Félix Gómez Mármol

Security threats scenarios in trust and reputation models for distributed systems

Trust and reputation management over distributed systems has been proposed in the last few years as a novel and accurate way of dealing with some security deficiencies which are inherent to those environments. Thus, many models and theories have been developed in order to effective and accurately manage trust and reputation in those communities. Nevertheless, very few of them take into consideration all the possible security threats that can compromise the system. In this paper, we present some of the most important and critical security threats that could be applied in a trust and reputation scheme. We will describe and analyze each of those threats and propose some recommendations to face them when developing a new trust and reputation mechanism. We will also study how some trust and reputation models solve them. This work expects to be a reference guide when designing secure trust and reputation models.

Providing trust in wireless sensor networks using a bio-inspired technique

Wireless Sensor Networks (WSNs) are becoming more and more spread and both industry and academia are focusing their research efforts in order to improve their applications. One of the first issues to solve in order to achieve that expected improvement is to assure a minimum level of security in such a restrictive environment. Even more, ensuring confidence between every pair of interacting nodes is a critical issue in this kind of networks. Under these conditions we present in this paper a bio-inspired trust and reputation model, called BTRM-WSN, based on ant colony systems aiming at providing trust and reputation in WSNs. Experiments and results demonstrate the accuracy, robustness and lightness of the proposed model in a wide set of situations.Wireless Sensor Networks (WSNs) are becoming more and more spread and both industry and academia are focusing their research efforts in order to improve their applications. One of the first issues to solve in order to achieve that expected improvement is to assure a minimum level of security in such a restrictive environment. Even more, ensuring confidence between every pair of interacting nodes is a critical issue in this kind of networks. Under these conditions we present in this paper a bio-inspired trust and reputation model, called BTRM-WSN, based on ant colony systems aiming at providing trust and reputation in WSNs. Experiments and results demonstrate the accuracy, robustness and lightness of the proposed model in a wide set of situations.

Towards pre-standardization of trust and reputation models for distributed and heterogeneous systems

Different trust and/or reputation models have arisen in the last few years. All of them have certain key processes in common such as scoring, ranking, rewarding, punishing or gathering behavioral information. However, there is not a standardization effort for these kinds of models. Such effort would be beneficial for distributed systems such as P2P, ad-hoc networks, multi-agent systems or Wireless Sensor Networks. In this paper we present a pre-standardization approach for trust and/or reputation models in distributed systems. A wide review of them has been carried out, extracting common properties and providing some pre-standardization recommendations. A global comparison has been done for the most relevant models against these conditions, and an interface proposal for trust and/or reputation models has been proposed.

TRIP, a trust and reputation infrastructure-based proposal for vehicular ad hoc networks

Vehicular ad hoc networks (VANETs) have drawn the attention of a number of researchers due to their several advantages and benefits. It is a very promising area of knowledge where investing new funds and effort is surely a wise move. Nevertheless, despite their multiple capabilities, new unresolved risks arise, and it is not always easy, or even feasible to cope with them. Recently, trust and reputation management has been proposed as a novel and accurate way to deal with some of these deficiencies. A considerable amount of works have been developed so far in this field concerning P2P networks, wireless sensor networks, ad hoc networks, etc. However, the application of behavioral-based trust and reputation management to VANETs is still at a preliminary stage. In this paper we survey the sate of the art, proving the current lack of proposals in this specific environment. We also suggest a set of design requirements for trust and reputation models specifically applicable to VANETs. Furthermore, we present our original proposal, TRIP, aimed to quickly and accurately distinguish malicious or selfish nodes spreading false or bogus messages throughout the network. We have also studied the level of fulfillment of each of the surveyed models with regard to each design requirement suggestion, comparing them with our approach. Finally, some preliminary experiments demonstrate the accurate performance of our trust and reputation mechanism under several different conditions.

Do not snoop my habits: preserving privacy in the smart grid

The recent deployment of smart grids has proven to bring numerous advantages in terms of energy consumption reduction in both homes and businesses. A more accurate measurement of up-to-date electricity necessities through smart meters utilization leads to an enhancement in the ability of monitoring, controlling and predicting energy use. Nevertheless, it has associated drawbacks related to the privacy of customers as well, since such management might reveal their personal habits and behavior, which electrical appliances they are using at each moment, whether they are at home or not, and so on. In this article we present a privacy enhanced architecture for smart metering aimed to tackle this threat by means of a new and novel protocol encrypting individual measurements while allowing the electricity supplier to access the aggregation of the corresponding decrypted values. The technique being used is named additively homomorphic encryption, and enables the direct connection and exchange of data between electricity suppliers and final users, while preserving the privacy of the latter.

TRMSim-WSN, Trust and Reputation Models Simulator for Wireless Sensor Networks

Trust and reputation models research and development for distributed systems such as P2P networks, Wireless Sensor Networks (WSNs) or Multi-agent systems has arisen and taken importance in the last recent years among the international research community. However it is not always easy to check the correctness and accuracy of a model and even more, to compare it against other trust and reputation models. This paper presents TRMSim-WSN, a Java-based trust and reputation models simulator aimed to provide an easy way to test a trust and/or reputation model over WSNs and to compare it against other models. It allows the user to adjust several parameters such as the percentage of malicious nodes or the possibility of forming a collusion, among many others.

TRIMS, a privacy-aware trust and reputation model for identity management systems

Electronic transactions are becoming more important everyday. Several tasks like buying goods, booking flights or hotel rooms, or paying for streaming a movie, for instance, can be carried out through the Internet. Nevertheless, they are still some drawbacks due to security threats while performing such operations. Trust and reputation management rises as a novel way of solving some of those problems. In this paper we present our work TRIMS (a privacy-aware trust and reputation model for identity management systems), which applies a trust and reputation model to guarantee an acceptable level of security when deciding if a different domain might be considered reliable when receiving certain sensitive users attributes. Specifically, we will address the problems which surfaces when a domain needs to decide whether to exchange some information with another possibly unknown domain to effectively provide a service to one of its users. This decision will be determined by the trust deposited in the targeting domain. As far as we know, our proposal is one of the first approaches dealing with trust and reputation management in a multi-domain scenario. Finally, the performed experiments have demonstrated the robustness and accuracy of our model in a wide variety of scenarios.

TACS, a Trust Model for P2P Networks

Many researchers are working hard in order to improve the capabilities of P2P networks. In this way, one of the main factors slowing down the improvement and development of P2P networks is the need to guarantee a minimum level of trust between two interacting nodes. This paper presents an innovative trust model providing a solution to this problem. Our trust model, which is based on the ant colony system, is able to select the best server to interact with, in terms of being the most trustworthy, in a very high percentage. Here, the traces of pheromone left by the ants correspond to the amount of trust that a node has on its neighbors.Many researchers are working hard in order to improve the capabilities of P2P networks. In this way, one of the main factors slowing down the improvement and development of P2P networks is the need to guarantee a minimum level of trust between two interacting nodes. This paper presents an innovative trust model providing a solution to this problem. Our trust model, which is based on the ant colony system, is able to select the best server to interact with, in terms of being the most trustworthy, in a very high percentage. Here, the traces of pheromone left by the ants correspond to the amount of trust that a node has on its neighbors.

Trust and reputation models comparison

Purpose – The purpose of this paper is to analyse and describe several trust and reputation models for distributed and heterogeneous networks and compare some of them in order to provide an evaluation amongst some of the most relevant works in this field.Design/methodology/approach – The authors have developed a trust and reputation models simulator for wireless sensor networks, called TRMSim‐WSN, and implemented several trust models for distributed networks in order to test their accuracy as well as their resilience against a set of specific security threats that can be applied in these particular systems, as the paper will show.Findings – The analysis of the outcomes obtained from the experiments revealed that while some models have a reasonably good performance against certain security threats, none of them behaves as would be desired under any circumstances.Research limitations/implications – Ongoing work is focused on the implementation of several trust and reputation models in the simulator TRMSim‐W...

Graph-based XACML evaluation

The amount of private information in the Internet is constantly increasing with the explosive growth of cloud computing and social networks. XACML is one of the most important standards for specifying access control policies for web services. The number of XACML policies grows really fast and evaluation processing time becomes longer. The XEngine approach proposes to rearrange the matching tree according to the attributes used in the target sections, but for speed reasons they only support equality of attribute values. For a fast termination the combining algorithms are transformed into a first applicable policy, which does not support obligations correctly. In our approach all comparison functions defined in XACML as well as obligations are supported. In this paper we propose an optimization for XACML policies evaluation based on two tree structures. The first one, called Matching Tree, is created for a fast searching of applicable rules. The second one, called Combining Tree, is used for the evaluation of the applicable rules. Finally, we propose an exploring method for the Matching Tree based on the binary search algorithm. The experimental results show that our approach is orders of magnitude better than Sun PDP.