International Journal of Trust Management in Computing and Communications (5 papers in press)
Socio-cultural distrust of Internet information
by Kenneth David Strang
Abstract: We live in a globalized context due to Internet communications and computing technology. Given the false or misleading information provided by some information service providers, there may be a rising distrust of Internet-based material. In this paper the goal was to evaluate the distrust of Internet material, using a social demographic theoretical lens. The results of the study were fascinating, because the distrust for social media was higher than other Internet communications. Males distrusted Internet communications more than females. In contrast, American Indian and black females trusted Internet communications more than males. The results of this study should generalize to marketing discipline practitioners such as new business product/service development and also to national policy makers.
Keywords: Consumer Behavior; Online Information; Trust management; Cross-Culture.
Caucus: An Authentication Protocol for Cloud Federation
by Anant Nimkar, Soumya Ghosh
Abstract: Cloud federation provides computing services of internal and external cloud providers. Computing services can be virtual resources or services as per delivery models viz. IaaS, PaaS, SaaS. These computing services are collectively owned, accessed and controlled by one or more federating participants like user, broker, cloud providers, service provider etc. Thus, subjects are subsets of federating participants for use, execution, deployment and management of computing services in the established federation. Each such subject must be authenticated before authorization of computing services. In typical cross-domain authentication, each subject has two identities obtained from two identity providers. This cross-domain authentication can also be viewed as a federation of two entities. However, challenge lies in a situation where authentication needs to be done based on more than two identities of federating participants. All identity management solutions cannot address authentication of subjects comprising of more than two federating participants. In this paper, we propose a protocol for authentication (called as Caucus Authentication Protocol) of subjects as a subset of one or more federating participants using a variant of Multi-Party Computation (MPC). Theoretical study attempts to prove liveness and safety properties of proposed Caucus Authentication Protocol (CAP) for the validation of dead-lock-free communication. The simulation results show that the protocol provides authentication of subjects in acceptable response time.
Keywords: IaaS; SaaS; Cloud; Federation; Authentication; Security; Access Control;.
Personalized Reconfigurable Trust Management
by Hisham Rashad, Mohamed Eltoweissy
Abstract: Trust is the keystone of success in any relationship between two or more parties. Current technologies to include cloud computing, social networking, and mobile applications, coupled with the explosion in storage and processing power, are evolving massive-scale marketplaces for a wide variety of resources and services. In such marketplaces, users (consumers, providers and brokers) are largely autonomous with vastly diverse requirements, capabilities, and trust profiles. Thus trustworthy relationships (interactions and transactions) are challenging endeavors. We claim the need for a customizable trust management system that can be personalized for the robustness and wide-scale adoption of such vastly heterogeneous marketplaces. In this paper, we present architecture for customizable and reconfigurable trust management to accommodate varying levels of diversity and trust personalization. The proposed architecture decouples trust management operations and defines five interrelated reconfigurable components, which collectively can be used to implement a wide spectrum of trust management systems ranging from generic to highly personalized. We use our architecture to evaluate trust personalization. In our experiments, we implement both a personalized and a generic trust management system, and contrast their effectiveness, efficiency, resiliency and scalability. The results show that personalized trust management systems are more effective and efficient particularly with the increase in user diversity. The results also demonstrated the resiliency and scalability
Keywords: Trust Management; Reputation Management; Personalized Trust; Trust Architecture; Customizable Systems; Dynamic Clustering.
Personalized Recommendation System For Ranking In Question Answering Websites With Splay Tree By Avoiding Tumbleweed Badge
by Jayashree Ramakrishnan, Christy A
Abstract: An efficient and effective way to construct trust relationship among peer users in Electronic learning environment is ranking. User-driven ranking systems are based only on the feedback or ratings provided by the users. Users with higher points obtain high reputation compared to less scored users. In popular Question-Answering websites, like stack exchange network sites, users with unanswered or ignored questions for a long time get a tumbleweed badge without considering their past history. The Question-Answering website community considers this award as a consolation prize and discourages the awardees instead of encouraging them. Most of the people who ask Tumbleweed questions are new or low-reputation users. The focus of this research work is to design a recommendation system that prevent tumbleweed questions from the users who are about to receive a tumbleweed badge. A splay tree is a Binary Search Tree with a self-balancing skill which brings the recently accessed item to the top of the tree. In this paper, the splay tree represents users ranks with methods to avoid tumbleweed badge. The spotlight of the work is to bring up average or below average scorer to top without affecting existing topers.
Keywords: Collaborative Work; Electronic Learning; Learning; Ranking; Feedback; Websites; Tree Data Structure.
A Novel Authentication Protocol for Prevention of Phishing and Pharming Attacks in Mobile Banking
by Sriramulu Bojjagani, V.N. Sastry
Abstract: The current mobile authentication protocols place an extra burden on mobile device users to detect and avoid phishing and pharming attacks. In this paper, we propose a novel mobile banking authentication protocol that employs an Authentication Server (AS), which sends a nonce to the mobile user device to be signed, so that he can avoid phishing and pharming attacks. Phishing attacks are fraudulent e-mail messages appearing to originate from legitimate enterprises to access private information and commit identity theft. Pharming is a form of attack on the network infrastructure where the user is redirected to the fraudulent website even when the user enters the right web Uniform Resource Locator (URL) or Internet protocol (IP) address. In this protocol, the message signed on the mobile device includes the information of the bank. Hence, upon receiving the signed information, the authentication server can quickly identify the attack and notify the bank. Our proposed protocol is experimentally validated by a formal method of model checking tool namely ``Automated Validation of Internet Security Protocols and Applications (AVISPA)''.
Keywords: Phishing; Pharming; Mobile banking; URL; IP; AVISPA;.