This Article 
 Bibliographic References 
 Add to: 
Managing and Sharing Servents' Reputations in P2P Systems
July/August 2003 (vol. 15 no. 4)
pp. 840-854
Sabrina De Capitani di Vimercati, IEEE Computer Society
Pierangela Samarati, IEEE Computer Society

Abstract—Peer-to-peer information sharing environments are increasingly gaining acceptance on the Internet as they provide an infrastructure in which the desired information can be located and downloaded while preserving the anonymity of both requestors and providers. As recent experience with P2P environments such as Gnutella shows, anonymity opens the door to possible misuses and abuses by resource providers exploiting the network as a way to spread tampered-with resources, including malicious programs, such as Trojan Horses and viruses. In this paper, we propose an approach to P2P security where servents can keep track, and share with others, information about the reputation of their peers. Reputation sharing is based on a distributed polling algorithm by which resource requestors can assess the reliability of perspective providers before initiating the download. The approach complements existing P2P protocols and has a limited impact on current implementations. Furthermore, it keeps the current level of anonymity of requestors and providers, as well as that of the parties sharing their view on others' reputations.

[1] A. Abdul-Rahman and S. Hailes, Supporting Trust in Virtual Communities Proc. 33rd Ann. Hawaii Int'l Conf. System Sciences (HICSS-33), 2000.
[2] K. Aberer and Z. Despotovic, Managing Trust in a Peer-2-Peer Information System Proc. 10th Int'l Conf. Information and Knowledge Management (CIKM 2001), Nov. 2001.
[3] E. Adar and B. Huberman, Free Riding on Gnutella technical report, Xerox PARC, Aug. 2000.
[4] A. Bardossy, L. Duckstein, and I. Bogardi, Combination of Fuzzy Numbers Representing Expert Opinions Fuzzy Sets and Systems, vol. 57, pp. 173-181, 1993.
[5] S. Bellovin, Security Aspects of Napster and Gnutella Proc. USENIX 2001, June 2001.
[6] M. Blaze, J. Feigenbaum, J. Ioannidis, and A.D. Keromytis, The Role of Trust Management in Distributed Systems Security Secure Internet Programming: Issues in Distributed and Mobile Object Systems, 1998.
[7] P. Bonatti and P. Samarati, Regulating Service Access and Information Release on the Web Proc. Seventh ACM Conf. Computer and Comm. Security, 2000.
[8] S.J. Brams, The Ams Nomination Procedure is Vulnerable to Truncation of Preferences Notices of the Am. Math. Soc., vol. 29, pp. 136-138, 1982.
[9] R. Chen and W. Yeager, Poblano A Distributed Trust Model for Peer-to-Peer Networks JXTA Security Project White Paper, 2001.
[10] I. Clarke, O. Sandberg, B. Wiley, and T. Hong, Freenet: A Distributed Anonymous Information Storage and Retrieval System Proc. ICSI Workshop Design Issues in Anonymity and Unobservability, July 2000.
[11] F. Cornelli, E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati, Choosing Reputable Servents in a P2P Network Proc. 11th Int'l World Wide Web Conf., May 2002.
[12] R. Dingledine, M.J. Freedman, and D. Molnar, The Free Haven Project: Distributed Anonymous Storage Service Proc. Workshop Design Issues in Anonymity and Unobservability, July 2000.
[13] V. Doshi, A. Fayad, S. Jajodia, and R. MacLean, Using Attribute Certificates with Mobile Policies in Electronic Commerce Applications Proc. 16th Ann. Computer Security Applications Conf. (ACSAC '00), pp. 298-307, 2000.
[14] P. Druschel and A. Rowstron, Past: A Large-Scale Persistent Peer-to-Peer Storage Utility Proc. Eight IEEE Workshop Hot Topics in Operating Systems (HotOS-VIII), May 2001.
[15] C. Ellison SPKI certificate documentation,http://www.pobox. com/~cme/htmlspki.html , 2002.
[16] R. Fagin, Combining Fuzzy Information from Multiple Systems Proc. 15th ACM SIGACT-SIGMOD-SIGAR Symp. Principles of Database Systems, June 1996.
[17] E.J. Friedman, P. Resnick, The Social Cost of Cheap Pseudonyms J. Economics and Management Strategy, vol. 10, no. 2, pp. 173-199, 2001.
[18] B. Gladman, C. Ellison, and N. Bohm, Digital Signatures, Certificates and Electronic Commerce com277887.html, 1999.
[19] L. Gong, "JXTA: A Network Programming Environment," IEEE Internet Computing, vol. 5, no. 3, May/June 2001, pp. 88-95.
[20] IP to Latitude/Longitude Server, Univ. of Illinois,http://cello.cs. .
[21] Web Security A Matter of Trust The World Wide Web J. (Special Issue), R. Khare, ed., vol. 2, summer 1997.
[22] U. Maurer, Modeling a Public Key Infrastructure Proc. Fourth European Symp. Research in Security and Privacy, pp. 325-350, Sept. 1996.
[23] D. Moore, Where in the World is Netgeo.Caida.Org? Proc. INET 2000, June 2000.
[24] Peer-to-Peer: Harnessing the Power of Disruptive Technologies, A. Oram, ed. O'Reilly&Associates, Mar. 2001.
[25] V. Padmanabhan and L. Subramanian, An Investigation of Geographic Mapping Techniques for Internet Hosts Proc. ACM-SIGCOMM '01, Aug. 2001.
[26] M. Parameswaran, A. Susarla, and A.B. Whinston, "P2P Networking: An Information-Sharing Alternative," Computer, vol. 34, no. 7, 2001, pp. 31–38.
[27] P. Resnick, R. Zeckhauser, E. Friedman, and K. Kuwabara, Reputation Systems Comm. ACM, vol. 43, no. 12, pp. 45-48, Dec. 2000.
[28] M. Ripeanu, Peer-to-Peer Architecture Case Study: Gnutella Network Technical Report TR-2001-26, Univ. of Chicago, Dept. of Computer Science, July 2001.
[29] S. Saroiu, P.K. Gummadi, and S.D. Gribble, A Measurement Study of Peer-to-Peer File Sharing Systems Proc. Multimedia Computing and Networking, Jan. 2002.
[30] I. Stoica, R. Morris, D. Karger, M.F. Kaashoek, and H. Balakrishnan, Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications Proc. 2001 Conf. Applications, Technologies, Architectures, and Protocols for Computer Comm., 2001.
[31] S. Thadani, Free Riding on Gnutella technical report, LimeWire LLC, 2001, http:/
[32] The Gnutella Protocol Specification v0.4 (Document Revision 1.2). June 2001, http://www.clip2.comGnutellaProtocol04.pdf.
[33] B. Yu and M.P. Singh, A Social Mechanism for Reputation Management in Electronic Communities Proc. Fourth Int'l Workshop Cooperative Information Agents (CIA), July 2000.
[34] T. Yu, M. Winslett, and K. Seamons, Interoperable Strategies in Automated Trust Negotiation Proc. Eighth ACM Computer and Comm. Security, Nov. 2001.
[35] G. Zacharia, A. Moukas, and P. Maes, Collaborative Reputation Mechanisms in Electronic Marketplaces Proc. 32nd Hawaii Int'l Conf. System Sciences, Jan. 1999.

Index Terms:
P2P network, reputation, credibility, polling protocol.
Ernesto Damiani, Sabrina De Capitani di Vimercati, Stefano Paraboschi, Pierangela Samarati, "Managing and Sharing Servents' Reputations in P2P Systems," IEEE Transactions on Knowledge and Data Engineering, vol. 15, no. 4, pp. 840-854, July-Aug. 2003, doi:10.1109/TKDE.2003.1209003
Usage of this product signifies your acceptance of the Terms of Use.