CARACTERÍSTICAS DEL PROGRAMA DE EMISIÓN Y COLOCACIÓN DE ACCIONES DE ECOPETROL S.A

Decentralized TRMs presented in section 2.5.2, might use different sources of information such as direct experiences, witness information, sociological information and prejudice [LIMC08]. Researchers in [LIJ08] [LIAN07], have identified the existence of cheaters (exploitation) in artificial societies employing trust and reputation models and the existence of inaccurate witnesses. This inaccurate information can challenge the integrity of the reputation system based on witness information leading to misleading trust information. A new type of attack presented in [SALE09], is referred to as con-man attack. In this type of attack an attacker sits between the sender and the receiver and sniffs any information being sent between two ends. In some cases the attacker may impersonate the sender to communicate with the receiver, or impersonate the receiver to reply to the sender. Con-man attack is similar to another attack of its type referred to as the collusion attack. Collusion attacks occur when one or more nodes conspire together to take advantage of breaches in trust models to defraud one or more nodes [QURE10]. It can be the case that

44 nodes in the colluding group adopt a sacrificial stance in collusion attacks in order to maximize the utility of the colluding group. Collusion attacks often work based on the basic idea that one or more nodes show themselves as trustworthy nodes in one type of interaction (usually direct interaction). Afterward, they will be untrustworthy in other type of interaction (e.g., witness interaction) by providing false information in favour of other members of the colluding group. This false information usually encourages a victim to interact with members of the colluding group and rely on false information provided to compute trust information.

The reputation management system presented in [YUB08] is based on acquiring trust ratings from social contacts. Similarly the works presented in [ZOUR06] utilizes the effectiveness of the proposed scheme to maximize secure data delivery rate. More recently [LIH07] and [YUNF07] proposed adaptive trust and reputation system for an application in MANET. FIRE [HUYN06] trust and reputation model is a well known and vastly utilized trust and reputation model. All of these approaches rely on trust ratings inquiry from neighbouring nodes in the network, in direct or witness interactions. Regardless of the effectiveness of these techniques, they are susceptible to collusion and the con-man attacks. Work presented in chapter 7 is inspired by evaluating the impact of collusion attack on FIRE. The proposed FIRE+ [QURE10] trust and reputation model, defines a mechanism for keeping a history of trust ratings and measure of confidence in ratings received from direct and witness interactions. The trust network graph determines the reliable ratings provided by direct and witness agents utilizing the experience of interactions while synthesizing unreliable ratings from colluding / malicious agents with dubious recommendations. The determination of the value of confidence in trust values is crucial to the success of FIRE+. In this context, new policies were defined to determine collusive behaviour and show experimentally that FIRE+ nodes using a multidimensional trust and reputation model while utilizing the trust policies can counter the risk of a direct interaction and witness interaction collusion attack by malicious agents in FIRE.

Most of the trust and reputation models presented in section 2.5.2 utilize a full aggregation trust ratings mechanism. Usually a full aggregation reputation system is of high accuracy; however, the aggregation approach involves a trade-off between the accuracy and overload. The overload of the full aggregation is quite heavy when the network expands very large. In addition, the reputation convergence is not fast. In mobile P2P networks,

45 peers join or leave the network frequently, which leads to the dynamic network topology changes. Due to frequent changes, a trust management system needs to repeatedly revise and update trust ratings, which in turn can increase the communication overhead. Moreover, pervasive devices that are resource-constrained need to avoid unnecessary trust ratings computations and storing redundant or obsolete trust ratings. Furthermore, accuracy of direct and witness trust rating from reliable and trustworthy peers, is necessary for the reliability and robustness of the trust ratings aggregation scheme. In order to attain a highly accurate, robust and efficient trust and reputation management system a trade-off between the computational complexity and accuracy is vital. To the author‘s knowledge, no trust and reputation model exists that has been specifically designed for P2P mobile networks, considering the limitations of computations power, limited storage and wireless communication issues. In designing M-trust, five key characteristics to address the essential trade-off in ratings aggregation.

 Reliability; in detecting malicious activity from a peer and categorizing it as a malicious peer.

 Accuracy; in computing trust ratings for local interactions and maintaining global trust ratings.

 Adaptability; in considering frequent topology changes due to mobility.

 Robustness; in avoiding trust ratings from untrustworthy and unreliable sources.

 Light-weighted-ness; in avoiding heavy computation and frequent communications with peers for updates. Furthermore, reducing the size of trust list by removing redundant and obsolete ratings.

To this end, work described in Chapter 8 presents trust ratings aggregation mechanism referred to as M-Trust. M-trust relies on confidence in reputation for computing direct trust ratings and witness recommendations from reliable peers to determine trust ratings for a peer using the proposed trust ratings aggregation algorithms. Simulation results demonstrate that the overall performance of M-trust is accurate, reliable and robust for detecting malicious peers in P2P mobile networks. Four trust management techniques, Bellman-Ford [ZHAO09], Received Ratings [LIMC08], Weighted Average [HUYN06] and Ultimate Trust [BAHT10], were compared with M-trust to analyze the performance of the proposed scheme. Simulation results show that M-trust is comparable or better than the rest of the presented techniques in the five performance categories mentioned above.

46

2.7 Summary

This chapter presented a review of important concepts related to this thesis. Section 2.1 described mobile networks with emphasis on properties and applications of MANETs and DTNs. Routing protocols for MANETs and DTNs are presented in section 2.2. Section 2.3 presented features of mobile P2P networks, challenges in deployment of P2P overlays on MANETs and the existing P2P overlays for MANETs. Popular mobile P2P applications such as file sharing and MSNs are also discussed. Security issues and challenges in MANETs are discussed in section 2.4 along with types of attacks on MANETs and proposed solutions to known attacks using cryptography techniques. Section 2.5 presented trust and reputation management models. Features for the popular centralized and de- centralized models are presented. Section 2.6 presents a discussion on analysis of related work.

47

Chapter 3

Opportunistic Trust based P2P Framework in disconnected