Online marketplaces are now a popular way for users to buy and sell goods over the Internet. On these sites, user reputations—based on feedback from other users concerning prior transactions—are used to assess the likely trustworthiness of users. However, because accounts are often free to obtain, user reputations are subject to manipulation through white-washing, Sybil attacks, and user collusion. This manipulation leads to wasted time and significant monetary losses for defrauded users, and ultimately undermines the usefulness of the online marketplace. In this paper, we propose Bazaar, a system that addresses the limitations of existing online marketplace reputation systems. Bazaar calculates user reputations using a max-flow-based technique over the network formed from prior successful transactions, thereby limiting reputation manipulation. Unlike existing approaches, Bazaar provides strict bounds on the amount of fraud that malicious users can conduct, regardless of the number of identities they create. An evaluation based on a trace taken from a real-world online marketplace demonstrates that Bazaar is able to bound the amount of fraud in practice, while only rarely impacting non-malicious users. 1

Protecting user privacy in network communication is vital in today’s open networking environment. Current anonymous routing protocols provide anonymity by forwarding traffic through a static path of randomly selected relay nodes. In practice, however, malicious relays can perform passive logging attacks to compromise the anonymity of a flow. This degradation is accelerated when nodes fail, forcing source node to reconstruct a path, and in doing so, leaking more information to passive loggers. This “predecessor attack ” is highly effective and difficult to defend against on current systems. In this paper, we propose a highly effective approach to blocking predecessor attacks by leveraging trusted links from social networks. We first show how users can completely shield themselves from traditional logging attacks. We then propose a hybrid logging attack optimized for social networks, and perform detailed analysis to show that we can defend against it using optimized path selection techniques. Finally, we analyze detailed measurement traces from Facebook to show that our approach is indeed feasible given the user behavior in social networks today.

Hermes is an optimization engine for large-scale enterprise e-mail services. Such services could be hosted by a virtualized e-mail service provider, or by dedicated enterprise data centers. In both cases we observe that the pattern of e-mails between employees of an enterprise forms an implicit social graph. Hermes tracks this implicit social graph, periodically identifies clusters of strongly connected users within the graph, and co-locates such users on the same server. Co-locating the users reduces storage requirements: senders and recipients who reside on the same server can share a single copy of an e-mail. Co-location also reduces inter-server bandwidth usage. We evaluate Hermes using a trace of all e-mails within a major corporation over a five month period. The e-mail service supports over 120,000 users on 68 servers. Our evaluation shows that using Hermes results in storage savings of 37 % and bandwidth savings of 50 % compared to current approaches. The overheads are low: a single commodity server can run the optimization for the entire system.

This paper presents IDnet mesh, a general-purpose user identity architecture for the Internet, which provides a scalable common identity validation service to the public. This common service can enable diversified new Internet services as well as new features for existing ones. It builds upon a novel feeder-carrier identity architecture which increases resilience to rising provider-initiated surveillance attempts. It offers a regular approach to connect a user’s online identity with the user’s real identity and meanwhile fully preserves the user’s privacy on the public Internet. Our system adopts a practical trust model such that it yields high system evolvability towards global deployment; it requires no change to the current Internet infrastructure and protocols, and therefore is completely incrementally deployable. We use a Linux-based implementation of IDnet mesh algorithm and protocols at a cluster of servers in Emulab to perform benchmarks for the core algorithm and to test the functional integrity of the protocol implementation. We perform extensive evaluation of IDnet mesh’s scalability, security, efficiency, and reliability. Finally, we assess the overhead induced by our system in the cases of Email and Web services and demonstrate that IDnet mesh can be scalably integrated with these services.

Abstract—Vehicular ad hoc networks (VANETs) are envisioned to provide promising applications and services. One critical deployment issue in VANETs is to motivate vehicles and their drivers to cooperate and contribute to packet forwarding in vehicle-to-vehicle or vehicle-to-roadside communication. In this paper, we examine this problem, analyze the drawbacks of two straightforward schemes, and present a secure incentive scheme to stimulate cooperation in VANETs. We define the measurement of contribution according to the unique characteristics of VANET communication. Our scheme uses the weighted rewarding component to ensure fairness. Extensive simulation results are presented to support the effectiveness of our scheme.

Abstract—Vehicular ad hoc networks (VANETs) are envisioned to provide promising applications and services. One critical deployment issue in VANETs is to motivate vehicles and their drivers to cooperate and contribute to packet forwarding in vehicle-to-vehicle or vehicle-to-roadside communication. In this paper, we examine this problem, analyze the drawbacks of two straightforward schemes, and present a secure incentive scheme to stimulate cooperation and contribution in VANETs. We first define the measurement of contribution according to the unique characteristics of VANET communication. Our scheme uses the weighted rewarding component to ensure fairness. I.

This paper presents IDnet mesh, a general-purpose user identity architecture for the Internet, which provides a scalable common identity validation service to the public. This common service can enable diversified new Internet services as well as new features for existing ones. It builds upon a novel feeder-carrier identity architecture which increases resilience to rising provider-initiated surveillance attempts. It offers a regular approach to connect a user’s online identity with the user’s real identity and meanwhile fully preserves the user’s privacy on the public Internet. Our system adopts a practical trust model such that it yields high system evolvability towards global deployment; it requires no change to the current Internet infrastructure and protocols, and therefore is completely incrementally deployable. We use a Linux-based implementation of IDnet mesh algorithm and protocols at a cluster of servers in Emulab to perform benchmarks for the core algorithm and to test the functional integrity of the protocol implementation. We perform extensive evaluation of IDnet mesh’s scalability, security, efficiency, and reliability. Finally, we assess the overhead induced by our system in the cases of Email and Web services and demonstrate that IDnet mesh can be scalably integrated with these services. 1.

This paper presents IDnet mesh, a general-purpose user identity solution for the Internet, which provides a scalable common identity validation service to the public. This common service can enable diversified new Internet services as well as new features for existing ones. IDnet mesh uses tamper-resistant biometric-based hardware devices, called Internet passports, to achieve strong user accountability. At the same time, the system exploits cryptographic hash functions and RSA to fully preserve user privacy on the public Internet. Our system adopts a practical trust model such that it yields high system evolvability; it requires no changes to the current Internet infrastructure and protocols, and therefore is completely incrementally deployable. We use a Linux-based implementation of IDnet mesh algorithm and protocols at a cluster of servers in Emulab to perform benchmarks for the core algorithm and to test the functional integrity of the protocol implementation. We perform extensive evaluation of IDnet mesh’s scalability, security, efficiency, and reliability. Finally, we assess the overhead induced by our system in the case of Email and Web services and demonstrate that IDnet mesh can be scalably integrated with these services, thereby improving their integrity.