No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
A Quantifiable Trust Model for Blockchain-Based Identity Management
... DTI can be administered by a centralized service that verifies the identity of users using governmentissued identification documents such as national ID cards, passports, social security numbers, and driver's licenses, among others. After verification, the validated identity attestations are maintained on a DL for further verification by third-parties [1], [74], [76]. On the contrary, SSI allows users to completely own and manage their respective identities without having to rely on any existing third-party attestations. ...
... As a possible solution to the loss of trust in conventional institutions and third parties, blockchain has risen and allows itself to function as a trust-free economic unit. Gruner et al. [76] propose a computable trust model for BC-based IDMS. Trust is applied to digital ID in a decentralized manner. ...
... Concerning IDMS, the assessment of digital records, statements, and certification requirements relies on the service provider's information or another dependent party's correctness and legitimacy. The service provider trusts the authenticity of a digital identity [76]. To answer the question ''why identity management ties with blockchain?'' ...
Identity Management System (IDMS) refers to how users or individuals are identified and authorized to use organizational systems and services. Since traditional identity management and authentication systems rely heavily on a trusted central authority, they cannot mitigate the effects of single points of failure. As a decentralized and distributed public ledger in a peer-to- peer (P2P) network, Blockchain (BC) technology has garnered a considerable amount of attention in the field of IDMS in recent years. Through Self-Sovereign Identity (SSI), users can have full authority over their digital identity. Successful implementation of a BC-based IDMS can significantly increase the degree of privacy and security of a user’s SSI. However, the integration of BC-based IMDS to provide a user with SSI is still an unorganized area of research in its early stages of development. This article presents an extensive literature review of state-of-the-art academic publications as well as commercial market offerings regarding the applicability of BC-based SSI solutions. It also provides a detailed preliminary regarding the building blocks of blockchain technology and a progressive roadmap of IDMS solutions. In order to develop an effective BC-based IDMS solution that focuses on securing a user’s SSI, this article outline five essential components of a BC-based IDMS: authentication, integrity, privacy, trust, and simplicity. Furthermore, we perform a security analysis that outlines several types of adversarial threats that can cause potential damage to the BC-based IDMS. We identify and discuss associated issues and challenges by analyzing several notable BC-based IDMS solutions in academic literature. We also highlight potential research gaps and provide future research scope.
... Six research articles present or discuss reputation models for SSI [105,112,[122][123][124][125]. Section 6.2.2 introduced one of them. ...
... Gruner et al. [125] used graph theory to model trust in blockchain-based SSI systems. The originator of VPs is endorsed in a blockchain by system participants in their proposal. ...
... Bhattacharya et al. [123] expanded on [125] by including time as a variable in their reputation model. They hypothesized that in the context of Sovrin, the initial reputation of issuers could be influenced by Sovrin's onboarding process, which could be biased. ...
Self-Sovereign Identity (SSI) is an identity model centered on the user. The user maintains and controls their data in this model. When a service provider requests data from the user, the user sends it directly to the service provider, bypassing third-party intermediaries. Thus, SSI reduces identity providers' involvement in the identification, authentication, and authorization, thereby increasing user privacy. Additionally, users can share portions of their personal information with service providers, significantly improving user privacy. This identity model has drawn the attention of researchers and organizations worldwide, resulting in an increase in both scientific and non-scientific literature on the subject. This study conducts a comprehensive and rigorous systematic review of the literature and a systematic mapping of theoretical and practical advances in SSI. We identified and analyzed evidence from reviewed materials to address four research questions, resulting in a novel SSI taxonomy used to categorize and review publications. Additionally, open challenges are discussed along with recommendations for future work.
... Meinel. They have two articles published together [53,54] and another two with Tatiana Gayvoronskaya [52,102]. Therefore, both the vertices and the edges that connect the vertices representing these three authors have the most prominent weight in this graph (i.e., the thickest vertices and edges). ...
... Three works present reputation models [20,52,54], i.e., ways to quantitatively assess whether a credential, claim, or identity is trustworthy. Gruner et al. [52] built on top of graph theory to create a graph model of trust, having a function that searches in the graph for credentials issued to an identity and derives a trust factor. ...
... Three works present reputation models [20,52,54], i.e., ways to quantitatively assess whether a credential, claim, or identity is trustworthy. Gruner et al. [52] built on top of graph theory to create a graph model of trust, having a function that searches in the graph for credentials issued to an identity and derives a trust factor. Bhattacharya et al. [20] built on top of [52], adding time as a variable in their reputation model. ...
Self-Sovereign Identity is a user-centric identity model. In this model, the user maintains and controls their data. When requested by a service provider, user data is sent directly by the user, without the intermediation of third parties. Thus, in Self-Sovereign Identity, the participation of known identity providers for proof of identity is reduced, which increases user privacy. This identity model has attracted the attention of researchers and organizations around the world. All this interest increased the number of scientific articles published on the subject. The analysis of published materials showed that ideas and proposals are very diverse and dispersed. Although there are few systematic reviews, they lack methodological rigor and are limited to a small subset of published works. This study presents a rigorous systematic mapping and systematic literature review covering theoretical and practical advances in Self-Sovereign Identity. We identified and aggregated evidence from publications to answer four research questions, resulting in a classification scheme used to categorize and review publications. Open challenges are also discussed, providing recommendations for future work.
... Without attested digital identities, these IoT devices can barely transact with others, leading to untrusted environments and consequently a lack of business opportunities [10]. Subsequently, there is a strong demand for determining trust of a digital device identity and to calculate quantifiable trust scores independently from single central third party [11]. ...
... IPFS) [18]. A quantifiable trust model in blockchain-based identity management was using the WoT approach to model digital identities, claims, attestation as well as their relations to define the flow of trust from one entity to another [11]. The incorporation of trust scores to the IdMS supports the decision process whether the respective identity can be trusted or not, improving the data exchange within permissionless IoT networks. ...
... A claim is considered trusted from the viewpoint of a certain identity if it can itself collect a certain amount of attestations from its Web of Trust that are accumulated to a sufficiently high trust value using a trust function [11]. In general claim based IdMSs exhibit fewer privacy issues and have slightly better security and usability profiles [25]. ...
Today, Internet of Things (IoT) devices mostly operate in enclosed, proprietary environments. To unfold the full potential of IoT applications, a unifying and permissionless environment is crucial. All IoT devices, even unknown to each other, would be able to trade services and assets across various domains. In order to realize those applications, uniquely resolvable identities are essential. However, quantifiable trust in identities and their authentication are not trivially provided in such an environment due to the absence of a trusted authority. This research presents a new identity and trust framework for IoT devices, based on Distributed Ledger Technology (DLT). IoT devices assign identities to themselves, which are managed publicly and decentralized on the DLT’s network as Self Sovereign Identities (SSI). In addition to the Identity Management System (IdMS), the framework provides a Web of Trust (WoT) approach to enable automatic trust rating of arbitrary identities. For the framework we used the IOTA Tangle to access and store data, achieving high scalability and low computational overhead. To demonstrate the feasibility of our framework, we provide a proof-of-concept implementation and evaluate the set objectives for real world applicability as well as the vulnerability against common threats in IdMSs and WoTs.
... In addition, we encountered a paper focusing on access control and data security in permissionless blockchains, as well as architecture and system protocols for Sybil-Resistant SSI [58]. Frameworks and models emphasizing the importance of trust and reputation mechanisms were found in [33] and [60]. In [47] the authors propose a decentralized attribute-based SSI, in [69] a method for detecting common weaknesses, and [52] a scheme to strike a balance between privacy and accountability. ...
... A few works of literature mention the "trust model" construct, explaining why it is crucial [14]- [16]. However, a proper definition has yet to be formalized. ...
... In the case of uncertainty about the goodness of nodes, ensuring the security of the entire system through the evaluation of node trust is a computing model of trust models. [14] proposes a quantifiable trust model based on blockchain, which defines an adversarial game model of authentication, certification, and digital identity. The method of evaluating peer trust based on a trust graph that appears distributedly was proposed in [15]. ...
Blockchain as a technological foundation for achieving secure data transmission between peers is a very promising platform in various fields. PoW is a widely used consensus algorithm in blockchain systems, but it still faces issues such as low throughput and resource waste. In order to address these issues, we have proposed a new consensus protocol called DMKT, which aims to improve the system's throughput and reduce resource waste. The DMKT model dynamically adjusts the mining difficulty of nodes based on their trust values. In this paper, we use machine learning to classify transactions generated by nodes and calculate the classification results, which are used as parameters to calculate node trust values. We also incorporate the inherent properties of nodes in the blockchain system and the evaluation attributes of neighbors into the system calculation of trust values. Additionally, in this model, the trust values of the nodes are recalculated after each cycle, thus avoiding the problem of power concentration caused by always selecting a single node to maintain the accounting.Through this dynamic adjustment of node mining difficulty, the trust value increases, the mining difficulty decreases, and the trust value decreases, the mining difficulty increases, thus improving system performance.
... Christoph Meinel comes next, with an h-index of 2, a g-index of 2, and 15 citations. His articles are related to architecture for SSI(27),(26); SSI ecosystem reviews (54); and trust(25). Finally, the last author featured inTable Vis Andreea-Elena Panait, with an h-index of 2, a g-index of 2, and 9 citations. Her research topics are security and privacy (51); zero-knowledge proofs(49); blockchain and digital identity(48); and frameworks for SSI(50). ...
https://revistas.udistrital.edu.co/index.php/reving/article/view/19656/18917
Context:Self-sovereign identity (SSI) enables the creation ofuser-centric, privacy-by-design, secure, and decentralized identitymanagement systems. The aim of this paper is to carry out abibliometric analysis of the scientific production on SSI during the2017-2022 period.Method:A complete bibliometric analysis of all publications on SSIindexed in Scopus and Web of Science was carried out. A corpus of143 articles was examined by processing their bibliographic metadatavia a bibliometric tool. To this effect, the Bibliometrix package and theR programming language were used.Results:A bibliometric characterization of the publications on SSI wasobtained for the 2017-2022 period. The most important
keywords usedin these publications were identified, as well as their use tendenciesthroughout this period. Moreover, the most influential authors in thearea and the most relevant publication sources were identified.Conclusions:The results of the bibliometric analysis show that Lotkaand Bradford’s laws apply for academic publications on SSI, whichmeans that the most relevant publications in this area are concentratedin a relatively small group of authors and journals. Paul Jenkins, NitinNaik, Yang Liu, and Aijun An were the most impactful authors, andLecture Notes in Computer Science,Frontiers in Blockchain, andIEEEAccesswere the most influential journals. Finally, the keyword analysisshowed thatblockchain,authentication,identity management,electronicdocument identification systems, anddigital identityare currently themost relevant concepts for research on SSI
... Second, it should specify how the security and unforgeability of data are ensured from the time they are collected to the moment they are permanently stored on the ledger. Third, it should outline the incentive mechanism implemented to prevent collusion or the deliberate tampering of data feeds for selfish purposes [9][10][11]. Defining and adopting a robust trust model is not only essential for a blockchain application to work properly but is also often considered the key to mass adoption [12]. ...
Whereas the use of distributed ledger technologies has previously been limited to cryptocurrencies, other sectors—such as healthcare, supply chain, and finance—can now benefit from them because of bitcoin scripts and smart contracts. However, these applications rely on oracles to fetch data from the real world, which cannot reproduce the trustless environment provided by blockchain networks. Despite their crucial role, academic research on blockchain oracles is still in its infancy, with few contributions and a heterogeneous approach. This study undertakes a bibliometric analysis by highlighting institutions and authors that are actively contributing to the oracle literature. Investigating blockchain oracle research state of the art, research themes, research directions, and converging studies will also be highlighted to discuss, on the one hand, current advancements in the field and, on the other hand, areas that require more investigation. The results also show that although worldwide collaboration is still lacking, various authors and institutions have been working in similar directions.
... In one research, a blockchain-backed model of trust was proposed in the field of higher education, to enable training institutions to adapt curricula to match the specific needs as endorsed by employers (Lizcano, Lara, White, & Aljawarneh, 2020). In another research, a trust model was proposed for blockchain-backed identity management, which is based on a numerical trust metric as an independent basis to characterize assurance levels (Grüner, Mühle, Gayvoro, & Meinel, 2018). In the case of tourism crowdsourcing platforms, false data can distort realities hence the rising interest in trust and reputation modeling to assess the quality of the information outsourced from the crowds and its trustworthiness. ...
This book is the first of its kind to provide a critical overview and theoretical analysis of the Circular Economy from Shariah and Islamic Finance perspectives. The book is divided into three parts. The contributing authors pay close attention to Islamic Finance in light of sustainability and value creation. It also includes case studies on the Circular Economy application in Islamic Finance industry. The book is of interest to academics, students, and practitioners on Islamic Economics and Finance who have an interest in understanding the Circular Economy under the lens of Islamic Finance principles and applications.
... In one research, a blockchain-backed model of trust was proposed in the field of higher education, to enable training institutions to adapt curricula to match the specific needs as endorsed by employers (Lizcano, Lara, White, & Aljawarneh, 2020). In another research, a trust model was proposed for blockchain-backed identity management, which is based on a numerical trust metric as an independent basis to characterize assurance levels (Grüner, Mühle, Gayvoro, & Meinel, 2018). In the case of tourism crowdsourcing platforms, false data can distort realities hence the rising interest in trust and reputation modeling to assess the quality of the information outsourced from the crowds and its trustworthiness. ...
Crises and disasters, man-made or natural, prove to be an opportunity from which mankind can benefit and take lesson to learn to be conscious of Allah’s blessings and care for its rights. One of the lessons learnt is that capitalism is naturally driven by profit maximization actions that have adverse effects to our surroundings. This economic hegemony has led to environmental problems, which pose threats to humankind livelihood. In this light, the circular economy trend emerges to alleviate this adversity, preserve the rights of others, and protect the environment. Undoubtedly, the principles of circular economy coincide with Islamic economic theory. This chapter endeavors to study Circular economy in relation to Islamic economy and its principles, in two parts. The first part will be on “Defining Circular economy, concept, goals and benefits”, and the second part will be discussing “Circular economy in Quran, Sunnah and Maqasid al-Shariah”.
... CCMMA [16] is designed to realize cross-layer access control in the Internet of Things. Grüner et al. [17] devises a quantifiable trust model based on blockchain to define trust levels, then realizes identity management according to it. Several solutions adopt smart contracts to automate the process of authority management. ...
As blockchain technology booms, modern electronic voting system leverages blockchain as underlying storage model to make the voting process more transparent, and guarantee immutability of data. However, the transparent characteristic may disclose sensitive information of candidate for all system users have the same right to their information. Besides that, the pseudo-anonymity of blockchain will lead to the disclosure of voters’ privacy and the third-parties such as registration institutions involved in voting process also have possibility of tampering data. To overcome these difficulties, we apply authority management mechanism into blockchain-based voting systems. In this paper, we put forward AMVchain, a fully decentralized and efficient blockchain-based voting system. AMVchain has a three-layer access control architecture, and on each layer, smart contracts are responsible for validation and granting permissions. Linkable ring signature is adopted in the process of voting to protect ballot-privacy. AMVchain also makes a tradeoff between efficiency and concurrency by introducing proxy nodes. The experiments results show that our system meets the basic requirements under the high concurrent users circumstance.
This paper presents a comprehensive framework to address these challenges. Understanding various social engineering tactics is crucial for effective prevention and detection. Trust based models in entities enable many business objectives that may include speed to market, scalability, decentralization etc However, they also increase the attack surface due to "loose boundaries" between enforcement points or corresponding resource authorization servers and the service orchestration layer. The control points of enforcement are generally static across a spectrum of threat vectors such as Identity, Fraud, Authentication, Authorization, Cyber security and physical security etc. in this paper we propose a "Trust based security framework aka " Interdiction Services" that fundamentally is non-deterministic and risk based. This paper presents a converged security framework towards a comprehensive prevention and detection controls mechanism. The paper proposes a converged security framework that allows various parties from fraud, cyber, and physical security to collaborate but operate independently through a common framework of Interdiction Services.
Digital identity is evolving from centralized systems to a decentralized approach known as Self-Sovereign Identity (SSI). SSI empowers individuals to control their digital identities, eliminating reliance on third-party data custodians and reducing the risk of data breaches. However, the concept of trust in SSI remains complex and fragmented. This paper systematically analyzes trust in SSI in light of its components and threats posed by various actors in the system. As a result, we derive three distinct trust models that capture the threats and mitigations identified across SSI literature and implementations. Our work provides a foundational framework for future SSI research and development, including a comprehensive catalogue of SSI components and design requirements for trust, shortcomings in existing SSI systems and areas for further exploration.
Although blockchain is an emerging technology, it has been applied in a lot of domains by leveraging its features. Traditional identity management systems have many issues regarding security and privacy of personal data. Blockchain has the potential to mitigate and avoid such issues by creating trust among the parties involved in the system while reducing reliance on third-party authorities. The first blockchain-based identity management solutions were launched in 2016. Since then, due to high demand, numerous primary and experimental studies and intatives have been carried out to provide solutions to this research topic. Along with that, there are also a lot of secondary studies to overview the current state of research on this topic. However, the number of systematic research articles is still limited and each research has it limitation. Through this study, we provide a novel systematic literature including categorization of studies into predefined categories (domain, research type, place of publication), analysis of publication frequency, co-authorship, number of papers citing each paper of all studied papers. Comparing to other systematic literature mapping studies, our paper provides a more comprehensive view of the studied articles. In particular, we analyze the number of citations, which no study has ever done. In this research, we studied 361 papers published from January 2009 to April 2022 in four big databases (IEEE Explore, ACM Digital Library, ScienceDirect, Springer Link), the largest number of articles studied compared to previous researches. The obtained results show that most of the articles under validation research type (providing solution and implementing that solution but not in real-world scenarios) propose solutions/systems, models/schemes and architectures to address general problems. We also find that the majority of authors works alone or collaborate in a separate group and co-work in only one paper. This shows that there is no long term collaboration in blockchain-based IdM identity management, and thus subsequent publications presenting real-world blockchain-based identity management products do not exist.
E-ticaret işlemlerinde satıcı firmaların sunduğu ticari kimlik, sertifika, ruhsat, akreditasyon belgesi, kalite belgesi gibi belgelerin doğruluğunun kanıtlanmasındaki zorluklar, e-ticaret ile yapılan alışverişlerde güven sorununa yol açmaktadır. Dijital ortamda sunulan bu belgeler, genellikle kağıt ortamında alınmış olan fiziksel belgelerin görsellerinden ibaret olduklarından ve bu görsellerin dijital ortamda kolaylıkla taklit edilebilmesi nedeniyle bu belgelerin gerçekliğinden emin olunamamaktadır. Bu nedenle, yetkili kuruluşların kağıt ortamında fiziksel belge vermelerine ve belgedeki imza, mühür, filigran gibi fiziksel doğrulama yöntemlerine benzer şekilde, dijital ortamda da belgelerin güvenli bir şekilde verilebilmesini ve gerektiğinde bu belgelerin dijital olarak güvenli bir şekilde doğrulanmasını sağlayan bir yapıya ihtiyaç vardır. Yetkili kuruluşların belgeleri dijital olarak verebilmesi ve bu belgelerin dijital olarak güvenilir bir şekilde doğrulanabilmesi, bahsedilen güven sorununu büyük ölçüde ortadan kaldıracaktır. Bu çalışma ile, literatürde dijital kimlik olarak adlandırılan bu bağlamdaki dijital belgelerin yetkili kuruluşlar tarafından güvenli bir şekilde verilmesi ve alıcılar tarafından doğrulanması için blokzincir tabanlı bir dijital kimlik güven çerçevesi önerisi getirilmektedir. Önerilen dijital kimlik güven çerçevesi, dijital kimliklerin yönetimi ve paylaşımı için uluslararası standartları temel alan ve güven çerçevesi kapsamındaki rolleri ve süreçleri tanımlayan bir kurallar bütünüdür. Güven çerçevesinin tesis edilmesi ve paydaşların güven çerçevesindeki kurallara uymasının sağlanması ile e-ticaret işlemlerinin güvenilirliğinin artacağı öngörülmektedir. Önerilen güven çerçevesinin blokzincir tabanlı olması, güven çerçevesinin teknik olarak güvenli bir alt yapıya sahip olmasını sağlamaktadır.
Existing identity management systems either use a centralized authentication server or rely on identity providers to authenticate users for gaining access to various services. These systems have failed to safeguard user data privacy and do not encourage the portability of identity data. Self-sovereign identity is a new approach in identity management where entities have control of their digital identity. The emerging blockchain technology enables self-sovereign identity management, a decentralized identity management model that eliminates identity providers as a trusted third party. Due to the decentralized nature of blockchain network, this new paradigm of identity management demands different trust requirements. This research provides the first thorough review in literature addressing trust management for blockchain-based self-sovereign identity. A formal and comprehensive trust model proposed for blockchain-based Self-Sovereign IDM will be explored. Besides reviewing trust requirements, the paper also surveys the state-of-the-art of blockchain technology for self-sovereignty in identity management. This survey provides a critical analysis for existing research which sheds light on various opportunities for enhancing security and privacy of blockchain-based self-sovereign identity management and the improvement of trust management. The paper concludes with presenting research gaps and suggestions for future work in the area.KeywordsBlockchain Identity management Trust management Trust model Self-sovereign identity
Since the adoption of the SDGs in 2015, it has been a 5-year journey of trial-and-error experimentations all over the world to come up with innovative solutions beyond business-as-usual and get the job done. In this paper, we assess blockchain-backed solutions beyond the hype. While the technology has a promising potential to trigger disruptive innovations to fulfill the SDGs, it is not mature yet with many gaps in terms of approaches and tools to develop blockchain use cases, monitor and evaluate blockchain experiments, mitigate associated risks and ethical considerations while managing changes within organizations leading blockchain-powered platforms. It is only by filing these gaps that blockchain can deliver its promises and may be effectively used as an SDG accelerator. Islamic finance can play a key role in shaping the transition towards a more circular economy. One promising way of doing so, is by scaling-up the use of blockchain-enabled solutions in the practices of circular economy and Islamic finance. As the technology is still getting mature, more innovative and applied research is needed to capitalize on the lessons learned within various geographies and across a wide range of economic, social, and environmental spectrums.
Attribute providers are trusted third parties in decentralized and federated identity management patterns. Service providers evaluate trust in delivered attributes with attribute assurance techniques because user properties are highly important for service provisioning. Levels of assurance define verification measures forming common ground for trust in attributes delivered by a particular provider. Beyond that, trust models that are tailored to attribute assurance in identity management enable flexible trust decisions that consider multiple attribute providers. Over time, various trust schemes for attribute assurance that address different characteristics have been proposed. We present existing models in this domain and analyze them with regard to trust scale, trust applicability, attribute aggregation, trust composition and centralization of trust. Based on the results, we create a taxonomy to arrange the trust models. Supported by this classification scheme, we devise gaps in the model coverage and propose associated future research directions.
Identity management is a fundamental component in securing online services. Isolated and centralized identity models have been applied within organizations. Moreover, identity federations connect digital identities across trust domain boundaries. These traditional models have been thoroughly studied with regard to trust requirements. The recently emerging blockchain technology enables a novel decentralized identity management model that targets user-centricity and eliminates the identity provider as a trusted third party. The result is a substantially different set of entities with mutual trust requirements. In this paper, we analyze decentralized identity management based on blockchain through defining topology patterns. These patterns depict schematically the decentralized setting and its main actors. We study trust requirements for the devised patterns and, finally, compare the result to traditional models. Our contribution enables a clear view of differences in trust requirements within the various models.
During the past decade, online trust and reputation systems have provided cogent answers to emerging challenges in the global computing infrastructures relating to computer and network security, electronic commerce, virtual enterprises, social networks and cloud computing. The goal of these systems in such global computing infrastructures is to allow entities to reason about the trustworthiness of other entities and to make autonomous decisions on the basis of trust. This requires the development of computational trust models that enable entities to reason about trust and to verify the properties of a particular interaction. The robustness of these mechanisms is one of the critical factors required for the success of this technology. In this paper, we briefly present characteristics of existing online trust and reputation models and systems through a multidimensional framework that can serve as a basis to understand the current state of the art in the area. The critical open challenges that limit the effectiveness of today's trust and reputation systems are discussed by providing a comprehensive literature review. Furthermore, we present a set of our contributions as a way to address some of these challenges.
In this work we study the effectiveness of mechanisms for decentralized reputation management in P2P networks. We depart from EigenTrust (7), an algorithm designed for rep- utation management in file sharing applications over p2p networks. EigenTrust has been proved very effective against three different natural attacks from malicious coalitions while it performs poorly on particular attack organized by two dif- ferent kinds of malicious peers. We propose various metrics of reputation based on ideas recently introduced for detect- ing and demoting Web spam. We combine these metrics with the original EigenTrust approach suggested in (7). Our mechanisms are more effective than EigenTrust alone for detecting malicious peers and reducing the number of inau- thentic downloads not only for all the cases addressed in (7) but also for more sophisticated attacks.
Semantic Web endeavors have mainly focused on issues pertaining to knowledge representation and ontology design. However, besides understanding information metadata stated by subjects, knowing about their credibility becomes equally crucial. Hence, trust and trust metrics, conceived as computational means to evaluate trust relationships between individuals, come into play. Our major contributions to Semantic Web trust management through this paper are twofold. First, we introduce our classification scheme for trust metrics along various axes and discuss advantages and drawbacks of existing approaches for Semantic Web scenarios. Hereby, we will devise our advocacy for local group trust metrics, guiding us to the second part which presents Appleseed, our novel proposal for local group trust computation. Compelling in its simplicity, Appleseed borrows many ideas from spreading activation models in psychology and relates their concepts to trust evaluation in an intuitive fashion.
Peer-to-peer file-sharing networks are currently receiving much attention as a means of sharing and distributing information. However, as recent experience with P2P networks such as Gnutella shows, the anonymous, open nature of these networks offers an almost ideal environment for the spread of self-replicating inauthentic files. We describe an algorithm to decrease the number of downloads of inauthentic files in a peer-to-peer file-sharing network that assigns each peer a unique global trust value, based on the peer's history of uploads. We present a distributed and secure method to compute global trust values, based on Power iteration. By having peers use these global trust values to choose the peers from whom they download, the network effectively identifies malicious peers and isolates them from the network.
Peer-to-peer file-sharing networks are currently receiving much attention as a means of sharing and distributing information. However, as recent experience shows, the anonymous, open nature of these networks offers an almost ideal environment for the spread of self-replicating inauthentic files.
This book focuses on the innovation of blockchain technology and the advantages it offers. It provides a clear and comprehensive overview of blockchain technology and its possibilities, and thereby helps readers to form an opinion and draw their own conclusions about its potential exploitations.
The book begins with a chapter on the topic of decentralized networks, which familiarizes readers with their challenges by using the example of an online trading platform. Hereinafter, it is then detailed what blockchain technology is, where it comes from, and how it works. The necessary underlying technologies are explained, and various individual approaches as well as their composition are presented. Using well-known examples such as Bitcoin and Ethereum as an illustration, the book looks at the architecture of blockchain technology and focuses on the challenges such as security and scalability. The options available when introducing blockchain technology are also outlined, and best-practice examples are presented to get a better idea of what areas benefit from this technology.
Numerous examples and detailed explanations will accompany the readers throughout the book. By the time they have reached the end, they will be able to decide for themselves what is truly innovative about blockchain technology and what is nothing more than hype.
Authorisation systems play a vital role in protecting access to resources in distributed systems. Traditionally, authorisation is performed at the user level to determine whether a user has the necessary privileges to access a requested resource. However, when it comes to the user's platform, it is often assumed that the system hosting the user and the software running on it are 'trusted' and that it will behave correctly. In this paper, we propose a hybrid trust model that provides techniques for authorisation taking into account state of user platforms leveraging trusted computing technology. The model encompasses the notions of 'hard' and 'soft' trust to determine whether a platform can be trusted for authorisation. We first explain the rationale for the model and then provide a description of the proposed hybrid model.
Peer-to-peer (P2P) networks have many distinct aspects that are different from traditional client-server networks. The most significant point is that each peer acts as both server and client roles in P2P network. In other words, there is no central server that used for storing the files and provid-ing download. All nodes download files directly from other peers. P2P networks contain ad hoc, decentralized structures and autonomy peers. Each peer can randomly leave or join in the network and the network topology is changed every now and then. These characteristics of the P2P network make it vulnerable. Thus, the security issues of P2P networks is a serious topic that should be considered carefully. In this pa-per, we study the general P2P system structures, attacks that may occur in the different P2P topologies and the potential countermeasures against those attacks.
A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.
Claim based identity management denotes an open identity model which uses the notion of claims to describe identity attributes. A claim is an identity attribute named with an abstract identifier (e.g. a URI), which applications and services can use to specify the attributes they need. Open and extensible formats for the exchange of identity attributes ensure interoperability among different identity systems. For this reason, claim based identity management lays the ground for Identity metasystems, which provide an identity layer on top of existing identity systems and promise an easier management of digital identities among the Internet.However, the Internet grew into an environment of mostly isolated domains for a good reason. Service providers find it hard to accept identity information from any other than the own domain. While claim based identity management provides the means to specify identity information on a per attribute basis, trust is usually defined in a general manner. Service providers state the issuers of identity information, they trust, but do not restrict for what. In this paper, we argue that for a truly decentralized management of identity information, trust should be defined on the same granular level as identity information. We propose a model which considers trust on a per-claim basis. In our model, trust into a claim is defined as the assumed correctness and integrity of a claim in dependence of the issuer. As a proof-of-concept, we implemented a small flight booking scenario which uses claims augmented with an expected trust level to show how we can achieve more flexibility for the user in his choice of an identity provider when considering not only whom to trust, but for what.
Identity federation denotes a concept for the controlled sharing of user authentication and user attributes between independent trust domains. Using WS-Federation, service providers and identity providers can set up a Circle of Trust, a so called federation, in which each member is willing to trust on assertions made by another partner. However, if a member has to rely on information received from a foreign source, the need for assurance that the information is correct is a natural requirement prior to using it. Identity assurance frameworks exist that can be used to assess the trustworthiness of identity providers. The result of this assessment is a level of trust, that can be assigned to an identity provider. However, existing approaches for evaluating identity assurance do not allow to define trust levels for individual attributes. In our trust model, we consider both: (a) trust in an identity provider as the issuer of assertions and (b) trust in single attributes that an identity provider manages. In this paper, we show how our approach that we implemented in a logic-based framework can be used in web service scenarios to provide trust information on the level of identity attributes, especially about the verification process, and to match trust requirements of attributes during request processing.
Trust and reputation systems represent a significant trend in decision support for Internet mediated service provision. The basic idea is to let parties rate each other, for example after the completion of a transaction, and use the aggregated ratings about a given party to derive a trust or reputation score, which can assist other parties in deciding whether or not to transact with that party in the future. A natural side effect is that it also provides an incentive for good behaviour, and therefore tends to have a positive effect on market quality. Reputation systems can be called collaborative sanctioning systems to reflect their collaborative nature, and are related to collaborative filtering systems. Reputation systems are already being used in successful commercial online applications. There is also a rapidly growing literature around trust and reputation systems, but unfortunately this activity is not very coherent. The purpose of this article is to give an overview of existing and proposed systems that can be used to derive measures of trust and reputation for Internet transactions, to analyse the current trends and developments in this area, and to propose a research agenda for trust and reputation systems.
In this paper, we describe the implementation of our identity provider, based on open web service standards, which has been extended to distinguish between different qualities of identity attributes; therefore enabling a relying party to distinguish between verified and unverified digital identities. Our contribution is the definition and representation of identity meta information for identity attributes on the identity provider side and the conveyance of this information as Identity Attribute Context Classes to a relying party. As a main result, we propose a format and semantic to include identity attribute meta information into security token which are sent from the identity provider to a relying party in addition to the attribute value itself.
To enable a rich attribute-based authorization system, it is desirable that a large number of user attributes are available, possibly provided by multiple entities. The user may be required to aggregate his attributes and present them to a service provider to prove he has the right to access some service. In this paper, we present AttributeTrust - a policy-based privacy enhanced framework for aggregating user attributes and evaluating confidence in these attributes. We envision a future where attribute providers will be commonplace and service providers will face the problem of choosing one among multiple attribute providers that can provide the same user attribute. In AttributeTrust, we address this problem by means of a reputation system model based on transitive trust. Entities express confidence in other entities to supply trusted attributes, forming chains from a service provider to different attribute providers. A service provider uses this transitive reputation to decide whether to accept a particular attribute from a specific attribute provider.We discuss how the AttributeTrust model prevents common attacks on reputation systems. AttributeTrust differs from the current approaches by deriving its attack resistance from its specific context of attribute provisioning, its voting mechanism formulation, and unique properties of its confidence relationships.
Decentralized peer to peer (P2P) networks offer both opportunities and threats. Its open and decentralized nature makes it extremely susceptible to malicious users spreading harmful content like viruses, trojans or, even just wasting valuable resources of the network. In order to minimize such threats, the use of community-based reputations as trust measurements is fast becoming a de-facto standard. The idea is to dynamically assign each peer a trust rating based on its performance in the network and store it at a suitable place. Any peer wishing to interact with another peer can make an informed decision based on such a rating. An important challenge in managing such trust relationships are to design a protocol to secure the placement and access of these trust ratings. Surprisingly, all the related work in this area either support very limited anonymity or assume anonymity to be an undesired feature and neglect it. We motivate the importance of anonymity, especially in such trust based systems. We then present TrustMe: a secure and anonymous underlying protocol for trust management. The protocol provides mutual anonymity for both the trust host and the trust querying peer. Through a series of simulation-based experiments, we show that the TrustMe protocol is extremely secure in the face of a variety of possible attacks and present a thorough analysis of the protocol.
The Inevitable Rise of Self-Sovereign Identity
- A Tobin
- D Reed
The Path to Self-Sovereign Identity
- C Allen
Analysis of the strong set in the PGP web of trust
- H P Penning