arxiv: v1 [cs.cr] 30 May 2014

Similar documents
Problems in Reputation based Methods in P2P Networks

Trust4All: a Trustworthy Middleware Platform for Component Software

Extended Identity for Social Networks

A Composite Trust based Public Key Management in MANETs

Entropy-Based Recommendation Trust Model for Machine to Machine Communications

Sybil Attack Detection with Reduced Bandwidth overhead in Urban Vehicular Networks

A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud Data

Technical Report CS : Incorporating Trust in Network Virtualization

Identifiers, Privacy and Trust in the Internet of Services

Featuring Trust and Reputation Management Systems for Constrained Hardware Devices*

AUTHENTICATION AND LOOKUP FOR NETWORK SERVICES

Robust Reputation Based Trust Management Framework for Federated-Cloud Environments

Towards a Trust, Reputation and Recommendation Meta Model

A Brief Comparison of Security Patterns for Peer to Peer Systems

User Control Mechanisms for Privacy Protection Should Go Hand in Hand with Privacy-Consequence Information: The Case of Smartphone Apps

Countering Hidden-Action Attacks on Networked Systems

Evaluation of VO Intersection Trust model for Ad hoc Grids

Trust Management in Wireless Networks

E±cient Detection Of Compromised Nodes In A Wireless Sensor Network

THE smart grid is promising to revolutionize the provision

Chapter I INTRODUCTION. and potential, previous deployments and engineering issues that concern them, and the security

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

InfoQ: Computational Assessment of Information Quality on the Web. Centrum voor Wiskunde en Informatica (CWI) Vrije Universiteit Amsterdam

Service Boost: Towards On-demand QoS Enhancements for OTT Apps in LTE

Identity management is a growing Web trend with. A SWIFT Take COVER FEATURE. Virtual identities and identifiers

A Secure System for Evaluation and Management of Authentication, Trust and Reputation in Cloud-Integrated Sensor Networks

Towards a Comprehensive Testbed to Evaluate the Robustness of Reputation Systems against Unfair Rating Attacks

LTE Network Automation under Threat

International Journal of Scientific & Engineering Research Volume 8, Issue 5, May ISSN

NodeId Verification Method against Routing Table Poisoning Attack in Chord DHT

Recommendation-Based Trust Model in P2P Network Environment

Towards Standardization of Distributed Access Control

SEAR: SECURED ENERGY-AWARE ROUTING WITH TRUSTED PAYMENT MODEL FOR WIRELESS NETWORKS

Evaluating the suitability of Web 2.0 technologies for online atlas access interfaces

Mitigating Malicious Activities by Providing New Acknowledgment Approach

This article appeared in a journal published by Elsevier. The attached copy is furnished to the author for internal non-commercial research and

The multi-perspective process explorer

Vehicle Trust Management for Connected Vehicles

Attack Resilient State Estimation for Vehicular Systems

Web Service Recommendation Using Hybrid Approach

Sybil defenses via social networks

Unsolicited Communication / SPIT / multimedia-spam

DETECTING SYBIL ATTACK USING HYBRID FUZZY K-MEANS ALGORITHM IN WSN

Identity in the Cloud Outsourcing Profile Version 1.0

Sybil Attack Detection and Prevention Using AODV in VANET

SECURE DATA AGGREGATION TECHNIQUE FOR WIRELESS SENSOR NETWORKS IN THE PRESENCE OF SECURITY THREATS

BYZANTINE ATTACK ON WIRELESS MESH NETWORKS: A SURVEY

Advanced Threat Defense Certification Testing Report. Symantec Corporation Symantec Advanced Threat Protection

Guarantor and Reputation Based Trust Model for Social Internet of Things

CPSC 426/526. Reputation Systems. Ennan Zhai. Computer Science Department Yale University

Evaluating Secure Identification in the Mobile Oriented Future Internet (MOFI) Architecture

Securing The Reputation Management in WINNOWING P2P Scheme. Nawaf Almudhahka Matthew Locklear

Using Game Theory To Solve Network Security. A brief survey by Willie Cohen

Detection of Sybil Attack in VANETs by Trust Establishment in Clusters

A Rule-Based Intrusion Alert Correlation System for Integrated Security Management *

Credit-based Network Management

MANAGING ACCESS CONTROL SYSTEMS IN DISTRIBUTED ENVIRONMENTS WITH DYNAMIC ASSET PROTECTION

FairVPN, overlay topology construction tool to maximize TCP fairness. A framework for packet droppers mitigation in OLSR Wireless Community Networks

Reputation Management in P2P Systems

Secure Path-Key Revocation for Symmetric Key Pre-distribution Schemes in Sensor Networks

Proposed System. Start. Search parameter definition. User search criteria (input) usefulness score > 0.5. Retrieve results

Privacy-Enhanced Collaborative Filtering

DETECTION OF PACKET FORWARDING MISBEHAVIOR IN WIRELESS NETWORK

ENERGY-EFFICIENT TRUST SYSTEM THROUGH WATCHDOG OPTIMIZATION

2. REVIEW OF RELATED RESEARCH WORK. 2.1 Methods of Data Aggregation

Algorithm for DNSSEC Trusted Key Rollover

Secured Routing Protocols for Wireless & ATM Networks : An Analysis

Identity Deployment and Management in Wireless Mesh Networks

PSH: A Private and Shared History-Based Incentive Mechanism

OpenDISCO Open simulation framework for distributed smart grid control

A (sample) computerized system for publishing the daily currency exchange rates

Reliable Mobile Ad Hoc P2P Data Sharing

Further Development of Fieldbus Technology to Support Multi-Axis Motion

Security Issues In Mobile IP

Peer-to-peer systems and overlay networks

Network Economics and Security Engineering

AN AUTOMATED TRUST MODEL FOR CLIENT-SERVER AND PEER-TO-PEER SYSTEM

On bidder zones, cell phones and ballot stuffing

Social Voting Techniques: A Comparison of the Methods Used for Explicit Feedback in Recommendation Systems

Security and privacy in the smartphone ecosystem: Final progress report

AUV Cruise Path Planning Based on Energy Priority and Current Model

Review on Techniques of Collaborative Tagging

Aligning Mal-activity Diagrams and Security Risk Management for Security Requirements Definitions

The Design of Supermarket Electronic Shopping Guide System Based on ZigBee Communication

Computer Based Image Algorithm For Wireless Sensor Networks To Prevent Hotspot Locating Attack

A Boosting-Based Framework for Self-Similar and Non-linear Internet Traffic Prediction

Managing the lifecycle of XACML delegation policies in federated environments

Sponsored by Oracle. SANS Institute Product Review: Oracle Audit Vault. March A SANS Whitepaper. Written by: Tanya Baccam

A Review on Various Routing Attacks on Wireless. Sensor Network

CHAPTER 6 PROPOSED HYBRID MEDICAL IMAGE RETRIEVAL SYSTEM USING SEMANTIC AND VISUAL FEATURES

CyberP3i Course Module Series

Estimation of TTP Features in Non-repudiation Service *

Portable reputation: Proving ownership of reputations across portals

LDAT: LFTM based data aggregation and transmission protocol for wireless sensor networks

Porting Social Media Contributions with SIOC

Distributed Sensing for Spectrum Agility: Incentives and Security Considerations

Are we breached? Deloitte's Cyber Threat Hunting

A Security Management Scheme Using a Novel Computational Reputation Model for Wireless and Mobile Ad hoc Networks

Pedigree Management and Assessment Framework (PMAF) Demonstration

X-ARF: A Reporting and Exchange Format for the Data Exchange of Netflow and Honeypot Data

Transcription:

ROMEO: ReputatiOn Model Enhancing OpenID Simulator Ginés Dólera Tormo 1, Félix Gómez Mármol 1, and Gregorio Martínez Pérez 2 arxiv:1405.7831v1 [cs.cr] 30 May 2014 1 NEC Europe Ltd., Kurfürsten-Anlage 36, 69115 Heidelberg, Germany {gines.dolera felix.gomez-marmol}@neclab.eu 2 Department of Information and Communications Engineering, University of Murcia, Murcia, 30100 Spain gregorio@um.es Abstract. OpenID is a standard decentralized initiative aimed at allowing Internet users to use the same personal account to access different services. Since it does not rely on any central authority, it is hard for such users or other entities to validate the trust level of each entity deployed in the system. Some research has been conducted to handle this issue, defining a reputation framework to determine the trust level of a relying party based on past experiences. However, this framework has been proposed in a theoretical way and some deeper analysis and validation is still missing. Our main contribution in this paper consist of a simulation environment able to validate the feasibility of the reputation framework and analyze its behaviour within different scenarios. 1 Introduction OpenID [1] is an open technology standard which defines a decentralized authentication protocol in order to allow end-users to sign in to multiple websites with the same user account. It allows users to maintain their private information in a single point, and release it to external entities when it is required in a controlled way. For example, users could reveal their credit card number, which is securely stored in their OpenID providers, to purchase an item in an online shop. Due to its decentralized nature, OpenID technology does not rely on any central authority which validates the trust level of the entities involved in the system, such as the different OpenID providers or the service providers. In this way, it is hard for users to decide whether a given service provider is trustworthy enough to share their private information before interacting with it, which actually implies sending such private information. A reputation framework to be integrated with OpenID was defined in [2], without requiring any central authority intervention. It describes how the OpenID protocol can be enhanced so that each OpenID provider can collect recommendations from different users on a given relying party, even if they belong to different OpenID providers. These recommendations can be aggregated appropriately to provide useful information about the service to the users, such as

whether it is trustworthy or not, before they start interacting with it. Such reputation framework, however, is described in a theoretical way and there is not a reference implementation or detailed description of the internal component which can prove the feasibility of such a framework. Our main contribution in this paper is presenting a simulation environment, developed within NEC Laboratories Europe, able to analyze and validate the feasibility of a number of reputation engines integrated with OpenID, including the ones described in [2]. This simulator environment, entitled ROMEO (ReputatiOn Model Enhancing OpenID Simulator), allows evaluating the capability of malicious users or entities to exploit the reputation system. For instance, it is able to analyze whether a relying party could increase its reputation introducing biased recommendations to the system [3]. The remainder of the article is organized as follows. Section 2 presents some related work to motivate our contribution. Section 3 introduces threats which any simulator environment should consider to properly analyze this kind of systems. Section 4 describes the internal components which define the architecture of the framework, while section 5 presents the user interface of the simulator. 2 Background The reputation framework described in [2] was designed for enhancing the OpenID users experience when accessing a relying party. This framework allows OpenID providers to aggregate recommendations about a given relying party from users which have already interacted with it. This allows OpenID providers to inform other users before interacting with the given relying party. Since some of the OpenID providers would not have enough users to form accurate reputation scores, that framework describes a mechanism to gather recommendations from external sources. To know where to collect the recommendations from, the OpenID providers ask the relying party for potential recommenders. The recommenders are mainly other OpenID providers which have recently interacted with the relying party, hence having updated recommendations of the provided service. Additionally, this framework considers users preferences to provide customized reputation values [4]. When a reputation value is being computed for a given user, the recommendations given by users with similar preferences to the given one will have a higher importance in the computation of such reputation score. Nevertheless, some of the gathered recommendations could be malicious or inaccurate, for example if they are biased trying to increase or decrease the reputation of certain relying parties. To solve this problem, the reputation framework establishes dynamic weights to the sources of recommendations based on its accuracy. Therefore, inaccurate recommendations sources will be punished, and its recommendations will not be taken into account. However, this framework only has been defined theoretically and a deep analysis and validation is still missing. Several reputation simulators have been proposed to validate the feasibility of reputation frameworks. ART testbed [5] and TOSim [6] have become a refer-

ence due to its flexibility and modularity, allowing researchers to easily compare and analyze their trust and reputation models. P2P-SIM [7] presents a simulator for evaluating P2P-based trust and reputation management algorithms. It simulates the network structure, and outputs statistics about how the trust management is performed. In a similar way, TRMSim-WSN [8] allows testing and compare trust and reputation models, but within Wireless Sensor Networks (WSN) scenarios. However, we have not found any testbed or simulator targeting reputation management mechanisms integrated within user-centric identity management systems. Those simulation environments should take into account the particularities of these specific reputation models, such as computing reputation based on users preferences. 3 OpenID-integrated reputation frameworks threats There are some aspects which can compromise the behaviour of the presented reputation framework, and should be analyzed to determine its feasibility. In the following, we present some relevant features and threats which should be taken into consideration when designing a simulator. Relying parties could know the recommendation that each OpenID provider has about them. Even though the framework just share recommendations between OpenID providers, it would be easy for any relying party to deploy an OpenID provider which asks for recommendation to the rest of them. Relying parties could offer services with diverse qualities. For instance, a relying party could give low quality on the main services but offering several low-cost with high quality services just for increasing its reputation, if it was calculated as a global reputation instead of depending of the service. Quality of the services offered by the relying parties could vary during the time. For example, a relying party with good reputation could suddenly decrease the quality of its services. Relying Parties could fake the list of potential recommenders by including just the recommenders which provide better recommendations about them. In this case, the relying parties could try to increase their reputation since only biased recommendation sources are taken into consideration. A relying party could decide not to participate in the reputation framework. For example, due to lack of resources or to avoid low reputation values. There could be malicious OpenID providers which supply inaccurate recommendations values trying to either increase or decrease the reputation value of a given relying party. Users could provide inaccurate recommendations. That includes some users who make mistakes when providing recommendations, and those deployed by a malicious relying party trying to increase its reputation [9]. The framework cannot assume unlimited resources to perform any of its processes. Some of the defined processes may require a vast amount of storage, computer or network resources to work properly. Furthermore, the response times are critical to determine the success of the reputation framework.

A malicious entity can present multiple identities, issuing a higher fraction of the recommendations of the system, as a Sybil attack [10]. 4 ROMEO Architecture overview This section presents the internal components of the architecture developed to simulate the reputation framework, as shown in Figure 1. The architecture has been designed to allow an easy extension in order to validate different reputation computation engine that may be defined in the future as part of OpenID. Next, we describe each of the components belonging to the architecture. Fig. 1. General ROMEO architecture overview Reputation Authority. This component is the interface for external entities to make use of the reputation framework functionalities. Either the OpenID provider in use sends internal queries to this module to obtain the reputation value of a relying party or other OpenID providers ask this component for gathering external recommendations. Additionally, this module is also utilized by the users to provide recommendations once they have interacted with the relying party, which feed the reputation framework. Rule Engine. Computing reputation values could be directed by certain dynamic rules. For instance, if the system is overloaded, just the last 25 recommendations will be taken into account instead of all of them. The Rule Engine component is in charge of evaluating these rules and influence the rest of the reputation computation process. Preferences Engine. The preferences of the user which is asking for reputation could be taken into account when computing the reputation values. This component processes the preferences of the user and establishes certain parameters according to them, which will influence the weights of the recommendations of other users when computing the reputation score.

Reputation Manager. This component is the controller of the reputation architecture. By using the rest of the components, this component manages the internal and external recommendations and aggregates them using a specific Computation Engine when a reputation value is requested. Reputation Store. This component is in charge of maintaining recommendations from different users or OpenID providers which have been gathered in the past. It also maintains a weight together with each recommendation in order to determine the accuracy of the recommender. Additionally, this module may act as a cache by storing computed reputation values during a while, which avoids computing the same reputation value again when the users ask for it in a short period of time. Data Collector. The Data Collector component is used by the Reputation Manager to collect external recommendations. This component retrieves the list of potential recommenders from a given relying party and then asks each of these recommenders (i.e. other OpenID providers) for recommendations about the relying party. Computation Engines. This set of components is the core of the reputation framework since it is in charge of aggregating reputation values from the recommendations and its associated weights. A different Computation Engine could be used depending on some systems conditions, such as the current network load. Hence, a common interface is defined so they could be interchangeable. Additionally, this module also adjusts the weights of the recommendations sources based on their accuracy in order to punish or reward such recommendations sources for future reputation computation. 5 Reputation Model Enhancing OpenID Simulator ROMEO (ReputatiOn Model Enhancing OpenID) is the performed simulator, within NEC Laboratories Europe, aimed to evaluate reputation frameworks integrated with OpenID, such as the one presented in [2]. It allows evaluating the capability of malicious users or entities (or groups of them) to exploit the reputation system. That is, if they could increase or decrease the reputation of a given relying party by supplying biased recommendations. Furthermore, it analyzes how different reputation computation engines are adapted to different scenarios. 5.1 Scenario elements As shown in Figure 2, ROMEO presents a graphical interface where different reputation-based scenarios could be defined. A scenario is composed of simulated users belonging to different simulated OpenID providers interacting with a specific relying party under certain conditions. Such conditions are parametrized to configure the behaviour of the different elements in the system. This configuration includes some of the aspects defined in Section 3. For instance, defining whether (and how) the relying party will variate its QoS. It also includes configuration over the different reputation computation engines to determine which configuration adapts better to the defined scenario.

Fig. 2. ROMEO simulator graphical interface screenshot To cover the rest of the aspects described in Section 3, and taking into account other different reputation threats [3], we have defined and included in the simulator the following types of users, OpenID providers and relying parties acting in the system. Type of users: Normal: These users provide appropriate recommendations according to the relying party quality of service. Negative or Positive raters: These users always provides bad (negative raters) or good (positive raters) recommendations when giving feedbacks, regardless of the quality of the received service. Type of OpenID providers: Normal raters: These OpenID providers properly follows the reputation framework definition. That is, they do not try to cheat when they provide recommendations. Negative or Positive raters: These OpenID providers always give bad (negative raters) or good (positive raters) recommendations about the relying party, regardless of its real behaviour, trying to decrease or increase its global reputation. Camouflaged positive/negative raters: This kind of OpenID provider is an extension of the previous one. It gives good or bad recommendation, regardless of the real quality of service, but only p% of the times. The rest of times, (100 p)%, it has a normal behaviour.

Sybil positive/negative raters: These OpenID providers act as positive or negative raters, but additionally, after a while, they replace its identity with a new one. Type of relying party: Normal: The relying party properly follows the behaviour of the framework without trying to cheat its reputation. Malicious: The relying party includes in the recommenders list only the ones with better recommendations about itself. Sybil: The relying party is disconnected and replaced with a new identity from time to time, reinitializing its associated reputation. Not participative: The relying party does not return the recommender list. Once defined the scenario, the simulator starts the simulation environment. The simulation consists of executing a determined number of iterations. In each iteration, some of the simulated users want to access a service offered by the relying party, so they access the OpenID provider they belong to and ask for the reputation value of the relying party. Then, the OpenID provider collects recommendations using the technique described in Section 2 and computes a reputation score according the weight given to each recommender. If the relying party has enough reputation, the user will interact with the relying party and will provide a feedback according to the quality of the received service, and depending on the type of user. Finally, the OpenID provider adjusts the weights of its recommendation according to the received feedback. 5.2 Visualization of results After running a simulation, the simulator shows three different charts, representing three different ways of analyzing the results. These charts are described in the following. Results chart. The Results chart compares the real Relying Party QoS in each moment with the average reputation value given by the Normal OpenID Providers. It is useful to see the behaviour of the reputation model against a specific scenario. For instance, whether it is resilient against malicious users or OpenID Providers or how long does it take to calculate the real reputation value. Accuracy chart. Taking into account that the users interact with the relying party with a probability p, being p the reputation given by its OpenID Provider, this chart determines how many users interact with a given relying party. This chart is useful to compare different reputation computation engines regarding their accuracy when calculating reputation scores. User Satisfaction chart. It indicates how satisfied the users are with the recommendations given by the OpenID Providers, and hence with the reputation framework. This chart is useful to compare different computation engines regarding the adaptation to users preferences. In other words, the more the computed reputation scores fit to each user, according to her preferences, the higher will be the user s satisfaction.

6 Conclusions Nowadays, a lot of service providers are including the OpenID standard solution as part of the authentication and basic access control services provided to their users. However, due to its decentralized nature, OpenID technology does not rely on any central authority which validates the trust level of the entities involved in the system, becoming a point where malicious service providers could try to gain access to the private attributes of users and make profit with them. Some research has been done describing solutions helping to mitigate this problem. However, proposed solutions for this specific case still need some deep analysis and validation. In this paper we have presented a set of relevant features which should be taken into consideration to evaluate a reputation framework build on top of the OpenID standard. Based on this features, we have described a simulation environment able to validate the feasibility of such reputation frameworks and analyze their behaviour within different scenarios. References 1. Recordon, D., Reed, D.: OpenID 2.0: a platform for user-centric identity management. In: Proceedings of the second ACM workshop on Digital identity management, DIM 06. (2006) 11 16 2. Gómez Mármol, F., Kuhnen, M., Martínez Pérez, G.: Enhancing OpenID through a Reputation Framework. In: Proceedings of the 8th international conference on Autonomic and Trusted Computing, ATC 11. Number 6906 in LNCS, Springer- Verlag (2011) 1 18 3. Gómez Mármol, F., Martínez Pérez, G.: Security Threats Scenarios in Trust and Reputation Models for Distributed Systems. Elsevier Computers & Security 28(7) (2009) 545 556 4. Ziegler, C.N., Golbeck, J.: Investigating interactions of trust and interest similarity. Decision Support Systems 43(2) (2007) 460 475 5. Fullam, K.K., Klos, T., Muller, G., Sabater-Mir, J., Barber, K., Vercouter, L.: The Agent Reputation and Trust (ART) Testbed. In: 4th International Conference on Trust Management, itrust. Number 3986 in LNCS (2006) 439 442 6. Zhang, Y., Wang, W., Lü, S.: Simulating trust overlay in p2p networks. In: International Conference on Computational Science. (2007) 632 639 7. West, A.G., Kannan, S., Lee, I., Sokolsky, O.: An Evaluation Framework for Reputation Management Systems. In: Trust Modeling and Management in Digital Environments: From Social Concept to System Development. IGI Global (2010) 282 308 8. Gómez Mármol, F., Martínez Pérez, G.: TRMSim-WSN, Trust and Reputation Models Simulator for Wireless Sensor Networks. In: Proceedings of the IEEE International Conference on Communications, Dresden, Germany (2009) 9. Borg, A., Boldt, M., Carlsson, B.: Simulating malicious users in a software reputation system. In Park, J., Lopez, J., Yeo, S.S., Shon, T., Taniar, D., eds.: Secure and Trust Computing, Data Management and Applications. Volume 186 of Communications in Computer and Information Science. Springer (2011) 147 156 10. Douceur, J.R., Donath, J.S.: The sybil attack. In: Proceedings for the 1st International Workshop on Peer-to-Peer Systems (IPTPS 02). (2002) 251 260

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback