from weak online reputation metrics to standardized … weak online reputation metrics to...
TRANSCRIPT
![Page 1: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/1.jpg)
ITUWorkshopon“FutureTrustandKnowledgeInfrastructure”,Phase2
Geneva,Switzerland1July2016
Fromweakonlinereputationmetricstostandardizedattack-resistanttrustmetrics
Dr.Jean-MarcSeigneurPresidentatRéputaction SAS,ChiefReputationOfficeratGLOBCOINSeniorLecturerandResearchManageratMedi@LAB,CUIISS,G3S,
![Page 2: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/2.jpg)
Agenda• Introduction• Today’sWeakOnlineReputationMetrics• ComputationalTrustEngines• TowardsStandardizedAttack-ResistantTrustMetrics
• Conclusion• Q&A
![Page 3: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/3.jpg)
Onlinereputationeconomy
• By2026,thankstoonlineratings– “amoresuccessfulhospitalityandleisuresectorhasthe
potentialtoaddanextra£2bntotheUKeconomywiththeimpactonthesector’slargesupplychaincontributingafurther£1.2bn.”[Barclays,2016]
![Page 4: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/4.jpg)
Mainonlinee-reputation ratingsservices forthegeneral public
• Especiallyinthetourismindustry– Around60%ofthehotelratingsby2providersonly[TCIResearchFrench,2015]• Booking,whoseratingsareverifiedbecausebasedafterpaymenthasbeenmade,takingaround25%ofthenightcost
• TripAdvisor,whoseratingsarenotverified
• Somehow:eBay,Yelp,Klout,TrustPilot,TrustYou,FacebookReviews,GoogleReviews…
![Page 5: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/5.jpg)
RatingsforGoogleSEO
![Page 6: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/6.jpg)
Amajorpitfall:trustinonlineratingsdecreases
• RepresentativesurveysofFrenchpeople– [Testntrust,2013]
• 89%trustonlineratingsin2010• 76%trustonlineratingsin2013
– [NielsenInstitute,2013]• 71%trustonlineratingsin2007• 51%trustonlineratingsin2013
![Page 7: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/7.jpg)
Issuesofonlinereputationmetrics• eBay
– firsttoproposeanonline reputationsolution in1995– easierbecause
• centralized• focusedononecontextonly:onlineauctions• withrealmoneytransactionstraces
– Issues• same pointsforsuccessfully selling aFerrarioraUSBkey• changein2008:sellers cannot ratebuyers inorder to increase negative ratingsofsellers
• aggressivemarketing(Naymz/Visible.me spam,Reputation.comoveralarmingemails)
• resellingofprivatedatawithoutuserconsent(Rapleaf 1.0/Trustfuse)• difficultandincompletecollection,verificationandmanagementofratings• TripAdvisor
– Guiltyof falseratingsorsuccessfullyattacked• UK,2009:suedby2000hotelsassociation,changeofslogan“reviewsyoucantrust”to
“reviewsfromourcommunity”• France,2011:non-partnerhotelslistedasfullybookedevenifstillavailable inreal• Italy,2014and2015:
– feeof500kEurosbytheItaliananti-trustbodyduetounclearexplanationregardingthevalidityoftheirratings
– ghostrestaurantrankedasbestrestaurantofatouristiccity• Tunisia,2016:traveler's choiceawardgiventothehotelinTunisiawherean
Islamistterroristattackleft30Britishholidaymakersdeadlastsummer
![Page 8: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/8.jpg)
e-Reputationratingsmainaspects
• Ratingsverifiedornot• Closedoropenalgorithmsinordertoevaluatetheirattack-
resistancebytheresearchcommunity– securitybyobscurityisbelievedtobelesssecurebythe
researchcommunity• Open,restrictedornoAPItoaccess/managethem• Theirvisualizationordigitalrepresentation
– Quantitativeonly• Scaleofstarsbetween1to5…
– Qualitativeaswell• Needofautomatedlanguagesentiment analysis
![Page 9: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/9.jpg)
Howtovisualizetrusteffectively?
• Trustvisualizationhasarealbusinessimpact:+8%pricepremium[Johnston,1996]
![Page 10: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/10.jpg)
TrustPlus• 2006to2012,decentralized,closedalgorithm,notverifiedratings,interestingtrustvisualization
![Page 11: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/11.jpg)
• Scorebetween0and100• Startedin2008– focusingone-reputationinfluence– boughtforaround100millions$in2014– closedalgorithm– basedondetectedevidencesuchasnumberoffollowers/fansandtheirownscoreengagementofposts
– knowntobeeasilyattackedduetotheeasysetupoffakeaccounts
![Page 12: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/12.jpg)
FakeAccounts,Clicks,RatingsandReviews
![Page 13: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/13.jpg)
Agenda• Introduction• Today’sWeakOnlineReputationMetrics• ComputationalTrustEngines• TowardsStandardizedAttack-ResistantTrustMetrics
• Conclusion• Q&A
![Page 14: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/14.jpg)
ComputationalTrust• Oneofitsmaingoalistoachieveattack-resistanttrustmetrics• Atrustmetricconsistsofthedifferentcomputationsandcommunications
whicharecarriedoutbythetrustor(andhis/hernetwork)tocomputeatrustvalueinthetrustee
• Atrustvalueisthedigitalrepresentationofthetrustworthinessorleveloftrustintheentityunderconsiderationandisanon-enforceableestimateoftheentity’sfuturebehaviorinagivencontextbasedonpastevidence,mainly:– directobservations,– recommendations fromanidentified recommender,– reputationasanaggregatedvaluefromnotclearlyidentified recommender(s).
• 3maintypesoftrustareconsideredinsocialresearch:– interpersonal trust,– dispositional trust,– systemtrust.
• Interpersonaltrustiscrucialwhensystemtrustcannotbeenforced,forexample,intheubiquitouscomputingworldoftheInternetofThings(IoT).
[Seigneur,2005]
![Page 15: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/15.jpg)
McKnight&ChevernyTrustSocialModel
![Page 16: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/16.jpg)
TrustEngineandTrustMetricsAttacks
• Thetrustmetricsareattackedbymeansof:– Identityusurpationattacks– Identitymultiplicityattacks
• Douceur’sSybilAttackisthemostwell-known– Coalitionsofmotivateduserscomparedtootherlazyuserswhodonotrate
Trust Engine’s Security Perimeter
Decision-making
ER
VirtualIdentities
Trust ValueComputation
Risk Analysis
Decision
RequestEvidenceManager
EvidenceStore
![Page 17: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/17.jpg)
ResearchRepresentationsofTrustValues
[Marsh,2016]
[SECURE,2005]
[WangandVassileva,2003]
![Page 18: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/18.jpg)
Agenda• Introduction• Today’sWeakOnlineReputationMetrics• ComputationalTrustEngines• TowardsStandardizedAttack-ResistantTrustMetrics
• Conclusion• Q&A
![Page 19: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/19.jpg)
RandomAttack
4 randomly attacked9 directly compromised20 not compromised
![Page 20: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/20.jpg)
NetworkTopologyEngineeredAttack
4 most connected attacked20 compromised9 not compromised
![Page 21: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/21.jpg)
TrustTransfer:Sybil-attackResistantTrustMetric
(100,2)
(60,5)(180,0)(90,3)
(48,1)
(70,0)(12,0) (12,0)
à (36,1)
(100,2)
(60,5)(180,0)(90,3)
(48,1)
(70,0)
(12,0)
12fakedeventsmayhavebeenintroducedinthenetwork
[Seigneur, 2005]
![Page 22: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/22.jpg)
TrustTransferExample
RecommenderSearchPolicy(RSP)
RecommendationPolicy(RP)
Thesearchforrecommendersmaybeextendedtocontactsofrecommenders.
?
Thetotalamountoftrusttransferredmaybesharedbetweenseveralrecommenders.
R
TS
10positiveoutcomesneeded
Start:R(22,2)
Start:S(32,2)
End:R(12,2)S(10,0)
End:S(22,2)
S(10)?T(10)?
YesYes
[Seigneur, 2005]
![Page 23: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/23.jpg)
Conclusion
• Caremustbetakenwhenstandardizingtrustinordertonotdeceivetheusersandkeeptheirtrustinthetruststandard
• Attack-resistanttrustmetricsshouldbeopenandeasytobereviewedbytheresearchcommunity
• Ideally,themostattack-resistanttrustmetricsshouldbestandardized
![Page 24: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/24.jpg)
Q&A
• Thanksforyourattention!• Jointhethe290+Trustcompcommunitymembers– http://www.trustcomp.org/group-mailing-list– ACMSACtrust/reputationTRECKtrackCFP• Deadline:15th September2016
![Page 25: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/25.jpg)
![Page 26: From weak online reputation metrics to standardized … weak online reputation metrics to standardized attack-resistant trust metrics ... • Q&A. Online reputation ... Issues of online](https://reader034.vdocuments.mx/reader034/viewer/2022051723/5ab0a1cf7f8b9a6b468b847b/html5/thumbnails/26.jpg)