Nowadays, mobile users can switch between different available networks, for example, nearby WiFi networks or their standard mobile operator network. Soon it will be extended to other operators. However, unless telecommunication operators can directly benefit from allowing a user to switch to another operator, operators have an incentive to keep their network quality of service confidential to avoid that their users decide to switch to another network. In contrast, in a user-centric way, the users should be allowed to share their observations regarding the networks that they have used. In this paper, we present our work in progress towards attack-resistant sharing of quality of service information and network provider reputation among mobile users.
On the 10 th of September 2008, the European Commission launched its Future Internet Research and Experimentation (FIRE) initiative.
We envision the Future Internet as being able to infer the user experience quality of the network services that it provides and to take into account these user-centric observations at time of selection of these network services. As a first step towards this vision, we have been investigating appropriate mechanisms for mobile network selection based on Quality of Experience (QoE). We stress that it is important to make the difference between QoE and Quality of Service (QoS). The ITU-T in its E800 recommendation [ITU-T E800] defines QoS as follows: “the collective effect of service performances, which determines the degree of satisfaction of service users”. Thus, QoS has mainly focused on objective technical evidence such as session throughput measurement. QoE goes beyond purely technical evidence and includes asking the opinions of the users about their degree of satisfaction after using the service. Assuming that it is infeasible to have a unique QoE information service trusted by everybody and collecting all QoE information generated in the world, QoE information will be distributed and provided by different entities. We work on a project where the users share their QoE information in a decentralized peer-to-peer fashion. In this case, traditional telecommunication operators, who are powerful entities, may invest a lot of resources to influence their level of QoE to keep or attract more users. Telecommunication operators may even try to attack such a user-centric system to protect their market. In Section 2, we present a decentralized model where users will be able to share their QoE without being censored or abused.
We consider the level of QoE of a telecommunication or network provider as its QoE reputation. That QoE reputation can be influenced because it is not formally proven and composed of distributed information that may not be complete or from unauthenticated sources. Romans considered reputation as “a vulgar opinion where there is no truth” (“reputatio est vulgaris opinio ubi non est veritas”) [Bouvier M.]. Nowadays, there are still many potential attacks on computational trust and reputation metrics [Hoffman K., et al.]. In this section, we first depict the attack model expected in our shared user-centric-generated QoE scenario. Then, we present our work in progress towards an attack-resistant computational reputation model for this scenario.
QoE may be more subjective than objective technical evidence. QoE may vary between users for the same network or telecommunication provider because users have different tastes and preferences. Thus, network QoE reputation may vary between users for the same network. Of course, in a democratic tolerant world, having a different opinion cannot be considered as an attack. However, one may be tempted to cheat to influence QoE reputation. Worse, it may be a coalition of entities who collude to drive that reputation to the level they wish. This time, this is an attack. The different types of attackers that we consider are:
Network Provider: The goal of having Always Best Connected (ABC) may be different between telecommunication operators and end-users. Unless telecommunication operators can directly benefit from allowing a user to switch to another operator, operators have an incentive to bind the user to their networks or service provisioning. In contrast, for end-users ABC may mean saving money by switching to the lowest cost operator.
End-user: They may attack for different reasons, from playing to making money for example as being paid to take part into a coalition of attackers.
Coalitions of attackers composed of: End-users only, Network providers only, A mix of end-users and network providers. In addition, different types of attacks can be carried out at the reputation level:
Technical attacks: Propagation of false QoE evidence: by many pseudonyms created and controlled by a same entity through: ■ normal pseudonym creation, ■ spoofed pseudonyms, ■ compromised legitimate pseudonyms. Destruction or denial of reputation evidence. Use of the good reputation of: ■ a compromised entity, ■ by a spoofed entity. Social engineering attacks: Attackers may propagate false QoE evidence via not directly controlled entities from external information posted on forums to rewarding real influencing end-users or misleading end-users on the network provider that they have been using. For example, by choosing a WiFi SSID with a friendly name mentioning a well-known provider for a bad network… Whitewashing attacks: When the entity reaches a high-enough level of reputation either via normal actions or propagation of false evidence, the entity behaves very badly without being prosecuted afterwards. The entity may be able to rejoin under another pseudonym without being detected. Privacy attacks: If all would be known about an entity, the rep
This content is AI-processed based on open access ArXiv data.
