Skip to main content

Mitigating the linkability problem in anonymous reputation management

Abstract

Trust plays a key-role in enhancing user experience at service providers. Reputation management systems are used to quantify trust, based on some reputation metrics. Anonymity is an important requirement in these systems, since most individuals expect that they will not be profiled by participating in the feedback process. Anonymous Reputation management (ARM) systems allow individuals to submit their feedback anonymously. However, this solves part of the problem. Anonymous ratings by one individual can be linked to each other. This enables the system to easily build a profile of that individual. Data mining techniques can use the profile to re-identify that individual. We call this the linkability problem. This paper presents an anonymous reputation management system that avoids the linkability problem. This is achieved by constructing a system that empowers individuals to interact and rate service providers, securely and anonymously.

References

  1. 1.

    Artz D, Gil Y (2007) A survey of trust in computer science and the semantic web. J Web Semant 5(2):58–71

    Article  Google Scholar 

  2. 2.

    Becker M, Sewell P (2004) Cassandra: distributed access control policies with tunable expressiveness. In: Proceedings of the fifth IEEE international workshop on policies for distributed systems and networks. IEEE Computer Society, Los Alamitos, pp 159–168

    Google Scholar 

  3. 3.

    Berners-Lee T, Hendler J, Lassila O (2001) The semantic web, May 2001. Scientific American Magazine. Retrieved from http://www.sciam.com/article.cfm?id=the-semantic-web, on Jan 2011

  4. 4.

    Boneh D, Boyen X (2004) Short signatures without random oracles. In: Proceedings of the 24th international conference on the theory and applications of cryptographic techniques. Springer, Berlin, pp 56–73

    Google Scholar 

  5. 5.

    Boneh D, Boyen X, Shacham H (2004) Short group signatures. In: Proceedings of the 24th international conference on the theory and applications of cryptographic techniques. Springer, Berlin, pp 41–55

    Google Scholar 

  6. 6.

    Brands S (2000) Rethinking public key infrastructures and digital certificates: building in privacy. MIT Press, Cambridge

    Google Scholar 

  7. 7.

    Brin S, Page L (1998) The anatomy of a large-scale hypertextual web search engine. Comput Netw ISDN Syst 30(1–7):107–117

    Article  Google Scholar 

  8. 8.

    Camenisch J, Herreweghen EV (2002) Design and implementation of the idemix anonymous credential system. In: Proceedings of the ACM conference on computer and communications security. ACM Press, New York, pp 21–30

    Google Scholar 

  9. 9.

    Damiani E, Vimercati DCD, Paraboschi S, Samarati P, Violante F (2002) A reputation-based approach for choosing reliable resources in peer-to-peer networks. In: Proceedings of the ACM conference on computer and communications security. ACM Press, New York, pp 207–216

    Google Scholar 

  10. 10.

    Dimitriou T, Karame G, Christou I (2007) SuperTrust: a secure and efficient framework for handling trust in super-peer networks. In: Proceedings of the twenty-sixth annual ACM symposium on principles of distributed computing. ACM Press, New York, pp 374–375

    Google Scholar 

  11. 11.

    Dingledine R, Mathewson N, Syverson P (2004) Tor: the second-generation onion router. In: Proceedings of the 13th USENIX security symposium. USENIX Association, Berkeley, p 21

    Google Scholar 

  12. 12.

    Douceur J (2002) The sybil attack. In: Proceedings of the first international workshop on peer-to-peer systems, IPTPS, Cambridge, MA, USA, pp 251–260

    Google Scholar 

  13. 13.

    Golbeck J, Hendler J (2004) Accuracy of metrics for inferring trust and reputation in semantic web-based social networks. In: Proceedings of the international conference on knowledge engineering and knowledge management, pp 116–131

    Google Scholar 

  14. 14.

    Grandison T, Sloman M (2000) A survey of trust in internet applications. IEEE Commun Surv Tutor 3(4):2–16

    Article  Google Scholar 

  15. 15.

    Hansen M, Berlich P, Camenisch J, Clauss S, Pfitzmann A, Waidner M (2004) Privacy-enhancing identity management. Inf Secur Tech Rep 9(1):35–44

    Article  Google Scholar 

  16. 16.

    Hussain M, Skillicorn DB (2008) Persona-based identity management: a novel approach to privacy protection. In: Proceedings of the 13th Nordic workshop on secure it systems. Technical University of Denmark, pp 201–212

    Google Scholar 

  17. 17.

    Hussain M, Skillicorn DB (2009) Guarantee-based access control. In: Proceedings of the IEEE international conference on computational science and engineering. IEEE Comput Soc, Los Alamitos, pp 201–206

    Google Scholar 

  18. 18.

    Hussain M, Skillicorn DB (2010) The case for service provider anonymity. In: Proceedings of the IEEE international symposium on signal processing and information technology. IEEE Comput Soc, Los Alamitos, pp 114–119

    Google Scholar 

  19. 19.

    Kagal L, Finin T, Joshi A (2002) Developing secure agent systems using delegation based trust management. In: Proceedings of security of mobile multiagent systems held at autonomous agents and multiagent systems, pp 27–34

    Google Scholar 

  20. 20.

    Kamvar S, Schlosser M, Garcia-Molina H (2003) The eigentrust algorithm for reputation management in p2p networks. In: Proceedings of the 12th international conference on World Wide Web. ACM Press, New York, pp 640–651

    Google Scholar 

  21. 21.

    Kiayias A, Zhou H-S (2008) Hidden identity-based signatures. In: Proceedings of the 11th international conference on financial cryptography and data security. Springer, Berlin, pp 134–147

    Google Scholar 

  22. 22.

    Lynn B (2011) Pairing-based cryptography library. Retrieved from http://crypto.stanford.edu/pbc, on Jan 2011

  23. 23.

    Malin B, Sweeney L (2004) How (not) to protect genomic data privacy in a distributed network: using trail re-identification to evaluate and design anonymity protection systems. J Biomed Inform 37(3):179–192

    Article  Google Scholar 

  24. 24.

    Müller W, Plötz H, Redlich J-P, Shiraki T (2008) Sybil proof anonymous reputation management. In: Proceedings of the 4th international conference on security and privacy in communication networks. ACM Press, New York, pp 1–10

    Google Scholar 

  25. 25.

    Narayanan A, Shmatikov V (2008) Robust de-anonymization of large sparse datasets. In: Proceedings of the IEEE symposium on security and privacy. IEEE Comput Soc, Los Alamitos, pp 111–125

    Google Scholar 

  26. 26.

    Narayanan A, Shmatikov V (2009) De-anonymizing social networks. In: Proceedings of the IEEE symposium on security and privacy. IEEE Computer Society, Los Alamitos (in press)

  27. 27.

    Rezgui A, Bouguettaya A, Malik Z (2003) A reputation-based approach to preserving privacy in web services. In: Lecture notes in computer science, vol 2819, pp 91–103

    Google Scholar 

  28. 28.

    Singh A, Liu L (2003) TrustMe: anonymous management of trust relationships in decentralized P2P systems. In: Proceedings of the third conference on peer-to-peer computing, pp 142–149

    Google Scholar 

  29. 29.

    Skillicorn DB, Hussain M (2009) Personas: beyond identity protection by information control. Technical report, School of Computing, Queen’s University, Kingston, ON, Canada, March 2009. Retrieved from http://research.cs.queensu.ca/home/skill/opccreport.pdf, on Jan 2011

  30. 30.

    Sweeney L (2002) k-Anonymity: a model for protecting privacy. Int J Uncertain Fuzziness Knowl-Based Syst 10(5):557–570

    MATH  MathSciNet  Article  Google Scholar 

  31. 31.

    Yu T, Winslett M, Seamons K (2003) Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Trans Inf Syst Secur 6(1):1–42

    MATH  Article  Google Scholar 

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to M. Hussain.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Hussain, M., Skillicorn, D.B. Mitigating the linkability problem in anonymous reputation management. J Internet Serv Appl 2, 47–65 (2011). https://doi.org/10.1007/s13174-011-0020-4

Download citation

Keywords

  • Trust
  • Reputation management
  • Security
  • Privacy
  • Anonymity