1 / 11

Security Analysis of Reputation Systems: Risks, Management, and Standardization

This paper explores the security vulnerabilities inherent in reputation systems, a vital component of online trust. Key issues addressed include collusion, denial of reputation, whitewashing, and Sybil attacks. It outlines potential use cases in seller reputation, peer-to-peer networks, and key management while proposing a flexible data model for reputation management. The framework aims to evaluate reputation against risk levels and support privacy and identity resolution. The analysis emphasizes the separation of reputation votes from algorithm computations, advocating for a comprehensive understanding of reputation in various contexts.

lilith
Télécharger la présentation

Security Analysis of Reputation Systems: Risks, Management, and Standardization

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Open Reputation Systems

  2. Reputation Systems • ENISA paper – a security analysis of reputation systems http://enisarep.notlong.com • Use-cases • Seller reputation • Peer-to-peer • Key management • Anti-spam/IP reputation

  3. Typical security vulnerabilities need to be addressed: • Collusion – voters agree to target a victim • Denial of reputation – campaigns against an individual • Whitewashing (cancelling a bad reputation) • Sybil attacks (creating multiple identities to vote – e.g. Ebay 1 cent items voted on by seller)

  4. OASIS - ORMS • Develop scenarios for reputation management • Reputation of individuals, business partners, services processes, possibly even data • Develop reference/standard model • Flexible reputation data model • Framework and protocol/s for exchanging and porting reputation data • Evaluation algorithms for mapping reputation to risk / risk levels • Support for privacy, multiple identities, identity resolution

  5. Reputation is an aggregation of opinions about an assertion Assertion – Bob is a bad husband Assertion – Bob is a good laptop seller

  6. The anatomy of reputation – personal view Assertion – Bob is a good laptop seller

  7. Reputation Thoughts • Reputation votes should be separated from the algorithm used to compute it • Mean score • 2nd order reputation • Reputation Context => Same vote set can be interpreted differently • If reputation is an aggregated opinion about an assertion – why not integrate with SAML?

  8. Reputation Thoughts • Model must allow for so-called 2nd order reputations (scores which take into account the reputation of the voter) • Rating context should be taken into account – time/date, authentication method/token etc...

More Related