From weak online reputation metrics to standardized … weak online reputation metrics to...
Transcript of From weak online reputation metrics to standardized … weak online reputation metrics to...
ITUWorkshopon“FutureTrustandKnowledgeInfrastructure”,Phase2
Geneva,Switzerland1July2016
Fromweakonlinereputationmetricstostandardizedattack-resistanttrustmetrics
Dr.Jean-MarcSeigneurPresidentatRéputaction SAS,ChiefReputationOfficeratGLOBCOINSeniorLecturerandResearchManageratMedi@LAB,CUIISS,G3S,
Agenda• Introduction• Today’sWeakOnlineReputationMetrics• ComputationalTrustEngines• TowardsStandardizedAttack-ResistantTrustMetrics
• Conclusion• Q&A
Onlinereputationeconomy
• By2026,thankstoonlineratings– “amoresuccessfulhospitalityandleisuresectorhasthe
potentialtoaddanextra£2bntotheUKeconomywiththeimpactonthesector’slargesupplychaincontributingafurther£1.2bn.”[Barclays,2016]
Mainonlinee-reputation ratingsservices forthegeneral public
• Especiallyinthetourismindustry– Around60%ofthehotelratingsby2providersonly[TCIResearchFrench,2015]• Booking,whoseratingsareverifiedbecausebasedafterpaymenthasbeenmade,takingaround25%ofthenightcost
• TripAdvisor,whoseratingsarenotverified
• Somehow:eBay,Yelp,Klout,TrustPilot,TrustYou,FacebookReviews,GoogleReviews…
RatingsforGoogleSEO
Amajorpitfall:trustinonlineratingsdecreases
• RepresentativesurveysofFrenchpeople– [Testntrust,2013]
• 89%trustonlineratingsin2010• 76%trustonlineratingsin2013
– [NielsenInstitute,2013]• 71%trustonlineratingsin2007• 51%trustonlineratingsin2013
Issuesofonlinereputationmetrics• eBay
– firsttoproposeanonline reputationsolution in1995– easierbecause
• centralized• focusedononecontextonly:onlineauctions• withrealmoneytransactionstraces
– Issues• same pointsforsuccessfully selling aFerrarioraUSBkey• changein2008:sellers cannot ratebuyers inorder to increase negative ratingsofsellers
• aggressivemarketing(Naymz/Visible.me spam,Reputation.comoveralarmingemails)
• resellingofprivatedatawithoutuserconsent(Rapleaf 1.0/Trustfuse)• difficultandincompletecollection,verificationandmanagementofratings• TripAdvisor
– Guiltyof falseratingsorsuccessfullyattacked• UK,2009:suedby2000hotelsassociation,changeofslogan“reviewsyoucantrust”to
“reviewsfromourcommunity”• France,2011:non-partnerhotelslistedasfullybookedevenifstillavailable inreal• Italy,2014and2015:
– feeof500kEurosbytheItaliananti-trustbodyduetounclearexplanationregardingthevalidityoftheirratings
– ghostrestaurantrankedasbestrestaurantofatouristiccity• Tunisia,2016:traveler's choiceawardgiventothehotelinTunisiawherean
Islamistterroristattackleft30Britishholidaymakersdeadlastsummer
e-Reputationratingsmainaspects
• Ratingsverifiedornot• Closedoropenalgorithmsinordertoevaluatetheirattack-
resistancebytheresearchcommunity– securitybyobscurityisbelievedtobelesssecurebythe
researchcommunity• Open,restrictedornoAPItoaccess/managethem• Theirvisualizationordigitalrepresentation
– Quantitativeonly• Scaleofstarsbetween1to5…
– Qualitativeaswell• Needofautomatedlanguagesentiment analysis
Howtovisualizetrusteffectively?
• Trustvisualizationhasarealbusinessimpact:+8%pricepremium[Johnston,1996]
TrustPlus• 2006to2012,decentralized,closedalgorithm,notverifiedratings,interestingtrustvisualization
• Scorebetween0and100• Startedin2008– focusingone-reputationinfluence– boughtforaround100millions$in2014– closedalgorithm– basedondetectedevidencesuchasnumberoffollowers/fansandtheirownscoreengagementofposts
– knowntobeeasilyattackedduetotheeasysetupoffakeaccounts
FakeAccounts,Clicks,RatingsandReviews
Agenda• Introduction• Today’sWeakOnlineReputationMetrics• ComputationalTrustEngines• TowardsStandardizedAttack-ResistantTrustMetrics
• Conclusion• Q&A
ComputationalTrust• Oneofitsmaingoalistoachieveattack-resistanttrustmetrics• Atrustmetricconsistsofthedifferentcomputationsandcommunications
whicharecarriedoutbythetrustor(andhis/hernetwork)tocomputeatrustvalueinthetrustee
• Atrustvalueisthedigitalrepresentationofthetrustworthinessorleveloftrustintheentityunderconsiderationandisanon-enforceableestimateoftheentity’sfuturebehaviorinagivencontextbasedonpastevidence,mainly:– directobservations,– recommendations fromanidentified recommender,– reputationasanaggregatedvaluefromnotclearlyidentified recommender(s).
• 3maintypesoftrustareconsideredinsocialresearch:– interpersonal trust,– dispositional trust,– systemtrust.
• Interpersonaltrustiscrucialwhensystemtrustcannotbeenforced,forexample,intheubiquitouscomputingworldoftheInternetofThings(IoT).
[Seigneur,2005]
McKnight&ChevernyTrustSocialModel
TrustEngineandTrustMetricsAttacks
• Thetrustmetricsareattackedbymeansof:– Identityusurpationattacks– Identitymultiplicityattacks
• Douceur’sSybilAttackisthemostwell-known– Coalitionsofmotivateduserscomparedtootherlazyuserswhodonotrate
Trust Engine’s Security Perimeter
Decision-making
ER
VirtualIdentities
Trust ValueComputation
Risk Analysis
Decision
RequestEvidenceManager
EvidenceStore
ResearchRepresentationsofTrustValues
[Marsh,2016]
[SECURE,2005]
[WangandVassileva,2003]
Agenda• Introduction• Today’sWeakOnlineReputationMetrics• ComputationalTrustEngines• TowardsStandardizedAttack-ResistantTrustMetrics
• Conclusion• Q&A
RandomAttack
4 randomly attacked9 directly compromised20 not compromised
NetworkTopologyEngineeredAttack
4 most connected attacked20 compromised9 not compromised
TrustTransfer:Sybil-attackResistantTrustMetric
(100,2)
(60,5)(180,0)(90,3)
(48,1)
(70,0)(12,0) (12,0)
à (36,1)
(100,2)
(60,5)(180,0)(90,3)
(48,1)
(70,0)
(12,0)
12fakedeventsmayhavebeenintroducedinthenetwork
[Seigneur, 2005]
TrustTransferExample
RecommenderSearchPolicy(RSP)
RecommendationPolicy(RP)
Thesearchforrecommendersmaybeextendedtocontactsofrecommenders.
?
Thetotalamountoftrusttransferredmaybesharedbetweenseveralrecommenders.
R
TS
10positiveoutcomesneeded
Start:R(22,2)
Start:S(32,2)
End:R(12,2)S(10,0)
End:S(22,2)
S(10)?T(10)?
YesYes
[Seigneur, 2005]
Conclusion
• Caremustbetakenwhenstandardizingtrustinordertonotdeceivetheusersandkeeptheirtrustinthetruststandard
• Attack-resistanttrustmetricsshouldbeopenandeasytobereviewedbytheresearchcommunity
• Ideally,themostattack-resistanttrustmetricsshouldbestandardized
Q&A
• Thanksforyourattention!• Jointhethe290+Trustcompcommunitymembers– http://www.trustcomp.org/group-mailing-list– ACMSACtrust/reputationTRECKtrackCFP• Deadline:15th September2016