Security of reputation systems
Ismail, Roslan (2004) Security of reputation systems. PhD thesis, Queensland University of Technology.
Reputation systems have the potential of improving the quality of on-line markets by
identifying fraudulent users and subsequently dealing with these users can be prevented.
The behaviour of participants involved in e-commerce can be recorded and then this information made available to potential transaction partners to make decisions
to choose a suitable counterpart. Unfortunately current reputation systems suffer from various vulnerabilities. Solutions for many of these problems will be discussed.
One of the major threats is that of unfair feedback. A large number of negative or
positive feedbacks could be submitted to a particular user with the aim to either downgrade
or upgrade the user's reputation. As a result the produced reputation does not reflect the user's true trustworthiness. To overcome this threat a variation of Bayesian Reputation system is proposed. The proposed scheme is based on the subjective logic framework proposed Josang et al. . The impact of unfair feedback is countered through some systematic approaches proposed in the scheme.
Lack of anonymity for participants leads to reluctance to provide negative feedback.
A novel solution for anonymity of feedback providers is proposed to allow participants
to provide negative feedback when appropriate without fear of retaliation. The solution is based on several primitive cryptographic mechanisms; e-cash, designated verifier proof and knowledge proof.
In some settings it is desirable for the reputation owner to control the distribution
of its own reputation and to disclose this at its discretion to the intended parties. To
realize this, a solution based on a certificate mechanism is proposed. This solution allows the reputation owner to keep the certificate and to distribute its reputation while not being able to alter that information without detection. The proposed solutions cater for two modes of reputation systems: centralised and decentralised.
The provision of an off-line reputation system is discussed by proposing a new solution
using certificates. This is achieved through the delegation concept and a variant of digital signature schemes known as proxy signatures.
The thesis presents a security architecture of reputation systems which consists of different elements to safeguard reputation systems from malicious activities. Elements incorporated into this architecture include privacy, verifiability and availability. The architecture also introduces Bayesian approach to counter security threat posed by reputation systems. This means the proposed security architecture in the thesis is a combination of two prominent approaches, namely, Bayesian and cryptographic, to provide security for reputation systems. The proposed security architecture can be used as a basic framework for further development in identifying and incorporating required elements so that a total security solution for reputation systems can be achieved.
Impact and interest:
Citation countsare sourced monthly fromand citation databases.
These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.
Citations counts from theindexing service can be viewed at the linked Google Scholar™ search.
Full-text downloadsdisplays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.
|Item Type:||QUT Thesis (PhD)|
|Supervisor:||Boyd, Colin, Russell, Selwyn, & Josang, Audun|
|Keywords:||Reputation System, E-commerce, Rating System, Rating Scheme, Feedback Scheme|
|Divisions:||Past > QUT Faculties & Divisions > Faculty of Science and Technology|
Past > Schools > School of Software Engineering & Data Communications
|Department:||Faculty of Information Technology|
|Institution:||Queensland University of Technology|
|Copyright Owner:||Copyright Roslan Ismail|
|Deposited On:||03 Dec 2008 13:54|
|Last Modified:||29 Oct 2011 05:41|
Repository Staff Only: item control page