System overview
As an independent object evaluation model, the evaluation system has nothing to do with the specific structure of distributed network. As shown in Fig. 1, all nodes, including honest users and adversaries, provide collaborative services. An honest user collaborates with the network to publish and retrieve service content of interest and always ensures that the exact service content is provided. Rival nodes try to offer fake services and increase their popularity. Without a special content rating and evaluation system, users cannot accurately distinguish between true results and false results. Our reputation evaluation system uses network user group to score the used services, and any user in the system has a unique identity to put forward his own evaluation of the services in the system. The unique identity in the system cannot be counterfeited by some existing ID generation technology and access control technology [27].
Object evaluation value R(k,i) represents user i's evaluation of the authenticity of service k, value 1 represents the service description is consistent with the service content, and value 0 represents that the service description is false. We will create a trust network independent of the overlaying network. On the one hand, one node can choose the trust nodes according to their own experience and social cognition and establish a one-way trust relationship with them. On the other hand, high-quality nodes can be selected to join their own trust node list by evaluating the service quality.
In order to ensure the resource discrimination and efficiency of the Trust network, each node will store two important data structures locally: the Trust Node List (TNL) and the Local Voting Record (LVR). Nodes in TNL can be added manually, and it will only send and forward query messages to nodes in TNL. The types of messages used include: votes Query message, voting records exchange message, votes challenge Request, etc. LVR adopts a second-level data structure as shown in Fig. 2. Hash the service IDS according to the size of the hash table as the first-level hash and then establish the second-level index according to the service IDS after the data items are read. The left side is the hash of the confirmed evaluation, and the right side is the hash of the unconfirmed evaluation. Unevaluated hash retains the ID of the evaluated node according to the evaluated value.
Evaluation collection mechanism
Before starting this mechanism, the user should have formed his own list of trust nodes and selected the set of services to be evaluated through the service search process.
The algorithms used in the evaluation collection process include Algorithms 1 and 2. Algorithm 1 represents the process of collection request initiated by node V. V selects m trust nodes U through the node selection mechanism, issues concurrent query request and then processes the final evaluation set according to the returned results of the trust network. If the evaluation of a service is returned from multiple nodes, the final evaluation value is calculated by formula (1).
$$v.R_{k} \left\lfloor {{{2\left( {\sum\limits_{u = 1}^{m} {\left( {v.C_{u} \cdot R_{u}^{k} } \right)} } \right.} \mathord{\left/ {\vphantom {{2\left( {\sum\limits_{u = 1}^{m} {\left( {v.C_{u} \cdot R_{u}^{k} } \right)} } \right.} {\sum\limits_{u = 1}^{m} {v.C_{u} } }}} \right. \kern-\nulldelimiterspace} {\sum\limits_{u = 1}^{m} {v.C_{u} } }}} \right\rfloor$$
(1)
where \(v.C_{u}\) represents a reputation evaluation of node V to node U, which is stored locally to node V. It is a decimal value between [0,1]. Not only does the node have a rating value for the trust node, but also has an initial rating value of 0.5 for the untrust node. This calculation method not only ensures that the final value tends to the majority of the evaluation value in the result, but also prevents the fraud of the node with low reputation. Node V will save the evaluation given node and evaluation recommended node in unconfirmed LVR. If the request message has a previous hop node, then randomly select a node from evaluation nodes whose evaluation value is equal to the final calculated value. Then returned the node to the previous hop.
Algorithm 2 represents the processing flow of nodes receiving evaluation requests. In the specific implementation, the evaluation value will be returned in batch packaging to ensure system efficiency.
Evaluation feedback mechanism
In order to punish the wrong evaluation node, an evaluation feedback process is also provided in the evaluation collection process. The feedback initiator will judge the authenticity of the service according to the received service, and if a bad service is obtained, it means that the evaluation provider is a malicious node. In order to ensure the identification of the node identity and the identification of the message signature, the node ID is calculated by the public key of the node. If the identity of the evaluation provider is wrong, it means that the evaluation sponsor has cheated, and the referee will be punished through the punishment mechanism. On the contrary, if the identity of the evaluation provider is correct, the questioning mechanism will be activated to judge its malice degree and adjust its local credibility value according to the results.
After receiving the evaluation feedback, the node should also judge the false feedback according to the situation. If the service evaluation is in the local confirmed evaluation record, it means that the feedback is false feedback and the feedback sender will be questioned. If it is in the non-confirmation record, feedback will only be forwarded back, and the signature of the feedback initiator shall be carried in the feedback message, which prevents malicious users from damaging the evaluation capability of the system through malicious feedback.
Evaluation challenge mechanism
When a node in the trust network discovers that the query is getting a false service, or that the query message from different paths is inconsistent, the evaluation query mechanism will be triggered. The specific process is shown in Fig. 3. To challenge node U, Node V first asks k friend nodes or high-trust nodes for several confirmed File ids and evaluations based on relevant keywords and File Collection request. After receiving the request, the friend node will select files related to the requirement keyword from its own LVR confirmed Hash store to form a file collection response and return it to the originating node. The originating node tries to select the file ids that have an intersection from the different node response messages, to prevent spoofing by malicious nodes. Node V will select the good service ID to constitute the "Votes Challenge Request" message of evaluation and collection. The whole process is secret to U. When U receives the message, it does not distinguish whether the message is a query request or a true evaluation collection request. If the node is a normal node, it will also start the processing flow of Algorithm 2 for evaluation collection, and even forward requests to its trust nodes. If the node is a malicious node, it will also give a false evaluation information. Node V will calculate the questioning accuracy rate according to formula (2) after receiving the Votes Challenge Response.
$$\theta = \frac{{\left| {\Lambda_{{{\text{corrected}}}} } \right|}}{\left| \Lambda \right|}$$
(2)
where \(\Lambda_{{{\text{corrected}}}}\) refers to the number of files obtained by the evaluation collection algorithm in the feedback message within the specified time that are the same as the previously saved known evaluation results, excluding the error evaluation and unknown evaluation. Value \(\theta\) can be set and modified by users. In the basic setting of the evaluation system, we believe that if \(\theta < 0.7\) means that the node U is not trusted or has low credibility. For nodes with low doubt accuracy, we will trigger the punishment mechanism by lowering their integrity value. Therefore, in order to better integrate into the trust network, malicious nodes will try their best to give correct evaluation to the evaluation request, which greatly weakens their attack capability.
Punishment and incentive mechanism
The purpose of designing punishment and incentive mechanism is to encourage honesty node to evaluate the service accurately after the service is completed. Before providing upload, node V will refer to the credit value \({v.C}_{u}\) of node U. If the credit value is lower than the threshold of the system, the request will be rejected. When multiple requests from other nodes are received at the same time, the upload order will be determined according to the order of good faith value, and the nodes with high good faith value will be selected first to provide services.
The value of node integrity will be combined with the local calculated value and the network recommended value. The local calculation value includes two parts. One is SP, the service quality point of the evaluated node, the specific calculation method is shown in formula (3); the other is MP, the malicious behavior point of the evaluated node, it includes direct malicious behavior and indirect malicious behavior, and the specific calculation method is shown in Formula (4).
$$v.SP_{u} = v.TR_{u} + v.RR_{u}$$
(3)
$$v.MP_{u} = \left\{ {\begin{array}{*{20}l} {v.FR_{u} + (v.MR_{u} )^{2} ,} \hfill & {v.FR_{u} \le FR_{{{\text{base}}}} } \hfill \\ {v.FR_{u} + (v.FR_{u} - FR_{{{\text{base}}}} + v.MR_{u} )^{2} ,} \hfill & {v.FR_{u} > FR_{{{\text{base}}}} } \hfill \\ \end{array} } \right.$$
(4)
The local credibility value LC is obtained through SP and MP, the calculation method is shown in formula (5), which satisfies \(0 \le LC \le 1\).
$$v.LC_{u} = \frac{{v.SP_{u} }}{{v.SP_{u} + \delta \cdot v.MP_{u} }}$$
(5)
where \(\delta > 1\) is the amplification factor of malicious behavior. When there is no false evaluation and recommendation, the local credibility of the node is calculated as 1. When false evaluation is provided directly or indirectly, the local credibility value will be less than 1. Nodes can repair integrity by providing correct evaluation. However, due to the introduction of malicious behavior amplification factor, when the node continues to provide malicious evaluation, the speed of integrity value repair will lag behind the speed of integrity value attenuation. The nodes providing recommendation are only those have established trust pairs between TNL and local nodes. Because each trust pair node will have a similarity value, its calculation method is as shown in formula (6).
$$v.NC_{u} = \frac{{\sum\nolimits_{i \in v.TPS} {(v.Sim_{i} } \cdot i.C_{u} )}}{{\sum\nolimits_{i \in v.TPS} {v.Sim_{i} } }}$$
(6)
Value \(v.TPS\) represents the trust pair set of node v. The recommended network trust value of node U obtained by node V is calculated by averaging the recommendation values of all trust pairs. This means that node V is more likely to trust and cooperate with nodes that have had a long-term trust relationship, because such nodes are more likely to obtain a high degree of similarity. By combining the local calculated value of trust and the recommended value of network, the trust value of node V to node U is obtained by formula (7).
$$v.C_{u} = \frac{{\eta \cdot v.LC_{u} + v.NC_{u} }}{1 + \eta }$$
(7)
the network node u recommendation trust value obtained is through to all trust recommended values for the mean similarity of nodes, node v said more believe that long time and he has the trust and cooperation of nodes, because the node can obtain high similarity. By combining the local calculated value of trust and the recommended value of network, the trust value of node V to node U is obtained by formula (7), where \(\eta >1\) is the amplification factor of local calculation, indicating that the node trusts the local calculation value more, while the network recommendation value is only used as a reference. When evaluating a new node, due to the lack of local calculation value, network recommendation value will be taken as the main judgment standard.
Evaluation source and feedback source validation
Malicious attackers will make use of the fraud of evaluation source and feedback source, and defame and slander other nodes, which will reduce the credibility of benign nodes, affect the probability of benign nodes being selected in the trust node selection mechanism, and even seriously affect the benign users' use of collaborative network for service. In order to guarantee the authenticity of evaluation and feedback, this paper presents a verification protocol for evaluation source and feedback source. The protocol is simple to implement and does not require the participation of any third-party nodes. You only need to set up the private key encryption mechanism and the certificate issuing mechanism for the message between the nodes. As the intermediary point of the intermediate node, you only need to save the list information of customers. Firstly, the attack behaviors targeted by the authentication mechanism include: (1) malicious users forge the identities of other nodes, provide service evaluation information and send it to query users; (2) the malicious node sends false feedback messages through the feedback message sending chain. Therefore, the system needs to ensure the following rules: (1) in the LVR of any node, the evaluation providing source node in the non-deterministic evaluation hash store cannot be falsified; (2) the feedback source node in the evaluation feedback message cannot be falsified; (3) the feedback is sent back through the historical query chain, so the transaction information of the historical query cannot be falsified.
Figures 4 and 5 are the abstract protocol flow of the evaluation collection process and the evaluation feedback process. Message delivery is transmitted through cipher text, and the encryption key is the private key of the message-sending node. The evaluation collection request message includes the initial request and the forward request, which carries the ID or ID combination of the requested services. If the node receiving the request keeps the evaluation result of the node to be evaluated in the determined LVR, then the evaluation ticket is generated with the node's own private key as part of the response message body. In Fig. 4, node W's evaluation ticket of service F, including the ID of service F and W's evaluation of f. The message is encrypted with the private key of W, the evaluation ticket will be returned along the query path, and other nodes cannot forge it. The other part of the body of the response message is the proof of transaction between the nodes. For example, W's proof of transaction to U includes the ID of node U and service F, and it is encrypted with the private key of node W to prove that node W has provided evaluation on F to node U, which is non-repudiation evidence. As the forwarding node, node U will generate its own transaction proof after receiving the response from W, and reply to node V with the evaluation ticket of W and the ID of W as the message body. Since the ID of the node is associated with its public key, node V can prove the identity of the service evaluation provider W by doing a hash function for the public key of node W and decrypting the ticket. If node V finds that the evaluation of service F recommended by U and provided by W is wrong, V will delay the query path to send the feedback message of service F evaluation. In the body of the message, node V carries the proof feedback source's evaluation ticket to service F and the proof transaction certificate of node U and node V. When node U continues to feedback to node W, the steps are similar to the evaluation collection, but this time it carries the evaluation ticket from V. The protocol guarantees that the identity of any process node will not be counterfeited and that no node will deny its own behavior.