Abstract
The purpose of a reputation system is to hold the users of a distributed application accountable for their behavior. The reputation of a user is computed as an aggregate of the feedback provided by fellow users in the system. Truthful feedback is clearly a prerequisite for computing a reputation score that accurately represents the behavior of a user. However, it has been observed that users can hesitate in providing truthful feedback because, for example, of fear of retaliation. Privacy-preserving reputation systems enable users to provide feedback in a private and thus uninhibited manner. In this survey, we propose analysis frameworks for privacy-preserving reputation systems. We use these analysis frameworks to review and compare the existing approaches. Emphasis is placed on blockchain-based systems as they are a recent significant development in the area. Blockchain-based privacy-preserving reputation systems have properties, such as trustlessness, transparency, and immutability, which prior systems do not have. Our analysis provides several insights and directions for future research. These include leveraging blockchain to its full potential in order to develop truly trustless systems, to achieve some important security properties, and to include defenses against common attacks that have so far not been addressed by most current systems.
- [1] . 2020. Smart contracts for blockchain-based reputation systems: A systematic literature review. Journal of Network and Computer Applications 170 (2020), 102814.Google ScholarCross Ref
- [2] . 2013. A privacy preserving distributed reputation mechanism. In Proceedings of the 2013 IEEE International Conference on Communications. IEEE, 1951–1956.Google ScholarCross Ref
- [3] . 2014. Extending signatures of reputation. Privacy and Identity Management for Emerging Services and Technologies, IFIP Advances in Information and Communication 421 (2014), 165–176.Google ScholarCross Ref
- [4] . 2008. Reputation systems for anonymous networks. In Proceedings of the 8th Privacy Enhancing Technologies Symposium. Google ScholarDigital Library
- [5] . 2006. Reputation management in privacy-enhanced E-learning. In Proceedings of the 3rd Annual Scientific Conference of the LORNET Research Network.Google Scholar
- [6] . 2008. Enabling reputation-based trust in privacy-enhanced learning systems. In Proceedings of the 9th International Conference on Intelligent Tutoring Systems. Google ScholarDigital Library
- [7] . 2017. M2M-REP: Reputation of machines in the internet of things. In Proceedings of the 12th International Conference on Availability, Reliability and Security. 1–7. Google ScholarDigital Library
- [8] . 2018. PrivBox: Verifiable decentralized reputation system for online marketplaces. Future Generation Computer Systems 89 (2018), 44–57.Google ScholarDigital Library
- [9] . 2020. Decentralized self-enforcing trust management system for social Internet of Things. IEEE Internet of Things Journal 7, 4 (2020), 2690–2703.Google ScholarCross Ref
- [10] . 2020. Smart parking system with privacy preservation and reputation management using blockchain. IEEE Access 8 (2020), 150823–150843.Google ScholarCross Ref
- [11] . 2018. A privacy-aware decentralized and personalized reputation system. Computers & Security 77 (2018), 514–530.Google ScholarDigital Library
- [12] . 2021. (F) unctional Sifting: A privacy-preserving reputation system through multi-input functional encryption. In Proceedings of the 25th Nordic Conference on Secure IT Systems. Springer, 111–126.Google ScholarCross Ref
- [13] . 2017. Self-reported verifiable reputation with rater privacy. In Proceedings of the IFIP International Conference on Trust Management. Springer, 180–195.Google ScholarCross Ref
- [14] . 2020. Blockchain-based distributed trust and reputation management systems: A survey. IEEE Access 8 (2020), 21127–21151.Google ScholarCross Ref
- [15] . 2010. Signatures of reputation: Towards trust without identity. In Proceedings of the 14th International Conference on Financial Cryptography and Data Security. 400–407. Google ScholarDigital Library
- [16] . 2007. A reputation system with privacy and incentive. In Proceedings of the 8th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing. Google ScholarDigital Library
- [17] . 2018. Survey on computational trust and reputation models. ACM Computing Surveys 51, 5 (2018), 1–40. Google ScholarDigital Library
- [18] . 2014. Towards a flexible and privacy-preserving reputation system for markets of composed services. In Proceedings of the 6th International Conferences on Advanced Service Computing.Google Scholar
- [19] . 2017. A privacy-preserving reputation system with user rewards. Journal of Network and Computer Applications 100, 80 (2017), 58–66. Google ScholarDigital Library
- [20] . 2017. Privacy and trust relations in internet of things from the user point of view. In Proceedings of the 2017 IEEE 7th Annual Computing and Communication Workshop and Conference. IEEE, 1–5.Google ScholarCross Ref
- [21] . 2020. A review of distributed access control for blockchain systems towards securing the Internet of Things. IEEE Access 9 (2020), 5428–5441.Google Scholar
- [22] . 2018. A survey of approaches for promoting honest recommendations in reputation systems. In Proceedings of the CCF National Conference on Computer Engineering and Technology. Springer, 179–191.Google Scholar
- [23] . 2016. Private reputation retrieval in public-A privacy-aware announcement scheme for VANETs. IET Information Security 11, 4 (2016), 204–210.Google ScholarCross Ref
- [24] . 2013. Incognisense: An anonymity-preserving reputation framework for participatory sensing applications. Pervasive and Mobile Computing 9, 3 (2013), 353–371.Google ScholarCross Ref
- [25] . 2016. Dynamic, privacy-preserving decentralized reputation systems. IEEE Transactions on Mobile Computing 16, 9 (2016), 2506–2517.Google ScholarDigital Library
- [26] . 2013. k-Anonymous reputation. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security. ACM. Google ScholarDigital Library
- [27] . 2005. Evidence processing and privacy issues in evidence-based reputation systems. Computer Standards & Interfaces 27, 5 (2005), 533–545. Google ScholarDigital Library
- [28] . 2021. Decentralized reputation. In Proceedings of the 11th ACM Conference on Data and Application Security and Privacy. 119–130. Google ScholarDigital Library
- [29] . 2012. Multi-party trust computation in decentralized environments. In Proceedings of the 2012 5th International Conference on New Technologies, Mobility and Security. IEEE, 1–5.Google ScholarCross Ref
- [30] . 2014. Multi-party trust computation in decentralized environments in the presence of malicious adversaries. Ad Hoc Networks 15 (2014), 53–66. Google ScholarDigital Library
- [31] . 2003. Reputation in P2P anonymity systems. In Proceedings of the Workshop on Economics of Peer-to-Peer Systems.Google Scholar
- [32] . 2010. Computing multi-party trust privately: In O (n) time units sending one (possibly large) message at a time. In Proceedings of the 2010 ACM Symposium on Applied Computing. 1460–1465. Google ScholarDigital Library
- [33] . 2014. Efficient private multi-party computations of trust in the presence of curious and malicious users. Journal of Trust Management 1, 1 (2014), 8.Google ScholarCross Ref
- [34] . 2018. A distributed trust evaluation protocol with privacy protection for intercloud. IEEE Transactions on Parallel and Distributed Systems 30, 6 (2018), 1208–1221.Google ScholarCross Ref
- [35] . 2010. Schemes for privately computing trust and reputation. In Proceedings of the IFIP International Conference on Trust Management. Springer, 1–16.Google ScholarCross Ref
- [36] . 2008. A robust and knot-aware trust-based reputation model. In Proceedings of the Joint iTrust and PST Conferences on Privacy, Trust Management and Security.Google ScholarCross Ref
- [37] . 2004. The Foundations of Cryptography. Vol. 2, Cambridge University Press. Google ScholarDigital Library
- [38] . 2011. Privacy-enhanced reputation-feedback methods to reduce feedback extortion in online auctions. In Proceedings of the 1st ACM Conference on Data and Application Security and Privacy. 273–282. Google ScholarDigital Library
- [39] . 2009. Methods for computing trust and reputation while preserving privacy. In Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security. Google ScholarDigital Library
- [40] . 2013. Fine-grained privacy-preserving reputation system for online social networks. In Proceedings of the 2013 IEEE/CIC International Conference on Communications in China. IEEE, 230–235.Google ScholarCross Ref
- [41] . 2021. SoK: Privacy-preserving reputation systems. Proceedings on Privacy Enhancing Technologies 2021, 1 (2021), 107–127.Google ScholarCross Ref
- [42] . 2008. A low cost and reliable anonymity scheme in p2p reputation systems with trusted third parties. In Proceedings of the 2008 IEEE Global Telecommunications Conference. IEEE, 1–5.Google ScholarCross Ref
- [43] . 2020. Privacy Preserving Reputation Systems Based on Blockchain and Other Cryptographic Building Blocks: A Survey.
Technical Report . University of Lyon, CNRS, INSA-Lyon, LIRIS, UMR5205. Retrieved from https://hal-cnrs.archives-ouvertes.fr/hal-03034994/document.Google Scholar - [44] . 2013. A decentralized privacy preserving reputation protocol for the malicious adversarial model. IEEE Transactions on Information Forensics and Security 8, 6 (2013), 949–962. Google ScholarDigital Library
- [45] . 2015. Reputation systems: A survey and taxonomy. Journal of Parallel and Distributed Computing 75, C (2015), 184–197. Google ScholarDigital Library
- [46] . 2015. Why You Should Think Twice Before Trusting Airbnb Reviews. Retrieved 02 Oct., 2021 from https://mashable.com/2015/05/18/airbnb-reviews/.Google Scholar
- [47] . 2009. A survey of attack and defense techniques for reputation systems. Computing Surveys 41, 4 (
December 2009), 1–31. Google ScholarDigital Library - [48] . 2012. A privacy-preserving reputation system for participatory sensing. In Proceedings of the 37th Annual IEEE Conference on Local Computer Networks. IEEE, 10–18. Google ScholarDigital Library
- [49] . 2020. Context-aware trust and reputation model for fog-based IoT. IEEE Access 8 (2020), 31622–31632.Google ScholarCross Ref
- [50] . 2004. Private reputation schemes for P2P systems. In Proceedings of the 2nd International Workshop on Security in Information Systems.Google Scholar
- [51] . 2004. Strong privacy in reputation systems. In Proceedings of the 4th International Workshop on Information Security Applications.Google Scholar
- [52] . 2019. BPRF: Blockchain-based privacy-preserving reputation framework for participatory sensing systems. Plos One 14, 12 (2019), e0225688.Google ScholarCross Ref
- [53] . 2007. A survey of trust and reputation systems for online service provision. Decision Support Systems 43, 2 (
March 2007), 618–644. Google ScholarDigital Library - [54] . 2020. A Privacy Preserving System to Consult Public Institutions Records. Master’s thesis. Universidade de Coimbra.Google Scholar
- [55] . 2018. Blockchain for secure and efficient data sharing in vehicular edge computing and networks. IEEE Internet of Things Journal 6, 3 (2018), 4660–4670.Google ScholarCross Ref
- [56] . 2011. Privacy-respecting reputation for wiki users. In Proceedings of the IFIP International Conference on Trust Management. Springer, 223–239.Google ScholarCross Ref
- [57] . 2009. A verifiable, centralized, coercion-free reputation system. In Proceedings of the 8th ACM Workshop on Privacy in the Electronic Society. ACM, New York, NY. Google ScholarDigital Library
- [58] . 2003. A privacy-enhanced peer-to-peer reputation system. In Proceedings of the 4th International Conference on Electronic Commerce and Web Technologies.Google ScholarCross Ref
- [59] . 2005. Strong pseudonymous communication for peer-to-peer reputation systems. In Proceedings of the 2005 ACM Symposium on Applied Computing. Google ScholarDigital Library
- [60] . 2015. Efficient distributed privacy-preserving reputation mechanism handling non-monotonic ratings. Retrieved from hal.archives-ouvertes.fr.Google Scholar
- [61] . 2019. Anonymous reputation system for IIoT-enabled retail marketing atop PoS blockchain. IEEE Transactions on Industrial Informatics 15, 6 (2019), 3527–3537.Google ScholarCross Ref
- [62] . 2018. A privacy-preserving trust model based on blockchain for VANETs. IEEE Access 6 (2018), 45655–45664.Google ScholarCross Ref
- [63] . 2018. Privacy-preserving reputation management for edge computing enhanced mobile crowdsensing. IEEE Transactions on Services Computing 12, 5 (2018), 786–799.Google ScholarCross Ref
- [64] . 2010. TRIMS, a privacy-aware trust and reputation model for identity management systems. Computer Networks 54, 16 (2010), 2899–2912. Google ScholarDigital Library
- [65] . 2009. Security threats scenarios in trust and reputation models for distributed systems. Computers & Security 28, 7 (2009), 545–556. Google ScholarDigital Library
- [66] . 2012. Vulnerabilities of decentralized additive reputation systems regarding the privacy of individual votes. Wireless Personal Communications 66, 3 (2012), 559–575. Google ScholarDigital Library
- [67] . 2014. The lord of the sense: A privacy preserving reputation system for participatory sensing applications. In Proceedings of the 2014 IEEE Symposium on Computers and Communications. IEEE, 1–6.Google ScholarCross Ref
- [68] . 2005. Eliciting informative feedback: The peer-prediction method. Management Science 51, 9 (2005), 1359–1373. Google ScholarDigital Library
- [69] . 2014. I know what you’re buying: Privacy breaches on eBay. In Proceedings of the International Symposium on Privacy Enhancing Technologies Symposium. Springer, 164–183.Google ScholarCross Ref
- [70] . 2006. A framework to provide anonymity in reputation systems. In Proceedings of the 3rd Annual International Conference on Mobile and Ubiquitous Systems: Networking & Services.Google Scholar
- [71] . 2017. Privasense: Privacy-preserving and reputation-aware mobile participatory sensing. In Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services. 38–47. Google ScholarDigital Library
- [72] . 2015. After a Disappointing Airbnb Stay, I Realized There’s a Major Flaw in the Review System. Retrieved 02 Oct., 2021 from https://www.businessinsider.com/why-airbnb-reviews-are-a-problem-for-the-site-2015-6.Google Scholar
- [73] . 2009. Fuzzy Privacy Preserving Peer-to-Peer Reputation Management. Cryptology ePrint Archive, Report 2009/442.Google Scholar
- [74] . 2018. Decentralized privacy preserving reputation system. In Proceedings of the 2018 IEEE 3rd International Conference on Data Science in Cyberspace. IEEE, 665–672.Google ScholarCross Ref
- [75] . 2004. Supporting privacy in decentralized additive reputation systems. In Proceedings of the 2nd International Conference on Trust Management. Oxford.Google ScholarCross Ref
- [76] . 2014. Privacy-preserving reputation management. In Proceedings of the 29th Annual ACM Symposium on Applied Computing. 1712–1718. Google ScholarDigital Library
- [77] . 2002. Trust among strangers in internet transactions: Empirical analysis of eBay’s reputation system. In The Economics of the Internet and E-Commerce. Michael R. Baye (Ed.), Advances in Applied Microeconomics, Vol. 11, Emerald Group Publishing Limited, 127–157.Google Scholar
- [78] . 2011. Learning whom to trust in a privacy-friendly way. In Proceedings of the 2011 IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications. IEEE, 214–225. Google ScholarDigital Library
- [79] . 2016. A trustless privacy-preserving reputation system. In Proceedings of the IFIP International Conference on ICT Systems Security and Privacy Protection. Springer, 398–411.Google ScholarCross Ref
- [80] . 2019. A transparent referendum protocol with immutable proceedings and verifiable outcome for trustless networks. In Proceedings of the International Conference on Complex Networks and Their Applications. Springer, 647–658.Google Scholar
- [81] . 2009. Privacy and liveliness for reputation systems. In Proceedings of the 6th European Workshop on Public Key Infrastructures, Services and Applications. 209–224. Google ScholarDigital Library
- [82] . 2011. Privacy, liveliness and fairness for reputation. In Proceedings of the International Conference on Current Trends in Theory and Practice of Computer Science. Springer, 506–519. Google ScholarDigital Library
- [83] . 2020. Blockchain-based reputation system in agri-food supply chain. In Proceedings of the 34th International Conference on Advanced Information Networking and Applications. 12–21.Google ScholarCross Ref
- [84] . 2006. Design options for privacy-respecting reputation systems within centralised internet communities. In Security and Privacy in Dynamic Environments. S. Fischer-Hübner, K. Rannenberg, L. Yngström, and S. Lindskog (Eds.), IFIP International Federation for Information Processing, Vol. 201, Springer.Google ScholarCross Ref
- [85] . 2019. The carbon footprint of bitcoin. Joule 3, 7 (2019), 1647–1661.Google ScholarCross Ref
- [86] . 2017. Privacy-preserving reputation management in fully decentralized systems: Challenges and opportunities. In Proceedings of the Joint International Symposium on Artificial Intelligence and Natural Language Processing. Springer, 207–215.Google Scholar
- [87] . 2020. Towards blockchain-based reputation-aware federated learning. In Proceedings of the IEEE Conference on Computer Communications Workshops. IEEE, 183–188.Google ScholarCross Ref
- [88] . 2005. A privacy preserving reputation system for mobile information dissemination networks. In Proceedings of the 1st International Conference on Security and Privacy for Emerging Areas in Communications Networks. Google ScholarDigital Library
- [89] . 2013. Enabling reputation and trust in privacy-preserving mobile sensing. IEEE Transactions on Mobile Computing 13, 12 (2013), 2777–2790.Google ScholarCross Ref
- [90] . 2020. A reinforcement learning and blockchain-based trust mechanism for edge networks. IEEE Transactions on Communications 68, 9 (2020), 5460–5470.Google ScholarCross Ref
- [91] . 2020. A blockchain based privacy-preserving system for electric vehicles through local communication. In Proceedings of the 2020 IEEE International Conference on Communications. IEEE, 1–6.Google ScholarCross Ref
- [92] . 2021. Building an intelligent global IoT reputation and malicious devices detecting system. Journal of Network and Systems Management 29, 4 (2021), 1–17.Google ScholarCross Ref
- [93] . 2014. A reputation system preserving the privacy of feedback providers and resisting Sybil attacks. International Journal of Multimedia and Ubiquitous Engineering 9, 2 (2014), 141–152.Google ScholarCross Ref
- [94] . 2016. Privacy-friendly weighted-reputation aggregation protocols against malicious adversaries in cloud services. International Journal of Communication Systems 29, 12 (2016), 1863–1872. Google ScholarDigital Library
- [95] . 2020. Privacy-preserving reputation management for blockchain-based mobile crowdsensing. In Proceedings of the 2020 17th Annual IEEE International Conference on Sensing, Communication, and Networking. IEEE, 1–9.Google ScholarDigital Library
- [96] . 2010. STARS: A simple and efficient scheme for providing transparent traceability and anonymity to reputation systems. In Data Privacy Management and Autonomous Spontaneous Security, Joaquin Garcia-Alfaro, Guillermo Navarro-Arribas, Ana Cavalli, Jean Leneutre (Eds.). Springer, 170–187. Google ScholarDigital Library
- [97] . 2019. Dynamic and privacy-preserving reputation management for blockchain-based mobile crowdsensing. IEEE Access 7 (2019), 74694–74710.Google ScholarCross Ref
- [98] . 2021. Blockchain-based decentralized reputation system in E-commerce environment. Future Generation Computer Systems 124, (2021) 155–167.Google ScholarCross Ref
Index Terms
- Privacy-Preserving Reputation Systems Based on Blockchain and Other Cryptographic Building Blocks: A Survey
Recommendations
Preserving privacy of feedback providers in decentralized reputation systems
Reputation systems make the users of a distributed application accountable for their behavior. The reputation of a user is computed as an aggregate of the feedback provided by other users in the system. Truthful feedback is clearly a prerequisite for ...
A privacy-preserving reputation system with user rewards
Reputation systems are useful to assess the trustworthiness of potential transaction partners, but also a potential threat to privacy since rating profiles reveal users preferences. Anonymous reputation systems resolve this issue, but make it difficult ...
Privacy-preserving data sharing in cloud computing
Storing and sharing databases in the cloud of computers raise serious concern of individual privacy. We consider two kinds of privacy risk: presence leakage, by which the attackers can explicitly identify individuals in (or not in) the database, and ...
Comments