intelligence Review 24: 33–60
Schiffner, S., S. Clauβ, and S. Steinbrecher. 2009. Privacy and liveness for reputation systems. In EuroPKI. Springer
Such, J. M., J. M. Alberola, A. Espinosa, and A. García-Fornes. 2011a. A group-oriented secure multiagent platform. Software: Practice and Experience 41(11): 1289–1302
Such, J. M., A. Espinosa, A. García-Fornes, and V. Botti. 2011b. Partial identities as a foundation for trust and reputation. Engineering Applications of Artificial Intelligence 24(7): 1128–1136
Such, J. M., A. Espinosa, and A. García-Fornes. 2012a. A survey of privacy in multi-agent systems. Knowledge Engineering Review (In press). http://dx.doi.org/10.1016/j.engappai.2012.06.009
Such, J. M., A. García-Fornes, A. Espinosa, and J. Bellver. 2012. Magentix2: A privacy-enhancing agent platform. Engineering Applications of Artificial Intelligence (In press). doi:http://dx.doi.org/10.1016/j.engappai.2012.06.009
Teacy, W., J. Patel, N. Jennings, and M. Luck. 2006b. Travos: Trust and reputation in the context of inaccurate information sources. Autonomous Agents and Multi-Agent Systems 12(2): 183–198
Voss, M. 2004. Privacy preserving online reputation systems. In International information security workshops, 245–260. Springer
Whitby, A., A. Jøsang, and J. Indulska. 2004. Filtering out unfair ratings in bayesian reputation systems. In Proceedings of the 7th international workshop on trust in agent societies, New York, NY, USA
Yu, B., and M. P. Singh. 2003. Detecting deception in reputation management. In Proceedings of the second international joint conference on autonomous agents and multiagent systems, AAMAS ’03, 73–80. New York: ACM
Yu, H., M. Kaminsky, P. B. Gibbons, and A. Flaxman. 2006. Sybilguard: defending against sybil attacks via social networks. In Proceedings of the conference on applications, technologies, architectures, and protocols for computer communications (SIGCOMM), 267–278. New York: ACM
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer Science+Business Media Dordrecht.
About this chapter
Cite this chapter
Such, J.M. (2013). Attacks and Vulnerabilities of Trust and Reputation Models. In: Ossowski, S. (eds) Agreement Technologies. Law, Governance and Technology Series, vol 8. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-5583-3_27
Download citation
DOI: https://doi.org/10.1007/978-94-007-5583-3_27
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-007-5582-6
Online ISBN: 978-94-007-5583-3
eBook Packages: Computer ScienceComputer Science (R0)