International Journal of Engineering Trends and Technology (IJETT) – Volume 35 Number 3- May 2016
Empowering Trustworthy Valuation of
Reviews in Service-oriented Social networks
Divya J
Laxmi V
Dept of ISE,
BNM Institute of Technology,
Bengaluru , India.
Assistant Professor, Dept of ISE,
BNM Institute of Technology,
Bengaluru , India.
Abstract— The Trustworthy Service Evaluation (TSE)
system allows users to share service reviews in serviceoriented social networks. With the third trusted authority
each service provider maintains a TSE to collects and
stores the reviews about its service and these reviews are
made available to the interested users in making the right
service selection. The three types of service review attacks,
i.e., linkability, rejection, and modification attacks, and two
types of Sybil attacks, type 1 attacked by a group of
registered users and type 2 is launched by service provider
and a group of registered users are identified. The basic
TSE (bTSE) system uses MD5 algorithm to prevent the
service providers from rejecting, modifying, or deleting the
reviews and therefore sustaining the integrity and
authenticity of the reviews. Each user is provided with a
token before submitting a review and user with token is
only allowed to submit the review. The system uses the RSA
algorithm to generate the token. If a user shares a multiple
reviews in a particular time slot for a service provider, the
real identity of that user will be reported and the user is
blocked. Thus, by using bTSE systems the review attacks
and Sybil attacks are efficiently resisted.
Keywords— Social network; Sybil attacks; review
attacks.
I.
INTRODUCTION
The interests of the local service providers are
serving the users in close geographic region on the
grounds that most user’s select services based on the
comparison of the service quality. In the social
networks, to build up the trust relations between the
service providers and the users is significant. A
service provider is more likely to be chosen by the
users based on the high reputation. However, social
networks are autonomous and distributed networks
where no third trusted authority exists for
bootstrapping the trust relations. Therefore, for the
users in the service-oriented social networks, how to
ensure the trust evaluation of the service providers is
a challenging problem. Trustworthy service
evaluation (TSE) systems enable service providers or
any third trusted authority to receive user feedback,
known as service reviews or simply reviews, such as
compliments and complaints about their services [1].
By utilizing the TSE, the service providers study the
service experiences of the users and can enhance their
administration technique in time. In addition, the collected
reviews can be made available to the public, which
enhances service advertising and assists the users in making
ISSN: 2231-5381
wise service selections. The TSE is often maintained by a
third trusted authority that is trusted to host authentic
reviews. Popular TSE can be found in web based social
networks such as Facebook and online stores like eBay.
They are important marketing tools for service providers
who target the global market. The TSE is moved into the
service-oriented social networks settings. It requires service
providers to maintain the TSE by themselves. The possible
malicious behaviours conducted by the service providers
and the users are studied.
In the TSE, the vendor stores and disseminates service
information to the users. The adoption of the TSE is subject
to vendors’ own decisions. However, the users expect to
read comprehensive and authentic reviews of services, and
this expectation makes vendors who support the TSE
appear more attractive than the others. Without in-network
third trusted authorities in the service-oriented social
networks, vendors are required to manage reviews for
themselves. This requirement brings unique security
problems to the review submission process. For example,
vendors may reject or delete negative reviews and insert
forged positive ones, and the malicious users can leave
false negative reviews or drop the reviews from others to
decrease the reputation of some particular vendors. In the
design of the TSE for the service-oriented social networks,
security mechanisms must be included to resist these
attacks. Notorious Sybil attacks also cause huge damage to
the effectiveness of the TSE. On the other hand, in trust
systems like the TSE, if users abuse their pseudonyms to
leave reviews toward a vendor, the reputation of the vendor
can be easily increased or decreased. Even if a trusted
authority later identifies the malicious behaviour, the
detection delay cannot be tolerated in the TSE. It is
necessary to tackle how to resist the Sybil attacks and
guarantee both review integrity and review authenticity in
the design of the TSE for the service-oriented social
networks.
II. LITERATURE SURVEY
D. Quercia and S. Hailes[2] proposed a collaborative
applications for co-located mobile users can be severely
disrupted by a sybil attack to the point of being unusable.
Existing decentralized defenses have largely been designed
for peer-to-peer networks but not for mobile networks. That
is why we propose a new decentralized defense for portable
devices and call it MobID. The idea is that a device
manages two small networks in which it stores information
about the devices it meets: its network of friends contains
honest devices, and its network of foes contains suspicious
devices. By reasoning on these two networks, the device is
then able to determine whether an unknown individual is
carrying out a sybil attack or not. The extent to which
MobID reduces the number of interactions with sybil
http://www.ijettjournal.org
Page 118
International Journal of Engineering Trends and Technology (IJETT) – Volume 35 Number 3- May 2016
attackers and consequently enables collaborative
applications is evaluated.
X. Liang, X. Li, R. Lu, X. Lin[3] proposed a Secure
and Efficient service Review (SEER) system to enable user
feedback in service-oriented mobile social networks (SMSNs). Each service provider independently maintains a
SEER system for itself, which collects and stores user
reviews about its services without requiring any central
trusted authority. The service reviews can then be made
available to interested users in making wise service
selection decisions. The three unique service review attacks
are identified and then develop sophisticated security
mechanisms for SEER to deal with these attacks.
Specifically, SEER enables users to distributed and
cooperatively submit their reviews in an integrated chain
form by using hierarchical and aggregate signature
techniques. It discourages service providers to reject,
modify or delete their reviews.
Das and Islam [4] introduced a dynamic model
computing confidence to address strategic behaviour
alteration of malicious agents. W. Dong, V. Dave, L. Qiu,
and Y. Zhang has enabled mobile to submit their views to
a local dealer maintained by the system, where opinions
represent the results of the evaluation to the services of a
seller users. It believes that the malicious behaviour by the
supplier and users, including attacks revision and Sybil
attacks[4], [5]. Instead of using an additional monitor
device at the site of the seller, explore cooperative efforts of
users and use efficient techniques based on cryptography to
increase SR, SD reduce and mitigate the impact of
malicious behaviour. Distributed systems are vulnerable to
Sybil attacks where an adversary manipulates false
identities or pseudonyms abuse jeopardizes the
effectiveness of the systems. For example, peer-to-peer,
Douceur [6] indicated that the Sybil attacks can
compromise the redundancy of distributed storage systems.
In sensor networks, Karloff and Wagner [7] showed that the
Sybil attacks can damage the routing efficiency.
Lu et al. [8] proposed a mechanism for efficient
detection of double registration, which can be done to
mitigate potential attacks Sybil. The Sybil attacks on social
networks have attracted much attention recently [9], [10].
In social networks, Wei et al. [11] mentions the existence of
a trusted authority can mitigate the effect of Sybil attacks,
but considers that these requirements impose additional
burdens on users is not acceptable. The Sybil attacks in the
S-MSN, where registered users can legally apply for
multiple pseudonyms and alternatively use pseudonyms to
preserve their identity and location privacy [5]. Meanwhile,
the lack of authority in the third network of trust makes it
very difficult to detect Sybil attacks. It identifies two
typical types of Sybil attacks, which are proposed to a
pseudonym sophisticated design and build the SrTSE based
bTSE [11] to resist two Sybil attacks.
Review attack 1. Review linkability attack is executed
by malicious users, who claim to be members of a specific
group, but disable the group authority to trace the review
back to its unique identity, thus breaking review linkability.
Review attack 2. Review rejection attack is launched by
the vendor when a user submits a negative review to it. In
the attack, the vendor drops the review silently without
responding to the submission request from the user, and
hides public opinions and mislead users.
Review attack 3. Review modification attack is
performed by the vendor toward locally stored review
collections. The vendor inserts forged complimentary
reviews, or modifies negative reviews in a review
collection. Such attacks aim at false advertising by breaking
review integrity and influencing user behaviours.
The sybil attacks can be easily performed in the TSE as
follows:
Sybil attack 1. Such an attack is launched by malicious
users: One registered user leaves multiple reviews toward a
vendor in a time slot, where the reviews are false and
negative to the service.
Sybil attack 2. Such an attack is launched by malicious
vendors with colluded users: A malicious vendor asks one
registered user to leave multiple reviews toward itself in a
time slot, where the reviews are positive to the service.
The above two sybil attacks produce inaccurate
information, which is unfair to either vendors or users, and
disrupt the effectiveness of the TSE. To this end, we
propose another security mechanism to effectively resist the
sybil attacks by limiting each user to generate only one
review toward a vendor. If any user generates two or more
than two reviews with different pseudonyms toward a
vendor in a time slot, its real identity will be exposed to the
public.
IV. DESIGN OF bTSE
In the bTSE, a user, after being serviced by the vendor,
submits a review to the vendor, which then stores the
review in its local repository. During review submission,
data integrity, authenticity, and non repudiation can be
obtained by directly applying traditional cryptography
technique such as hashing on review content However, it is
challenging to resist the three review attacks and the two
sybil attacks introduced in Section III.
III. PROBLEM STATEMENT
The user is allowed to share a review about service
vendor after receiving its services and all the reviews are
maintained in Trustworthy Service Evaluation (TSE). The
TSE systems are managed by the service provider or the
third trusted party. The TSE maintained by the vendors are
vulnerable to review attacks and sybil attacks since there is
no security mechanism for the TSE systems. The various
malicious attacks that aim especially at the TSE are
described below.
ISSN: 2231-5381
Figure 1. System Architecture
The Admin is the third trusted party. The admin adds the
various services provided by the service vendors. After
adding the services, the admin uploads the services to the
http://www.ijettjournal.org
Page 119
International Journal of Engineering Trends and Technology (IJETT) – Volume 35 Number 3- May 2016
database. These services are then made available for the
registered users to write the reviews. The admin uploads
the services; the user can use these services. Then the user
can share his opinion regarding the services. This feedback
is also stored in the database. The user requests the admin
for the token to share the feedback. The admin generates
the one time transaction token and sends token to the user
through mail. The token is generated using the RSA
algorithm. The user retrieves the token from the mail and
writes the feedback using the token and then submits it,
which is stored in the database. For each service a user can
write the feedback only once. The system architecture is
shown in the Figure 1. The MD5 algorithm is applied on
reviews to provide integrity. So if the vendor attempts to
perform the attacks on the reviews will be identified as an
attacker. The user allowed submitting the review only if the
token is valid, thus it prevents user to leave multiple
reviews towards the service providers.
A.Token generation
The keys for the RSA algorithm are generated the following
way:
1.Choose two distinct prime numbers p and q.
For security purposes, the integers p and q should be
chosen at random, and should be similar in magnitude but
'differ in length by a few digits to make factoring harder.
Prime integers can be efficiently found using a primality
test.
2.Compute n = pq.
n is used as the modulus for both the public and private
keys. Its length, usually expressed in bits, is the key length.
3.Compute φ(n) = φ(p)φ(q) = (p − 1)(q − 1) = n − (p + q −
1), where φ is Euler's totient function. This value is kept
private.
4.Choose an integer e such that 1 < e < φ(n) and gcd(e,
φ(n)) = 1; i.e., e and φ(n) are coprime.
5.Determine d as d ≡ e−1 (mod φ(n)); i.e., d is the modular
multiplicative inverse of e (modulo φ(n))
This is more clearly stated as: solve for d given d⋅e ≡ 1
(mod φ(n))
e having
a
short bit-length
and
small Hamming
weight results in more efficient encryption – most
commonly 216 + 1 = 65,537. However, much smaller values
of e (such as 3) have been shown to be less secure in some
settings.
e is released as the public key exponent.
d is kept as the private key exponent. The public
key consists of the modulus n and the public (or encryption)
exponent e. The private key consists of the modulus n and
the private (or decryption) exponent d, which must be kept
secret. p, q, and φ(n) must also be kept secret because they
can be used to calculate d.
An
alternative,
used
by PKCS#1,
is
to
choose d matching de ≡ 1 (mod λ) with λ = lcm(p − 1, q −
1), where lcm is the least common multiple. Using λ instead
of φ(n) allows more choices for d. λ can also be defined
using the Carmichael function, λ(n).
Since any common factors of (p − 1) and (q − 1) are present
in the factorization of pq − 1,it is recommended that (p − 1)
and (q − 1) have only very small common factors, if any
besides the necessary 2.
B. MD5 ALGORITHM
MD5 Algorithm: The MD5 message digest algorithm is a
widely used cryptographic hash function producing a
ISSN: 2231-5381
128-bit (16-byte) hash value, typically expressed in text
format as a 32 digit hexadecimal number. MD5 has
been utilized in a wide variety of cryptographic
applications, and is also commonly used to verify data
integrity.
MD5 algorithm consists of 5 steps:
Step 1. Appending Padding Bits. The original message is
"padded" (extended) so that its length (in bits) is congruent
to 448, modulo 512. The padding rules are:
The original message is always padded with one
bit "1" first.
Then zero or more bits "0" are padded to bring
the length of the message up to 64 bits fewer than
a multiple of 512.
Step 2. Appending Length. 64 bits are appended to the end
of the padded message to indicate the length of the original
message in bytes. The rules of appending length are:
The length of the original message in bytes is
converted to its binary format of 64 bits. If
overflow happens, only the low-order 64 bits are
used.
Break the 64-bit length into 2 words (32 bits
each).
The low-order word is appended first and
followed by the high-order word.
Step 3. Initializing MD Buffer. MD5 algorithm requires a
128-bit buffer with a specific initial value. The rules of
initializing buffer are:
The buffer is divided into 4 words (32 bits each),
named as A, B, C, and D.
Word A is initialized to: 0x67452301.
Word B is initialized to: 0xEFCDAB89.
Word C is initialized to: 0x98BADCFE.
Word D is initialized to: 0x10325476.
Step 4. Processing Message in 512-bit Blocks. This is the
main step of MD 5 algorithm, which loops through the
padded and appended message in blocks of 512 bits each.
For each input block, 4 rounds of operations are performed
with 16 operations in each round.
Step 5. Output. The contents in buffer words A, B, C, D are
returned in sequence with low-order byte first.
CONCLUSION
The bTSE(basic Trustworthy Service Evaluation) system
for Service-oriented social networks is proposed to write a
review. The system involves token to submit a review. The
system engages RSA algorithm to generate the one time
transaction token. The user before writing the feedback
requests for a one time transaction token for a selected
service. The requested token is sent to the user mail, using
the token review is submitted. The MD5 hashing technique
is applied on the review which improves review integrity
and significantly reduces vendors’ modification capability.
The three review attacks link ability, modification, rejection
attacks are resisted effectively with relying on a third
trusted authority. The system allows users to leave only one
review towards a vendor in a predefined time slot. If
multiple reviews with different pseudonyms from one user
are generated, the real identity will be disclosed and the
user will be blocked from writing the review.
http://www.ijettjournal.org
Page 120
International Journal of Engineering Trends and Technology (IJETT) – Volume 35 Number 3- May 2016
REFERENCES
[1] Xiaohui Liang, Student Member, IEEE, Xiaodong Lin,
Member, IEEE, and Xuemin (Sherman) Shen, “Enabling
Trustworthy Service Evaluation in Service-Oriented Mobile Social
Networks” Fellow, IEEE 2014.
[2] D. Quercia and S. Hailes, “Sybil Attacks Against Mobile Users:
Friends and Foes to the Rescue,” Proc. IEEE INFOCOM, pp. 336340, 2010.
[3] X. Liang, X. Li, R. Lu, X. Lin, and X. Shen, “Seer: A Secure
and Efficient Service Review System for Service- Oriented Mobile
Social Networks,” IEEE, 2012.
[4] A. Das and M.M. Islam, “SecuredTrust: A Dynamic Trust
Computation Model for Secured Communication in Multiagent
Systems,” IEEE, 2012.
[5] W. Dong, V. Dave, L. Qiu, and Y. Zhang, “Secure Friend
Discovery in Mobile Social Networks,” IEEE, 2011.
ISSN: 2231-5381
[6] J. Douceur, “The Sybil Attack,” Proc. Revised Papers First
Int’l Workshop Peer-to-Peer Systems, 2002.
[7] C. Karlof and D. Wagner, “Secure Routing in Wireless Sensor
Networks: Attacks and Countermeasures,” Ad Hoc Networks,
2003.
[8] R. Lu, X. Lin, X. Liang, and X. Shen, “A Dynamic PrivacyPreserving Key Management Scheme for Location-Based Services
in VANETs,” IEEE, 2012.
[9] B. Viswanath, A. Post, P.K. Gummadi, and A. Mislove, “An
Analysis of Social Network-Based Sybil Defenses,” ACM, 2010.
[10] A. Mohaisen, N. Hopper, and Y. Kim, “Keep Your Friends
Close: Incorporating Trust into Social Network-Based Sybil
Defenses,” IEEE, 2011.
[11] W. Wei, F. Xu, C.C. Tan, and Q. Li, “Sybil defender: Defend
against Sybil Attacks in Large Social Networks,” IEEE, 2012.
http://www.ijettjournal.org
Page 121