ABSTRACT
This paper describes a formal model for multiple privacy notions that apply to reputation systems and shows that, for certain classes of systems, very strong privacy notions are unachievable. In particular, it is shown that, systems where a user's reputation depends exclusively on the ratings he received, necessarily leak information about the relationship between ratings and reputations. In contrast, systems where a user's reputation depends both on the received ratings, and on the ratings received by others, potentially hide all information about this relationship. The paper concludes with guidelines for the construction of reputation systems that have the potential to retain high levels of privacy.
- Resnick, P., Kuwabara, K., Zeckhauser, R., Friedman, E.: Reputation systems. Communications of the ACM 43(12) (2000) 45--48 Google ScholarDigital Library
- Artz, D., Gil, Y.: A survey of trust in computer science and the semantic web. Web Semantics: Science, Services and Agents on the World Wide Web 5(2) (2007) 58 -- 71 Software Engineering and the Semantic Web. Google ScholarDigital Library
- Dellarocas, C.: The digitization of word-of-mouth: Promise and challenges of online feedback mechanisms. Management Science (October 2003) 1407--1424 Google ScholarDigital Library
- Bygrave, L.: Data Protection Law, Approaching Its Rationale, Logic and Limits. Kluwer Law International, The Hague, London, New York (2002) Google ScholarDigital Library
- Dellarocas, C.: Immunizing online reputation reporting systems against unfair ratings and discriminatory behavior. In: EC '00: Proceedings of the 2nd ACM conference on Electronic commerce, New York, NY, USA, ACM Press (2000) 150--157 Google ScholarDigital Library
- Voss, M.: Privacy preserving online reputation systems. In: International Information Security Workshops, Kluwer (2004) 245--260Google Scholar
- Jøsang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decision Support Systems 43(2) (2007) 618 -- 644 Emerging Issues in Collaborative Commerce. Google ScholarDigital Library
- Mui, L.: Computational Models of Trust and Reputation: Agents, Evolutionary Games, and Social Networks. PhD Thesis, Massachusetts Institute of Technology (2003)Google Scholar
- Androulaki, E., Choi, S.G., Bellovin, S.M., Malkin, T.: Reputation systems for anonymous networks. In: PETS '08: Proceedings of the 8th international symposium on Privacy Enhancing Technologies, Berlin, Heidelberg, Springer-Verlag (2008) 202--218 Google ScholarDigital Library
- Voss, M., Heinemann, A., Mühlhauser, M.: A Privacy Preserving Reputation System for Mobile Information Dissemination Networks. In: First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05), IEEE (2005) 171--181 Google ScholarDigital Library
- Schiffner, S., Clauß, S., Steinbrecher, S.: Privacy and liveliness for reputation systems. In: Proceedings of 2009 European PKI Workshop (EuroPKI'09), Springer (2010) (to appear). Google ScholarDigital Library
- ENISA: Position paper. reputation-based systems: a security analysis. available from http://www.enisa.europa.eu/doc/pdf/deliverables/enisa_pp_reputation_bas%ed_system.pdf (last visit 16/06/09) (2007)Google Scholar
- Steinbrecher, S.: Enhancing multilateral security in and by reputation systems. In: Proceedings of the IFIP/FIDIS Internet Security and Privacy Summer School, Masaryk University Brno, 1-7 September 2008. Volume 298 of IFIP AICT., Springer (2009) 135--150Google Scholar
- Pavlov, E., Rosenschein, J.S., Topol, Z.: Supporting privacy in decentralized additive reputation systems. In: The Second International Conference on Trust Management, Oxford, United Kingdom (March 2004) 108--119Google ScholarCross Ref
- Dellarocas, C.: Research note -- how often should reputation mechanisms update a trader's reputation profile? Information Systems Research 17(3) (2006) 271--285 Google ScholarDigital Library
- Steinbrecher, S.: Design options for privacy-respecting reputation systems within centralised internet communities. In: Proceedings of IFIP Sec 2006, 21st IFIP International Information Security Conference: Security and Privacy in Dynamic Environments. Volume 201 of IFIP., Springer (May 2006) 123--134Google ScholarCross Ref
- Schiffner, S., Clauß, S., Steinbrecher, S.: Fairness and Information-theoretic Privacy for Reputation. In Hromkovic, J., Královic, R., eds.: SOFSEM 2011: 37th Conference on Current Trends in Theory and Practice of Informatics. Volume 6543 of Lecture Notes in Computer Science., Nový Smokovec,SK, Springer-Verlag (2011) 16Google Scholar
- Kerschbaum, F.: A verifiable, centralized, coercion-free reputation system. In: Proceedings of the 8th ACM workshop on Privacy in the electronic society. WPES '09, New York, NY, USA, ACM (2009) 61--70 Google ScholarDigital Library
- Hevia, A., Micciancio, D.: An indistinguishability-based characterization of anonymous channels. In Borisov, N., Goldberg, I., eds.: Privacy Enhancing Technologies. Volume 5134 of Lecture Notes in Computer Science., Springer Berlin / Heidelberg (2008) 24--43 10.1007/978-3-540-70630-4 3. Google ScholarDigital Library
- Bohli, J.M., Pashalidis, A. In: Relations Among Privacy Notions. Springer-Verlag, Berlin, Heidelberg (2009) 362--380 Google ScholarDigital Library
- Cover, T.M., Thomas, J.A.: Elements of Information Theory. John Wiley & Sons Inc., Hoboken (2005)Google Scholar
- Dwork, C.: Differential privacy. In Bugliesi, M., Preneel, B., Sassone, V., Wegener, I., eds.: Automata, Languages and Programming. Volume 4052 of Lecture Notes in Computer Science., Springer Berlin / Heidelberg (2006) 1--12 Google ScholarDigital Library
- Hermans, J., Pashalidis, A., Vercauteren, F., Preneel, B.: A New RFID Privacy Model. In: 2011st European Symposium on Research in Computer Security (ESORICS 2011). Lecture Notes in Computer Science, Leuven,BE, Springer-Verlag (2011) 20 Google ScholarDigital Library
Index Terms
- On the limits of privacy in reputation systems
Recommendations
A privacy-preserving reputation system with user rewards
Reputation systems are useful to assess the trustworthiness of potential transaction partners, but also a potential threat to privacy since rating profiles reveal users preferences. Anonymous reputation systems resolve this issue, but make it difficult ...
Freedom of Privacy: Anonymous Data Collection with Respondent-Defined Privacy Protection
The massive amount of sensitive survey data about individuals that agencies collect and share through the Internet is causing a great deal of privacy concerns. These concerns may discourage individuals from revealing their sensitive information. ...
The cost of privacy: destruction of data-mining utility in anonymized data publishing
KDD '08: Proceedings of the 14th ACM SIGKDD international conference on Knowledge discovery and data miningRe-identification is a major privacy threat to public datasets containing individual records. Many privacy protection algorithms rely on generalization and suppression of "quasi-identifier" attributes such as ZIP code and birthdate. Their objective is ...
Comments