In this paper, we propose a Trustworthy Service Evaluation (TSE) system to enable users to share service reviews in service-oriented mobile social networks (S-MSNs). Each service provider independently maintains a TSE for itself, which collects and stores users’ reviews about its services without requiring any third trusted authority. The service reviews can then be made available to interested users in making wise service selection decisions. We identify three unique service review attacks, i.e., linkability, rejection, and modification attacks, and develop sophisticated security mechanisms for the TSE to deal with these attacks. Specifically, the basic
TSE (bTSE) enables users to distributedly and cooperatively submit their reviews in an integrated chain form by using hierarchical and aggregate signature techniques. It restricts the service providers to reject, modify, or delete the reviews. Thus, the integrity and authenticity of reviews are improved.
Further, we extend the bTSE to a Sybil-resisted TSE (SrTSE) to enable the detection of two typical sybil attacks. In the SrTSE, if a user generates multiple reviews toward a vendor in a predefined time slot with different pseudonyms, the real identity of that user will be revealed. Through security analysis and numerical results, we show that the bTSE and the SrTSE effectively resist the service review attacks and the SrTSE additionally detects the sybil attacks in an efficient manner. Through performance evaluation, we show that the bTSE achieves better performance in terms of submission rate and delay than a service review system that does not adopt user cooperation. Enabling Trustworthy Service Evaluation in Service-Oriented Mobile Social Networks
Security in sensor networks is complicated by the broadcast nature of the wireless communication and the lack of tamper-resistant hardware (to keep per-node costs low). In addition, sensor nodes have limited storage and computational resources, rendering public key cryptography impractical. In this paper, we investigate the Sybil attack, a particularly harmful attack in sensor networks. In the Sybil attack, a malicious node behaves as if it were a larger number of nodes, for example by impersonating other nodes or simply by claiming false identities. In the worst case, an attacker may generate an arbitrary number of additional node identities, using only one physical device. Related Work the Sybil attack was first described in the context of peer-to-peer networks pointed out that it could defeat the redundancy mechanisms of distributed storage systems. Karlof and Wagner noted that the Sybil attack also poses a threat to routing mechanisms in sensor networks.
We propose a basic trustworthy service evaluation (bTSE) system and an extended Sybil-resisted TSE (SrTSE) system for the S-MSNs. In both systems, no third trusted authorities are involved, and the vendor locally maintains reviews left by the users. The vendor initializes a number of tokens, which are then circulated among the users to synchronize their review submission processes. After being serviced by a vendor, a user generates and submits a non forgeable review to the vendor. The user cannot proceed with the review submission until it receives a token from the vendor. If the review submission succeeds, the user will forward the token to a nearby user who is wishing to submit a review to the same vendor; otherwise, the user will forward both the token and its own review to the receiver, expecting that receiver user will cooperate and submit their reviews together. During token circulation, a hierarchical signature technique is adopted to specify and record each forwarding step in the token, and a modified aggregate signature technique is employed to reduce token size. Both signature techniques are also used during cooperative review submission for reducing communication overhead and improving review integrity.