P2P Reputation Systems: Concepts and Applications
1. INTRODUCTION
In the last few years, a lot of research activity has been targeting Peer-to-Peer (P2P) technology,
systems, architectures and applications. Such systems comprise a number of autononous heterogeneous
peers with intermittent presence in the network and a high level of anonymity, which interoperate in
applications such as file sharing (e.g. Gnutella [Gnutella 2008], Kazaa [Kazaa 2008], Freenet [Freenet
2008] [Clarke et al. 2000]), instant messaging (e.g. Jabber [Jabber 2008]), distributed computing (e.g.
Seti@Home [Seti@home 2003]), or P2P e-commerce (e.g. [Datta et al. 2003] and [Despotovic et al.
2004]). These applications exploit the basic characteristics of P2P technology, namely scalability, selforganization, high level of distribution and ability to function in the presence of a highly transient
population of nodes, network, and computer failures, without the need of a central server and central
administration. This decentralized nature and the lack of a controlling authority expose P2P systems1 to
a broad range of security attacks, as it has also been recognized by other researchers [Castro et al.
2002], [Sit and Morris 2002] and [Maniatis et al. 2004]. Examples of such attacks include:
- Denial of Service (DoS), where adversaries consume or cause waste of network-level resources
(bandwidth, buffer space) and application-level resources (computation, memory) in order to
prevent clients of the system from obtaining timely service
- Free-loading, where adversaries attempt to benefit from the system’s services while contributing
as less as possible to the system
- Other malicious actions, where attackers attempt to compromise the integrity of the content or of
the service provided by a P2P system or the access to restricted resources by not complying to
the P2P routing or storage protocols, as shown in [Castro et al. 2002].
The effect of these attacks is maximized when malicious peers cooperate with each other or when a
peer enters a P2P system with multiple identities (Sybil attack [Douceur 2002]) and orchestrates them
in order to subvert the system.
The aforementioned attacks cannot be alleviated by traditional centralized security mechanisms
which usually protect resources by assigning rights to entities based on their identities. Therefore, a
number of advanced decentralized security mechanisms have been proposed in order to protect a P2P
system from various attacks; examples include mechanisms for secure routing and secure message
forwarding [Castro et al. 2002], mechanisms for DoS defense [Maniatis et al. 2004] and so on.
In addition, peers need to make trust decisions about whom to transact with, i.e. which peer’s
services they can rely on. Trust decisions are also needed for selecting honest peers to participate in
P2P functions, such as routing and message forwarding, in order to avoid some of the aforementioned
attacks. Therefore, trust is a prominent issue in P2P computing, and necessitates the use of trust
mechanisms. Reputation systems, also referred to as reputation-based trust systems, have emerged to
address this need and constitute an important trust management mechanism in online communities.
1
In the rest of the paper we use the terms ‘P2P systems’ and ‘P2P applications’ interchangeably.
Their main aim is to support trust decisions, i.e. to help an entity to decide whether to trust another
entity and have a transaction with it or not, by using past behavior as a predictor of future behavior.
However, reputation systems suffer themselves from attacks coming mainly from unfair or deceitful
raters, which, for example, could exploit loose registration and authentication policies in order to
deceive the system without being identified. Such attacks can be quite synchronized and powerful and
reduce the credibility of the reputation system.
While several reputation systems exist in the research literature, there is little work regarding their
credibility and their resistance to comprehensive adversary models. The work in [Suryanarayana and
Taylor 2006], which presents a threat-centric framework for evaluating and comparing different
decentralized reputation systems, and the work in [Ruohomaa et al. 2007] which presents an analysis
and comparison of reputation systems regarding basic credibility criteria are two of the very few
examples found in this area. In fact, the literature lacks a systematic analysis of the attack space related
to reputation-based trust systems for P2P applications.
2. CONCEPTS AND APPLICATIONS OF P2P REPUTATION SYSTEMS
A rich variety of reputation systems has been proposed in the literature based on either a centralized or
a decentralized architecture. Centralized reputation systems (e.g. eBay) rely on a central control or
administration of information, whereas in decentralized reputation systems (e.g. [Xiong and Liu 2004] ,
[Song et al. 2005], [Dillon et al. 2004], [Despotovic and Aberer 2004], etc.) reputation information
management is distributed to all participating entities. In the latter case some entities could still have a
special role, acting for example as trusted parties. Decentralized reputation systems, which are
examined in this paper, are more suitable for P2P applications where no central entities exist.
In a decentralized reputation system the participating entities play interchangeably the roles of
trustor, trustee and recommender. The trustor is an entity which wants to make a trust decision
regarding whether to participate or not in a transaction with another entity, the trustee. A transaction
can involve accessing or allowing access to a resource, e.g. a file, buying or selling goods, etc. The
recommender is the entity that provides the trustor with information regarding the trustworthiness of
the trustee; this information is known as recommendation.
To make a trust decision the trustor tries to predict the future behavior of the trustee by forming a
view of the trustee based on experience about its earlier actions. This subjective view is formed by
estimating an indicator of the quality of the trustee regarding its services (e.g. provision of a file, an
ecommerce trade, etc.) and comprises the trustee’s reputation or trustworthiness from the trustor’s
point of view. To form a reputation view, the trustor needs to gather experience information, either by
referring to its own earlier experience with the trustee, or by acquiring it from other entities in the form
of recommendations. Recommendations can be based on the recommender’s personal experience
alone, or on a combination of personal experience and earlier recommendations from others. A
recommendation is either a rating describing a single transaction experience (transaction-based
recommendation), or an opinion formed by the outcome of several transactions and possible outside
experience (opinion-based recommendation). The aggregation of recommendations regarding the
trustee results in estimating the trustee’s reputation value, which can be translated in a way that
facilitates a trust decision.
A trust decision is either threshold-based (e.g. [Xiong and Liu 2004] , [Despotovic and Aberer
2004], [Sabater and Sierra 2002], [Dillon et al. 2004]) where the selection of the trustee for a
transaction depends on the comparison between a specific threshold and the trustee’s reputation value,
or rank-based, where the trustor compares the trustworthiness of different peers and chooses to transact
with the entity which has the highest reputation value (e.g. [Aberer and Despotovic 2001]. A slightly
different rank-based trust decision method is proposed by Papaioannou and Stamoulis [2006]; in this
approach, a peer (service requester) selects another peer (service provider) to transact with in a
probabilistically fair manner according to the rank of the latter peer. A peer’s rank is estimated based
on its own reputation and the average reputation of all peers and determines the demand that this peer
can probabilistically attract as a future service provider.
The reputation of a peer is context-specific. Context may refer to the kind of service the trustee
provides, e.g. a peer could be highly reputable when coming to providing files but have a low
reputation as a recommender provider, or with regards to specific attributes of such a service, e.g.
authenticity of provided files, quality and quantity of a product purchased by the trustee in an ecommerce trade, etc. Reputation also depends on time, as the behavior of peers is dynamic;
furthermore, recent transactions are often considered more important for reputation estimation than
older ones.
A reputation system may support one or multiple levels of feedback transitivity. In the case of a
single transitivity level, a trustor directly collects information from peers which have had transactions
with the trustee. In the case of multiple transitivity levels, the trustor indirectly collects information
from peers which have had transactions with the trustee. This means that chains of entities are formed
to communicate to the trustor recommendations from entities which have directly interacted with the
trustee. In such chains of entities, each pair of two successive entities have transacted with each other,
so every peer has estimated a reputation value for the previous peer and all these values are used for the
estimation of the trustee’s reputation value. Reputation systems with multiple transitivity, are often
graphically presented as directed graphs, as in [Despotovic and Aberer 2004], where nodes represent
the peers, edges represent transactions between the connected peers and the weight of an edge
represents the context of the corresponding transaction and the rating of the behavior of the destination
node in the transaction as perceived by the source.
Reputation values are estimated either locally and subjectively by the trustor (e.g. [Xiong and Liu
2004], [Liang and Shi 2005]) or as global values calculated by special peers (e.g. [Kamvar et al. 2003],
[Zhou and Hwang 2007a], [Zhou and Hwang 2007b]). In the first case every peer estimates
personalized reputation values for other peers, based on its own opinions and selected
recommendations from third parties. In this way, one peer has different reputation in different peers’
database, as it is happening in real human life. In the latter case, a unique global reputation value is
estimated for each peer in the network, based on the opinions from the whole peer population. Local
reputation values are stored by the trustor itself, whereas for global reputation values ‘storing peers’,
i.e. peers storing the reputation values, are determined either randomly [Singh and Liu 2003] or by
using various techniques, such as Bloom filters [Zhou and Hwang 2007a], or a Distributed Hash Table
(DHT) as it is proposed in [Kamvar et al. 2003], [Stoica et al. 2001] and [Ratnasamy et al. 2001], and
so on. A different approach for reputation estimation is followed in NICE [Lee et al. 2003], where the
trustee is the entity which estimates and stores its own reputation value from a chain of entities which
have interacted with each other and connect the trustor with the trustee.
The various concepts of a decentralised reputation-based trust system are illustrated in the class
diagram of Figure 1.
Based on the above and on the results of some further analysis that we conducted in the field, we
outline below the basic characteristics of a reputation system which distinguish one from another:
a) Recommendation content and its representation. This could be an arithmetic value, a statement,
or a combination of a value and associated semantic information, such as the confidence of the
recommender, context and time information, etc. A recommendation can represent only positive
behavior, only negative behavior or both types of behavior of the trustee. Regarding its
representation, various formats can be used, such as binary, scalar or continuous values in a specific
interval, such as [0,1], or text in case that it contains semantic information (as in [Ingram 2003]);
b) Recommendation formation. A recommendation can be formed based on the evaluation of a
single transaction that the recommender conducted with the trustee or on aggregated ratings
regarding the transactional behaviour of the trustee. Techniques that can be used for the formation
can vary from manual ratings of single transactions (as in [Xiong and Liu 2004]) to probabilistic
techniques (as in [Zhou and Hwang 2007b] and statistical aggregation of simple arithmetic ratings
(as in [Kamvar et al. 2003]).
c) Selection of Recommenders. Recommenders can be selected based on their credibility as
recommenders, on knowledge regarding the social relationships between peers, on the similarity of
the recommenders’ previous recommendations with the recommendations of the trustor regarding
commonly evaluated peers, and so on.
d) Reputation Estimation. It refers to the calculation approach used for transforming the available
information (both direct transactional information and recommendations from others) to a useful
reputation metric. As described in Chang et al. [2005], such an approach can be either deterministic,
probabilistic or based on fuzzy logic.
e) Storage and dissemination of reputation information. Reputation values may be estimated either
reactively (i.e. on demand) or proactively (i.e. after each transaction conducted by the trustee).
Calculated reputation values are stored either locally by the trustor or the trustee or by other peers
(which we call ‘storing peers’) that are determined using various techniques as we have
aforementioned. A reputation value may be stored by more than one ‘storing peers’ for preserving
integrity. Furthermore, reputation values are communicated by the storing peers to other interested
parties either upon request, or using a disseminating technique, such as flooding [Lee et al. 2003].
f) The way a trust decision is made. Trust decisions are threshold-based or rank-based; they are
based on the estimated reputation values, therefore, the latter should be translated in a manner that
facilitates trust decisions.
Figure 1. Concepts in a decentralized reputation-based trust system
Various reputation systems have been proposed for different categories of P2P applications, such as
P2P communities [Xiong and Liu 2004] , [Lee et al. 2003], P2P e-commerce [Dillon et al. 2004],
[Sabater and Sierra 2002], [Song et al. 2005] and file sharing [Selcuk et al. 2004]. Each application
category exhibits specific context characteristics which affect the choices of a reputation system
designer regarding the aforementioned characteristics of a reputation system (e.g. content and
formation of the recommendation, the way the recommender is selected etc.). A comparison of the
various design choices in a number of reputation systems for different P2P application types is
presented in [Koutrouli and Tsalgatidou 2006].
REFERENCES
ABERER, K., AND DESPOTOVIC, Z.,2001. Managing trust in a peer-2-peer information system, In Proceedings of the 10th Intl
Conference on Information and Knowledge Management (CIKM), Atlanta, 2001
CASTRO, M., DRUSCHEL, P., GANESH, A., ROWSTRON, A., AND WALLACH, D. S. 2002. Secure routing for structured peer-to-peer
overlay networks. In Proceedings of the 5th symposium on Operating Systems Design and Iimplementation (OSDI 2002),
Boston, MA, Vol. 36, 299-314
CHANG, E., DILLON, T., HUSSAIN, F. K. 2005 Trust and Reputation for Service-Oriented Environments: Technologies for Building
Business Intelligence and Consumer Confidence. John Wiley & Sons, chapter 10.
CLARKE, I., SANDBERG, O., WILEY, B., AND HONG, T. W. 2000. Freenet: A distributed anonymous information storage and
retrieval system. In Proceedings of the ICSI Workshop on Design Issues in Anonymity and Unobservability, Berkeley, CA,
2000
DATTA, A., HAUSWIRTH, M., AND ABERER, K. 2003. Beyond “Web of Trust”: Enabling P2P E-commerce. In Proceedings of the,
IEEE International Conference on E-Commerce Technology (CEC'03), Newport Beach, CA, USA, 24-27 June 2003, 303312
DESPOTOVIC, Z.; USUNIER, J.-C. AND ABERER, K. 2004. Towards peer-to-peer double auctioning. In Proceedings of the 37th
annual Hawaii International Conference on System Sciences (HICSS-37), January 5-8, 2004, Waikoloa, Island of Hawai,
289-296
DILLON, T.S., CHANG, E., AND HUSSAIN, F.K. 2004. Managing the Dynamic Nature of Trust. In IEEE Journal Of Intelligent
Systems , Sept/Oct 2004, 19(5), 79-82
DOUCEUR, J. R. 2002. The sybil attack, In Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS02),
Cambridge, MA (USA), March 2002
FREENET 2008. The Freenet website: http://freenetproject.org/
JABBER 2008. The Jabber website: http://www.jabber.org/web/Main_Page
GNUTELLA 2008. The Gnutella web site: http://wiki.limewire.org/
INGRAM, D. 2003. Trust-based Filtering for Augmented Reality. In Proceedings of the 1st International Conference on Trust
Management, May 2003, LNCS, vol. 2692, 108-122
KAZAA 2008. The Kazaa website: http://www.kazaa.com/
KAMVAR, S., SCHLOSSER, M., AND GARCIA-MOLINA, H. 2003. The EigenTrust Algorithm for Reputation Management in P2P
Networks, In Proceedings of the World Wide Web Conference 2003, Budapest, Hungary, May 2003
KOUTROULI, E., AND TSALGATIDOU, A. 2006. Reputation-based Trust Systems for P2P Applications: Design issues and
comparison framework, In Proceedings of the 3rd International Conference on Trust, Privacy and Security in Digital
Business (TRUSTBUS 2006), Krakow, Poland, September 2006, 152-161
LEE, S., SHERWOOD, R., AND BHATTACHARJEE, B. 2003. Cooperative peer groups in Nice, In Proceedings of the22nd Annual
Joint Conference on the IEEE Computer and Communications Societies (IEEE Infocom ’03), San Francisco, CA, USA,
March 30- April 3, 2003
LIANG, Z., AND SHI, W. 2005. Pet: A personalized trust model with reputation and risk evaluation for P2P resource sharing. In
Proceedings of the Proceedings of the 38th Annual Hawaii international Conference on System Sciences (HICSS 2005), Vol.
07,
January
03
06,
2005,
IEEE
Computer
Society,
Washington,
DC,
201.2,
DOI=
http://dx.doi.org/10.1109/HICSS.2005.493
MANIATIS, P., GIULI, T.J., ROUSSOPOULOS, M., ROSENTHAL, D. S.H., AND BAKER, M. 2004. Impeding Attrition Attacks on P2P
Systems. In Proceedings of the 11th ACM SIGOPS European Workshop, Leuven, Belgium, September 2004
PAPAIOANNOU, TH. G., AND STAMOULIS, G. D. 2006. Enforcing Truthful-Rating Equilibria in Electronic Marketplaces, In
Proceedings of the IEEE ICDCS Workshop on Incentive-Based Computing, Lisbon, Portugal, July 2006
RATNASAMY, S., FRANCIS, P., HANDLEY, M., KARP, R., AND SHENKER. S. 2001. A scalable content-addressable network. In
Proceedings of the ACM SIGCOMM 2001 Conference on Applications, Technologies, Architectures, and Protocols for
Computer Communication,,August 27-31, 2001, 161-172
RUOHOMAA, S., KUTVONEN, L., AND KOUTROULI, E. 2007. Reputation Management Survey, In Proceedings of the 2nd
International Conference on Availability, Reliability and Security (ARES 2007), Vienna, April 2007, 103-111
SABATER, J., AND SIERRA, C. 2002. Reputation and social network analysis in multi-agent systems, In Proceedings of the 1st
International Joint Conference on Autonomous Agents and MultiAgent Systems, Bologna, 2002, 475-482
SELCUK, A. A., UZUN, E. AND PARIENTE, M. R. 2004. A Reputation-Based Trust Management System for P2P Networks, In
Proceedings of the 4th International Workshop on Global and Peer-to-Peer Computing (GP2PC), 2004
SINGH, A., AND LIU, L. 2003. TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems. In
Proceedings of the IEEE International Conference on Peer-to-Peer Computing, September 2003
SIT, E., AND MORRIS, R. 2002. Security Considerations for Peer-to-Peer Distributed Hash Tables. In Proceedings of the 1st
International Workshop on Peer-to-Peer Systems (IPTPS 2002), March 2002, 261 - 269
SONG, S., HWANG, K., ZHOU, R., AND KWOK, Y.-K. 2005. Trusted P2P Transactions with Fuzzy Reputation Aggregation, In IEEE
Internet Computing Magazine, Special Issue on Security for P2P and Ad Hoc Networks, Nov/Dec 2005, 24-34
STOICA, I., MORRIS, R., KARGER, D., KAASHOEK, M.F., AND BALAKRISHNAN, H. 2001. Chord: A scalable peer-to-peer lookup
service for internet applications. In Proceedings of the ACM SIGCOMM 2001 Conference on Applications, Technologies,
Architectures, and Protocols for Computer Communication, August 27-31, 2001, 149–160
SURYANARAYANA, G., AND TAYLOR, R. N. 2006. TREF: A Threat-centric Comparison Framework for Decentralized Reputation
Models, ISR Technical Report UCI-ISR-06-2, January 2006
XIONG, L., AND LIU, L. 2004. PeerTrust: Supporting reputation-based trust for peer-to-peer electronic communities, In IEEE
Transactions on Knowledge and Data Engineering, 16(7), July 2004, 843–857
ZHOU, R., AND HWANG, K. 2007. Gossip-based reputation management for unstructured peer-to-peer networks. In IEEE
Transactions on Knowledge and Data Engineering, Jan 2007. 20(9), Sept. 2008, 1282 – 1295
ZHOU, R., AND HWANG, K. 2007. Powertrust: A robust and scalable reputation system for trusted peer-to-peer computing, In
IEEE Transactions on Parallel and Distributed Systems, 18(4), April 2007, 460-473