I suspect that many Sciencetext readers know all about the various bits of software that let them share the contents of their hard drives, whether those happen to be stuffed full of illicit movie, mp3, and other downloads, or legitimate files free of copyright restrictions and digital rights management (DRM) issues. So, with that taken as read, I will get straight to the point. Do you trust your peers?

In peer-to-peer (P2P) networks, members of those communities make personal trust evaluations of each other based on their experiences and observations. Actually, most general users of these networks don’t bother to make any kind of value judgment about their peers at all, but those are the lamer users. Power users who hope to get the best out of P2P most certainly do!

The available information about a network user’s past behavior, their reputation, in other words, is usually incomplete, so making such judgments of a specific user’s credibility is nigh on impossible. So, is there a way around the issue, some way to ensure the trustworthiness of the peers to which your P2P application links?

Nokia scientists seem to think so. Silke Holtmanns of the Nokia Research Center, Software and Application Technologies Laboratory, in Helsinki, Finland, working with Katri Sarkio of the Helsinki Institute for Information Technology have proposed in a research paper published recently in the International Journal of Internet Technology and Secured Transactions (2007, 1, 95-107) a set of new software functions that could allow users, or their software at least, to estimate the trustworthiness of members of the P2P communities to which they connect. The estimator would closely monitor the peers’ past behavior and be flexible enough to work across different kinds of P2P networks, such as BitTorrent systems, Gnutella networks, and mobile networks.

Holtmanns is a Senior Research Engineer at Nokia and works on privacy, trust, and identity management in the mobile environment. Similarly, Sarkio’s research interests lie in privacy, trust, reputation management and social networks in P2P networks and virtual communities. The pair point out that in virtual communities, such as eBay, a group of users interacts with each other making personal trust evaluations based on experience and observations. eBay, as SF readers will know has a centralized evaluation mechanism for managing reputations. Other types of communities such as recommendation forums, free programming communities, like SourceForge.net, and file sharing networks often rely on direct one-to-one interactions instead of having a centralized trusted third party control the transactions. That said, many P2P network programs have a degree of trust assessment built in to the software based on leeching to sharing ratio, download and upload ratio, and various other factors.

The researchers’ main objective in their IJTST paper was to successfully define a fine-grained and context-dependent reputation evaluation mechanism for P2P applications. This would be generic and so usable across different types of network. To achieve this goal, the researchers have designed a mechanism that focuses on capturing and processing information linked to each user transaction.

The mechanism is built on five advanced functions that use three simpler functions, namely, success, value and time. The first two advanced functions examine the relevance of the evaluations a peer receives from their current interest point of view and the level of experience of the evaluation provider. Based on these and the basic functions, the latter three then produce trust values for the evaluations received from strangers, friends belonging to the peer’s social network and the peer’s own experiences for the tailored trust value. This is all translated into a mathematical formula that is implemented as part of the P2P network software, whichever network that happens to be.

“Reputation systems can assist users in building desired level of trust, even though these systems are, realistically, not the only sources affecting these trust decisions and relationships. However, we find that the presented mechanism is a suitable tool in producing reputation information-based tailored trustworthiness estimations locally. It takes into account the multi-dimensional factors in the estimations, which correspond to the character of the conducted transactions,” the researchers conclude.

They point out that such a system does not stop a peer revealed as untrustworthy from registering a new account and attempting to build their status from zero up again. But, it does prevent those who attempt to gain a good reputation with “low-cost items” or cheating on bigger “deals” from succeeding.

Perhaps we should watch out for a Nokia Trust button coming to a P2P network some time soon.