Discovering the Most Trusted Agents Without Central Control Tomasz Kaszuba Krzysztof Rządca Adam Wierzbicki Polish-Japanese Institute of Information Technology Warsaw, Poland

Discovering the Most Trusted Agents Without Central Control Plan of presentation Basic assumptions Problem Centralized vs Distributed approach Goal Trust Management Algorithms Simple Algorithm Adversary Models Secure Algorithm Distributed Sorting Algorithms Experiments

Basic assumptions: Agents rely only on local information Each agent is connected to d-other agents (neighborhood). Agents communicate only with their neighborhood. Standard Trust Management System that is capable of calculating objective trust present in the network. for ex. EigenTrust(Kamvar et al., FuzzyTrust (Song et al.), GossipTrust and PowerTrust (Zhou and Hwang) B C A D E

Problem: Context Examples: How to to select a certain subset of agents from the entire population, basing on their trustworthiness in a certain context. Context Examples: Replicate information in a distributed system Select agents who are similar or more trusted. Form the superpeer network from the Ad-hoc network Select 10% of most trusted agents.

Centralized approach Distributed approach Advantages: Full information about all peers No possibility to cheat Drawbacks: Not efficient (churn, high computation cost, high message overhead) Single point of failure Vulnerable to bottlenecks Distributed approach Advantages: Small computational cost for one peer Denial of Service resistant Drawbacks: Vulnerable to various attacks

Simple Algorithm each agent ni assign the random number ri each agent swaps its ri with nodes from its neighborhood according to the trust value swap occurs if tiC<tjC and ri>rj or tiC>tjC and ri<rj T=4 r=9 T=3 r=1 T=1 r=4 T=1 r=5 T=5 r=6 T=4 r=9 T=3 r=1 T=1 r=4 T=1 r=5 T=5 r=9 T=4 r=6 T=3 r=4 T=1 r=1

Simple Algorithm after some steps order of ri gradually starts to reflect the order of the trust. Nodes with r=9 and r=6 are most trusted! T=1 r=4 T=5 r=9 T=4 r=6 T=3 r=5 T=1 r=1

OUR GOAL: ensuring the fair selection of trusted agents in the presence of adversaries

Adversary models Choose value for initial ri in a non-random manner. If many adversaries choose the same random number, the protocol will not be able to sort by exchanging these numbers. T=1 r=5 T=5 r=5 T=4 r=5 T=3 r=5 T=1 r=5

Adversary models rc = F(3,4,8) ? 3 4 ? ? 8 Choose value for initial ri in a non-random manner. Control the way in which initial ri are generated. A node computes its ri using secret sharing. After computes the random number ri pre-shared secrets are kept as proofs. rc = F(3,4,8) ? 3 A C A ? 4 C B B ? D 8 D E E

Adversary models Cheat in exchanges of random numbers by claiming higher trust Ti (or lower ri). It is possible to summon an arbiter (or more) who calculates the trust values for both parties and returnes a verdict. Arbiters - control the fairness of an agent. Can be selected from all agents in random manner. T=5 r=9 T=5 r=6 My r=2 ! T=4 r=6 T=4 r=9 Set r=9 ! Set r=6 ! A

Adversary models PKI cryptography is used to sign messages. Cheat in exchanges of random numbers by altering ri in between exchanges or at the end of sorting by announcing false ri . Undetectable without using the cryptography. PKI cryptography is used to sign messages. False ri can be easily detected in the next swap because it has wrong signature (it cannot be proven by adversary)

Fairness control Frequency of such control depends on the reputation of an agent. If the agent's reputation is below a treshold swap operations will be checked more frequently. If agent attempts to cheat during the swap, a negative report in the context of sorting fairness will be passed to the TM service.

Secure Algorithm: Random number generation is assigned by the group of agents (whith secret sharing method) Each agent swaps its ri with nodes from its neighborhood according to the trust value. Call the arbiter if required. tiC<tjC and ri>rj or tiC>tjC and ri<rj Swap operations are signed by both peers (and arbiter if required) and kept as proofs

Distributed Sorting Algorithms

Sorting Algorithms - Ants Swap messages are presented by ant-like objects. Ants are passed from peer to peer using overlay network routing. Ant returns to the requesting peer (the creator) using exactly the same path it used in the forward walk (ants leave the trails). A C A C B B D D E E

Sorting Algorithms - Ants We design several types of ants: RWxAnt - A standard random walk with range x. SFxAnt - Sniffing First with x sniffing steps NSxAnt – no stranger with range x RWNRxAnt – random walk no return with range x SFNSxAnt – sniffing first no strangers x sniffing steps NSNRxAnt – no stranger No return with range x TeleportAnt - Swap requests are performed between random peers in the network, without considering neighborhoods

Sorting Algorithms - Ants RWxAnt - A standard random walk with range x. RWNRxAnt – random walk no return with range x C SWAP C C B B B SWAP A A A D D D E E E SWAP

Sorting Algorithms - Ants SFxAnt - Sniffing First with x sniffing steps B B B A A A C C C D D D E E SWAP E D is best candidate

Experiments

Experiments pi = rank of node ni taken from random values Network Size N = 10 to 100 000 peers Network Degree d = 2,3,4,5,7,10 connections per peer Probablility distributions of Trust tic Pareto, Uniform Churn factor: 0% and 5% per iteration (stable churn) Experiment consists of 50 rounds (iterations). Each experiment was repeated 10 times. Quality measure: pi = rank of node ni taken from random values i = proper rank of node ni

Effect of distribution of trust value

Impact of churn

Future work Different quality metric which can detect existence of adversaries in the system New sorting algorithms Protocol design and PlanetLab tests

http://utrust.pjwstk.edu.pl More information about universal trust project http://utrust.pjwstk.edu.pl contact: kaszubat@pjwstk.edu.pl