A privacy-aware architecture for a Web rating system

Abstract

Net Trust is a fraud-detection application that enhances security while protecting privacy. Net Trust identifies fraudulent Web sites by aggregating individual opinions, user-selected browsing histories, and third-party information. In this paper, we examine the security properties intrinsic to the implementation of the Net Trust ratings system. The ratings system protects against attacks by limiting diffusion of information to those with whom there is an off-line trust relationship. We also propose a rich-client/ thin-server implementation architecture and examine the privacy properties of this architecture. The privacy properties function not only to prevent the compromising of user confidentiality, but also to make the ratings system more robust. By utilizing trusted off-line social networks, Net Trust enhances the security and privacy of the ratings data. The implementation architecture maintains high data availability while empowering browser-history owners with final control over data access. The Net Trust analysis we present illustrates the mutual reinforcement of individual privacy (defined as user control over personal information) and security (defined as the resiliency of data confidentiality and the efficacy of the rating system).