[p2p-hackers] Automatic reputation systems for P2P security?

[paul at nmedia.net]

I've seen several papers referencing advogato, among other things, and it seems 
like reputation/trust systems solve a lot of problems related to P2P misbehavior. For 
instance, clients can track other clients that send out bogus files, that report a file 
and then refuse to share it, that create bogus queueing data (big problem with 
Emule/Edonkey networks), that might outright lie or otherwise cheat/steal and 
attempt to disrupt a Chord network, etc.

It seems that scalar trust systems aren't going to do it because it is fairly easy to 
cheat by creating fake nodes, etc. So the real trick is the "group" or vector trust 
metrics.

However, that may solve the theoretical issue but I haven't seen any real examples 
of implementation. For instance, most of the papers referring to Advogato and 
Advogato-like systems are based on the client-server model. And to implement trust 
networks as it appears that they are done now, the shear amount of data necessary 
makes them pretty darned unwieldy.

In addition, it is relatively well known (but time/bandwidth consuming) for a node to 
detect misbehaving nodes. But translating that to a trust metric, or even how to 
handle that on an implementation level has not been published anywhere.

SO...is there anything out there on this sort of idea, especially on the 
implementation side? I mean...if this can be done in reality, then it has a whole host 
of uses even just in the small world of file sharing networks. As it stands, any trust 
metric that's been tried so far is easily tampered with by the clients.