Study On Security And Privacy-Preserving Mechanism For Reputation System

With the rapid development of internet, electronic commerce has played an importance role in many ways. However, the virtual network and the asymmetry between the buyers and sellers make that online transactions become hotbed and frauds become more and more rampant, so that trust problem has become a bottleneck for the development of electronic commerce. Through the establishment of a trust relationship between nodes, reputation system provides security preventive measures for inter node transactions, which has become an important way to solve the above problem, so reputation system have recently attracted significant attentions.However, despite of the success in reputation mechanisms, such as efficient models to analyze users’ sharing behavior and the incentive effect of reputation mechanisms and so on. There are still a lot of questions needed to be solved, the lack of security and privacy. Which causes that the existing reputation systems is most sacrifice anonymity in exchange for the trust. Suffering from watershed、 ballot-stuffing、bad mouthing and Sybil attack, reputation system produces various false evaluation. It is difficult to obtain accurate reputation values and lost the fairness properties of reputation system.This paper launches the research on the domain of security and privacy in reputation system. And the main work in this dissertation can be briefly addressed as follows:1) This paper presents security and privacy-preserving mechanism for reputation system depened on trusted TTP. The peer is be in transaction by periodic switching of pseudonyms, Trusted TTP is introduced to monitor the process of obtaining evaluation to identity the security attack. Only evaluation information which meets the anonymous condition is valid, otherwise the node’s true identity will be exposed; The protocol is based on blind signature and makes the real identity(permanent identity) blinding to reputation account, which can resist watershed attack and balance reputation and privacy.Whenever the peer gains the trust value, updates the reputation value and shows accumulated reputation value, the protocol also can realize the peers’s completely anonymous.2) This paper presents security and privacy-preserving mechanism for reputation system depened on semi-trusted TTP. Due to the problem that the node fear retaliation rather than provide a true evaluation,a conditional anonymous rators is proposed. Peers in reputation system use a verifiable random function、CL signature and Non interactive zero knowledge proof to generate rator identities, so as to anonymously evaluate the transaction objects and hide the true identity of the transaction process. Bayesian filtering algorithm is introduced to identify malicious raters; when the rator tags exceed the threshold malicious number, the protocol can automatically expose true identities based on verifiable secret sharing mechanism and track all of providing feedbacks. The simulation results show that the proposed mechanism can efficiently resist attacks of anonymous malicious peers and evidently improve the accuracy of trust accumulated value compared with existing mechanisms.3) This paper presents two security and privacy-preserving mechanisms for distributed reputation.The first one is to protect the privacy and security for identity of the ratee in distributed reputation.Each peer in every period of time, can only generate a pseudonym resisting Sybil attacks, pseudonym is bound to the time. Validation of pseudonym is verfied without continuous online TTP, and pseudonyms are no conection with the real identity of the peer. The protocol can ensure that the trust value between the pseudonyms transferred can resist wash watershed attack and keep unlinkability between the pseudonyms.The second one is to protect the privacy and security for identity of the rater in distributed reputation. Each peer is pre assigned k reputation management nodes; the management nodes are anonymous to the target node, which prevent their collusion to leak the privacy of the rater. Compared with the existing protocols can protect the identity of the rater, but also to resist the Sybil attack.In general, this paper solves the security and privacy problems of reputation system in a certain extent; also the research promotes the application of the future development of reputation system in various fields.