ABSTRACT
Reputation systems are popular tools to evaluate the trustworthiness of an unknown party before a transaction, but the reputation score can greatly impact the rated subject, such that it might be inclined to suppress negative ratings. In order to elicit coercion-resistant, honest feedback, this paper proposes a reputation system that provides complete privacy of the ratings, i.e. neither the ratee nor the reputation system will learn the value of the rating. We take both, a cryptographic as well as a non-cryptographic approach, to the problem. Privacy of ratings may foster bad mouthing attacks where an attacker leaves intentionally bad feedback. We limit the possibility for this attack by providing a token system such that one can only leave feedback after a transaction, and provide a cryptographic proof of the privacy of our system. We consider the Virtual Organization formation problem and develop and evaluate a novel reputation aggregation algorithm for it.
- R. Agrawal, and R. Srikant. Privacy-Preserving Data Mining. ACM SIGMOD Record 29(2), 2000. Google ScholarDigital Library
- E. Androulaki, S. Choi, S. Bellovin, and T. Malkin. Reputation Systems for Anonymous Networks. Proceedings of the 8th International Symposium on Privacy Enhancing Technologies, 2008. Google ScholarDigital Library
- A. Arenas, B. Aziz, and G. Silaghi. Reputation Management in Grid-Based Virtual Organisations. Proceedings of the International Conference on Security and Cryptography, 2008.Google Scholar
- J. Benaloh. Verifiable Secret-Ballot Elections. PhD thesis, Yale University, 1987. Google ScholarDigital Library
- M. Ben-Or, S. Goldwasser, and A. Wigderson. Completeness theorems for non-cryptographic fault-tolerant distributed computation. Proceedings of the 20th ACM symposium on theory of computing, 1988. Google ScholarDigital Library
- Y. Bo, Z. Min, and L. Guohuan. A Reputation System with Privacy and Incentive. Proceedings of the 8th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing, 2007. Google ScholarDigital Library
- D. Boneh, and M. Franklin. Identity Based Encryption from the Weil Pairing. SIAM Journal of Computing 32(3), 2003. Google ScholarDigital Library
- D. Boneh, B. Lynn, and H. Shacham. Short Signatures from the Weil Pairing. Proceedings of Asiacrypt, 2001. Google ScholarDigital Library
- J. Camenisch, and E. Van Herreweghen. Design and Implementation of the Idemix Anonymous Credential System. Proceedings of the 9th ACM Conference on Computer and Communications Security, 2002. Google ScholarDigital Library
- J. Camenisch, and A. Lysyanskaya. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. Proceedings of EUROCRYPT, 2001. Google ScholarDigital Library
- J. Canny. Collaborative Filtering with Privacy. Proceedings of the IEEE Symposium on Security and Privacy, 2002. Google ScholarDigital Library
- T. Chen, W. Han, H. Wang, Y. Zhou, B. Xu, and B. Zang. Content Recommendation System Based on Private Dynamic User Profile. Proceedings of the International Conference on Machine Learning and Cybernetics, 2007.Google ScholarCross Ref
- I. Damgard, and M. Jurik. A Generalisation, a Simplification and some Applications of Pailliers Probabilistic Public-Key System. Proceedings of International Conference on Theory and Practice of Public-Key Cryptography, 2001. Google ScholarDigital Library
- O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game. Proceedings of the 19th ACM conference on theory of computing, 1987. Google ScholarDigital Library
- J. Groth. A Verifiable Secret Shuffle of Homomorphic Encryptions. Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography, 2003. Google ScholarDigital Library
- A. Josang, R. Ismail. The Beta Reputation System. Proceedings of the 15th Bled Electronic Commerce Conference, 2002.Google Scholar
- A. Joux, and K. Nguyen. Separating Decision Diffie-Hellman from Diffie-Hellman in Cryptographic Groups. IACR E-print Archive 2001/03, 2001.Google Scholar
- F. Kerschbaum, J. Haller, Y. Karabulut, and P. Robinson. PathTrust: A Trust-Based Reputation Service for Virtual Organization Formation. Proceedings of the 4th International Conference on Trust Management, 2006. Google ScholarDigital Library
- M. Kinateder, and S. Pearson. A Privacy-Enhanced Peer-to-Peer Reputation System. Proceedings of the 4th International Conference on Electronic Commerce and Web Technologies, 2003.Google ScholarCross Ref
- Y. Lindell, and B. Pinkas. Privacy Preserving Data Mining. Proceedings of Crypto, 2000. Google ScholarDigital Library
- A. Lysyanskaya, R. Rivest, A. Sahai, and S. Wolf. Pseudonym Systems. Proceedings of the 6th Annual International Workshop on Selected Areas in Cryptography, 1999. Google ScholarDigital Library
- T. Mahler, and T. Olsen. Reputation Systems and Data Protection Law. Proceedings of e-Challenges, 2004.Google Scholar
- D. Naccache, and J. Stern. A New Public-Key Cryptosystem Based on Higher Residues. Proceedings of the ACM Conference on Computer and Communications Security, 1998. Google ScholarDigital Library
- V. Naessens, L. Demuynck, and B. De Decker. A Fair Anonymous Submission and Review System. Proceedings of the 10th IFIP International Conference on Communications and Multimedia Security, 2006. Google ScholarDigital Library
- A. Narayanan, and V. Shmatikov. Robust De-anonymization of Large Sparse Datasets. Proceedings of the 29th IEEE Symposium on Security and Privacy, 2008. Google ScholarDigital Library
- A. Narayanan, and V. Shmatikov. De-anonymizing Social Networks. Proceedings of the 30th IEEE Symposium on Security and Privacy, 2009. Google ScholarDigital Library
- L. Nguyen, R. Safavi-Naini, and K. Kurosawa. Verifiable shuffles: a formal model and a Paillier-based three-round construction with provable security. International Journal of Information Security 5(4), 2006. Google ScholarDigital Library
- T. Norman, A. Preece, S. Chalmers, N. Jennings, M. Luck, V. Dang, T. Nguyen, V. Deora, J. Shao, A. Gray, and N. Fiddian. CONOISE: Agent-based formation of virtual organisations. Proceedings of the 23rd SGAI International Conference on Innovative Techniques and Applications of AI, 2003.Google Scholar
- T. Okamoto, and S. Uchiyama. A new public-key cryptosystem as secure as factoring. Proceedings of EUROCRYPT, 1998.Google ScholarCross Ref
- P. Paillier. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. Proceedings of EUROCRYPT, 1999. Google ScholarDigital Library
- E. Pavlov, J. Rosenschein, and Z. Topol. Supporting Privacy in Decentralized Additive Reputation Systems. Proceedings of the 2nd International Conference on Trust Management, 2004.Google ScholarCross Ref
- F. Pingel, and S. Steinbrecher. Multilateral Secure Cross-Community Reputation Systems for Internet Communities. Proceedings of the 5th International Conference on Trust, Privacy and Security in Digital Business, 2008. Google ScholarDigital Library
- P. Resnick, K. Kuwabara, R. Zeckhauser, and E. Friedman. Reputation Systems. Communications of the ACM 43(12), 2000. Google ScholarDigital Library
- P. Robinson, F. Kerschbaum, and A. Schaad. From Business Process Choreography to Authorization Policies. Proceedinfs of the 20th IFIP Conference on Data and Applications Security, 2006.Google ScholarCross Ref
- S. Steinbrecher. Design Options for Privacy-Respecting Reputation Systems within Centralised Internet Communities. Proceedings of the 21st IFIP International Information Security Conference, 2006.Google ScholarCross Ref
- G. Swamynathan, B. Zhao, K. Almeroth, and R. Jammalamadaka. Towards Reliable Reputations for Dynamic Networked Systems. Proceedings of the IEEE Symposium on Reliable Distributed Systems, 2008. Google ScholarDigital Library
- M. Voss, A. Heinemann, M. Mühlhäuser. A Privacy Preserving Reputation System for Mobile Information Dissemination Networks. Proceedings of the 1st International Conference on Security and Privacy for Emerging Areas in Communications Networks 2005. Google ScholarDigital Library
- A. Yao. Protocols for Secure Computations. Proceedings of the IEEE Symposium on foundations of computer science 23, 1982. Google ScholarDigital Library
Index Terms
- A verifiable, centralized, coercion-free reputation system
Recommendations
On-line Reputation Systems: The Effects of Feedback Comments and Reactions on Building and Rebuilding Trust in On-line Auctions
Previous research on reputation systems primarily focused on their trust-building function. The present research addresses their trust-rebuilding function-specifically, the role of the short text comments given in reaction to negative feedback. ...
Modeling and Evaluating a Robust Feedback-Based Reputation System for E-Commerce Platforms
Despite the steady growth of e-commerce communities in the past two decades, little has changed in the way these communities manage reputation for building trust and for protecting their member's financial interests against fraud. As these communities ...
e-Trust and reputation
Trust online can be a hazardous affair; many are trustworthy, but some people use the anonymity of the web to behave very badly indeed. So how can we improve the quality of evidence for trustworthiness provided online? I focus on one of the devices we ...
Comments