A Computational Model with Trusting Belief and
Security
Gajanan P. Babhulkar
Pursuing Master of Engineering, Dept. Of Information Technology
Prof. Ram Meghe Institute of Technology and Research Amravati, India
Prof. Miss. V. M. Deshmukh
H.O.D Dept. of Information Technology Prof. Ram Meghe Institute of Technology and ResearchAmravati, India [email protected]
Abstract—This The users of internet are growing vastly because of its ease in social life but secure information access in open environment with trust by large community is ever growing problems. In this paper we propose a computational model with trusting belief and security which is rooted in social science. Unlike most existing computational trust models, this model provides trusting belief with integrity in different context. It helps to maintain security and trust between truster and trustee so that both trustee and truster keeps faith on each other for better relation and cooperation. In this paper we introduce the integrity trust, competence trust, benevolence and institutional trust.
Keywords—Trust, Security, human factors, Authorization, Social Science.
I. INTRODUCTION
The everyday increasing wealth of information available online has made problem. So, secure information access mechanism is very important so that the user can keep trust on trustee. Development of authorization mechanisms for secure information access and maintaining the trust by a large community of users in an open environment is an important problem. The modern system uses digital identity to validate users. However, the digital evidence cannot certify the user’s behavior is good or bad. For example when user applies for loan then bank checks not only address salary sleep etc. but also last six months statement and income tax return file. By using statement and tax documents, bank can identify the behavior of that user and decide loan amount .Such belief is called dynamic trusting belief, can be used to determine the possibility that the user will not conduct harmful action and bank does not require to face any problem in future. This seminar explains a computational trust model to avoid the unwanted possibilities that can cause loss and create trust. Trust building can take place by using self experience and second hand experience. In this effort, we propose a computational model trust model for user authorization. This mechanism is based on first-hand experience which is called as direct experience information as well as recommendation and second hand information is gathered by using feedback
mechanism. The contributions of the model to computational trust literature are:
The model is based on the social aspects in which trust computation for the digital world closer to the evaluation of the trust in the real world.
The model generates the trust on the basis of reputation and second hand information so that integrity and trust should be maintained.
Study relies on practical experience indicates that for proper decision making requires the trust and security. But percentages of trust and security may change according to the situation. Some real world examples are as follows:
1. Consider an example of real estate consultancy site, competence consists of elements such as finding the best plot area, the best construction, the Interior facilities, surroundings etc., where as integrity trust is based on factors like whether the site puts fraudulent charges on the customer. In a context where better deals are valued higher than the potential fraud risks, an agency with lower integrity trust could be preferred due to higher competence.
Volume 3, Special Issue 1, ICSTSD 2016 II. LITERATURE REVIEW
2.1 McKnight’s Trust Model, The social trust model, which guide the design of the computational model in this paper, was proposed by McKnight et al. [1] after analyzing many papers across a wide range of disciplines. It has been validated via empirical study. This model describes five conceptual trust types: trusting behavior, trusting intention, trusting belief, institution-based trust, and disposition to trust. Trusting behavior is an action that increases a truster's risk or makes the truster to expose to the trustee. Trusting intention specifies that a truster is willing to connect in trusting behaviors with the trustee. A trusting intention involves a trust decision and leads to a trusting behavior. Trusting belief is a truster's subjective faith in the fact that a trustee has attributes beneficial to the truster.
Disposition of trust indicates truster’s natural tendency which is depends on situation like assumption about trustee’s integrity,competence and benevolence. Institution based trust indicates the structural assurance and situational normality. Trusting belief is confidence of truster about trustee that the trustee will do all favorable activities for he/she. Trusting intention indicates that a truster is willing to engage in trusting behaviors with the trustee.
2.2 Computational Trust Models, The problem of launching and maintaining dynamic trust has fascinated much research hard work. One of the first efforts trying to celebrate trust in computer science was made by Marsh [2]. The model introduced the concepts extensively used by other researchers such as context and situational trust. Many existing reputation models and security mechanisms rely on a social network structure [43].Pujol et al. propose an approach to mine reputation from the social network topology that encodes reputation information [19]. Lang [5] proposes a trust model for access control in P2P networks, based on the assumption of transitivity of trust in social networks, where a simple mathematical model based on fuzzy set membership is used to calculate the trustworthiness of each node in a trust graph symbolizing interactions between network nodes. mTrust [40] utilises the transaction density and similarity to calculate a measure of reliability of each recommender in a P2P network. Its main disadvantages are that it has to regain all transactions within a certain time period to estimate trust, which imposes a big performance penalty, and that it does not distinguish between recent and old transactions. Frank et al. [39] introduced a method for modeling the trust of a given agent in a multiagent system by joining statistical information regarding the past behavior of the agent with the agent’s usual upcoming behavior. Zhou et al. [15] introduces a dynamic role based access control model for grid computing. The model determines authorization for a specific user based on its role, task and the context, where the authorization decision is updated dynamically by a monitoring module keeping track of user attributes, serviceattributes and the environment. Fan et al. [21] proposed a similar trust model for grid computing, which focuses on the dynamic change of roles of services.
Nagarajan et al. [22] propose a security model for trusted platform based services based on evaluation of past evidence with an exponential time decay function. The model evaluates trust separately for each property of each component of a platform, similar to the consideration of competence trust in our proposed model. Although these approaches integrate context into trust computation, their application is limited to specific domains different from the one considered in our work. Walter et al. [24] proposed a dynamic trust model for social networks, based on the concept of feedback centrality. The model, which enables computing trust between two disconnected nodes in the network through their neighbor nodes, is suitable for application to recommender systems. Yuhui Zhong,Bharat Bhargav,Yi Lu and Pelin Angin “A Computational Dynamic Trust Model for User Authorization”[7] distinguishes integrity trust from competence trust . Therefore, the collaboration among entities is not executed unless both parties see each other as trustworthy. The trustworthiness of a resource entity in the model proposed by Song et al. [17, 18] is dependent on its self defence capability and reputation determined from prior collaborations and is referred to as a trust index (TI). On the other hand, the user demands minimal required security assurance, which may appear as a request for authentication, data encryption, access control, etc. The trust index assigned to the resource corresponds to a wider notion of trustworthiness and is derived from behavior trust as well as from the attributes of the resource. Risk and uncertainty are still omitted and are not part of the final trust index value. The main drawback of this model is evaluation of trustworthiness from only the user’s point of view. The resource has no means to determine the trustworthiness of the user and to make trust based decision on whether or not to collaborate with the user. Explicit usage of uncertainty as a part of trust value is presented in the model proposed by Lin et al. [28]. Trust is evaluated as a combination of belief and disbelief in the entity’s trustworthiness and uncertainty as a filling of the absence of both belief and disbelief. The value of trust is deduced from the users and also from the resource provider’s point of view. The model also states that the user and the resource provider are interested in different types of trust. The user is interested in execution trust, which represents the ability of the provider to faithfully allocate appropriate resources to enable successful completion of the job. From the provider’s point of view trust in the user is defined as a belief in the ability of the user to produce competent user code and it is referred to as code trust.
through initial trust evaluated in case full information about trusted entity is missing.
Papalilo and Freisleben [27] proposed a trust model based on direct trust and is constructed from observations of past experience. The main asset of the model is its capability to exclude badly behaving participants from future or current interactions according measured behavioural trust elements. The drawback of the model is omission of risk coupled with interactions in open environments. The model also provides no procedure for trust evaluation in case there is no information about direct observations or information about observations of other subjects.
2.3 Security
Security plays an important role in specific context and it may differ according to the user. For example: A wants to purchase a product online and cost of product is $100.He will provide all necessary details of credit card. After successful submission only $100 should be deducted from his account. This is first part of security that only specified amount should be deducted and all details of credit card must be secured. Second part of security is that, the product has a good quality and it should be delivered safely within specified time period.
Account or Service Traffic Hijacking
Account hijacking is a form of identity theft, one of the fastest growing types of customer's fraud. Identity theft means someone uses your personal identifying information (e.g.-login id,password etc.) to commit fraud. Account and service hijacking, usually with stolen credentials, remains a top threat. With stolen credentials, attackers can often access critical areas of deployed cloud computing services, allowing them to compromise the confidentiality, integrity and availability of those services. Organizations should be aware of these techniques as well as common defense in depth protection strategies to contain the damage (and possible litigation) resulting from a breach. Organizations should look to prohibit the sharing of account credentials between users and services, and leverage strong two-factor authentication techniques where possible.
Malicious insiders
Malicious is a current or former employee who had authorized access to an organization’s network, system or data that accessing a manner that affected integrity, confidentiality. A malicious insider, such as a system administrator, in an improperly designed cloud scenario can have access to potentially sensitive information. Even if encryption is implemented, if the keys are not kept with the customer and are only available at data-usage time, the system is still vulnerable to malicious insider attack. System administrators handle all these problems by keeping watch on all employees by using logs.
Scamming and phishing :
Scammers are increasingly more proficient, with both technical and social skills. You would probably never give
money based on poorly written scam e-mail. But what if you are being contacted by your friend or relative, who has been coincidentally trapped somewhere without a coin? Will you be able to distinguish, whether is it not an attempt to scam you? Yes, scamming is related to other threat widespread nowadays.
Cyberstalking
Social networks give vital ground for cyberstalking or cyberbullying, varying from false accusations to gathering information for further harassment.
Sparsity problem
In addition to the extremely large volume of user-service rating data, only a certain amount of users usually rates a small fraction of the whole available services. As a result, the density of the available user feedback data is often less than 1%. Due to this data sparsity, collaborative filtering approaches suffer significant difficulties in identifying similar users or services via common similarity measures, e.g., cosine measure, in turn, deteriorating the recommendation performance.
Cold-start problem
Apart from scarcity, cold-start problem, e.g., users who have provided only little feedback or services have less been rated, or even new users or new services, is a more serious challenge in recommendation research. Because of the lack of user feedback, any similarity-based approaches cannot handle such cold-start problem.
III. SYSTEM ANALYSIS
3.1 Existing System
The everyday increasing wealth of information available online has made secure information access mechanisms an indispensable part of information systems today. The mainstream research efforts for user authorization mechanisms in environments where a potential user’s permission set is not predefined mostly focus on role-based access control (RBAC), which divides the authorization process into the role permission and user-role assignment. RBAC in modern systems uses digital identity as evidence about a user to grant access to resources the user is entitled to.
Deficiencies in Model
1) Today all available systems are created and handled by by
its own trustee. They make their system for their convenience.
2) Time is an important factor for dynamic trust management.
If truster is careless then he/she may get loss.
3) Holding evidence does not necessarily certify a user’s good
Volume 3, Special Issue 1, ICSTSD 2016 3.2 Proposed System
In this work, we propose a computational trust model for user authorization with secure access and maintaining trust by taking the concepts of job portals from my own experience. Mechanisms for building trusting belief using the first-hand (direct experience) as well as second-hand information (recommendation and reputation) are integrated into the model.
In this system,we propose a computational trust model for user authorization, rooted in findings from social science. Unlike most existing computational trust models, this model distinguishes trusting belief in integrity from that in competence in different contexts and accounts for subjectivity in the evaluation of a particular trustee by different trusters. The trust model we propose in this paper is based on integrity trust, competence trust and predictability. The integrity trust is the belief that the trustee is honest and do the action which is suitable for truster. Competence trust is the belief that indicates the ability of trustee to do required task in a specific situation. Predictability is the belief that trustee’s action is consistent and it is attached with the integrity trust and competence trust.
Figure 1. Model Elements of Centralized Trust Model
The elements of trusting model as shown in figure 1,include two main types of actors. One is truster and trustee and second is competence trust and predictability on trustee’s side. For the Online job portals site example,let us assume that job seeker/(s) needs to decides whether to pay the fees to job provider P to get a job placement.
The entities in the models are as follows:
1) Trusters are the job seeker registered to the job portal. 2) Trustees are the job providers registered to the job portal.
The context indicates how important for S to get job assistant according to fees paid by him/her and also important to maintain integrity of his personal data on the P’s side. S can gather the trust information about P from database maintained by the site. This information includes the ratings that P received from different job seekers on the basis of time,
cost,etc. Trust evaluation can be recorded in database when registered job seeker rates about the service provided by P.
3.2.1 Trusting Belief Context and Integrity
The situation in which Both trusters concern and trustees behavior vary from one state to another state are called contexts. Competence trust is the trusting belief in a trustee's capability or proficiency to perform certain tasks in a exact state. A truster can denote the minimum trusting belief needed for a specific context. Direct experience information is maintained for each individual context to speed up belief updating. In this model, a truster has one reliability trust per trustee in all contexts. Reliability trust is a subjective probability by which an individual, S, expects that another individual, P, performs a given action on which its welfare depends. If a trustee dissatisfies a truster, the misbehavior lowers the truster's integrity belief in him. For integrity trust, contexts do not need to be illustrious. Competence trust is context-dependent. Integrity trust is the belief that a trustee is truthful and acts in support of the truster. Integrity and kindness in social trust models are combined together. It indicates trustee is honest and keep all commitments.
3.2.2 Key points of Proposed System
The contributions of the model to computational trust literature are:
• The model is rooted in findings from social science, i.e. it provides automated trust management that mimics trusting behaviors in the society, bringing trust computation For the digital world closer to the evaluation of trust in the real world. • Unlike other trust models in the literature, the proposed model accounts for different types of trust. Specifically, it distinguishes trusting belief in integrity from that in competence.
• The model takes into account the subjectivity of trust ratings by different entities, and introduces a mechanism to eliminate the impact of subjectivity in reputation aggregation.
IV. CONCLUSION
Acknowledgment
The Future enhancement for this paper will be not only allocating dynamic computational trust model for user authorization but also distributing a Dynamic Trust Computation Model for safe Communication which helps to truster/(s) and trustee(s) to take decision.
References
[1] ]McKnight and N.L.Chervany,”Conceptualizing trust: a typology and e-commerce customer relationship model” In Proc. HICS29,2001. [2] S. Marsh, “Formalizing Trust as a Concept,” Ph.D. dissertation, Dept
.Comp. Science and Math., Univ. Stirling, U.K., 1994.
[3] G.R. Barnes and P.B. Cerrito, “A mathematical model for interpersonal relationships in social networks,” Social Networks, vol. 20, no. 2, pp. 179-196, 1998.
[4] F.E. Walter, S. Battiston and F. Schweitzer, “Personalized and Dynamic Trust in Social Networks,” In Proc. ACM Conference on Recommender Systems(RecSys’09), 2009, pp. 197-204.
[5] B. Lang, “A Computational Trust Model for Access Control in P2P,”
Science China Information Sciences, vol. 53, no. 5, pp. 896-910, May, 2010.
[6] F. Azzedin and M. Maheswaran .evolving and managing trust .In Canadian Conference on electrical and computer engineering,2002. [7] Yuhui Zhong,Bharat Bhargav,Yi Lu and Pelin Angin “A Computational
Dynamic Trust Model for User Authorization”,IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,VOL.12
[8] Audun Jøsang, Claudia Keser, and Theo Dimitrakos. Can we manage trust? In Trust Management, volume 2977 of Lecture Notes in Computer Science, pages 93–107. Springer Berlin Heidelberg, 2005.
[9] Audun Jøsang, Roslan Ismail, and Colin Boyd. A survey of trust and reputation systems for online service provision. Decision Support Systems, 43(2):618–637, mar 2007.
[10] Colin English, Sotirios Terzis, and Waleed Wagealla. Engineering trust based collaborations in a global computing environment. In Trust Management, volume 2995 of Lecture Notes in Computer Science, pages 120–129, 2004.
[11] D. McKnight, V. Choudhury and C. Kacmar, “Developing and validating trust measures for ecommerce: an integrative topology,” Information Systems Research, vol. 13, no. 3, pp. 329-359, September, 2002.
[12] Changsong Ding, Yi Fu, Zhigang Hu, and Peng Xiao. A novel trust model based on bayesian network for service-oriented grid. In Eighth IEEE/ACIS International Conference on Com- puter and Information Science, 2009., pages 434–439, June 2009.
[13] Jianqiang Shi, Gregor v. Bochmann, and Carlisle Adams. Atrust model with statistical foundation. In Formal Aspects in Security and Trust, volume 173 of IFIP International Federation for Information Processing, pages 139–158. Springer US, 2005.
[14] G. Kavitha and V. Sankaranarayanan. Secure resource selection in computational grid based on quantitative execution trust. International Science Index, 4(12):112 – 118, 2010.
[15] Tatyana Ryutov, Li Zhou, Clifford Neuman, Noria Foukia, Travis Leithead, and Kent E. Seamons. Adaptive trust negotiation and access control for grids. In GRID, pages 48–62.IEEE, 2005.
[16] D. Kaur and J. SenGupta. A trust model based on p2p trust models for secure global grids. In Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on, pages 1103–1108, June 2012.
[17] Shanshan Song, Kai Hwang, and Mikin Macwan. Fuzzy trust integration for security enforcement in grid computing. In Network and Parallel Computing, volume 3222 of Lecture Notes in Computer Science, pages 9–21. Springer Berlin Heidelberg, 2004.
[18] Shanshan Song, Kai Hwang, and Yu-Kwong Kwok. Trusted grid computing with security binding and trust integration.Journal of Grid Computing, 3(1-2):53–73, 2005.
[19] [19] P. Suresh Kumar and S. Ramachandram. User satisfactionbased quantification of direct trust in t-grid computational model. In Computer, Communications, and Control Technology (I4CT), 2014 International Conference on, pages 431– 435, Sept 2014.
[20] X. Zhang ,S.Chen and G. Yang,”Dynamic Authorization Grid based on Trust Mechanism ”Proc Int’l Symp.Intelligence information Processing and Trusted Computing(IPTC),pp.341-345,2010.
[21] [21] L. Fan et al., “A grid authorization mechanism with dynamic role based on trust model,” Journal of Computational Information Systems, vol. 8, no. 12, pp. 4477-4484, 2012.
[22] A. Nagarajan and V. Varadharajan, “Dynamic trust enhanced security model for trusted platform based services,” Future Generation Computer Systems, vol. 27, pp. 564-573, 2011.
[23] A.Das and M M Islam,”Secure Trust :ADynamic Computational Model for Secure Communication in Multiagent System”,IEEE Trans.Dependable and Secure Computing vol. 9,no.2,pp 261-274,Mar/Apr.2012
[24] F.E. Walter, S. Battiston and F. Schweitzer, “Personalized and Dynamic Trust in Social Networks,” In Proc. ACM Conference on Recommender Systems (RecSys’09), 2009, pp. 197-204.
[25] Colin English, Sotirios Terzis, and Waleed Wagealla. Engineering trust based collaborations in a global computing environment. In Trust Management, volume 2995 of Lecture Notes in Computer Science, pages 120–129, 2004.
[26] W. Mendenhall and R.J. Beaver, Introduction to Probability and Statistics. Boston, MA: PWS-Kent Pub. Co., 1991.
[27] Elvis Papalilo and Bernd Freisleben. Managing behaviour in grid computing environments. Journal of Information Assurance and Security, 3:27–37, March 2008.
[28] Ching Lin, Vijay Varadharajan, YanWang, and Vineet Pruthi. Enhancing grid security with trust management. In Proceedings of the 2004 IEEE International Conference on Services Computing, 2004., pages 303–310, Sept 2004.
[29] Xinwen Zhang, Masayuki Nakae, Michael J. Covington and Ravi Sandhu “A Usage-based Authorization Framework for Collaborative Computing Systems” Intel Corporation Hillsboro, Oregon, USA [30] [30] David Zejda “From Subjective Trust to Objective Trustworthiness
in On-line Social Networks: Overview and Challenges” Faculty of Informatics and Management in University of Hradec Kralove. [31] Manoj Rameshchandra Thakur and Sugata Sanyal Advisor to the
Corporate Technology Office Tata Consultancy Services” A Heuristic Reputation Based System to Detect Spam activities in a SocialNetworking Platform, HRSSSNP”
[32] R.Joseph Manoj and Dr.A.Chandrasekar “A Literature Review on Trust Management in Web Services Access Control” Manonmaniam Sundaranar University, Tirunelveli, Tamilnadu, India.
[33] Iraklis Varlamis, Magdalini Eirinaki, and Malamati Louta “Application of social network metrics to a trust-aware collaborative model for generating personalized user recommendations” Department of Informatics and Telematics, Athens, Greece.
[34] Wenjuan Li and Lingdi Ping “Trust Model to Enhance Security and Interoperability of Cloud Environment” Zhejiang University, Hangzhou, Zhejiang 310058, China
[35] Slavom´ ır Kavecky, Penka Martincova “Overview of Trust Models Integrating Trust Management into Grid Computing” International Journal of Computer Applications (0975 - 8887) Volume 129 - No.7, November 2015
[36] K.Mamatha “Active User A Computational Power of Belief Model”IJRECSE Volume no.1,issue no. 7 december 2015.
Volume 3, Special Issue 1, ICSTSD 2016
[38] Shuiguang Deng , Longtao Huang , Guandong Xu “Social network-based service recommendation with trust enhancement” Expert Systems with Applications.
[39] Joydeep Chandra, Ingo Scholtes, Niloy Ganguly, Frank Schweitzer”A Tunable Mechanism for Identifying Trusted Nodes in Large Scale Distributed Networks” June 25th 2012, IEEE TrustCom 2012, Liverpool, UK.
[40] Jiliang Tang, Huiji Gao, Huan Liu “mTrust: Discerning Multi-Faceted Trust in a Connected World” Computer Science & Engineering Arizona State University Tempe, AZ 85281.
[41] Hasen Nicanfar, S. Mohsen Amiri, Chunsheng Zhu, Peyman TalebiFard, Victor C.M. Leung, Panos Nasiopoulos WiNMoS Lab and DML Lab “Service-Oriented Trust and Reputation Management System for Multi-Tier Cloud” The University of British Columbia, Vancouver, BC, Canada
[42] Amandeep kaur, Mrs. Shailja Kumari “Secure Database Encryption in Web Applications” International Journal of Advanced Research in Computer and Communication Engineering Vol. 3, Issue 7, July 2014. [43] Anil Rathod, Indiramma M “A Survey of Personalized Recommendation
System with User Interest in Social Network” International Journal of Computer Science and Information Technologies, Vol. 6 (1) , 2015, 413-415.
[44] Sathiyapriya.K, Dr.D.Malathi, VijayaKumar.K, S.Nagadevi “A Study on Security Challenges and Issues in Cloud Computing” International Journal of Engineering and Innovative Technology (IJEIT) Volume 2, Issue 6, December 2012.
[45] Farag Azzedin and Muthucumaru Maheswaran “Integrating Trust into Grid Resource Management Systems” University of Manitoba and TRLabs Winnipeg, Manitoba Canada.
[46] Minna-Kristiina Paakki “Framework for Consumer Related Trust Issues in E-Commerce” FRONTIERS OF E-BUSINESS RESEARCH 2004. [47] Guilin LI, Xing GAO, Huiying HUANG, Minghong LIAO “A Bloom
Filter Based Security Index for Enterprise Search Engines” Journal of Computational Information Systems 8: 12 (2012) 4931–4938.
[48] Atefeh Tajpour , Suhaimi Ibrahim, Mohammad Sharifi “Web Application Security by SQL Injection DetectionTools” IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 2, No 3, March 2012 ISSN (Online): 1694-0814.
[49] Abdulrahman Hamed Almutairi & Abdulrahman Helal Alruwaili “Security in Database Systems” Global Journal of Computer Science and Technology Network, Web & Security Volume 12 Issue 17 Version 1.0 Year 2012.
