Trustnet: Trust-Based Moderation Using Distributed Chat Systems for Transitive Trust Propagation

Trustnet: Trust-Based Moderation Using Distributed Chat Systems for Transitive Trust Propagation

TrustNet: Trust-based Moderation Using Distributed Chat Systems for Transitive Trust Propagation Alexander Cobleigh Department of Automatic Control MSc Thesis TFRT-6102 ISSN 0280-5316 Department of Automatic Control Lund University Box 118 SE-221 00 LUND Sweden © 2020 by Alexander Cobleigh. All rights reserved. Printed in Sweden by Tryckeriet i E-huset Lund 2020 Abstract This thesis introduces TrustNet, a flexible and distributed system for deriving, and interacting with, computational trust. The focus of the thesis is applying TrustNet as a tool within distributed chat systems for implementing a subjective moderation sys- tem. Two distributed chat systems, Secure Scuttlebutt and Cabal, are discussed, the latter having been extended with a proof of concept implementation of the proposed system. The concept of ranking strategies is also introduced as a general purpose technique for converting a produced set of rankings into strategy-defined subsets. This work proposes a complete trust system that can be incorporated as a ready- made software component for distributed ledger technologies, and which provides real value for impacted users by way of automating decision-making and actions as a result of assigned trust scores. 3 Acknowledgements I want to start by thanking Johan Eker, my thesis supervisor from the department of Automatic Control at Lund University, for his support, patience, advice and feed- back in this unusually long Master’s thesis. I am very glad you took the time to listen to the random student dropping by your office to pitch his thesis idea. I also greatly appreciate the frequent discussions we have had throughout the thesis pro- cess. In a similar vein, I want to thank my thesis examiner Karl-Erik Årzén, also from the department of Automatic Control at Lund University, for agreeing to take on the responsibility of this thesis—thank you for your patience with the extended process the thesis ended up being, and for your feedback. Next, I would like to thank my friend Linus for his help and emotional support throughout the thesis process. Your advice around the academic process concerning getting started on the thesis was essential, in addition to all the advice you have provided throughout my time at Lund’s University. Thank you. I want to thank Aljoscha for reading a very early draft, back in July of 2019, and for your keen feedback. Thanks to Christian F. Tschudin, professor of Computer Science at the University of Basel, for inviting me to present an early version of TrustNet at the P2P Basel workshop in February 2020, just before the Covid-19 pandemic took over the world. I also want to thank Erick, Daniel, and Linus for reading drafts and for providing such excellent feedback. I would also like to thank Sara for her illustration advice, without which Fig. 6.1 would have looked much worse. Thanks to my friends who were working on their theses at the same time for their excellent company and motivation; thanks Ingrid, Magnus, and Anton. And a heartfelt thanks to my parents—for letting me pursue my interests freely, despite not always understanding what I was going on about. 5 Contents 1. Introduction 9 1.1 Overview . 10 1.2 Contributions . 11 2. Public-key Cryptography 13 2.1 Digital signatures . 14 2.2 Public-key-based Identity . 15 2.3 Uses in distributed peer-to-peer systems . 16 3. Distributed systems 18 3.1 The CAP Theorem . 19 3.2 Eventual Consistency . 21 3.3 Message Passing . 21 3.4 Append-only logs . 22 3.5 Kappa Architecture . 24 3.6 Interleaving logs . 26 3.7 Looking to distributed chat systems . 31 4. Chat systems 32 4.1 Moderation . 33 4.2 Distributed chat systems . 37 4.3 Subjective moderation . 45 5. Trust 48 5.1 Definitions . 49 5.2 Related Work . 50 5.3 Computational Trust . 52 6. Appleseed 58 6.1 Overview . 59 6.2 Algorithm . 62 6.3 Drawbacks . 71 7. TrustNet 73 7.1 Overview . 74 7 Contents 7.2 Architecture . 78 7.3 Experiment design . 80 7.4 TrustNet Example . 83 8. Evaluation & Results 86 8.1 Evaluation . 87 8.2 Results . 89 8.3 Moderation Comparison . 90 8.4 Varying the parameters . 91 9. Discussion 94 9.1 On Privacy . 94 9.2 On The Difficulty of Simulating Trust . 94 9.3 On Increased Attack Incentives . 95 9.4 On the Importance of Naming . 95 9.5 Other Use Cases of TrustNet . 96 9.6 Conclusion: Subjective Moderation & The Future of TrustNet . 96 A. Simulator parameters 98 Bibliography 99 8 1 Introduction How do you remove malicious participants from a chat? For a set of participants, what are the steps needed such that the malicious participant is no longer visible by anyone in the set? In a centralised chat context, there is always someone with the power to remove a participant. Usually, this is the person that started the context itself (i.e. a group chat). There is a special privilege granted to the initiative taker such that they can add and remove participants, as well as grant others the ability to do so. This role is usually known as an administrator, or admin, and the ones they grant powers are known as moderators, or mods. Even if no administrator exists, maybe they decided to leave the platform host- ing the group chat, there is always someone who has credentials to the hardware running the chat software. Thus, if the situation gets bad enough, it is technically possible for the platform administrator to individually intervene and, for example, remove the malicious participant from the database, or decree a new administrator. It is cumbersome and rare that it would come to that, but it is possible. This is a harder problem to solve in a distributed chat context. How do we know who is the leader in an eventually consistent system, where people may continue to perform actions offline? There is a much higher degree of subjectivity possible in these systems, as compared to a purely centralized context. Causality ceases to be straightforward when participants are allowed to continue participating in tem- porarily disconnected portions of the system. In the centralized context, removing a malicious participant is the action of a moderator. Usually it is one or two clicks, and the malicious participant has been removed for all other participants. In a distributed context, there are many possible answers to this problem. The first and naive solution is to delegate the responsibility of removing the malicious participant to each individual participant. Thus everyone participating has to indi- vidually hide offenders. Viewed as an isolated case it works, but repeated instances will risk causing an outsize burden on the participants. Another solution is to designate someone as a moderator for the entire group, like in the centralized context. Leader elections in a distributed context are however 9 Chapter 1. Introduction rather complex (see Paxos [Lamport, 1998]) and sensitive to Sybil attacks [Douceur, 2002], where one actor controls many individual actors inside the system, gaming it and electing themselves as leader. This thesis explores an alternate approach. What if participants could automat- ically block the malicious peer, if they discover that the peer has been blocked by someone the participant trusts? This is similar to the administrator from the cen- tralized context, but more flexible. In the centralized context, if the administrator is misbehaving and a participant loses trust in them, their only options are to live with it, or to leave the group. In the system where you effectively choose who can mod- erate for you, you can also choose to revert that decision if your trust later proves to have been misplaced. This is the central topic of the thesis, and one potential answer is presented in the form of a new system for managing and interacting with trust, TrustNet. The core problem statement of the thesis is the following: How can we efficiently hide malicious participants in a distributed chat context? and TrustNet is the proposed answer. 1.1 Overview The thesis starts by explaining the technical foundations, Chapters 2−4, which mainly constitute the work’s backdrop across the areas of cryptography, distributed systems, and (distributed) chat systems—though the second half of Chapter 4 presents the novel concept of subjective moderation systems. Then we venture into the chapter on trust, Chapter 5, followed by Appleseed in Chapter 6, the core algo- rithm. The subsequent chapter on TrustNet, Chapter 7, is the heart of the work and presents the main contributions. Chapters 8−9 contain the evaluation, results, and discussion portions of the thesis. In Chapter 2, Public-key cryptography, we introduce the cryptography knowl- edge needed to understand that distributed chat systems are possible in the first place, as well as fundamentally secure. We follow this up with Chapter 3, Dis- tributed systems, which goes deep on the topic of distributed systems—what they are, what range of distributed systems this thesis is concerned with, and how a dis- tributed system may be put together to enable a cohesive chat experience. Topics such as the CAP theorem, append-only logs (and how they may be secured), and vector clocks are detailed, among others. Chapter 4, Chat systems, presents the topic of chat systems, and more impor- tantly the topic, and causes, of moderation in chat systems. The last half of the chapter details the distributed chat systems we are primarily concerned with in this work. Two distributed chat systems, Secure Scuttlebutt and Cabal, are briefly pre- sented, and the novel concept of a subjective moderation system is introduced. The 10 1.2 Contributions following chapter, Chapter 5, Trust, details the topic of trust.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    105 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us