Abstract
The significance of efficient security mechanisms in P2P and Grid systems is unquestionable, since security is considered to be a quality of service factor for such systems. Traditional security mechanisms in P2P and Grid systems include encryption, sand-boxing and other access control and authentication mechanisms. Unfortunately these techniques incur additional overhead. By using trust and reputation-based mechanisms, the additional overhead is minimized. The deployment of efficient trust mechanisms results to a safer communication between P2P or Grid nodes, increasing the quality of service and making P2P and Grid technology more appealing. The aim of this book chapter is to lay the theoretical background of concepts such as trust, reputation, trust graphs and trust functions. Furthermore it presents classification schemes for trust functions, discussing the characteristics and differences of each classification. Finally, it analyses popular trust and reputation-based management mechanisms that have been implemented in both P2P and Grid systems.
TopIntroduction
P2P systems consist of a group of entities called peers that interact with each other without the presence of a central coordinating authority (decentralized P2P systems) (Figure 1). A peer in such a system can act both as a client and a server (Suryanaranyana & Taylor, 2004). It can request services from other entities as well as provide services to other entities in the system. Each peer has a limited perspective of the system and relies upon information received from other peers to make local autonomous decisions. Decisions made by each decentralized peer may well conflict with those made by other peers.
Figure 1. An example figure of a P2P system
A Grid (Figure 2) can be defined as “a large-scale, geographically distributed, hardware and software infrastructure composed of heterogeneous networked resources owned and shared by multiple administrative organizations which are coordinated to provide transparent, dependable, pervasive and consistent computing support to a wide range of applications. These applications can perform distributed computing, high throughput computing, on-demand computing, data-intensive computing, collaborative computing or multimedia computing” (Bote-Lorenzo, Dimitriadis & Gomez-Sanchez, 2004).
Figure 2. An example figure of a Grid system
P2P and Grid computing are both approaches to distributed computing mainly concerned with the organization of resource sharing in large scale computational environments. Though both types of systems share the common basic concept of resource-sharing, they followed different evolutionary paths. P2P systems focus on dealing with factors such as fault tolerance, transient populations and self-adaptation. On the other hand, research in Grid systems focuses on definitions of common protocols and standardized infrastructures to achieve interoperability.
At first, Grids were comprised by fully dedicated entities. These participating entities communicated with a high trust level, alleviating the requirement of complex reputation and trust models. As time progressed, Grids grew in size and new entities joined the systems. This fact has made the deployment of efficient trust mechanisms in Grid systems a primary concern. P2P applications lack the concept of a pre-defined trust relationship between participating entities. Most P2P applications assume an unsecured environment at all times. Deployment of trust and reputation mechanisms for P2P systems was always a primary concern. Therefore, both Grid and P2P systems share a common interest in efficient trust-based security mechanisms.
The fact that security in any system is considered a quality of service factor, the significance of efficient security mechanisms is unquestionable. Research work concerning this field suggests the use of security features such as sand-boxing (Chang, Itzkovitz & Karamcheti, 2000), encryption (Schneier, 1996) and other access control and authentication mechanisms. These mechanisms, however, incur additional overhead. Trust and reputation-based mechanisms are aware of the security requirements of the peers or Grid nodes and can perform all the relevant services with a minimized overhead. By using trust and reputation-based mechanisms, P2P and Grid technology becomes more appealing. An efficient trust mechanism results to a safer communication between the entities, increasing the quality of service.
The absence of a single authority that coordinates and monitors the behavior of peers and Grid nodes could lead to negative effects caused by malicious entities. Moreover, the absence of a single authority that coordinates the joining of new entities in these systems could also lead to negative effects since there are no guarantees for the good behavior of the new-joined entities. In decentralized P2P and Grid systems malicious entities may be encouraged to resort to a variety of attacks, such as transmitting false information or posing as other peers or Grid nodes. A trust management mechanism is responsible of defending the system’s operation from attacks caused by malicious peers or Grid nodes.
Key Terms in this Chapter
Trust Classification: Different categories of trust depending on the approach used to calculate trust values.
Trust Functions: Trust metrics used to calculate trust.
Trust Evaluation: A binary action, meaning that an entity evaluates the trustworthiness of another entity and decides whether to trust or not.
Reputation: An expectation of an entity’s behavior based on other entities’ observations or information about the entity’s past behavior at a given time.
Peer-to-Peer Systems: Consist of a group of entities called peers that interact with each other without the presence of a central coordinating authority (decentralized P2P systems). A peer in such a system can act both as a client and a server. It can request services from other entities as well as provide services to other entities in the system.
Grid Systems: A large-scale, geographically distributed, hardware and software infrastructure composed of heterogeneous networked resources owned and shared by multiple administrative organizations which are coordinated to provide transparent, dependable, pervasive and consistent computing support to a wide range of applications.
Trust: The firm belief in the competence of an entity to act as expected such that this firm belief is not a fixed value associated with the entity but rather it is subject to the entity’s behavior and applies only within a specific context at a given time.
Trust Management: The trust management phase differs from mechanism to mechanism. There are some trust mechanisms that re-calculate trust values based on past successful transactions between entities, while others re-calculate trust values based on the complaints an entity has gathered from past transactions. There are even trust mechanisms that re-calculate trust values based on the progression of time.