Searching for Trust

Chuong Ngo
,
Technical Consultant

How do you find your way in the dark? How do you progress in an uncertain world?

P2P networks are a major paradigm shift in the computing landscape, ushering in an era of genuinely distributed computing. They are more scalable, efficient, cost-effective, and resilient than client-server systems. Their decentralized nature also makes them a better reflection of society. However, they are also more complex and more challenging to secure.

Loss of Innocence

When you check your bank balance online, you must trust that the server you connect to is trustworthy. You also have to trust the other technologies the bank uses (e.g., load balancers, databases, etc.). After all, your bank controls its IT systems, and it is in the bank’s interest to ensure its systems are safe and secure. So, your bank’s IT systems are trusted transitively.

Transitive trust is more challenging in a P2P network. Is the computer you are connecting to controlled by the organization you trust? You may not know who controls the computer at all. Historically, P2P networks have depended on the naive notion that everyone can be trusted. As history repeatedly shows us, that is not the case.

Trust has a silent presence in all community interactions.

The Internet is easily the largest P2P network in existence. Our modern lives depend on it. In the United States alone, e-commerce amounts to trillions of dollars. So, we cannot just trust.

In Trust We Trust

P2P networks consist of independent computers that communicate with each other directly. These computers, or nodes, are analogous to people in a collective. In other words, computers in P2P networks form virtual communities.

Trust plays a crucial role in real-life communities. John Locke even said trust is the key casual precondition for any society. It can be a tool for complexity reduction and provide security and assurance in the face of uncertainty and incomplete information. It encourages information exchange and influence. It facilitates problem-solving and the absorption of knowledge. Self-identity and political soundness are both built on trust. As Barbara Misztal might put it, trust has a silent presence in all community interactions.

Trust can also be the backbone of virtual communities and P2P networks.

All in a Number

So, how do you measure trust? Marsh was a pioneer in computational trust. He based his trust model on sociology and psychology (link). However, the model was complex and challenging to implement. Aberer et al. (link) broke the problem of trust in P2P networks into three subproblems.

  • Global trust model
  • Local algorithm to determine trust
  • Data and communication management

The global trust model problem asks how you determine the trustworthiness of a peer. Whereas the global trust model uses all information available to the network, the local algorithm to determine trust limits itself to only the information available to a given node. In other words, how does a node approximate the global trust model with its available resources? Data and communication management asks how to implement the local algorithm efficiently and whether it scales with the network. Popular implementations of computational trust often include centralized data storage. For example, eBay lets buyers and sellers rate each other after each transaction and aggregates the ratings into a score for the buyers and sellers. It stores those ratings in a centralized database. Centralized solutions cannot scale enough for P2P networks.

Abdul-Rahman et al. (link) put forward that a trust model has to support the properties of:

  1. Trust is context-dependent.
  2. Negative and positive degrees of belief in a peer’s trustworthiness.
  3. Prior experiences are the basis of trust.
  4. Nodes can exchange reputational information through recommendations.
  5. Trust is not transitive.
  6. Trust is dynamic and non-monotonic.
Reputation relies on gossip, which isn’t always trustworthy.

Looking Back To Go Forward

Given its prevalence in real-world trust systems, it should be no surprise that many computational trust models use reputation. Reputation is the overall quality or character of someone or something as seen or judged by others. In other words, reputation is a reliability metric. It measures events over time and is backward-looking.

When you shop at an online store, you may read reviews for an item you are interested in. These reviews are from other people who may have bought the item. You may also reference previous interactions you have had with similar products. Additionally, you may look into the reputation of the merchant.

In other words, reputation implicitly assumes that past performance indicates future behavior. It’s why prospective employers may ask you for references from previous employers.

But is reputation trustworthiness? In other words, is past performance an indication of future behavior? History has plenty of examples of reputation failing as a measure of trustworthiness. In the years leading up to the 2007-2008 financial crisis, mortgage-backed securities were considered safe investments, and many financial institutions held them in their portfolios. A collapse of the housing market was thought impossible. It had never happened before.

Reputation favors incumbents and majority opinions.

Of course, there is a first time for everything. A decline in housing prices knocked over a chain of dominos that wiped out over $2 trillion and sparked the most severe global recession since the Great Depression. Several respected businesses failed, and governments and the public scrutinized the financial system and its regulators. Past performance was not an indication of future behavior.

Finding More Cracks

Reputation is a backward-looking aggregation of events over time. It does not predict future behavior or behavior at a given time. It also favors incumbents and majority opinions. Reputation systems often marginalize newcomers and outcasts. After all, how do you judge someone with no history or with differing views? It can also unduly punish lousy luck or circumstances. Do you know anyone who struggled a lot due to what family they were born into? Or how about someone who got poor credit after a series of bad luck? How hard was it for them to rebuild their credit?

Reputation also relies on communication between peers. In other words, it depends on gossip. Gossip is not necessarily reliable and can be malicious. Karina Saifer Oliveira, a 15-year-old Brazilian girl, committed suicide in 2017 because of rumors spread at her school. This problem can be mitigated by listening only to trustworthy peers. However, now there is a chicken or egg problem.

Banner image credit to
Ян Заболотний
Peer-to-Peer
Algorithm
Computational Trust

Related Posts