Taxonomy of trust: Categorizing P2P reputation systems☆
Introduction
The development of any complex computer architecture can be a challenge. This is especially true of a complex distributed algorithm that is run by autonomous untrusted agents, yet is expected to be relatively reliable, efficient, and secure. Such is the task of designing a complete reputation system for use in peer-to-peer networks. To accomplish the task, it is necessary to break down the problem into separate simpler problems of constructing a mechanism that provides a specific set of functions or properties, allowing developers to “divide and conquer” the problem of reputation system design.
Our primary goal is to provide a useful taxonomy of the field of peer-to-peer reputation design. To accomplish this goal, we identify the three basic components of a reputation system, break them down into the necessary separate mechanisms, and categorize properties we feel the mechanisms need to provide in order for the reputation system to fulfill its function. For each mechanism we list possible design choices proposed by the research community.
In the process, we give examples of research in the area of trust and reputation. A variety of research papers and implementations are referenced to illustrate ideas and provide the reader avenues for further investigation. We often draw on work done by the Peers research group [1] at Stanford University and do not pretend to produce a complete survey of the research area. We feel this overview will be of particular interest to those who are unfamiliar with the breadth of issues relating to reputation system design for peer-to-peer networks.
Taxonomies related to trust and reputation systems (either in part or as a whole) have been proposed by others (e.g., [2]) and will be discussed in the text when appropriate.
The following section defines terms we use throughout the paper. We begin our taxonomy by classifying the assumptions and constraints of the system in Section 3. These assumptions include expected user behavior, as well as the goals of adversaries in the system and their capabilities. How effectively a reputation system can deal with adversaries may be constrained by the technical limitations imposed on the implementation by the target system environment. These issues determine the necessary properties and powers of the reputation system.
Next, we break down the functionality of a reputation system into the three components shown in Table 1. In general, a reputation system assists agents in choosing a reliable peer (if possible) to transact with when one or more have offered the agent a service or resource. To provide this function, a reputation system collects information on the transactional behavior of each peer (information gathering), scores and ranks the peers based on expected reliability (scoring and ranking), and allows the system to take action against malicious peers while rewarding contributors (response). Each component requires separate system mechanisms (listed in Table 1). For each mechanism we study the possible desired properties and then discuss the implementation limitations and trade-offs that may prevent some of the properties from being met. In the discussion we will reference existing solutions or research to illustrate how different mechanism designs achieve certain properties within the given system constraints.
The three functionalities, gathering, scoring and response are covered in turn in Sections 4 Gathering information, 5 Reputation scoring and ranking, 6 Taking action.
Section snippets
Terms and definitions
Before discussing the various taxonomies we would like to define certain terms we will be using throughout the paper:
Transactions: Peer-to-peer systems are defined by interactions between autonomous agents or peers. These interactions may include swapping files, storing data, answering queries, or remote CPU usage. In addition, money may be exchanged when purchasing the desired resource. We refer to all interactions in general as transactions between two parties.
Cooperate/defect: When
Assumptions and constraints
The driving force behind reputation system design is providing a service that severely mitigates misbehavior while imposing a minimal cost on the well-behaved users. To that end, it is important to understand the requirements imposed on system design by each of the following: the behavior and expectations of typical good users, the goals and attacks of adversaries, and the technical limitations resulting from the environment where the system is deployed. We discuss each of these here. The
Gathering information
The first component of a reputation system is responsible for collecting information on the behavior of peers, which will be used to determine how “trustworthy” they are (either on an absolute scale or relative to the other peers).
Reputation scoring and ranking
Once a peer’s transaction history has been collected and properly weighted, a reputation score is computed for that peer, either by an interested agent, a centralized entity, or by all peers collectively, as in EigenTrust [36]. We will refer to the method by which the score is computed as a general reputation score function.
The primary purpose of the reputation score is to help an agent decide which available service provider in the network it should transact with. The two typical scenarios are:
Taking action
In addition to guiding decisions on selecting transactional partners, reputation systems can be used to motivate peers to positively contribute to the network and/or punish adversaries who try to disrupt the system.
Conclusion
Developing an implementable reputation system is an art involving many separate design problems and choices. A reputation system is generally composed of three basic components: gathering behavioral information, scoring and ranking peers, and rewarding or punishing peers. In turn, each component requires a combination of mechanisms to function. We believe a proper dissection of the overall design problem will allow researchers to develop efficient solutions to each separate part without losing
Acknowledgement
The authors would like to thank Neil Daswani and Kevin Lai for their input and comments.
Sergio Marti is a graduating Computer Science Ph.D. candidate at Stanford University, Stanford, California. He previously received a B.S. in both Computer Science and Computer Engineering from Michigan State University, East Lansing, Michigan in 1998 and an M.S. from Stanford in Computer Science in 2000.
His research projects focus on networks and distributed systems, with a specialization on peer-to-peer technology and security. He is also interested in data mining and data/information
References (47)
- Stanford Peers research group. Available from:...
- K. O’Hara, H. Alani, Y. Kalfoglou, N. Shadbolt, Trust strategies for the semantic Web, in: ISWC’04 Workshop on Trust,...
- et al.
Chord: a scalable peer-to-peer lookup protocol for internet applications
IEEE/ACM Trans. Networks
(2003) - S. Ratnasamy, P. Francis, M. Handley, R. Karp, S. Shenker, A scalable content-addressable network, in: Proceedings of...
- A. Rowstron, P. Druschel, Pastry: Scalable, decentralized object location, and routing for large-scale peer-to-peer...
- Gnutella specification. Available from:...
- KaZaA Home Page. Available from:...
- B. Yang, H. Garcia-Molina, Comparing hybrid peer-to-peer systems, in: The VLDB Journal, 2001, pp. 561–570. Available...
- K. Gummadi, R. Gummadi, S. Gribble, S. Ratnasamy, S. Shenker, I. Stoica, The impact of DHT routing geometry on...
- J. Kubiatowicz, D. Bindel, Y. Chen, P. Eaton, D. Geels, R. Gummadi, S. Rhea, H. Weatherspoon, W. Weimer, C. Wells, B....
RIAA posting bad music files to deter illegal downloaders
The Daily Texan
Cited by (0)
Sergio Marti is a graduating Computer Science Ph.D. candidate at Stanford University, Stanford, California. He previously received a B.S. in both Computer Science and Computer Engineering from Michigan State University, East Lansing, Michigan in 1998 and an M.S. from Stanford in Computer Science in 2000.
His research projects focus on networks and distributed systems, with a specialization on peer-to-peer technology and security. He is also interested in data mining and data/information visualization. His work experience includes HP Labs and MITRE, as well as consulting work for smaller companies.
Hector Garcia-Molina is the Leonard Bosack and Sandra Lerner Professor in the Departments of Computer Science and Electrical Engineering at Stanford University, Stanford, California. He was the chairman of the Computer Science Department from January 2001 to December 2004.
From 1997 to 2001 he was a member the President’s Information Technology Advisory Committee (PITAC). From August 1994 to December 1997 he was the Director of the Computer Systems Laboratory at Stanford. From 1979 to 1991 he was on the faculty of the Computer Science Department at Princeton University, Princeton, New Jersey. His research interests include distributed computing systems, digital libraries and database systems. He received a B.S. in electrical engineering from the Instituto Tecnologico de Monterrey, Mexico, in 1974. From Stanford University, Stanford, California, he received in 1975 a M.S. in electrical engineering and a Ph.D. in computer science in 1979. He is a Fellow of the Association for Computing Machinery and of the American Academy of Arts and Sciences; is a member of the National Academy of Engineering; received the 1999 ACM SIGMOD Innovations Award; is a member of the Computer Science and Telecommunications Board (National Research Council); is on the Technical Advisory Board of DoCoMo Labs USA, Kintera, Metreo Markets, TimesTen, Verity, Yahoo Search & Marketplace; is a Venture Advisor for Diamondhead Ventures, and is a member of the Board of Directors of Oracle and Kintera.
- ☆
This research is supported in part by NSF Grant (IIS-9817799).