QUT ePrints

Security of reputation systems

Ismail, Roslan (2004) Security of reputation systems. .


Reputation systems have the potential of improving the quality of on-line markets by

identifying fraudulent users and subsequently dealing with these users can be prevented.

The behaviour of participants involved in e-commerce can be recorded and then this information made available to potential transaction partners to make decisions

to choose a suitable counterpart. Unfortunately current reputation systems suffer from various vulnerabilities. Solutions for many of these problems will be discussed.

One of the major threats is that of unfair feedback. A large number of negative or

positive feedbacks could be submitted to a particular user with the aim to either downgrade

or upgrade the user's reputation. As a result the produced reputation does not reflect the user's true trustworthiness. To overcome this threat a variation of Bayesian Reputation system is proposed. The proposed scheme is based on the subjective logic framework proposed Josang et al. [65]. The impact of unfair feedback is countered through some systematic approaches proposed in the scheme.

Lack of anonymity for participants leads to reluctance to provide negative feedback.

A novel solution for anonymity of feedback providers is proposed to allow participants

to provide negative feedback when appropriate without fear of retaliation. The solution is based on several primitive cryptographic mechanisms; e-cash, designated verifier proof and knowledge proof.

In some settings it is desirable for the reputation owner to control the distribution

of its own reputation and to disclose this at its discretion to the intended parties. To

realize this, a solution based on a certificate mechanism is proposed. This solution allows the reputation owner to keep the certificate and to distribute its reputation while not being able to alter that information without detection. The proposed solutions cater for two modes of reputation systems: centralised and decentralised.

The provision of an off-line reputation system is discussed by proposing a new solution

using certificates. This is achieved through the delegation concept and a variant of digital signature schemes known as proxy signatures.

The thesis presents a security architecture of reputation systems which consists of different elements to safeguard reputation systems from malicious activities. Elements incorporated into this architecture include privacy, verifiability and availability. The architecture also introduces Bayesian approach to counter security threat posed by reputation systems. This means the proposed security architecture in the thesis is a combination of two prominent approaches, namely, Bayesian and cryptographic, to provide security for reputation systems. The proposed security architecture can be used as a basic framework for further development in identifying and incorporating required elements so that a total security solution for reputation systems can be achieved.

Impact and interest:

Citation countsare sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

644 since deposited on 03 Dec 2008
167 in the past twelve months

Full-text downloadsdisplays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 15964
Item Type: QUT Thesis (PhD)
Supervisor: Boyd, Colin, Russell, Selwyn, & Josang, Audun
Keywords: Reputation System, E-commerce, Rating System, Rating Scheme, Feedback Scheme
Divisions: Past > QUT Faculties & Divisions > Faculty of Science and Technology
Past > Schools > School of Software Engineering & Data Communications
Department: Faculty of Information Technology
Institution: Queensland University of Technology
Copyright Owner: Copyright Roslan Ismail
Deposited On: 03 Dec 2008 13:54
Last Modified: 29 Oct 2011 05:41

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page