A Review on Various Applications of Reputation Based Trust Management

The extremely vibrant, scattered, and non–transparent nature of cloud computing formulate trust management a significant challenge. According to scholars the trust and security are the two issues that are in the topmost obstacles for adopting cloud computing. Also, SLA (Service Level Agreement) alone is not necessary to build trust between cloud because of vague and unpredictable clauses. Getting feedback from the consumers is the best way to know the trustworthiness of the cloud services, which will help them improve in the future. Several researchers have stated the necessity of building a robust management system and suggested many ideas to manage trust based on consumers' feedback. This paper has reviewed various reputation-based trust management systems, including trust management in cloud computing, peer-to-peer system, and Adhoc system. Keywords—Reputation, Trust management, Recommendation


Introduction
is provided as a service. Only in cloud computing, both the hardware and software are provided as a service in the form of virtualization. For example, in the business process automation system, the network storage and the virtual instances for the operating system are created. Cloud computing assures several benefits such as low cost, expansion of resources, and easy maintenance. However, on the other hand, the features like non-transparent, highly dynamic, and distributed make it very challenging among the service providers. A recent study shows that inefficient trust management is one of the main reasons that acts as an obstacle for cloud computing. A lot of research is taking place for trust management in web services. In the paper [3], the authors have discussed the trust classes, the purpose of the trust, and the relationship between trust and reputation. They classified reputation systems into centralized and decentralized, Person/agent and resources, global and personalized. While discussing cloud computing at the corporate level, the authors of paper [1] state that privileged and secret data is stored and accessed through cloud computing. Organizing a large amount of data in the local systems is challenging for the industries as it is very costly and requires an efficient storage system. Hence the big organizations merge from the local storage system to cloud storage. Here the storage will be offered by the providers. This type of service is called storage as service. As the customers allow sensitive data to be stored in a remote place, specific issues regarding confidentiality, access control, and integrity have to be solved. To achieve the data's confidentiality, the owner can encrypt the data before outsourcing the data to the remote server. To achieve integrity on the cloud server, specific techniques have been proposed which validates that the data remain uninjured.
Using cloud computing, large-scale applications can pile services and flexible resources as they require without considerable investment and low operational cost. Although there is a lot of research being carried out to solve various cloud computing problems, service discovery issues remain an unsolved problem. In the case of cloud computing, it is essential to talk about the challenges of service discovery. The first reason is that cloud services are offered at three different levelssoftware as service, infrastructure as service, platform as service. The second reason is that there is no specific standard for describing and broadcasting the cloud services, making the discovery process harder for the customers. There are particular standards in web services--WSDL (A language for describing web services) and UDDI (A language for publishing web services). But the majority of the existing cloud services do not follow any standard description, which makes the discovering of the cloud service arduous. For example, some cloud service providers don't mention the word "CloudCloud, "which makes customers' judge that they may not be a cloud provider. Example: Dropbox. Some businesses do not have anything to do with the cloud but have a cloud in their name. Example: Cloud9carwash [8].
CSA-STAR [4] is a publicly available database that maintains security documents given by the cloud service providers while signing the agreement. It is a trusted program that guarantees security in the cloud computing environment. CSA-STAR helps the users in the following ways: • The users get to know about the security policies of the cloud service providers.
• To identify which providers can go together pleasingly with the offered infrastructure. • To increase the long term profit.
• Get experience by learning about different cloud providers.
CSA-STAR also helps the providers as follows: • To find the appropriate tools to set up and organize the security program. • To maintain their security level.
• To attract wealthy users with better policies.
• To get additional certification and prove their maturity in cloud computing.
• To show themselves as trusted service providers.
In paper [7], others proclaimed the five significant benefits of cloud computing. They are service-on-demand, wide network access, resource pooling, rapid elasticity, and measured service. The interaction between the service providers and the customers can be classified into two categories. 1. Business to business and 2.Business to the client [40,41]. Based on this interaction, the clouds are classified into four types.
• Private Cloud: Here, the resources are used by a particular organization. This organization contains many customers. The interactions in this type of cloud will be business to business interaction where all the resources will be maintained by the same organization or a third party, or both. • Community Cloud: Here, the resources are owned by a group of organizations to achieve a specified goal like high performance, reduced cost, or security. • Public Cloud: Here, the resources are made available to the public. This model's interaction will be business to the client where the resources are owned by government or business organization or both. • Hybrid Cloud: Here, the resources are allocated based on two or more models.
For example, private and public clouds can be combined. Here the interaction between the client and the provider will be both businesses to business and business to the client as different clouds as involved in this. Probability techniques are used to combine other clouds. It includes cloud bursting to achieve load balancing.

Trust Management System
In an information system, trust management is a conceptual system that operates on a symbolic representation of trust for making decisions. The trust value is in the form of cryptographic value, or it can link the trust management system with trust assessment result. Trust management is essential for information security, and in specific, it is necessary to maintain control policies. As we mentioned earlier, the development of cloud computing has increased immensely in the past two decades. Even though there are many useful features, there are undoubtedly serious issues like security, privacy, etc. The authors of the paper [4] reveal that the consumers are not actually aware of their data's security. Then how will the customers trust the providers? Who will take care of monitoring, validating policy attributes? Trust management is the best answer for all the above questions. Blaze M first introduced trust management in 1996 to solve many problems regarding trust. The authors of paper [7] have classified the tasks of trust management into three categories. They are: Setting up a trust relationship, observing their behavior, taking further steps based on the experience with them. Trust management is the best approach to form a trust relationship. There are several approaches for managing trust-based issues, but all the methods can be categorized into one of the following categories. They are 1. Perspective from provider side 2. Perspective from requester side.
From the provider's perspective, the provider is the most important driver for managing the trust management system where the consumer's trustworthiness is measured in Fig 1.a. In the requester's perspective, the consumers measure the provider's reliability given in Fig 1.b.  There are some common factors of trust [5]. They are as follows: • Trust is essential for a risky environment.
• Trust is used to make decisions.
• Trust is made based on experience.
• Trust is an opinion of an individual • Trust is dependent on context Trust management is based on the following factors: Policies, prediction, recommendations, and reputation. An admired technique to set up a trust in the midst of independent entities is to manage end-user approval through the policy. End users are approved access if they are met with the policy's threshold, followed by trust results. The SLA monitors the violation of services or judges a service's credibility concerning the parameters like security, availability, and latency. The latter is based on X.509v3.9 [a plain public-key], infrastructure (SPKI), ten or the Security Assertions Mark-up Language. The consumers who are known as the inquiring entity will sign up individual policies with providers who are known as an unknown entity to reveal their credentials for controlling their access. If the consumers satisfy the providers' minimum threshold, they are permitted to consume the service.
The third-party giving the recommendations will have prior knowledge about the trusted parties; particularly, they know the trust feedback source in the TMS (Trust Management System). The theory of social psychology says that an unknown person to a particular person will believe the recommendation of a person who knows them before. The researchers tell that the entities with like-minded trust each another. Based on the similarity, the consumer trusts the provider.

Fig. 2. Trust management techniques
The taste of an individual may vary from others. So we cannot come to a conclusion based on individual feedback. To rectify this opinion of the individual is calculated against a universal standard called "objective trust." If the trust is only based on one individual's taste, then it is called "Subjective taste" If the trust is given based on the transaction, it is called "transaction-based trust." If the trust is created by collecting opinions from every node, it is called "complete trust." But if the trust is created by collecting opinion from the neighbors alone, it is called "localized trust." [5].
A reputation system helps to build trust through social networks by collecting feedbacks from community-based sites. The user gives feedback about a particular entity from their experience. This feedback helps recommend and judge the specific transaction quality and the particular service provider [25]. Reputation has a significant impact on the trust management system. Various customers give a different opinion on a particular entity, which impacts that entity's overall trust-the reputation influences either positively or negatively. In the case of a recommendation system, there are no trusted relations. An entity may not know about the source of the feedback. An entity may have many trusted relations (network members) who provide feedback about that entity. If the feedback is more positive, the inquiring entity will be more trusted by the other entities [3].
The feedback is collected on various parameters. The customers choose the provider who gives assurance about the quality of service. In paper [4], the authors deliver that the entity's reputation is the overall opinion of the community over that entity. The provider with a high reputation will be trusted the most by that community member. We can't predict that all the collected feedback is trusted, but there may also be much untruth feedback. The feedback filtering algorithm has to be used to filter the trust feedback. The agent-based system is created to protect against malicious attacks. A lightweight system has been proposed to discover the feedback rate for the service. It has two phases. The first phase is the trust vector, which eliminates the wrong feedback. The second phase is reputation calculation, where the reputation value is calculated based on fuzzy logic.

Reputation Management in Adhoc
In the [14] paper, the authors used an efficient TCG (Trusted Computing Group) to get the trusted knowledge about the software coupled with devices. They assume that the TCG can securely inform the integrity value by calculating it from all the particular node software components.
This approach is used to evaluate the probability of malicious behavior of a peerbased on the software composition. The process of finding the probability of malicious behavior of software composition is a cumulative function of probabilities of malicious behavior of all its software components. Based on this assumption, the majority of the peers do not involve in malicious behavior. This approach can detect a trusted peer that is recently attacked by malicious software. Since this approach can detect the attacks very fast, the recovery can be made easily. The integrity measurement measured by TCG will be very useful since the Ad-Hoc network peers are highly mobile. The result of their simulation shows that their simple approach can detect malicious attacks efficiently. This approach is used for basic Ad-Hoc network; this can be further extended to complicated networks where the humans cannot involve in node behavior.

Fig. 3. Reputation management in Adhoc.
In the paper [15], the authors have proposed a strategy to get necessary details about the unfamiliar node and reduce memory space. In this solution, they have first gathered all the neighbor nodes to form the cluster, and one node will be acting as the cluster head. The cluster head will issue a trusted certificate to all cluster members. The trust ratings are combined with modified Bayesian in information exchange and while judging the reputation. This network is said to be not easily attacked by malicious nodes.

Reputation Management in Peer to Peer Network
In unstructured peer to peer networks, the possibility of wicked codes and fake transactions. It produces fake identities to perform fake transactions. In the paper [27], the authors have used a method with the concept of DHT along with a reputation system, which includes well-organized file searching facilities. The self-certifications techniques such as RSA and MD5 are used to ensure the data's security and availability from one peer to another. The peer's reputation measure determines the peer's trust, i.e., whether to decide if the peer is good or malicious. Once the peer is found to be malicious, then the transaction is canceled. The reputation of the peer is integrated with its identity. Every peer will maintain its certification authority, which gives the certificate and digital signature to themselves.
In the reputation management of the peer-to-peer network, the file searching method is proficient, but during the transformation of files, there may chance of viruses and other malicious attacks. Self-certification algorithms such as RSA, Naive Bayes, and MD5 are used for authentication. These algorithms can able detect malicious peers quickly and stop the transaction.
So the communication between the peers will be more secure. Usually, the transferred files face the problem in compression. But this system provides DSS (Digital Signatures Standard), which does the compression efficiency. It also transmits the short messages resourcefully.
In the paper [18], another reputation model in peer to peer system has been proposed. Using the feedback given by the other entities, the central entity calculates the trust of a particular peer. They have used three approaches: 1. Perron Trust, 2.Cred Trust, and 3.Cred Trust-trust. These approaches have been compared under various parameters, and finally, the third approach Cred Trust-trust is proved to be efficient. This model uses the combined concept of trust and credibility. This approach avoids malicious behaviors and also helps in selecting the reliable entity in the cloud. The framework has three modules: Reputation collector [to collect local trust], trust manager [to collect global trust], decision-maker [to deciding for present and future]. A peer can behave in one of the following: The reputation of the peers is decided based on how it behaves With the local nodes. So, the peers interacting with each other will give reputation value to the other peers. In the evaluation process, the factors considered are: The time taken by the peer will be considered to measure its performance, the accuracrvy of the results, and collisions. The error can occur in the cloud peer, or peer can be byzantine or rational. When every peer makes sure that they return the correct value on time, then the errors are reduced. If they do not return the correct value, they are considered to be cheating, and the task is transferred to another peer. It makes unsatisfactory about the quality of execution.

Reputation Model Using Fuzzy Logic
This system is beyond doubt unique and entirely comprehensive, which incorporates fuzzy systems to integrate trust characteristics-initially, the host request for the reputation of the objective host to which it wants to communicate. The host then calculates the overall reputation by gathering a reputation from all other hosts along with the previous experience it had with that particular host. Now, based on the reputation value, the host decides whether to connect with the target host or not. The initiator calculates the target's credibility value by considering the similarity, popularity, activity, and collaboration. The host uses fuzzy logic to decide the importance of the transactions, the result of the transaction, and also to decide whether to communicate with a particular target if the previous decision is not accurate. Hosts consider various dynamic time decay factors depending on the reliability of the communication with other hosts.

Parameters for Trust Evaluation
The authors of the paper [19] have considered the essential attributes of trust evaluation to be availability, turnaround efficiency, availability, and data integrity. Ultimately, after much research, it is delivered that these attributes are essential for evaluating the trust result. The authors strongly believe that these attributes have a significant impact on trust.
Availability: is a facility where the services, resources, and data stored in the cloud are accessible and can be used by other authorized entities. Moreover, the services are offered even if many numbers of nodes get a breakdown. Availability is concerned with the time in which a system is active for the entire period, which is essential to predict the function. Therefore it is expressed either as a direct proportion or percentage. It is also expressed in qualitative terms, indicating to which extent a system can work even if another set of component breakdown.
Reliability: is the major part of the trust. It measures the ability of the hardware and software components to constantly do in accordance with the specifications.
Data integrity: An important issue that requires more concentration in the cloud environment is security. Data integrity is the broader term that includes privacy, security, and accuracy of the stored data. The provider's integrity will give the customer trust in that particular provider, and it also provides the customer with confidence about the provider. Security means how safe the data is in the cloud. Loss of data may occur due to low maintenance of data. Accurate loss may happen because of superseded computing infrastructure.
Identity: The different levels of security are: • Authorization level • Security level • Entity Protection level • Recovery level.
Capability: The present capacity of the resources affects the execution of the application and file or transfer of data. This parameter is based on processor speed and memory speed. It also depends on network parametersbandwidth and latency.

Feedback Collection and Management
Distinctively, TMS [Trust management service] has two main functions: Data Provisioning, Trust Assessment Function. The Data Provisioning is conscientious for collecting information about cloud services and trust information of that service. Services Crawler module is based on the Java Open Source, which allows the system to find out cloud services over the Internet involuntarily. They have implemented functionalities to make the crawling process simpler and ended the crawling data more wide-ranging. The functionalities are addseeds(), addcrawling time(), select crawling domain(). Along with this, they also have developed the feedback collector module, which can collect feedback from the users directly. The feedbacks are collected in the form of records, and they are stored in the database.
Availability Model: is one of the critical requirements of the trust-management service. So, in this model, several nodes manage the feedback provided by the user. The feedbacks are placed in different nodes in a decentralized method. The workloads are shared using load balancing techniques so that the availability level is continuously maintained. The number of nodes is decided by the measure called the operational power metric. In order to reduce the clashing of nodes in TMS, replication techniques are subjugated. Another metric called replication determination is used in this model, which determines the number of replicas. This metric, in turn, exploits filtering techniques to foretell the availability of each node accurately.

Reputation Evaluation
• Troll: A troll entity is an intentionally aggressive message panel entity. Trolls work up to begin conflict between other candidates and distress them. They interrupt the forum with irrelevant or negative comments, sing their own praises nonstop about them themselves, laugh at others' opinions, or introduce notorious comments to upset conversations. It means trolls play a vital role anywhere in the online world that interact in blog sites, social networks, distributed systems, hobby site cloud, and discussion forums. The hackers could also use a cloud to amplify a troll's role to attain its intention by offending the cloud or given with another consumer in the cloud. • Opinion leader: An opinion leader in the powerful candidate of a particular group whose advice will be followed by the other candidates. An opinion-leader in a popular candidate who can persuade public opinion. In other words, we can say that opinion leader is meant for public opinion. Trust is a valuable thing that has to be gained from the consumer, and it cannot be gained that easily. While evaluating the trust, opinion leaders are the candidates who are superiors to others, which makes them trust-worthy. Whereas trolls are the entities, On the other hand, trolls are the candidates who post unreal and irrelevant comments about the provider. In this paper [19], authors have calculated trust by giving more importance to the opinion leaders' comments. They have introduced methods to identify the troll entities and remove their comments. As we mentioned earlier, the authors have calculated trust values using five important parameters like availability, reliability, data integrity, identity, and capability. Also, they proposed methods to identify opinion leaders and troll entities. These metrics have been used by them, including the degree of the input, degree of the output, and reputation. The accuracy of the trust value has been improved much by removing troll entities' comments and taking the comments of an opinion leader. • Credibility Model: The credibility of the consumers' feedback plays a major part in the trust evaluation. Consequently, in the paper [17], they proposed metrics for the collision detection in feedback. The metrics include including Density of the feedback and Occasional feedback collusions. These metrics differentiate the misleading feedbacks or the comments given by the malicious consumers. It also detects the strategic and suddenly changed behaviors which lead to collusion attacks. In addition to this, they have also proposed many metrics for detecting Sybil attacks, which includes Multi Identity Recognition and Occasional Sybil Attacks. These metrics permit TMS to spot deceptive feedbacks from Sybil attacks. This function is in charge of managing the assessment of trust requests from the consumers where various cloud services' credibility is compared. The credibility factors of feedback are measured. They developed a calculator for calculating factors regarding attack detection. Furthermore, they developed the Trust Assessor to compare the trustworthiness of services. The trust results are stored in the database for further use.

Conclusion
Given the reality of the increased implementation of cloud computing in the modern years, there is a considerable challenge in overseeing trust within providers, between service providers and service consumers. In this paper, we presented various reputation-based trust management frameworks to handle trust in cloud environments. We discussed the credibility model, which differentiates the true and the malicious feedback. The existing reputation system solves almost all the problems efficiently. Still, they are lack one or more factors-most of the reputation models used to have the weighted mean method as a rating aggregator. Performance optimization is the only area that is unfocused so far. It can be focused on in the future for a further robust reputation system.