Secured trust and reputation system : analysis of malicious behaviors and optimization / Gestion de la confiance et de la réputation sécurisée : analyse des attaques possibles et optimisation

Bradai, Amira

29 September 2014

Les mécanismes de réputation offrent un moyen nouveau et efficace pour assurer le niveau nécessaire de confiance qui est indispensable au bon fonctionnement de tout système critique. Ce fonctionnement consiste à collecter les informations sur l’historique des participants et rendent public leur réputation. Le système guide les décisions en tenant compte de ces informations et ainsi faire des choix plussécurisés. Des mécanismes de réputation en ligne sont présents dans la plupart des sites e-commerce disponibles aujourd’hui. Les systèmes existants ont été conçus avec l’hypothèse que les utilisateurs partagent les informations honnêtement. Mais, beaucoup de systèmes de réputation sont en général un sujet d’attaque par les utilisateurs malveillants. L’attaque peut affecter la coopération, l’agrégation et l’´évaluation. Certains utilisateurs veulent utiliser les ressources du réseau, mais ne veulent pas contribuer en retour. Autres manipulent les évaluations de la confiance et donnent une mauvaise estimation. Nous avons vu récemment de plus en plus que ça devient évident que certains utilisateurs manipulent stratégiquement leurs évaluations et se comportent d’une façon malhonnête. Pour une protection adéquate contre ces utilisateurs, un système sécurisé pour la gestion de la réputation est nécessaire. Dans notre système, une entité centrale existe et peut agréger les informations. Cependant, Les réseaux pair à pair n’ont pas de contrôle central ou un référentiel ce qui rend la tâche plus difficile. Ainsi, le système de gestion de la réputation doit effectuer toutes les tâches de manière distribuée. Lorsque ce genre des systèmes est mis en œuvre, les pairs essaient de plus en plus de manipuler les informations. Cette thèse décrit les moyens pour rendre les mécanismes de réputation plus sécurisé en analysant les risques et en fournissant un mécanisme de défense. Différents types de comportements malveillants existent et pour chacun d’eux, nous présentons une analyse complète, des simulations et un exemple d’utilisation réel / Reputation mechanisms offer a novel and effective way of ensuring the necessary level of trust which is essential to the functioning of any critical system. They collect information about the history (i.e., past transactions) of participants and make public their reputation. Prospective participants guide their decisions by considering reputation information, and thus make more informative choices. Online reputation mechanisms enjoy huge success. They are present in most e-commerce sites available today, and are seriously taken into consideration by human users. Existing reputation systems were conceived with the assumption that users will share feedback honestly. But, such systems like those in peer to peer are generally compromise of malicious users. This leads to the problem in cooperation, aggregation and evaluation. Some users want to use resources from network but do not want to contribute back to the network. Others manipulate the evaluations of trust and provide wrong estimation. We have recently seen increasing evidence that some users strategically manipulate their reports and behave maliciously. For proper protecting against those users, some kind of reputation management system is required. In some system, a trusted third entity exists and can aggregate the information. However, Peer-to-peer networks don’t have any central control or repository. Large size of distributed and hybrid networks makes the reputation management more challenging task. Hence reputation management system should perform all the tasks in distributed fashion. When these kinds of systems are implemented, peers try to deceive them to take maximum advantage. This thesis describes ways of making reputation mechanisms more trustworthy and optimized by providing defense mechanism and analysis. Different kinds of malicious behaviors exist and for each one, we present a complete analysis, simulation and a real use case example in distributed and non-distributed way

Gestion de la confiance

Gestion de la réputation

Système distribué

Théorie des jeux

Modèle byzantin

Trust management

Reputation system

Distributed system

Game theory

Byzantine model

Friendship based trust model to secure routing protocols in mobile Ad Hoc networks

Shabut, Antesar R.M., Dahal, Keshav P., Awan, Irfan U.

January 2014

No / Trust management in mobile ad hoc networks (MANETs) has become a significant issue in securing routing protocols to choose reliable and trusted paths. Trust is used to cope with defection problems of nodes and stimulate them to cooperate. However, trust is a highly complex concept because of the subjective nature of trustworthiness, and has several social properties, due to its social origins. In this paper, a friendship-based trust model is proposed for MANETs to secure routing protocol from source to destination, in which multiple social degrees of friendships are introduced to represent the degree of nodes' trustworthiness. The model considers the behaviour of nodes as a human pattern to reflect the complexity of trust subjectivity and different views. More importantly, the model considers the dynamic differentiation of friendship degree over time, and utilises both direct and indirect friendship-based trust information. The model overcomes the limitation of neglecting the social behaviours of nodes when evaluating trustworthiness. The empirical analysis shows the greater robustness and accuracy of the trust model in a dynamic MANET environment.

Trust Management for P2P application in Delay Tolerant Mobile Ad-hoc Networks. An Investigation into the development of a Trust Management Framework for Peer to Peer File Sharing Applications in Delay Tolerant Disconnected Mobile Ad-hoc Networks.

Qureshi, Basit I.

January 2011

Security is essential to communication between entities in the internet. Delay tolerant and disconnected Mobile Ad Hoc Networks (MANET) are a class of networks characterized by high end-to-end path latency and frequent end-to-end disconnections and are often termed as challenged networks. In these networks nodes are sparsely populated and without the existence of a central server, acquiring global information is difficult and impractical if not impossible and therefore traditional security schemes proposed for MANETs cannot be applied. This thesis reports trust management schemes for peer to peer (P2P) application in delay tolerant disconnected MANETs. Properties of a profile based file sharing application are analyzed and a framework for structured P2P overlay over delay tolerant disconnected MANETs is proposed. The framework is implemented and tested on J2ME based smart phones using Bluetooth communication protocol. A light weight Content Driven Data Propagation Protocol (CDDPP) for content based data delivery in MANETs is presented. The CDDPP implements a user profile based content driven P2P file sharing application in disconnected MANETs. The CDDPP protocol is further enhanced by proposing an adaptive opportunistic multihop content based routing protocol (ORP). ORP protocol considers the store-carry-forward paradigm for multi-hop packet delivery in delay tolerant MANETs and allows multi-casting to selected number of nodes. Performance of ORP is compared with a similar autonomous gossiping (A/G) protocol using simulations. This work also presents a framework for trust management based on dynamicity aware graph re-labelling system (DA-GRS) for trust management in mobile P2P applications. The DA-GRS uses a distributed algorithm to identify trustworthy nodes and generate trustable groups while isolating misleading or untrustworthy nodes. Several simulations in various environment settings show the effectiveness of the proposed framework in creating trust based communities. This work also extends the FIRE distributed trust model for MANET applications by incorporating witness based interactions for acquiring trust ratings. A witness graph building mechanism in FIRE+ is provided with several trust building policies to identify malicious nodes and detect collusive behaviour in nodes. This technique not only allows trust computation based on witness trust ratings but also provides protection against a collusion attack. Finally, M-trust, a light weight trust management scheme based on FIRE+ trust model is presented.

Distributed trust management

Delay tolerant disconnected MANETs

Peer to peer (P2P)

Network simulation

Profile based file sharing

Communication networks

Trust Management for A Decentralized Service Exposure Marketplace

Beder, Ahmed Aly

January 2020

Enabling trust between entities to collaborate, without the necessity of a third-partymediator is a challenging problem. This problem is highlighted when the collaborationinvolves a complicated process, spans multiple systems, and encompasses a largenumber of entities. This is the case in a decentralized service exposure marketplace.In this work, we design and implement a Proof-Of-Concept (PoC) suite of servicesto enable a blockchain to become the anchor of trust for a decentralized serviceexposure marketplace. We first formalize the necessary requirements to enable trustbetween a consortium of entities hosting the marketplace. We then follow with athreat model against the identified requirement, highlighting misbehaviour from thedifferent entities. Finally, we propose a model, Trust Engine, which facilitates thetrust management process and mitigates the identified threats. We showcase a proofof-concept of our model, utilizing a combination of smart contracts (hyperledgerfabric), blockchain, and service mesh technology (Istio). The Trust Engine successfullyidentifies the misbehaviour, documents it in the blockchain, and enforces policesto remediate the misbehaviour. Furthermore, we examined each component in oursuggested system to identify the performance bottleneck. Lastly, we discuss thelimitations of our suggested model with regards to other service mesh deploymentmodels as well as potential future work and improvements. / Det är ett utmanande problem att möjliggöra förtroende mellan enheter för attsamarbeta, utan nödvändighet av en tredjepartsförmedlare. Detta problem belysesnär samarbetet innebär en komplicerad process, spänner över flera system ochomfattar ett stort antal enheter. Detta är fallet i en decentraliserad marknadsplatsför exponering av tjänster. I detta arbete designar och implementerar vi en PoCkollektionav tjänster för att möjliggöra en blockchain till att bli en förankring fören decentraliserad marknadsplats för serviceexponering. Vi formaliserar först denödvändiga kraven för att möjliggöra förtroende mellan ett konsortium av enhetersom är värd för marknadplatsen. Vi följer sedan med en hotmodell mot detidentifierade kravet, och belyser feluppförande från de olika enheterna. Slutligenföreslår vi en modell, Trust Engine, som underlättar förtroendeshanteringsprocessenoch mildrar de identifierade hoten. Vi presenterar ett konceptvalidering av vårmodell med en kombination av smarta kontrakt (hyperledger fabric), blockchain ochservicenätsteknologi (Istio). Trust Engine identifierar feluppförandet, dokumenterardet i blockkedjan och verkställer riktlinjer för att fixa feluppförandet. Vidareundersökte vi varje komponent i vårt föreslagna system för att identifiera flaskhalsenför prestanda. Slutligen diskuterar vi begränsningarna i vår föreslagna modell medavseende på andra modeller för distribution av servicenät samt potentiellt framtidaarbete och förbättringar.

Trust Management

Service Exposure

Blockchain

Service Mesh

Decentralized Marketplace

Elektroteknik och elektronik

從資訊技術服務管理基礎架構的觀點探討電子商務網站的信任管理程序-以某電子商務公司為例

賴居正

Unknown Date

台灣整體網路購物市場在2008年達到2430億新台幣的市場規模，但整體上而言，已獲利的業者仍未超過3成。從消費者的角度來看，5000多家的電子商店固然提供了更多的選擇，但是由於網際網路的匿名性，對於網路彼端看不到、摸不著的商家是否值得信任，往往是消費者決定是否進行購物行為的重要依據。 本研究探討資訊科技服務管理與網站信任管理之關係，以個案研究的方法進行研究，歸納出電子商務業者如何透過資訊科技服務管理的架構，達成管理消費者對電子商務網站信任的目標。 研究結果顯示，資訊科技服務管理架構的服務策略對於電子商務網站信任建立程序的企業層次信任有直接的影響，企業電子商務網站的服務策略初期與企業品牌越相關，越能加強消費者對網站之信任，且企業電子商務網站的服務策略中後期跨出企業原本產業，深化網站會員價值才能加強消費者對網站之信任；而資訊科技服務管理架構的服務設計、服務移轉與服務維運，則會影響電子商務網站信任建立程序的網站層次信任，其客服中心的設計能增加消費者的體驗信任，電子商務網站的交易安全性與系統穩定性，能維持消費者的信任，而電子商務網站危機處理流程的妥善與否，影響消費者的信任；最後，資訊科技服務管理架構的服務策略對於電子商務網站信任建立程序的認證信任方面，電子商務網站業者持續改善本身的服務，可透過第三公正單位的認證，在特定領域取得消費者的信任。

資訊技術服務管理

電子商務

網站信任管理

ITSM

E-Commerce

Website Trust Management

SAFE: A Declarative Trust-Agile System with Linked Credentials

Thummala, Vamsidhar

January 2016

<p>Secure Access For Everyone (SAFE), is an integrated system for managing trust</p><p>using a logic-based declarative language. Logical trust systems authorize each</p><p>request by constructing a proof from a context---a set of authenticated logic</p><p>statements representing credentials and policies issued by various principals</p><p>in a networked system. A key barrier to practical use of logical trust systems</p><p>is the problem of managing proof contexts: identifying, validating, and</p><p>assembling the credentials and policies that are relevant to each trust</p><p>decision. </p><p>SAFE addresses this challenge by (i) proposing a distributed authenticated data</p><p>repository for storing the credentials and policies; (ii) introducing a</p><p>programmable credential discovery and assembly layer that generates the</p><p>appropriate tailored context for a given request. The authenticated data</p><p>repository is built upon a scalable key-value store with its contents named by</p><p>secure identifiers and certified by the issuing principal. The SAFE language</p><p>provides scripting primitives to generate and organize logic sets representing</p><p>credentials and policies, materialize the logic sets as certificates, and link</p><p>them to reflect delegation patterns in the application. The authorizer fetches</p><p>the logic sets on demand, then validates and caches them locally for further</p><p>use. Upon each request, the authorizer constructs the tailored proof context</p><p>and provides it to the SAFE inference for certified validation.</p><p>Delegation-driven credential linking with certified data distribution provides</p><p>flexible and dynamic policy control enabling security and trust infrastructure</p><p>to be agile, while addressing the perennial problems related to today's</p><p>certificate infrastructure: automated credential discovery, scalable</p><p>revocation, and issuing credentials without relying on centralized authority.</p><p>We envision SAFE as a new foundation for building secure network systems. We</p><p>used SAFE to build secure services based on case studies drawn from practice:</p><p>(i) a secure name service resolver similar to DNS that resolves a name across</p><p>multi-domain federated systems; (ii) a secure proxy shim to delegate access</p><p>control decisions in a key-value store; (iii) an authorization module for a</p><p>networked infrastructure-as-a-service system with a federated trust structure</p><p>(NSF GENI initiative); and (iv) a secure cooperative data analytics service</p><p>that adheres to individual secrecy constraints while disclosing the data. We</p><p>present empirical evaluation based on these case studies and demonstrate that</p><p>SAFE supports a wide range of applications with low overhead.</p> / Dissertation

Computer science

Logic-based access control

authorization

SAFE

Safelog

Safelang

slog

slang

SafeSets

SafeX

Security Policies

Software-as-a-service

Distributed Systems

Trust Logic

Declarative Languages

Trust Management

A trust framework for multi-organization environments / Un système de confiance pour les environnements multi-organisationnels

Toumi, Khalifa

01 April 2014

De nos jours, la propagation rapide des technologies de communication, de stockage de données et des web services encouragent les entreprises à collaborer entre elles formant ainsi un environnement multi-organisationnels. Ces entreprises participent à cet environnement afin de profiter des opportunités offertes tels que: (1) la possibilité d'utilisation des ressources et des services externes et professionnels (2) la réduction du temps de production et (3) les bénéfices résultant des effets de synergie. Toutefois, cette collaboration n'est pas parfaite. Des nombreux problèmes peuvent apparaître tels que l'utilisation malveillante des ressources, la divulgation des données ou des services inadéquats. Par conséquent, la sécurité est une préoccupation importante des participants. Les principaux défis de sécurité pour un participant sont la gestion de la confiance et le contrôle d'accès. Dans cette thèse, nous avons abordé en particulier ces deux domaines et nous proposons une nouvelle approche de gestion de la confiance pour les systèmes mutli-organisationnels. Notre approche est divisée en quatre parties. Tout d'abord, nous avons défini un modèle de confiance basé sur la notion des vecteurs. Ces derniers sont composés d'un ensemble de paramètres qui permettent de fournir un degré de confiance sous certaines conditions. Dans notre approche, nous envisageons deux types de vecteurs. D'une part, un vecteur lié à une relation entre un utilisateur et une organisation et d'autre part un vecteur qui relie deux organisations. De plus, nous avons montré comment évaluer et partager ces vecteurs entre les organisations, et comment utiliser les informations évaluées pour améliorer la sécurité. Concernant notre deuxième contribution, nous avons intégré ce nouveau modèle de confiance dans le modèle de contrôle d'accès OrBAC (Organization Based Access Control). Cette intégration a donné naissance à notre modèle TRUST-OrBAC. En outre, nous avons appliqué cette solution à un cas d'étude de collaboration entre des entreprises. Troisièmement, nous avons proposé une nouvelle ontologie de confiance basée sur des concepts de contrôle d'accès. Cette ontologie sera utilisée pour partager les degrés de confiance entre les participants et pour définir l'équivalence entre leurs objectifs. Ainsi, comment définir cette relation de confiance, comment comprendre l'objectif de la confiance d'un demandeur, et comment évaluer la valeur de la recommandation sont toutes des problématiques auxquelles nous avons essayé de répondre dans le cadre de ce travail. Quatrièmement, nous avons amélioré notre travail par la conception d'une approche de test passif afin d'évaluer le comportement d'un utilisateur. Cette contribution a été basée sur l'outil de test MMT (Montimage Monitoring Tool). Finalement, nous avons conçu une architecture sécurisée d'un système distribué en se basant sur nos contributions / The widespread of inexpensive communication technologies, distributed data storage and web services mechanisms currently urge the collaboration among organizations. Partners are participating in this environment motivated by several advantages such as: (1) the ability to use external and professional resources, services and knowledge, (2) the reduction of time-consuming requirements and (3) the benefaction of experts experience. However, this collaboration is not perfect since several problems can arise such as the misuse of resources, disclosure of data or inadequate services. Therefore, security is an important concern of the participants. In particular trust management and access control are one of the major security issues for an organization. This thesis addresses these two areas in particular. It proposes a novel and comprehensive trust framework for Multi-Organization Environments. Our approach is organized in four parts. First, we propose a vector based model approach for defining trust vectors. These vectors evaluate a set of requirements, under conditions, and provide a degree of confidence. In our approach, we consider two different types of vectors. On the one hand, a vector that links a user to an organization and, on the other hand, a vector that links two organizations. We also show how these vectors are evaluated and shared among the different organizations, and how we combine the provided trust information in order to enhance the security. Second, the TRUST-OrBAC model was designed to add the previous trust approach to the ORBAC model. Moreover, this solution was applied with a real collaboration network between companies. Third, we present a trust ontology methodology based on access control concepts. This ontology will be used to share the trust beliefs between participants and to make equivalence between their trust objectives. How to define this trust relationship, how to understand the trust objective of a requester, and how to evaluate the recommendation value is addressed in this thesis. Fourth, we improve our work by designing a passive testing approach in order to evaluate the behavior of a user. This contribution is based on the monitoring tool MMT. Finally the entire architecture of our system is proposed

Gestion de la confiance

Politique de sécurité

Règles de sécurité

Modèle OrBAC

Test passif

Collecte des traces

Analyse des traces

Trust management

Security policy

Security rules

OrBAC

Passive testing

Trace analysis

Trace collection

Infrastructure de gestion de la confiance sur internet / Trust management infrastructure for internet

Vu, Van-Hoan

03 December 2010

L'établissement de la confiance est un problème qui se pose en permanence dans la vie quotidienne. Nous avons toujours besoin d'évaluer la confiance que l'on a en quelqu'un avant de décider d'entreprendre une action avec. Il s'agit bien évidemment d'une question très importante pour les applications de l'Internet où il est de plus en plus rare d'engager une transaction avec des personnes ou des entités que l'on connaîtrait au préalable. La confiance est un élément clé pour le développement et le bon fonctionnement des applications d’e-commerce et par extension de tous les services qui amènent à des interactions avec des inconnus.Le but de cette thèse est de proposer une infrastructure de gestion de la confiance qui permette à chaque participant d'exprimer sa propre politique de confiance ; politique qui guidera le comportement des applications qui fournissent ou qui permettent d'accéder à des services. Cette infrastructure met en œuvre des mécanismes de négociation qui vont permettre d'établir une confiance mutuelle entre les différents participants d'une transaction. Un des points importants de notre proposition est d'offrir un langage d'expression des politiques qui permet d'utiliser toutes les sources d'informations disponibles telles que les qualifications (credentials), la notion de réputation, de recommandation, de risque pour exprimersa politique de confiance. / Trust establishment is an important problem which often arises everyday. We need to assess the trust in someone or something before making decisions on their actions. It is also a very important problem for Internet applications where participants of a system are virtual entities. The trust establishment is a key factor for e-commerce applications and services which involve interactions with unknown users.The objective of this thesis is to build an infrastructure for trust management which allows each participant to express his own security policy. The security policy is a way for the participant to define his own access control to his own resources and services. The infrastructure provides a trust negotiation mechanism that allows two participants to establish a mutual trust between them for interactions.The important point of our proposal of an infrastructure for trust management is that we use all available information such as credentials (signed certificates), reputations, recommendations or risk information about the peer to make decisions on trust. All these factors are expressed in the security policy by using our proposed policy language.

Sécurité

Politique de sécurité

Confiance

Risque

Gestion de confiance

Gestion des risques

Négociation de la confiance

E-commerce

Protocoles de sécurité

Security

Security policies

Trust

Risk

Trust management

Risk management

Trust negociation

E-commerce

Security protocol

A trust framework for multi-organization environments

Toumi, Khalifa

01 April 2014

The widespread of inexpensive communication technologies, distributed data storage and web services mechanisms currently urge the collaboration among organizations. Partners are participating in this environment motivated by several advantages such as: (1) the ability to use external and professional resources, services and knowledge, (2) the reduction of time-consuming requirements and (3) the benefaction of experts experience. However, this collaboration is not perfect since several problems can arise such as the misuse of resources, disclosure of data or inadequate services. Therefore, security is an important concern of the participants. In particular trust management and access control are one of the major security issues for an organization. This thesis addresses these two areas in particular. It proposes a novel and comprehensive trust framework for Multi-Organization Environments. Our approach is organized in four parts. First, we propose a vector based model approach for defining trust vectors. These vectors evaluate a set of requirements, under conditions, and provide a degree of confidence. In our approach, we consider two different types of vectors. On the one hand, a vector that links a user to an organization and, on the other hand, a vector that links two organizations. We also show how these vectors are evaluated and shared among the different organizations, and how we combine the provided trust information in order to enhance the security. Second, the TRUST-OrBAC model was designed to add the previous trust approach to the ORBAC model. Moreover, this solution was applied with a real collaboration network between companies. Third, we present a trust ontology methodology based on access control concepts. This ontology will be used to share the trust beliefs between participants and to make equivalence between their trust objectives. How to define this trust relationship, how to understand the trust objective of a requester, and how to evaluate the recommendation value is addressed in this thesis. Fourth, we improve our work by designing a passive testing approach in order to evaluate the behavior of a user. This contribution is based on the monitoring tool MMT. Finally the entire architecture of our system is proposed

[INFO:INFO_OH] Computer Science/Other

[INFO:INFO_OH] Informatique/Autre

[SPI:OTHER] Engineering Sciences/Other

Trust management

Security policy

Security rules

OrBAC

Passive testing

Trace analysis

Trace collection

Trust computational models for mobile ad hoc networks : recommendation based trustworthiness evaluation using multidimensional metrics to secure routing protocol in mobile ad hoc networks

Shabut, Antesar Ramadan M.

January 2015

Distributed systems like e-commerce and e-market places, peer-to-peer networks, social networks, and mobile ad hoc networks require cooperation among the participating entities to guarantee the formation and sustained existence of network services. The reliability of interactions among anonymous entities is a significant issue in such environments. The distributed entities establish connections to interact with others, which may include selfish and misbehaving entities and result in bad experiences. Therefore, trustworthiness evaluation using trust management techniques has become a significant issue in securing these environments to allow entities decide on the reliability and trustworthiness of other entities, besides it helps coping with defection problems and stimulating entities to cooperate. Recent models on evaluating trustworthiness in distributed systems have heavily focused on assessing trustworthiness of entities and isolate misbehaviours based on single trust metrics. Less effort has been put on the investigation of the subjective nature and differences in the way trustworthiness is perceived to produce a composite multidimensional trust metrics to overcome the limitation of considering single trust metric. In the light of this context, this thesis concerns the evaluation of entities’ trustworthiness by the design and investigation of trust metrics that are computed using multiple properties of trust and considering environment. Based on the concept of probabilistic theory of trust management technique, this thesis models trust systems and designs cooperation techniques to evaluate trustworthiness in mobile ad hoc networks (MANETs). A recommendation based trust model with multi-parameters filtering algorithm, and multidimensional metric based on social and QoS trust model are proposed to secure MANETs. Effectiveness of each of these models in evaluating trustworthiness and discovering misbehaving nodes prior to interactions, as well as their influence on the network performance has been investigated. The results of investigating both the trustworthiness evaluation and the network performance are promising.

004.6