Security Review: GPeerReview

By zhaoz at 10:33 pm on February 4, 2009Comments Off on Security Review: GPeerReview

GPeerReview is a new project that attempts to create a web of trust for scientific publications. The goal is to have people read papers, leave comments, and digitally sign them with GPeerReview. The review could then be sent to an author, and if the author likes it, he/she could include it with her list of works. This would filter out false and possibly malicious reviews.  Peer review comments would hopefully give credibility to an author’s work, through many positive reviews.

The reasons for using GPeerReview are stated on their google code page. Since peer reviews give credibility to an author’s work, it is important to get peer reviews. However, reviews can possibly be damaging, in the case of false reviews. Thus, it is important to trust the reviewers, and be able to associate the reviewer  to the review, and the review to the correct publication. Through this system, a web of trust would be created, allowing for employers, journals and conferences to utilize the tool as a criteria for acceptance. Additionally, a publication can gain credibility after publication, allowing papers to be published early and reviewed later. The ultimate goal would be to revolutionize scientific publishing, similar to the world wide web and media publishing.

The assets of GPeerReview are, the authors work and the reviewers comment.  Obviously, the integrity of the comment must be protected so that it cannot be modified. People’s comments should not be changed by the author, or anyone.  Additionally, the author should be protected from malicious attacks on their work and reputation. The signing of the comments provides a way of defending against these attacks. The signed message would create a pointer back to the original author, and fake malicious comments could be weeded out easily.  Prior to signing the message, GPeerReview appends a hash of the article to your review, this would maintain a pointer back to the version of the document that your review is pointing towards.

The web of trust created by GPeerReview could one day provide a foundation to stand on for employers, journals, and conferences when reviewing papers.  Therefore, security is a very important cornerstone. Publishing in good papers, gaining acceptance, and acknowledgment in the scientific community is very important to an academic career. There have been past breaches of the current model involving false publications, it is possible that these problems could be mitigated with a web of trust.

There are two main groups of attackers that are immediately evident. The reviewer, and the author. The author would like to have better reviews, and would benefit from falsifying reviews, and/or modifying reviews to benefit him. The reviewer, may be a malicious for many reasons be they social/economic/political. It is not much of a stretch of the imagination for some opponent wishing harm on a specific publication or paper, to him/her, it would be beneficial to generate false negative reviews, or modifying current reviews.

Although the system provides authentication for both the reviewer and the author, it does not prevent collaborative falsification. That is, there is nothing preventing two authors (and reviewers) from creating false reviews in exchange for another false review. This is especially true since the author is allowed to reject reviews. However, this may be mitigated by the fact that, if the author needs to obtain a large number of reviews, it would be difficult to create all the falsifications needed. Furthermore, although the reviews refer to the document, the document does not refer back. It is entirely possible for an attacker to remove all reviews from a document. Viewers of the document may not know of missing reviews, and thus, the documents trustworthiness and reputation are degraded.

GPeerReview provides an interesting future for scientific publications. If the project goals are met, it is possible that a new method of research paper publication could present itself. Instead of journals, the internet would once again provide the medium. This is due to web of trust, and unlimited reviews replacing the need for the additional layer of trust and review provided by scientific journals. That is not to say that journals would be replaced, similar to how news and media has moved to the internet but not replaced their parents (news papers, TV). Instead, it may serve as a catalyst, increasing the rate of scientific proliferation.

(Source)

Filed under: Security ReviewsComments Off on Security Review: GPeerReview

Comments are closed.