The Reputation Lag Attack

. Reputation systems and distributed networks are increasingly common. Examples are electronic marketplaces, IoT and ad-hoc networks. The propagation of information through such networks may suﬀer delays due to, e.g., network connectivity, slow reporting and rating-update delays. It is known that these delays enable an attack called the reputation lag attack. There is evidence of impact of reputation lag attacks on existing trust system proposals. There has not been in-depth formal analysis of the reputation lag attack. Here, we present a formal model capturing the core properties of the attack: ﬁrstly, the reputation of an actor failing to reﬂect their behaviour due to lag and, secondly, a malicious actor exploiting this for their personal gain. This model is then used to prove three key properties of the system and the attacker: if there is no decay of reputation, then the worst-case attacker behaviour is to cooperate initially, then wait, then behave badly; increasing communication between users was found to always be of beneﬁt to the users; performing a speciﬁed number of negative interactions given any instance of the system is an NP-hard problem.


Introduction
Ratings can be found as a basis for trust in various networks including ecommerce and social media.Typically, actors will rate their interactions with one another.These individual ratings are propagated through the system, and considered by others when judging who is trustworthy.Timely and effective propagation is necessary for actors to accurately judge each other.Non-ideal networks introduce lag due to network connectivity, people providing ratings late, or other reasons.An attacker can exploit this lag by engaging actors who, due to lag, have not received news of the attacker's prior negative behaviour and still consider them trustworthy.Broadly, we define a reputation lag attack as any instance where an attacker exploits a lag in the propagation of their negative reputation to allow them to perform negative actions they otherwise couldn't have.
No substantial research or well-reported instances of the reputation lag attack exist (not much work has followed up [7], which introduced the notion).We do not know the scale, prevalence and effect on vulnerable networks remains unknown.Nonetheless, existing research [8] shows that the attack is viable on proposed trust systems.Attacks on trust systems often combine different types, and, e.g., fake ratings, Sybil accounts or camouflaging tactics are more obvious, so combined attacks may have been classified as these.
There is general theoretical model of reputation lag attacks.A formal model provides insight into the attacks, even without data.This paper takes a first step towards defining a general formal model of reputation lag attacks.The model successfully captures the core mechanism of the reputation lag attack: some user(s) must trust an attacker who they would not have trusted had no lag been present in the system.Three primary insights were gained from the model.Firstly, if users judge all actions equally regardless of when they occurred, there exists an ordering to the attacker's actions which is always superior to any other ordering: the attacker first behaves positively; waits for that reputation to spread through the system; and then attempts to behave negatively as much as possible before being rejected by the users.This drastically reduces the search space of possible optimal sequences of actions for the attacker.Secondly, increasing the rate of communication between users relative to the attacker is always detrimental to the attacker in the average case.Finally, how to successfully performing a specified number of negative actions for a given instance of the system is an NP-hard decidability problem for the attacker.

Related Work
Distributed systems can use ratings or recommendations between actors as a basis for trust, where an actor's reputation is defined through these ratings [19].In such systems, reputation is imperative to actors' decision-making processes, for example in marketplace environments [5,18].The delay present in the propagation of these ratings was first identified as a vulnerability by Kerr and Cohen [7] as the "reputation lag attack".The vulnerability is not present in previous surveys on reputation systems [4,13].Hoffman, Zage and Nita-Rotaru [4] is an example of how the attack often went unrecognised.The authors decompose reputation systems into their constituent parts and discuss the vulnerabilities present in each.They are prudent in making rating propagation explicit within the dissemination stage.However, no notion of lag is considered here so the authors miss a likely environment for exploitation (focusing primarily on transmission integrity).
Even once discovered, the reputation lag attack remained largely unnoticed by the trust community, appearing in some subsequent surveys (e.g.[6,15]) but not others (e.g.[10]).The first analysis is performed by Kerr and Cohen [8], when investigating the success of dishonest sellers against various proposed trust systems in a simulated marketplace.They conclude that the reputation lag attack, though somewhat successful, was largely less so than other attacks, acquiring less profit and beating fewer trust systems.This finding comes with two major caveats, however: Firstly, the authors' intuitive but informal definition of reputation lag attacks assumes the attacker must at some point behave honestly.We find that no such restriction is necessary when defining the attack.The second caveat is the implementation of the lag.Every sale suffers from a constant lag before the buyer learns whether they have been cheated.There is no lag in the propagation of this information, however.This makes it difficult to separate how reputation lag effects buyers' decision given that every sale is subject to the same reputation lag effect.An implication of the above two caveats is that according to their analysis the "re-entry attack" was more successful.We argue that, due to limitations in analysis, the attack was functionally identical to the "reputation lag attack", except the attacker never needed to behave honestly (with even the author's noting this).An issue is that, beyond the initial intuition, it is not always clear what a reputation lag attack entails.We feel the issues faced in existing research motivate an abstract formal model to avoid conflating the idiosyncrasies of an attack's implementation with its analysis.
The reputation lag attack is not restricted to traditional reputation systems with many distributed networks being vulnerable to it.Commonly, strong security guarantees exist through the use of trusted authorities or shared secrets.In some networks, however, it is necessary to establish trust between nodes on a more ad-hoc basis [17].Any delay in the communication of trust establishing information (and perhaps other "hopping" protocols) would be vulnerable to reputation lag attacks.For example, while research on reputation lag attacks in these contexts are not widespread, many instances of such networks encounter malicious peers and it is possible that the mechanisms against these attackers (e.g.distributed warning systems) are vulnerable to reputation lag attacks.Examples include peer-to-peer networks used for file-sharing (Gnutella, BitTorrent) [11,20]; ad-hoc networks (mesh networks, vehicle-to-vehicle communication) [2,14]; hardware networks (BGP/routing, IoT) [12]; and overlay networks (Tor, I2P) [1].

Preliminaries
In this section, some mathematical tools are defined for use later in the paper.
Sequences of events are an important notion through the paper as they are used to describe the sequential behaviour in time of the model presented herein.First, we define sequences recursively: Definition 1 (Sequence).A sequence σ ∈ Σ over an alphabet C is recursively defined: We may write σ :: σ as a shorthand, where σ :: ∅ = σ and σ :: (σ :: c) = (σ :: σ ) :: c.It is useful to reason about the length of a sequence, |σ|, by letting |∅| = 0 and |σ :: c| = |σ| + 1.This provides a mechanism for both differentiating the number of elements in sequences and assigning positions to elements of the sequence.To refer to elements or subsequences of a sequence by their position, we introduce indexing as follows: It is useful to discuss the number of occurrences of a particular subset of elements in a sequence as well as the order in which that particular subset occurs irrespective of the other elements e.g. when analysing the behaviour of that particular subset alone.This is done by extracting the subsequence of a particular element from within a sequence.The function : 2 C × Σ → Σ returns the subsequence of σ consisting only of the members c ∈ C of the set of elements C ⊆ C: It is useful to be able to compare two sequences, where one sequence is essentially the same as another sequence, except it has certain additional actions sprinkled in.Intuitively σ ≺ C σ means that we can transform σ into σ, by removing certain elements c ∈ C from σ .So, for c, c ∈ C ⊆ C s.t.c = c , we define Probability theory plays a significant part in the paper as the system is defined on continuous-time stochastic processes.If X is a (continuous) random variable, then X(ω) represents the outcome of X, p(X = x) represents the probability density at x, Pr(X < x) represents the probability that the outcome of X is below x; so Pr(X The relevant stochastic processes can be modelled using continuous-time Markov chains [16].Intuitively, a CTMC is a series of random variables indexed with a time t, representing the state at time t.More recent states are not influenced by older states, as the process must be memoryless [16].Definition 2. A continuous-time Markov chain [16] is a continuous series of random variables (S) t for t ∈ R, such that for x > y > z, Pr(S x =s|S y =t) = Pr(S x =s|S y =t, S z =u).

Model
Our aim is to model the reputation lag attack.Honest users may communicate information to each other, but when and how often depends on external factors, such as internet connectivity, configuration settings or preference.We assume that honest users do not communicate strategically, and thus model them as stochastic processes.The attacker behaves strategically and tries to act in a way to maximise how often he can cheat others, relative to cooperating with others.However, the attacker is still bound to physical limitations, and cannot act at infinite speeds.The first step is to construct a model that defines how often certain users tend to communicate, as well as how often the attacker may be able to act.We refer to this model as the abstract model.The concrete model (Section 4.3) is an instantiation of the abstract model, and tells us the exact communication between users.

Abstract Model
The abstract model does not tell us what is being communicated, or what actions have occurred.In order to be able to reason about the concrete communications and actions (and thus the attacker's strategy), we need to instantiate the attacker's actions appropriately.The concrete model is defined in Section 4.3 to facilitate this.The final step will be to define and reason about the behaviour of the attacker.The abstract model defines when two users communicate but not what they communicate.Attacker behaviour is not explicit in the abstract model, only when the attacker has an opportunity to act.We introduce the notion of abstract traces, which specify how and when users and the attacker communicate, but not what they communicate.Users may communicate at different rates.The attacker's independent communication rate describes the rate at which they receive the opportunity to act.
an n × n matrix R describing the communication rates between users, with r ij ∈ R ≥0 and r ii = 0; and the rate r A ∈ R ≥0 with which the attacker acts.
An abstract trace is a sequence of abstract interactions between users and the attacker.It describes in what order interactions occurred for some particular instance of the stochastic system described in subsection 5.It is comprised of either the empty trace; an interaction between two users; an abstract attacker action; or the concatenation of two other traces.The trace semantics takes the form of sets of messages assigned to users, representing which messages those users have received: As a shorthand, we may write r c to mean The abstract model defines a stochastic system (or probabilistic run) describing who interacts when.In this system, the actors communicate at intervals.The time between each communication is independent of the time between the preceding communications.Formally, every action in the abstract alphabet can be modelled as a series of random variables representing the time between occurrences of that action.Definition 5. A probabilistic run of the abstract system ψ consists of collection of series of random variables satisfying the Markov property.For each c ∈ C, the probability density functions of the corresponding series (m ≥ 0) of random variables are: We let λ k c be a random variable representing the time in which the k th c-action occurred: λ k c (ω) = 0≤i≤k τ i c (ω).The probabilistic run can be viewed as a distribution over possible traces.In particular, we can say that the probabilistic run defines a (continuous-time) Markov chain, where the state consists of the current trace.First, we define the Definition 6.The abstract system execution is a continuous series of random variables (S) t for t ≥ 0, such that S 0 (ω) = ∅, and for every t, there exists t < t such that either S t (ω) = S t (ω) or S t (ω) = S t (ω) :: c.The latter case occurs if and only if t ≤ λ k c (ω) ≤ t.
The random variable S 10 would give you the distribution of all abstract traces of the abstract system running for 10 time units.Intuitively, the state only changes at times where the probabilistic run determines an action occurs.The definition implicitly assumes that no two actions happen at exactly the same time (and the probability of this occurring is indeed 0).First we prove a lemma showing that the occurrence of an interaction within a particular time range is independent from any events occurring before that time range.
Proof.Recall that user communications are exponentially distributed.The definition of an abstract system execution trivially implies that σ 1∼x = σ 1∼y :: σ , for some σ .If , again, by the memorylessness of the exponential distribution.If σ isn't ∅ or in C, then we can take x > y > y and recursively apply the argument.
In the abstract trace, the probability distribution for the "next" interaction to occur is independent of all previous occurrences.Specifically, the probability is dependent only on the relative interaction rates.that establishes the reputation of the attacker.Users will not accept interactions with a disreputable attacker.Despite this generalised definition of δ, there are some properties which we consider key to the definition of a rational judgement function: 1.Only information known by a user can be made when judging an incoming interaction on behalf of that user.2. Positive actions must be rewarded and negative actions punished.3. The judgement function must accept interactions from an attacker with no known prior behaviour to ensure they can enter the system.
There are many additional properties a judgement function could satisfy.Furthermore, it would be simple to extend the model to allow different users to utilise different judgement functions thus representing the various tolerances different users may have to the attacker's behaviour.However, for the purposes of an initial analysis, the simple δ defined for all users in this paper considers only the number of and ⊥ interactions known to user i as arguments.This means, for instance, it is independent of the order in which messages were received and the time at which interactions occurred.Definition 7. The function δ : N 0 × N 0 → R is an arbitrary function with the following properties: δ(0, 0) ≥ 0 (7)

The Concrete Model
In the concrete model, the attacker instantiates their abstract actions with concrete actions consisting of an action applied to a user.Actions can have a positive impact or a negative impact, increasing or decreasing the actor's reputation respectively.Positive actions are denoted and negative ones ⊥.When the attacker interacts with a user through one of the above actions, a message, held by that user, is generated.This message contains information regarding what action the attacker performed.It is then propagated through the graph of users, who then use this information to judge the trustworthiness of the attacker.This captures the notion of reputation.A user receiving messages from different users reporting e.g. a positive action, must be able to distinguish which particular action is being reported.We assume users can distinguish different actions and model this using a unique index for each action.Every abstract trace σ has a set of corresponding concrete traces.A concrete trace σ is an abstract trace σ that has had every abstract attacker action c A substituted with a concrete attacker action.Concrete actions consist of interacting positively or negatively with a user i (c i or c ⊥ i ) or skipping a turn (c ).

Definition 9 (Concrete Trace
).An concrete trace σ is a sequence over the alphabet The family of functions defining the set messages known by users in the concrete system is defined: Definition 10.The function µ O⊆Θ i>0 : Σ → 2 M returns the set of messages held by user i concerning actions of a type in T given that the trace σ occurred: We introduce the shorthand: 5 Reputation Lag attack Above we have defined the environment in which the reputation lag attack can occur.Now, we define the attacker model and the attack itself.

The Attacker Model
In this model, the attacker A is captured as a function which outputs a trace of concrete attacker actions which, when substituted into an abstract trace, instantiates a set of abstract attacker action.The attacker function can instantiate each abstract action with one of three actions c i , c ⊥ i or c .The attacker aims to maximise their profit.
Informally, profit is (rationally) defined as any function which monotonically increases with the attacker's negative interactions and decreases with their positive interactions i.e. the profit depends on the number of negative interactions the attacker has committed relative to the number of positive interactions they have invested into the system.As such, an "optimal attacker" is defined as an attacker which, for all abstract traces σ, can commit the maximum number of negative interactions when restricted to a particular number of positive interactions and/or given an abstract trace of finite length i.e. maximise their profit given finite resources and/or finite time.
Definition 11.The attacker's profit function : Σ → R is subject to the following constraints: In this model, different types of attacker can be delineated by how much information they have of the system when making decisions i.e. what subset of the system is considered by the attacker A(s ⊆ ψ).For example, it is important to consider how much of the abstract trace σ and attacker is aware of when making decisions.Note, for the purposes of a security analysis, assuming an apparently overestimated attacker is useful for testing the constraints of the system and providing strong guarantees of the system's resilience against attack.We will consider this when choosing A: 1. Attacker Model 1 in which the attacker is omniscient to the past and future i.e. the attacker can view the full abstract trace σ at will.This attacker's power is somewhat unrealistic as it grants the attacker the ability to see the future when making decisions but, as stated, for the purposes of a security analysis this is not unreasonable.For instance, an eavesdropping attacker that monitors a system long enough to notice a pattern in the system behaviour could be captured somewhat realistically by this model.Thus, this is the model considered in this paper.2. Attacker Model 2 in which the attacker is an eavesdropper to the entire system but is only aware of the past when making decisions i.e. for each abstract attacker action σ x = c A , the attacker can view σ 1∼x−1 .3. Attacker Model 3 in which the attacker is blinded to every interaction in σ which is not an attacker action i.e. the attacker only sees c A σ.
Similarly, the attacker's knowledge of other aspects of the system such as the user rates R or the judgement function δ can also be allowed or restricted to different extents.However, given the fact that the attacker is solely concerned with instantiating an abstract trace such that their profit is maximised, for the most powerful attacker it is sufficient to only consider the abstract trace σ and the and judgement function δ.
Using this information the attacker generates a trace of concrete attacker actions σ such that | σ| = |c A σ|.This attack trace is then substituted into the full abstract trace to make a concrete trace σ: Definition 12 (Attack Trace).An attack trace σ ∈ Σ is a sequence over the alphabet Ċ = {c θ i |θ ∈ Θ, i ∈ U} ∪ {c }.
Definition 13.Attack traces are constructed by the attacker function A : Σ × (N 0 × N 0 → R) → Σ defined thus: We give no explicit definition of the function itself and instead explore its properties in section 6.The attack trace σ is then substituted into the abstract trace σ to construct the concrete trace σ.This is performed by an instantiation function.To model the fact that users will not accept interactions with a disreputable attack, the function will substitute any rejected attacker actions with a c action.User i judges the attacker at each attacker action c θ∈Θ i via δ with only the information known to them: Definition 14.The instantiation function Γ : Σ × Σ → Σ is defined: If none of the attacker's actions are denied by a user, we deem that attack trace complete for σ.Otherwise, we deem it incomplete for σ.

The Reputation Lag Attack
Here the reputation lag itself is defined in terms of the model presented thus far.Informally, a reputation lag attack occurs when the attacker is allowed to perform a (presumably malicious) interaction with a user who would have rejected the interaction had they had perfect information of the attacker's prior actions.By construction, any example of imperfect user knowledge within this model stems directly from a failure of the system to propagate the messages in a timely manner.While this definition is very high-level, it successfully captures every instance which could be considered a reputation lag attack.
If an attacker interaction with user i is accepted by that user using only the information (messages) known to them but is rejected when using all the information present in the system, then a reputation lag attack has occurred.
First, we define an omniscient instantation function in which users judge the attacker with all the information available in the system: Definition 15.The omniscient instantiation function Γ * : Σ × Σ → Σ is defined: Here we define the reputation lag attack indicator.If the attacker has an increased profit when instantiated normally compared to when instantiated by the omniscient function (i.e. if the attacker has successfully exploited the lag for their own gain), a reputation lag attack has occurred.
Definition 16.The reputation lag attack indicator is defined:

Results
The primary motivation for the above formalism is to provide insight into the reputation lag attack.Here we elicit the three following key properties of the attack: the definition of δ defined herein is shown to be vulnerable to a superior ordering of attacker actions; increasing the rate of user communication is shown to never be detrimental to the users and could be detrimental to the attacker in the average case; the decidability problem of whether the attacker can perform a specified number of negative actions is shown to be have an NP-hard computational complexity.

Attack Ordering
The order in which the attacker executes their actions has an impact on their success.In a structured attack trace, the attacker goes through three phases: a phase, a phase and a ⊥ phase.In a given phase, the attacker only executes actions of that type.We show that structured attack traces, under the particular δ defined in the above model, are always superior to unstructured strategies.Intuitively, this results from the fact that positive actions occurring earlier in the trace gives them more chance to be propagated whilst negative occurring later in the trace have less time to be propagated.Definition 17. Define the reflexive partial order < A on attacker actions, s.t.c i < A c < A c ⊥ j , for all i, j.We define the partial order < A on traces as σ :: c :: c :: σ < A σ :: c :: c :: σ iff c < A c .Proposition 3.For every σ, there is a minimal element σ < A σ, and this minimal element has the property that it is a structured attack trace.
Proof.If σ is structured, then there is no σ = σ1 :: c :: c :: σ2 where c < A c, so σ is a minimal element.Vice versa, any minimal element may not be of the shape σ = σ1 :: c :: c :: σ2 either, so it must structured.
Theorem 1.For all abstract traces σ; attack traces σ and σ < A σ (where σ is complete for σ); users i; and locations x ≤ |σ|: Proof.Consider two adjacent attacker actions σa and σa+1 .We denote their corresponding positions in the abstract (or concrete) traces as σ y and σ z respectively.Two cases follow from this: σa < A σa+1 and σa+1 < A σa .
Secondly, we notice that the earlier introduction of c i creates the opportunity for it to be propagated between σ y and σ z and thus possibly even further.Essentially, more users u = i may be aware of the c i in σ than in σ from point y onward: for all users u and locations A symmetrical argument in the case that σa = σ a+1 = c ⊥ i leads us to conclude that the each user is aware of less or equal negative actions after the swap: for all users u and locations We also see from both arguments that the case in which one of the swapped attacker actions are c , that particular action has no effect on the knowledge of the users i.e. the inequality holds trivially.By the definition of < A , it is not possible for two actions to be swapped where both actions are of the same type (e.g.where both are positive).
The increased awareness of positive interactions and the decreased awareness of negative ones coupled with the monotonicity of δ implies that, for all users i and locations By transitivity of < A , the proof for pairs holds for all traces.Proposition 3 shows that the optimal ordering is structured.
Thus, for all complete attack traces, structured traces are superior.We restrict our theorem to complete attack traces as incomplete traces contain counterexamples and any optimal attack trace will be complete.Structuring may not affect profit but it reduces the search space of attack traces as the optimal strategy must be structured.However, structuring is dependent on the judgement function.A judgement function in which reputation decays with time would be sensitive to abrupt changes in behaviour such as in a structured attack trace, thus making time-dependent judgement a simple but effective mitigation.

Effect of Communication Rates on the Attacker Strategy
Considering a structured attack trace σ with optimal dealing (i.e. the users are aware of every in the system when the attacker is in their ⊥ phase), we show that increasing the communication rates is detrimental to the attacker.For the purposes of this analysis we focus on effectively cheating users, hence the assumption that we are in a state where the knowledge of the deals has spread to all users, and the attacker is in the ⊥ stage of their structured attack.
We formulate our theorem as follows: Theorem 2. Let ψ, ψ be a pair of abstract systems differing only in their respective matrices R, R , such that ∃ i,j (r ij < r ij ) ∧ (∀ p =i,q =j r pq = r pq ).
For any time t > 0; any attack trace σ < A σ; any concrete trace σ = σ :: σ :: σ ⊥ s.t.∀ i∈U c ⊥ i (σ :: σ ) = ∅ and ∀ i∈U µ i (σ :: σ ) = µ (σ :: σ ); and any pair of system executions S t and S t corresponding to abstract systems ψ and ψ then: Proof.For notational convenience, we define We prove that if σ ≺ C U σ , then the attacker's reputation during their misbehaving phase (i.e. during σ ⊥ ) can only decrease in σ compared to their reputation in σ.If σ = σ 1 :: σ 2 and σ = σ 1 :: c ij :: σ 2 for some c ij ∈ C U , then for every user h, either µ h (σ ) = µ h (σ) or µ h (σ ) = µ h (σ) ∪ µ j (σ 1 ).The latter means that the messages j told i after σ 1 have reached h, the former means that they have not, implying µ h (σ) ⊆ µ h (σ ).For any two traces with σ ≺ {cij } σ we can iteratively apply this argument for the additional messages.Due to the well-disseminated good messages ∀ i∈U µ i (σ :: σ ) = µ (σ :: σ ) and the fact that no new good interactions occur in σ ⊥ , it is not possible for the users to learn any good messages during σ ⊥ .This, combined with the monotonicity of δ, implies that the users may only know additional negative messages during the attacker's ⊥ phase.Thus the reputation can only decrease along with the possibility of a reputation lag attack occurring.For notational convenience (and brevity), if we define w.l.o.g.{k 1 , . . ., k n } as the set of indices of the attacker's ⊥ actions in trace σ and {k 1 , . . ., k n } as the corresponding indices in σ : . Thus, σ is more robust to the reputation lag attack than σ.This is our first finding.Now we show that ψ has a higher probability of outputting traces with more communication (and which are thus more likely to be robust) than ψ.By definition, the probability of n occurrences of c pq before some time t is described by a homogeneous Poisson process [9]: Pr(N (t) pq = n) = (rpqt) n n! e −rpqt .When t is the time of the last event in an abstract trace, this shows us that the expected number of occurrences of c pq within a trace increases with the rate r pq independently of any other rate or interaction c ij = c pq .
Similarly to lemma 1, it can also be shown that the probability of n occurrences of c pq happening between times t 1 and t 2 is dependent only on the time range [t 1 , t 2 ] and independent of the events preceding t 1 .Thus, ∀ t2>t1 Pr(N (t 1 < t < t 2 ) pq = n | t > t 1 )) = Pr(N (t 2 − t 1 ) pq = n).From this we see that the expected number of c pq occurrences within a given time range increases with only its own rate r pq independently of events prior to that time range or any other rate.For example, the number of c pq occurrences between two other actions σ 1 , σ 2 = c pq is dependent only on r pq and the time between the actions.
From the above two findings alongside the premise, we may infer that the system execution S t is as likely to output a particular number and ordering of C U interactions as S t but is more likely to output C U interactions between any two C U interactions.Hence, the traces output by S t are more communicative and, by our first finding in this proof, more likely to be robust than those of S t : ( ).Thus the theorem holds.

NP-Hardness
While strategies may exist to improve the attacker's profit in different scenarios, it is important to consider the feasibility of the optimal attacker.A polynomial optimal strategy for a given judgement function would be the ideal goal for any attacker.However, we show below that, for any judgement function, the computation complexity of constructing a strategy which can perform a specified number of negative interactions is NP-hard.Theorem 3.For any judgement function δ, the decidability problem of whether it is possible to perform m cheats without performing deals is NP hard.
Proof.We provide a reduction to the 3-SAT problem, which is NP-complete [3].In this proof outline, we provide the reduction itself, but omit the full proof that it is indeed a reduction.The full proof is a tedious exercise in bookkeeping, whereas the reduction provides insight in why it is NP-hard.
Let X = x 1 . . .x k be the set of variables in the 3-sat problem.Let ij be the j th literal in the i th clause.Assume there are n clauses.
For each variable take a user for its positive and negative atom, take a user for each literal in the formula, and we add an additional pair of users for every variable: A pseudo clause is formed by each pair of users in the last set -they represent the clause x ∨ ¬x.There are a total of n + k (pseudo) clauses.The set As a short-hand, we say a set of users performs a kill-communication, if they communicate their messages to all other users (O(n 2 )).
Consider an abstract trace σ with the following shape: -The trace starts with k attacker actions.
• The users u x , u y , u z , corresponding to the inverse of literals h1 , h2 , h3 send a single communication to the respective literals.• The attacker gets 1 action.
• All users u x and u ¬ x communicate to h1 , h2 , h3 .
-After performing these k + n steps, the attacker gets k more actions.
The decidability question for k variables and n clauses is whether the attacker can perform n+3k actions.The size of the trace σ is O(n 3 ), which is polynomial.

Conclusion
The formalism captured the two core properties of the attack: firstly, users inaccurately judging the reputation of the attacker due to incomplete knowledge caused by reputation lag and, secondly, a malicious actor exploiting this for their personal gain.The primary aim of the paper was to gain insight regarding the attacker's strategies to help with both mitigation and detection of the attack.There were three key outcomes: Theorem 1 shows how to re-order the attacker's actions, to increase the power of the attack: the attacker behaves positively; waits for this reputation to spread to as many users as possible; then begins behaving as negatively as possible before the users reject them.The fact that our judgement function, which models reputation, does not have a decay factor is a crucial ingredient for this theorem.Trust/reputation with decay factors may be somewhat more resistant against these attacks.Theorem 2 showed that, when dealing with an optimally dealing attacker, increasing user communication rates cannot be detrimental to users and may be detrimental to the attacker.Intuitively, this follows directly from the definition of the reputation lag attack which relies on poor user communication.However, as also evidenced by Theorem 3, the issue of determining the effectiveness of attacks is difficult, so it is important to have a proof of our intuitions.Finally, Theorem 3 showed that performing a specified number of negative interactions given any instance of the system σ is an NP-hard problem, implying the optimal attacker is computationally unfeasible.
Our definitions were chosen to be sufficiently abstract to cover a variety of systems and are readily extendable to more than one particular reputation system.The class of systems we consider are those systems where users communicate certain information about how other users have acted in the past, where good behaviour offsets bad behaviour, and too much bad behaviour leads to refusing to interact.We argue that many systems that consist of a distributed set of entities communicating knowledge about one another could be defined through the presented model with some modification.
Here we discuss further study.There is much to learn about the system and its effect on the attacker e.g. the effects of different judgement functions or how profit functions affect them.Investigating the combination of the reputation lag attack with other attacks may be of use for learning in which environments the attack is likely to be.Identifying real-world examples of the attack would also offer insight into the effectiveness of the model.Further investigation into the attacker's strategy is a vital next step as understanding identifying likely attack patterns is imperative not only to mitigating but also to detecting reputation lag attacks in the wild.
This paper provided a formal model of the reputation lag attack.The formalism captured the core properties of reputation lag attacks.The formalism allowed us to prove three interesting properties of the reputation lag attack: deals before cheats, communication benefits users but not the attacker, and finding optimal attacks is NP-hard.However, the analysis presented here is still in early stages.We hope to apply some of our techniques in practice, as well as continue to strengthen the formalism.The attacker's strategies and their relationship with the system as a whole warrants further study.

Definition 8 .
The concrete system ψ ∈ Ψ is composed of a tuple ψ = (U, R, r A , M, Θ, δ, A, , Γ ): set of users U = {1, . . ., n}; an n × n matrix R describing the communication rates between users, with r ij ∈ R ≥0 and r ii = 0; the rate r A ∈ R ≥0 with which the attacker acts; a set of concrete messages M = {(θ, i, x) | θ ∈ Θ, i ∈ U, x ∈ N}; two possible results Θ = { , ⊥}; a judgement function δ; an attacker function A; an attacker profit function ; and an instantiation function Γ .