Reliable information acquisition in the presence of malicious sources

In distributed systems in which autonomous entities exchange information with each other, these entities have the freedom to provide incorrect information. This becomes especially relevant in scenarios where entities have incentives to do so, e.g., in peer-to-peer networks or volunteer computing systems. Cryptographic mechanisms can help to ensure data integrity and authenticity. However, while these mechanisms achieve a reliable transmission of information, they do not prevent the creation of incorrect information in the first place. Therefore, additional mechanisms are necessary to enable an entity to assess the correctness of acquired information. In specific applications, the correctness of acquired information can be verified, or be assessed by means of plausibility checks. This is not possible in general, though. Often the explicit verification of information is infeasible, for instance due to high costs. In this thesis, we investigate different generic approaches to ensure the correctness of information without explicitly verifying it. More precisely, we propose three mechanisms, each of which is suitable for certain scenarios and tasks: a spot-checking mechanism that uses known facts to ensure the correctness of acquired information; an evidence-based trust model that learns – based on past experience – to exclusively select trustworthy sources; and a collusion detection algorithm that addresses the main threat to mechanisms that ensure the correctness of information by means of redundancy. The proposed mechanisms are validated, theoretically and/or experimentally, against plausible attack strategies of malicious sources. We show that our mechanisms are able to deal with different kinds of attack strategies, and that our trust model and the collusion detection algorithm successfully identify malicious sources.