Toggle search
Toggle menu
122
332
11
3.4K
Information Rating System Wiki
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

Security and hacking issues related to information rating systems

From Information Rating System Wiki
More actions
Revision as of 13:56, 23 September 2024 by Pete (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Main article: Ratings system

When we envision a world where an information rating system heavily influences social status and a community’s decision making process, it is obvious that there will be people who will be highly motivated at times to “cheat the system”.

The question can reasonably be asked, “How secure is the rating system against hacking/cheating?”, so this is written as a partial answer to that question. It is only a partial answer because “how secure a system is” tends to be an open-ended question as it is not generally possible to know all possible attack vectors at any given time.

The best we can do is consider plausible attack vectors we can think of at the moment, analyze how resistant our current model of the rating system is to such attacks, then think of possible further modifications to the system to make it more robust (or alternatively suggest strategies that users can employ to mitigate such attacks).

We can broadly divide possible attacks into two different categories: 1) computer-hacking attacks that take advantage of the fact that the rating system runs on computing hardware and 2) social-based attacks that just attempt to abuse the “rules” of the rating system (although such attacks may also use computers to accomplish their mission). On this front, a number of proposals have been discussed, especially related to aggregators.

Computer-hacking attack vectors

  • Takeover a user’s server and have it report false ratings to the entire system
  • Takeover a user’s server and inject false ratings to specific users
  • Takeover a user’s server and have it suggest new predicates
  • Man-in-the-middle (MITM) attacks
  • Denial of service (DoS) attack on an individual server
  • DoS attack on an entire ratings network

Social-based attack vectors

  • Individually spread disinformation
  • Creation of sock puppets that pretend to be real people and spread disinformation
  • Motivate influential people (or just a lot of people) to spread disinformation
  • Forcing a user to publish false information (technically this is same as the previous attack based on motivating disinformation, but describes the case where the motivation is extremely strong)
  • Spam information topics to obscure important information

Takeover a user’s server and have it report false ratings to the entire system

If an attacker gains control of a user’s server, it can start spreading false ratings to everyone in the network. The attacker can 1) rate predicates that previously weren’t rated by the owner or 2) change the value of an existing opinion.

Retrieved from "https://wiki.peerverity.info/w/index.php?title=Security_and_hacking_issues_related_to_information_rating_systems&oldid=2120"
Contents
Last modified
This page was last edited on 23 September 2024, at 13:56.