Decentralization
We adopt the following definition of decentralization proposed by Rohit Khare.
"A decentralized system is one which requires multiple parties to make their own independent decisions"
In such a decentralized system, there is no single centralized authority that makes decisions on behalf of all the parties. Instead each party, also called a peer, makes local autonomous decisions towards its individual goals which may possibly conflict with those of other peers. Peers directly interact with each other and share information or provide service to other peers.
An open decentralized system is one in which the entry of peers is not regulated. Any peer can enter or leave the system at any time. Due to this and the fact that peers are autonomous with possibly different goals, the system may be exposed to a number of malicious attacks. A well-known example of such attacks is in the case of p2p file-sharing applications where malicious peers disguise viruses and trojans as reliable resources. Some of these critical threats are discussed below.
In the absence of a centralized authority, each decentralized peer must safeguard itself against such attacks. Decentralized trust management provides an effective measure to counter such threats.
Critical threats due to decentralization
The open decentralized nature of a system makes it susceptible to the following critical threats and attacks due to the presence of malicious peers. It should be noted that these threats are not unique to decentralized systems but become critical here because the lack of a centralized authority makes it difficult to counter these threats and attacks.
Impersonation - Malicious peers may attempt to conceal their identities by portraying themselves as other users. This may happen in order to capitalize on the pre-existing trust relationships of the identities they are impersonating and the targets of the impersonation. Therefore, the targets of the deception need the ability to detect these incidents.
Fraudulent Actions - It is also possible for malicious peers to act in bad faith without actively misrepresenting themselves or their relationships with others. A user can indicate that they have a particular service available even when they knowingly do not have it. Therefore, the system should attempt to minimize the effects of bad faith.
Misrepresentation - Malicious users may also decide to misrepresent their trust relationships with other peers in order to confuse. This deception could either intentionally inflate or deflate the malicious user’s trust relationships with other peers. Peers could publish that they do not trust an individual that they know to be trustworthy. Or, they could claim that they trust a user that they know to be dishonest. Both possibilities must be taken into consideration.
Collusion - A group of malicious users may also join together to actively subvert the system. This group may decide to collude in order to inflate their own trust values and deflate trust values for peers that are not in the collective. Therefore, a certain level of resistance needs to be in place to limit the effect of malicious collectives.
Denial of Service - In an open architecture, malicious peers may launch an attack on individuals or groups of peers. The primary goal of these attacks is to disable the system or make it impossible for normal operation to occur. These attacks may flood peers with well-formed or ill-formed messages. In order to compensate, the system requires the ability to contain the effects of denial of service attacks.
Addition of Unknowns - In an open architecture, the cold start situation arises: upon initialization, a peer does not know anything about anyone else on the system. Without any trust information present, there may not be enough knowledge to form relationships until a sufficient body of experience is established. Therefore, the ability to bootstrap relationships when no prior relationships exist is essential.
Deciding Whom to Trust - In a large scale system, certain domain-specific behaviors may indicate the trustworthiness of a user. Trust relationships should generally improve when good behavior is perceived of a particular peer. Similarly, when dishonest behavior is perceived, trust relationships should be downgraded accordingly.
Out-of-Band Knowledge - Out-of-band knowledge occurs when there is data not communicated through normal channels. When trust is assigned based on visible in-band interactions, there may also exist important invisible interactions that have an impact on trust. For example, Alice could indicate in person to Bob the degree to which she trusts Carol. Bob may then want to update his system to adjust for Alice’s out-of-band perception of Carol. Therefore, ensuring the consideration of out-of-band trust information is essential.