Structured peer-to-peer overlay networks provide a sub-strate for the construction of large-scale, decentralized applications, including distributed storage, group com-munication, and content distribution. These overlays are highly resilient; they can route messages correctly even when a large fraction of the nodes crash or the network partitions. But current overlays are not secure; even a small fraction of malicious nodes can prevent correct message delivery throughout the overlay. This prob-lem is particularly serious in open peer-to-peer systems, where many diverse, autonomous parties without pre-existing trust relationships wish to pool their resources. This paper studies attacks aimed at preventing correct message delivery in structured peer-to-peer overlays and presents defenses to these attacks. We describe and eval-uate techniques that allow nodes to join the overlay, to maintain routing state, and to forward messages securely in the presence of malicious nodes. 1

Trust and reputation systems represent a significant trend in decision support for Internet mediated service provision. The basic idea is to collect information about potential service providers in order to select the most reliable and trustworthy provider of services and information and to avoid the less trustworthy. A natural side effect is that it also provides an incentive for good behaviour and therefore tends to have a positive effect on market quality. Reputation systems can be called collaborative sanctioning systems to reflect their collaborative nature, and are related to collaborative filtering systems. Reputation systems are already being used in successful commercial online applications. There is also a rapidly growing literature around trust and reputation systems, but unfortunately this activity is not very coherent. The purpose of this paper is to give an overview of existing and proposed systems that can be used to derive measures of trust and reputation for Internet transactions, to analyse the current trends and developments in this area, and to propose a research agenda for trust and reputation systems.

Abstract. Peer-to-peer (p2p) networking technologies have gained popularity as a mechanism for users to share files without the need for centralized servers. A p2p network provides a scalable and fault-tolerant mechanism to locate nodes anywhere on a network without maintaining a large amount of routing state. This allows for a variety of applications beyond simple file sharing. Examples include multicast systems, anonymous communications systems, and web caches. We survey security issues that occur in the underlying p2p routing protocols, as well as fairness and trust issues that occur in file sharing and other p2p applications. We discuss how techniques, ranging from cryptography, to random network probing, to economic incentives, can be used to address these problems. 1

Distributed anonymous communication networks like Tor depend on volunteers to donate their resources. However, the efforts of Tor volunteers have not grown as fast as the demands on the Tor network. We explore techniques to incentivize Tor users to relay Tor traffic too; if users contribute resources to the Tor overlay, they should receive faster service in return. In our design, the central Tor directory authorities measure performance and publish a list of Tor relays that should be given higher priority when establishing circuits. Simulations of our proposed design show that conforming users receive significant improvements in performance, in some cases experiencing twice the network throughput of selfish users who do not relay traffic for the Tor network.

Structured peer-to-peer overlay networks provide a substrate for the construction of large-scale, decentralized applications, including distributed storage, group communication, and content distribution. These overlays are highly resilient; they can route messages correctly even when a large fraction of the nodes crash or the network partitions. But current overlays are not secure; even a small fraction of malicious nodes can prevent correct message delivery throughout the overlay. This problem is particularly serious in open peer-to-peer systems, where many diverse, autonomous parties without preexisting trust relationships wish to pool their resources. This paper studies attacks aimed at preventing correct message delivery in structured peer-to-peer overlays and presents defenses to these attacks. We describe and evaluate techniques that allow nodes to join the overlay, to maintain routing state, and to forward messages securely in the presence of malicious nodes.

Trust assessment is a key prerequisite for the adoption of software services but poorly supported by existing methods and technology especially when it comes to trust in dynamically composed and deployed software services. In this position paper, we discuss why this is the case and outline a programme of research focusing on the development of platform for dynamic trust assessment of software services. Categories and Subject Descriptors D.2.9 [Management]: software quality assurance

Reputation is a crucial concept in dynamic multiagent environments and not surprisingly has received considerable attention from researchers. However, despite the large body of related work on reputation systems, no metrics exist to directly and quantitatively evaluate and compare them. We present a common conceptual interface for reputation systems and a set of four measurable desiderata that are broadly applicable across multiple domains. These desiderata employ concepts from dynamic systems theory to measure how a reputation system reacts to a strategic agent attempting to maximize its own utility. We study a diverse set of well-known reputation models from the literature in a moral hazard setting and identify a rich variety of characteristics that they support. We discuss the implications, strengths, and limitations of our desiderata. 1

Abstract—The motivation behind basing applications on peer-to-peer architectures derives to a large extent from their ability to function, scale and self-organize in the presence of a highly transient population of nodes, network and computer failures, without the need of a central server and the overhead of its administration. P2P networks are vulnerable to peers, who cheat, propagate malicious codes, or peers who do not cooperate. Traditional client-server security models are not sufficient to P2P networks because of their centralized nature. To full fill this,in this paper we present a cryptographic protocol for ensuring secure and timely availability of the reputation data of a peer extremely at low cost and develop a queuing model to evaluate the time required at each peer to serve its replication requests. Index Terms — Object Oriented Approach; P2P; attack; Encryption and Decryption. I.

One inherent problem with virtual communities is how to assess the trustworthiness of unknown peers. Reputation based trust mechanisms are one means to help users decide whether to rely on a stranger or not. Using eBay’s feedback forum as an example, we show how simple reputation based trust mechanisms work. We evaluate shortcomings of these mechanisms and give an overview of reasonable enhancements. Later we show how effectiveness is improved by various means including policy based trust measures and using more sophisticated models for calculating reputation values. When applying the mechanisms to mobile communities, we realize that they have specific requirements of reputation based trust mechanisms such as decentralized reputation storage. With these results, we analyze which enhancements fulfill the given requirements. Next we describe a hypothetical reputation based trust mechanism for a virtual community.