1. bookVolume 2021 (2021): Issue 1 (January 2021)
Journal Details
License
Format
Journal
eISSN
2299-0984
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
access type Open Access

SoK: Privacy-Preserving Reputation Systems

Published Online: 09 Nov 2020
Page range: 107 - 127
Received: 31 May 2020
Accepted: 16 Sep 2020
Journal Details
License
Format
Journal
eISSN
2299-0984
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
Abstract

Trust and user-generated feedback have become increasingly vital to the normal functioning of the modern internet. However, deployed systems that currently incorporate such feedback do not guarantee users much in the way of privacy, despite a wide swath of research on how to do so spanning over 15 years. Meanwhile, research on systems that maintain user privacy while helping them to track and update each others’ reputations has failed to standardize terminology, or converge on what privacy guarantees should be important. Too often, this leads to misunderstandings of the tradeoffs underpinning design decisions. Further, key insights made in some approaches to designing such systems have not circulated to other approaches, leaving open significant opportunity for new research directions. This SoK investigates 42 systems describing privacy-preserving reputation systems from 2003–2019 in order to organize previous work and suggest directions for future work. Our three key contributions are the systematization of this body of research, the detailing of the tradeoffs implied by overarching design choices, and the identification of underresearched areas that provide promising opportunities for future work.

Keywords

[1] Carlos Aguilar Melchor, Boussad Ait-Salem, and Philippe Gaborit. A collusion-resistant distributed scalar product protocol with application to privacy-preserving computation of trust. In 2009 Eighth IEEE International Symposium on Network Computing and Applications, pages 140–147, July 2009.10.1109/NCA.2009.48Search in Google Scholar

[2] Jay Allen. The invasion boards that set out to ruin lives. https://boingboing.net/2015/01/19/invasion-boards-setout-to-rui.html, January 2015.Search in Google Scholar

[3] Larry Alton. How Purple, Uber and Airbnb are disrupting and redefining old industries. https://www.entrepreneur.com/article/273650, April 2016.Search in Google Scholar

[4] Elli Androulaki, Seung Geol Choi, Steven M. Bellovin, and Tal Malkin. Reputation systems for anonymous networks. In Nikita Borisov and Ian Goldberg, editors, Privacy Enhancing Technologies, pages 202–218. Springer Berlin Heidelberg, 2008.10.1007/978-3-540-70630-4_13Search in Google Scholar

[5] Mohd Anwar and Jim Greer. Reputation management in privacy-enhanced e-learning. In The Proceedings of the 3rd Annual Scientific Conference of the LORNET Research Network (I2LOR 2006), November 2006.Search in Google Scholar

[6] Muhammad Ajmal Azad, Samiran Bag, and Feng Hao. PrivBox: Verifiable decentralized reputation system for online marketplaces. Future Generation Computer Systems, 89:44–57, 2018.Search in Google Scholar

[7] Muhammad Ajmal Azad, Samiran Bag, Feng Hao, and Khaled Salah. M2M-REP: Reputation system for machines in the internet of things. Computers and Security, 79:1–16, 2018.Search in Google Scholar

[8] Samiran Bag, Muhammad Ajmal Azad, and Feng Hao. A privacy-aware decentralized and personalized reputation system. Computers and Security, 77:514–530, 2018.10.1016/j.cose.2018.05.005Search in Google Scholar

[9] Rémi Bazin, Alexander Schaub, Omar Hasan, and Lionel Brunie. A decentralized anonymity-preserving reputation system with constant-time score retrieval. Cryptology ePrint Archive, Report 2016/416, 2016. https://eprint.iacr.org/2016/416.Search in Google Scholar

[10] Kai Bemmann, Johannes Blömer, Jan Bobolz, Henrik Bröcher, Denis Diemert, Fabian Eidens, Lukas Eilers, Jan Haltermann, Jakob Juhnke, Burhan Otour, Laurens Porzenheim, Simon Pukrop, Erik Schilling, Michael Schlichtig, and Marcel Stienemeier. Fully-featured anonymous credentials with reputation system. In Proceedings of the 13th International Conference on Availability, Reliability and Security, ARES 2018, pages 42:1–42:10, New York, NY, USA, 2018. ACM.10.1145/3230833.3234517Search in Google Scholar

[11] John Bethencourt, Elaine Shi, and Dawn Song. Signatures of reputation. In Radu Sion, editor, Financial Cryptography and Data Security, pages 400–407, Berlin, Heidelberg, 2010. Springer Berlin Heidelberg.10.1007/978-3-642-14577-3_35Search in Google Scholar

[12] Johannes Blömer, Fabian Eidens, and Jakob Juhnke. Practical, anonymous, and publicly linkable universally-composable reputation systems. In Nigel P. Smart, editor, Topics in Cryptology — CT-RSA 2018, pages 470–490. Springer International Publishing, 2018.10.1007/978-3-319-76953-0_25Search in Google Scholar

[13] Colin Boyd, Roslan Ismail, Audun Jøsang, and Selwyn Russell. Private reputation schemes for P2P systems. In Fernandex-Medina, Castro, and Villalba, editors, Proceedings of the 2nd International Workshop on Security In Information Systems, WOSIS 2004, pages 196–206, Porto, Portugal, 2004. INSTICC Press.Search in Google Scholar

[14] Núria Busom, Ronald Petrlic, Francesc Sebé, Christoph Sorge, and Magda Valls. A privacy-preserving reputation system with user rewards. Journal of Network and Computer Applications, 80:58–66, 2017.10.1016/j.jnca.2016.12.023Search in Google Scholar

[15] David Chaum. Blind signatures for untraceable payments. In David Chaum, Ronald L. Rivest, and Alan T. Sherman, editors, Advances in Cryptology, pages 199–203, Boston, MA, 1983. Springer US.10.1007/978-1-4757-0602-4_18Search in Google Scholar

[16] David Chaum. Security without identification: Transaction systems to make Big Brother obsolete. Commun. ACM, 28(10):1030–1044, October 1985.10.1145/4372.4373Search in Google Scholar

[17] Delphine Christin, Christian Roßkopf, Matthias Hollick, Leonardo A. Martucci, and Salil S. Kanhere. IncogniSense: An anonymity-preserving reputation framework for participatory sensing applications. Pervasive and Mobile Computing, 9(3):353–371, 2013. Special Issue: Selected Papers from the 2012 IEEE International Conference on Pervasive Computing and Communications (PerCom 2012).10.1016/j.pmcj.2013.01.003Search in Google Scholar

[18] Michael R. Clark, Kyle Stewart, and Kenneth M. Hopkinson. Dynamic, privacy-preserving decentralized reputation systems. IEEE Transactions on Mobile Computing, 16(9):2506–2517, September 2017.10.1109/TMC.2016.2635645Search in Google Scholar

[19] Sebastian Clauß, Stefan Schiffner, and Florian Kerschbaum. K-anonymous reputation. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS ’13, pages 359–368, New York, NY, USA, 2013. ACM.10.1145/2484313.2484361Search in Google Scholar

[20] Ernesto Damiani, Sabrina De Capitani di Vimercati, Stefano Paraboschi, and Pierangela Samarati. Managing and sharing servents’ reputations in P2P systems. IEEE Transactions on Data and Knowledge Engineering, 15(4):840–854, 2003.10.1109/TKDE.2003.1209003Search in Google Scholar

[21] EJ Dickson. Furries got an alt-right troll banned from their convention. https://www.rollingstone.com/culture/culture-news/milo-yiannopolous-furry-convention-884960/, September 2019.Search in Google Scholar

[22] Minghong Fang, Neil Zhenqiang Gong, and Jia Liu. Influence function based data poisoning attacks to top-n recommender systems. In Proceedings of The Web Conference 2020, WWW ’20, pages 3019––3025, New York, NY, USA, 2020. Association for Computing Machinery.10.1145/3366423.3380072Search in Google Scholar

[23] Minghong Fang, Guolei Yang, Neil Zhenqiang Gong, and Jia Liu. Poisoning attacks to graph-based recommender systems. In Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC ’18, pages 381—-392, New York, NY, USA, 2018. Association for Computing Machinery.10.1145/3274694.3274706Search in Google Scholar

[24] Lydia Garms, Keith Martin, and Siaw-Lynn Ng. Reputation schemes for pervasive social networks with anonymity (short paper). In 2017 15th Annual Conference on Privacy, Security and Trust (PST), pages 311–316, August 2017.10.1109/PST.2017.00044Search in Google Scholar

[25] Neil Zhenqiang Gong, Mario Frank, and Prateek Mittal. Sybil-Belief: A semi-supervised learning approach for structure-based Sybil detection. IEEE Transactions on Information Forensics and Security, 9(6):976–987, 2014.Search in Google Scholar

[26] Liming Hao, Songnian Lu, Junhua Tang, and Aixin Zhang. A low cost and reliable anonymity scheme in P2P reputation systems with trusted third parties. In IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference, pages 1–5, November 2008.10.1109/GLOCOM.2008.ECP.424Search in Google Scholar

[27] Liming Hao, Shutang Yang, Songnian Lu, and Gongliang Chen. A dynamic anonymous P2P reputation system based on trusted computing technology. In IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference, pages 332–337, November 2007.10.1109/GLOCOM.2007.69Search in Google Scholar

[28] Omar Hasan, Elisa Bertino, and Lionel Brunie. Efficient privacy preserving reputation protocols inspired by secure sum. In 2010 Eighth International Conference on Privacy, Security and Trust, pages 126–133, August 2010.10.1109/PST.2010.5593245Search in Google Scholar

[29] Omar Hasan, Lionel Brunie, and Elisa Bertino. k-Shares: A privacy preserving reputation protocol for decentralized environments. In Kai Rannenberg, Vijay Varadharajan, and Christian Weber, editors, Security and Privacy—Silver Linings in the Cloud, pages 253–264, Berlin, Heidelberg, 2010. Springer Berlin Heidelberg.10.1007/978-3-642-15257-3_23Search in Google Scholar

[30] Omar Hasan, Lionel Brunie, and Elisa Bertino. Preserving privacy of feedback providers in decentralized reputation systems. Computers and Security, 31(7):816–826, 2012. IFIP/SEC 2010 “Security and Privacy—Silver Linings in the Cloud”.10.1016/j.cose.2011.12.003Search in Google Scholar

[31] Omar Hasan, Lionel Brunie, Elisa Bertino, and Ning Shang. A decentralized privacy preserving reputation protocol for the malicious adversarial model. IEEE Transactions on Information Forensics and Security, 8(6):949–962, June 2013.10.1109/TIFS.2013.2258914Search in Google Scholar

[32] Kuan Lun Huang, Salil S. Kanhere, and Wen Hu. Are you contributing trustworthy data? The case for a reputation system in participatory sensing. In Proceedings of the 13th ACM International Conference on Modeling, Analysis, and Simulation of Wireless and Mobile Systems, MSWIM ’10, pages 14––22, New York, NY, USA, 2010. Association for Computing Machinery.10.1145/1868521.1868526Search in Google Scholar

[33] Kuan Lun Huang, Salil S. Kanhere, and Wen Hu. A privacy-preserving reputation system for participatory sensing. In 37th Annual IEEE Conference on Local Computer Networks, pages 10–18, October 2012.10.1109/LCN.2012.6423585Search in Google Scholar

[34] Mohammed Hussain and David B. Skillicorn. Mitigating the linkability problem in anonymous reputation management. Journal of Internet Services and Applications, 2(1):47–65, July 2011.10.1007/s13174-011-0020-4Search in Google Scholar

[35] Roslan Ismail, Colin Boyd, Audun Jøsang, and Selywn Russel. Strong privacy in reputation systems. In Proceedings of the 4th International Workshop on Information Security Applications (WISA), August 2003.Search in Google Scholar

[36] Jinyuan Jia, Binghui Wang, Le Zhang, and Neil Zhenqiang Gong. AttriInfer: Inferring User Attributes in Online Social Networks Using Markov Random Fields. In Proceedings of the 26th International Conference on World Wide Web, WWW ’17, pages 1561–1569, 2017.Search in Google Scholar

[37] Florian Kerschbaum. A verifiable, centralized, coercion-free reputation system. In Proceedings of the 8th ACM Workshop on Privacy in the Electronic Society, WPES ’09, pages 61–70. ACM, 2009.10.1145/1655188.1655197Search in Google Scholar

[38] Eric Killelea. Does the furry community have a Nazi problem? https://www.rollingstone.com/culture/culture-features/does-the-furry-community-have-a-nazi-problem-194282/, April 2017.Search in Google Scholar

[39] Michael Kinateder and Siani Pearson. A privacy-enhanced peer-to-peer reputation system. In Kurt Bauknecht, A. Min Tjoa, and Gerald Quirchmayr, editors, E-Commerce and Web Technologies, pages 206–215, Berlin, Heidelberg, 2003. Springer Berlin Heidelberg.10.1007/978-3-540-45229-4_21Search in Google Scholar

[40] Christiane Kuhn, Martin Beck, Stefan Schiffner, Eduard Jorswieck, and Thorsten Strufe. On privacy notions in anonymous communication. Proceedings on Privacy Enhancing Technologies, 2019(2):105–125, 2019.10.2478/popets-2019-0022Search in Google Scholar

[41] KW Counselling Services. What Does LGBTQ+ Mean? https://ok2bme.ca/resources/kids-teens/what-does-lgbtq-mean/, 2020.Search in Google Scholar

[42] Shyong K. Lam and John Riedl. Shilling recommender systems for fun and profit. In Proceedings of the 13th International Conference on World Wide Web, WWW ’04, pages 393—-402, New York, NY, USA, 2004. Association for Computing Machinery.Search in Google Scholar

[43] Dongxiao Liu, Amal Alahmadi, Jianbing Ni, Xiaodong Lin, and Xuemin Shen. Anonymous reputation system for IIoT-enabled retail marketing atop PoS blockchain. IEEE Transactions on Industrial Informatics, 15(6):3527–3537, June 2019.10.1109/TII.2019.2898900Search in Google Scholar

[44] Jia Liu and Mark Manulis. pRate: Anonymous star rating with rating secrecy. In Robert H. Deng, Valérie Gauthier-Umaña, Martín Ochoa, and Moti Yung, editors, Applied Cryptography and Network Security, pages 550–570. Springer International Publishing, 2019.10.1007/978-3-030-21568-2_27Search in Google Scholar

[45] Hugo Miranda and Luis Rodrigues. A framework to provide anonymity in reputation systems. In 2006 Third Annual International Conference on Mobile and Ubiquitous Systems: Networking Services, pages 1–4, July 2006.10.1109/MOBIQ.2006.340391Search in Google Scholar

[46] Wolf Müller, Henryk Plötz, Jens-Peter Redlich, and Takashi Shiraki. Sybil proof anonymous reputation management. In Proceedings of the 4th International Conference on Security and Privacy in Communication Netowrks, SecureComm ’08, pages 7:1–7:10, New York, NY, USA, 2008. ACM.10.1145/1460877.1460887Search in Google Scholar

[47] Rishab Nithyanand and Karthik Raman. Fuzzy privacy preserving peer-to-peer reputation management. Cryptology ePrint Archive, Report 2009/442, January 2009. https://eprint.iacr.org/2009/442.Search in Google Scholar

[48] Elan Pavlov, Jeffrey S. Rosenschein, and Zvi Topol. Supporting privacy in decentralized additive reputation systems. In Christian Jensen, Stefan Poslad, and Theo Dimitrakos, editors, Trust Management, pages 108–119, Berlin, Heidelberg, 2004. Springer Berlin Heidelberg.10.1007/978-3-540-24747-0_9Search in Google Scholar

[49] Hao Peng, Song-nian Lu, Dan-dan Zhao, and Ai-xin Zhang. Low cost and reliable anonymity protocols in P2P reputation systems. Journal of Shanghai Jiaotong University (Science), 15(2):207–212, April 2010.10.1007/s12204-010-9734-xSearch in Google Scholar

[50] Ronald Petrlic, Sascha Lutters, and Christoph Sorge. Privacy-preserving reputation management. In Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC ’14, pages 1712–1718. ACM, 2014.10.1145/2554850.2554881Search in Google Scholar

[51] Margaret Pless. Kiwi Farms, the web’s biggest community of stalkers. https://nymag.com/intelligencer/2016/07/kiwi-farms-the-webs-biggest-community-of-stalkers.html, July 2016.Search in Google Scholar

[52] Mike Rugnetta. Mike Rugnetta, Idea Channel - XOXO Festival (2013). https://www.youtube.com/watch?v=-D9Xq3Xr8aE, October 2013.Search in Google Scholar

[53] Alexander Schaub, Rémi Bazin, Omar Hasan, and Lionel Brunie. A trustless privacy-preserving reputation system. In Jaap-Henk Hoepman and Stefan Katzenbeisser, editors, ICT Systems Security and Privacy Protection, pages 398–411. Springer International Publishing, 2016.10.1007/978-3-319-33630-5_27Search in Google Scholar

[54] Stefan Schiffner, Andreas Pashalidis, and Elmar Tischhauser. On the limits of privacy in reputation systems. In Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society, WPES ’11, pages 33–42, New York, NY, USA, 2011. ACM.10.1145/2046556.2046561Search in Google Scholar

[55] Aameek Singh and Ling Liu. TrustMe: anonymous management of trust relationships in decentralized P2P systems. In Proceedings Third International Conference on Peer-to-Peer Computing (P2P2003), pages 142–149, September 2003.10.1109/PTP.2003.1231514Search in Google Scholar

[56] Kyle Soska, Albert Kwon, Nicolas Christin, and Srinivas Devadas. Beaver: A decentralized anonymous marketplace with secure reputation. Cryptology ePrint Archive, Report 2016/464, 2016. https://eprint.iacr.org/2016/464.Search in Google Scholar

[57] Adam Steinbaugh. Kevin Bollaert sentenced to 18 years over revenge porn site “You Got Posted”. http://adamsteinbaugh.com/2015/04/03/kevin-bollaert-sentenced-to-years-over-revenge-porn-site-you-got-posted/, April 2015.Search in Google Scholar

[58] Nguyen Tran, Bonan Min, Jinyang Li, and Lakshminarayanan Subramanian. Sybil-resilient online content voting. In Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation, NSDI’09, pages 15—-28, USA, 2009. USENIX Association.Search in Google Scholar

[59] Marco Voss. Privacy preserving online reputation systems. In Yves Deswarte, Frédéric Cuppens, Sushil Jajodia, and Lingyu Wang, editors, Information Security Management, Education and Privacy, pages 249–264, Boston, MA, 2004. Springer US.10.1007/1-4020-8145-6_20Search in Google Scholar

[60] Marco Voss, Andreas Heinemann, and Max Muhlhauser. A privacy preserving reputation system for mobile information dissemination networks. In First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM’05), pages 171–181, September 2005.Search in Google Scholar

[61] Xinlei (Oscar) Wang, Wei Cheng, Prasant Mohapatra, and Tarek Abdelzaher. ARTSense: Anonymous reputation and trust in participatory sensing. In 2013 Proceedings IEEE INFOCOM, pages 2517–2525, April 2013.10.1109/INFCOM.2013.6567058Search in Google Scholar

[62] Yunzhao Wei and YanXiang He. A pseudonym changing-based anonymity protocol for P2P reputation systems. In 2009 First International Workshop on Education Technology and Computer Science, volume 3, pages 975–980, March 2009.Search in Google Scholar

[63] Jonathan Wells. Tyler Oakley: how the internet revolutionised LGBT life. https://www.telegraph.co.uk/men/thinking-man/tyler-oakley-how-the-internet-revolutionised-lgbt-life/, November 2015.Search in Google Scholar

[64] Danfeng Yao, Roberto Tamassia, and Seth Proctor. Private distributed scalar product protocol with application to privacy-preserving computation of trust. In Sandro Etalle and Stephen Marsh, editors, Trust Management, pages 1–16, Boston, MA, 2007. Springer US.Search in Google Scholar

[65] Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman. SybilGuard: Defending against Sybil attacks via social networks. In Proceedings of the 2006 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM ’06, pages 267––278, New York, NY, USA, 2006. Association for Computing Machinery.Search in Google Scholar

[66] Ennan Zhai, David Isaac Wolinsky, Ruichuan Chen, Ewa Syta, Chao Teng, and Bryan Ford. AnonRep: Towards tracking-resistant anonymous reputation. In 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16), pages 583–596. USENIX Association, March 2016.Search in Google Scholar

[67] Mingwu Zhang, Yong Xia, Ou Yuan, and Kirill Morozov. Privacy-friendly weighted-reputation aggregation protocols against malicious adversaries in cloud services. International Journal of Communication Systems, 29(12):1863–1872, 2016.10.1002/dac.2817Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo