Security Standardisation, the ENISA perspective - Events

Download Report

Transcript Security Standardisation, the ENISA perspective - Events

Open Reputation Systems
Overview
OASIS ORMS (Open Reputation
Management Systems) introduction
Use cases, requirements and model
ENISA Paper on Security Issues in
Reputation Systems
Some thoughts on reputation
standardisation
OASIS - ORMS
Goal: Definition of a portable reputation
format
Process:
Use-case definition for reputation
management
Reference/standard model
• Flexible reputation data model
• Framework and protocol/s for exchanging and
porting reputation data (SAML/IDP based)
• Evaluation algorithms for mapping reputation to risk
/ risk levels
• Support for privacy, multiple identities, identity
resolution
Use-cases 1
Seller reputation
Peer-to-peer
Key management
Anti-spam/IP reputation
Use-cases 2
Content filtering
Avatar Reputation
Social Network Peer Reputation
Unified Communications (IM, SPIT/SPIM etc…)
Requirements
portable
Peer reviews
specific
Digital Identity
Real identity
Identity Verification, Identity Proofing
= Strong Identity
Summary of actual
past behavior, by
service provider

Trust in specific attribute
or future behavior?
Background check
against external data
Reputation (in Policy)
Reputation
Define
Policy
Monitor,
Audit,
Report
Enroll &
Proof
Users
Reputation
Reputation
Enforce
Access Control
Reputation
Issue &
Manage User
Rights
Reputation
Modelling Reputation in a
Standard -Thoughts
Reputation is an aggregation of
opinions about an assertion
Assertion – Bob is
a good laptop
seller
Score 0.2 – i.e. He is
not a good laptop seller
Assertion – Bob is
a bad husband
Score 1 – i.e. He IS a bad
husband
The anatomy of reputation – personal view
Assertion – Bob is a
good laptop seller
Reputation Thoughts
If reputation is an aggregated opinion
about an assertion – why not integrate
with SAML and IDP infrastructure?
Reputation votes should be separated
from the algorithm used to compute it
Mean score
2nd order reputation
Reputation Context
=> Same vote set can be interpreted differently
Reputation Thoughts
Model must allow for so-called 2nd
order reputations (scores which take
into account the reputation of the
voter)
Rating context should be taken into
account – time/date, authentication
method/token etc...
Security of Reputation
Systems
ENISA paper – a security analysis of reputation
systems
http://enisarep.notlong.com
Typical security vulnerabilities need
to be addressed:
Collusion–voters agree to target a victim
Denial of reputation – campaigns
against an individual
Whitewashing (cancelling a bad
reputation)
Sybil attacks (creating multiple
identities to vote – e.g. Ebay 1 cent
items voted on by seller)
Take home messages
ORMS is working towards a global portable
reputation standards.
Reputation is just another kind of
assertion
Importance of including features like
authentication, privacy, 2nd order
reputation
Importance of addressing security issues.