Trust Management in Social Internet of Things (SIoT): A Survey

A survey on trust management in the Social Internet of Things (SIoT) is provided, beginning with a discussion of SIoT architectures and relationships. Using a variety of publication databases, we describe efforts that focus on various trust management aspects of SIoT. Trust management models comprise three themes: trust computation, aggregation, and updates. Our study presents a detailed discussion of all three steps. Trust computation and trust aggregation depend upon Trust Attributes (TAs) for the calculation of local and global trust values. Our paper discusses many strategies for aggregating trust, but “Weighted Sum” is the most frequently used in the relevant studies. Our paper addresses trust computation and aggregation scenarios. Our work classifies research by TAs (Social Trust, Quality of Service). We’ve categorized the research (reputation-based, recommendation-based, knowledge-based) depending on the types of feedback/opinions used to calculate trust values (global feedback/opinion, feedback from a friend, trustor’s own opinion considering the trustee’s information). Our work classifies studies (policy-based, prediction-based, weighted sum-based/weighted linear combination-based) by trust computation/aggregation approach. Two trust-update schemes are discussed: time-driven and event-driven schemes, while most trust management models utilize an event-driven scheme. Both trust computation and aggregation need propagating trust values in a centralized, decentralized, or semi-centralized way. Our study covers classifying research by trust updates and propagation techniques. Trust models should provide resiliency to SIoT attacks. This analysis classifies SIoT attacks as collaborative or individual. We also discuss scenarios depicted in the relevant studies to incorporate resistance against trust-related attacks in SIoT. Studies suggest context-based or context-free trust management strategies. Our study categorizes studies based on context-based or context-free approaches. To gain the benefits of an immutable, privacy-preserving approach, a future trust management system should utilize Blockchain technology to support non-repudiation and tracking of trust relationships.


I. INTRODUCTION
The Internet of Things (IoT) provides a platform to integrate a large number of distributed heterogeneous systems. Ubiquitous computing is the backbone of IoT, indicating a network of uniquely identifiable interconnected smart The associate editor coordinating the review of this manuscript and approving it for publication was Adnan M. Abu-Mahfouz . objects using standard communication protocols [1]. These resource-constrained smart devices communicate and collaborate in various contexts. However, IoT is not just a global network of smart devices, but also encompasses a group of supporting technologies along with the necessary services and set of applications [2]. IoT can be seen as a network whose prime objective is to include devices or nodes which can request or provide services. Moreover, nodes can collaborate to provide a single service [3]. Since the inception of IoT, there has been progress in this paradigm at an unprecedented rate resulting in the innovation of many different visions and contexts such as ''Social IoT'' (SIoT), industrial IoT, and IoT in the healthcare domain.
IoT enables various heterogeneous devices to communicate and collaborate while providing or acquiring different services. However, this collaborative interaction can lead to trust challenges between devices, requiring a decentralized, mobile, cost-effective, low latency, lightweight and scalable trust management framework. The merging of ''social networks'' and the ''internet of things'' leads to the realization of SIoT [4], which has been characterized by the heterogeneity of the software and hardware components and a variety of hardware architectures. In SIoT these heterogeneous devices collaborate and cooperate with each other to achieve a common target [5]. SIoT is a broad term that includes connection solely between people, between ''things'', or between people and things [6]. Geographically dispersed heterogeneous objects can be efficiently discovered through the use of SIoT [7].
SIoT includes both peer-to-peer networks and social relationships amongst multiple autonomous systems, where nodes act as service providers (SPs) or service requesters/ consumers (SRs or SCs). Every object or node on a social network acquires valid responses to their requests as compared to the objects or nodes working individually [8], [9]. The primary goal of SIoT is to decouple things from people and allow them to self-organize -to share computational resources, information, and services. Each object must decide on the type of relationship it has with other objects [9].
User-to-Object Relationships and Object-to-Object Relationships are both possible in a SIoT system, depending on their respective affiliations. Relationship types play a critical role in inter-SIoT communication and the application domain [10]. When ''things'' discover that they have a social nature, they begin to form connections with one another. Based on factors like specifications of entities or nodes, activity patterns, programs installed, services rendered, etc. social links between objects can be constructed [11], [12]. Social relationships in the SIoT can be classified as: -Parent-object relationship: refers to objects or nodes belonging to the same manufacturer [4], [12] i.e., under the same batch. Mostly the nodes owned by the same manufacturer are homogeneous. -Co-location relationship: this relationship exists between objects belonging to the same location [4], [12]. Objects can be located in the same city or same workplace depending on their physical location. -Co-work relationship: objects actually cooperate with each other towards a common application/ goal [4], [12]. The relationship is established between homogenous or heterogenous objects. -Ownership object relationship: present among objects belonging to the same owner. The objects need not be homogeneous [4].
-Social object relationship: forms when nodes encounter contact, irregularly or consistently, for reasons that are solely connected to relationships among their respective owners [4], [12]. It is normally formed between heterogeneous objects/ nodes.
There is no standard SIoT architecture. However, this section provides a comprehensive study of SIoT architectures presented in the existing literature.
Reference [13] architecture clearly separates server-side and client-side. The base, component, and application layers are server-side. The base layer is a database, and the component layer includes ID management (for storing information related to different aspects of objects ID), object profiling, owner control (for specifying various policies as established by the owners), relationship management, service discovery (based on the discovery of suitable service providers), service composition, and trustworthiness management. The application layer includes service APIs and interfaces to entities. On the client-side (object-side) [13], layers include the first layer: the object layer (consisting of objects and their communication interfaces), the second layer: the object abstraction layer (to facilitate communication among heterogeneous objects), the third layer: social agent (to facilitate communication between objects and SIoT servers) and service management (providing the human-computer interface to administer the behavior of nodes or objects in SIoT).
Reference [4]'s SIoT architecture is based on [13] comprising SIoT server (network and application layers), gateway layer, and object layer. Base, component, and interface sub-layers make up the application layer. Sensing, network, and application layers make up the gateway and object layers.
The architecture [14] has three layers: an ontology layer with a profile handler (for social things and object profiles), a rules handler (which deals with the event-driven actions by users), and a recommendations module (concerned with the database of ontology and real data to deduce recommendations). The control layer contains the system's data model and performance models. The third is the communication layer, which uses RESTful interfaces to communicate with external services.
The study [15] offers the following architecture components: i) actors can publish data and receive control orders to manage it. ii) intelligent system: manages actor interactions. iii) all communications with the system occur through an ''interface'', which allows data and queries to be submitted and produces the needed output, and iv) the ''internet.'' Reference [16] offers a four-component SIoT design. The profiling and Policy Management component assigns unique identifiers to VE (Virtual Entities) and allows for the depiction of a physical entity utilizing the VE's domain ontology. Friends Management (FM) develops and manages a VE friends list. Social Monitoring encompasses tools and tactics for monitoring VEs' social aspects. The Social Analysis component extracts VEs' social features (such as centrality) and their behavior and relationship frameworks and trends. VOLUME 10, 2022 The paper [17] describes a 4-layer SIoT architecture in the cloud-based platform ''Lysis''. The first layer, called the real world, contains real-world objects called ''things'' that can be physical devices or gateways. It has four modules. i) a hardware abstraction layer to facilitate communication in the associated module at the virtualization level; (ii) a data handler for processing sensor data before forwarding it to the virtualization level; (iii) a device management module that incorporates device functionality; (iv) hardware drivers related to sensors and actuators, called environment interface or protocol adapter. The second layer provides a direct interface to the real world and includes social virtual objects. Using micro engines (MEs), the third layer aggregates data. MEs construct social virtual objects. The application layer deploys apps utilizing one or more MEs.
Reference [18] presents a SIoT service recommendation architecture. Architecture layers include perception, network, and interoperability. The perception layer senses and collects IoT data. This layer can include RFID tags, sensors, etc. The second layer is the network layer. The network layer maps IoT data from the perception layer into communication protocols and sends it to the next layer for processing. The interoperability layer (the third layer) shares data amongst IoT apps due to their varying semantics. The architecture presents a SIoT recommendation system for data from the interoperability and perception layer. This recommendation system uses SIoT data to develop and manage device-device or human-device social relationships.
Reference [19] proposes a three-level social web objects architecture. Object virtualization manages virtual objects (VO). The second level aggregates VOs to create composite VOs (CVOs). The third level, the service level, deploys microservices to handle service requests and execution.
Reference [20] proposes an agent-based technique for integrating edge computing into large-scale SIoT frameworks. The suggested architecture includes three components: i) physical devices (native, foreign, and external devices). ii) in-network edge environment with virtual and social objects, iii) internet services with cloud and social sensors.
The Internet of Vehicle (IoV) paradigm [21] involves data accessibility and interaction made possible by the Internet of Things, considering vehicles as mobile IoT devices that can communicate. By supporting multiple dynamic interactions between vehicles, the IoV paradigm can be extended to the corresponding Social Internet of Vehicles (SIoV) [22]. This allows vehicles to develop and govern social interactions based on owner needs, context, and application. Two vehicles traveling in the same direction can share traffic information despite their distance. A vehicle might also initiate social ties. Even if vehicle owners aren't acquainted, they can create social interactions to share road conditions while commuting to the same area via different routes. Time-tested social ties can be exploited to establish new interactions that enable value-added service. If a driver needs to identify a refueling station with the least amount of waiting time, the car can create new social ties with other vehicles along the route to gather trustworthy information [23]. By utilizing the web of these relationships, SIoV offers a number of novel traffic control applications [24]. This method makes secure and private information sharing between vehicles difficult. MSIoT is a paradigm that incorporates mobility, heterogeneous devices, and the need for standardization through the integration of SIoT, SIoV, and MSN in the same framework [25]. Figure 1 represents a general SIoT architecture, where the first layer involves data sensing, followed by a network layer that connects devices in the sensing layers and the applications that make use of both of these layers. SIoT applications can include service discovery, service management, and components to store and facilitate service provisioning.
SIoT depends on trust between multiple entities. SIoT trust management is more important because unknown devices may be unreliable. Trust management influences how dynamic entities perform specific tasks, the scalability of their interactions, and mobility in a SIoT environment. Unknown and mistrusting SIoT entities that communicate and collaborate highlight the need to secure and trust data during communication and storage on resource-constrained IoT devices.
In a nutshell, our contributions are listed below. i) Our work includes a list of numerous Trust Attributes (TAs) used in the pertinent studies in addition to providing a full discussion of the different trust properties by classifying them into ''Social Trust Properties'' and ''General Trust Properties''. The two main types of TAs are ''Social Trust'' and ''Quality of Service.'' In addition, the survey categorizes studies based on the types of TAs that were employed. ii) The survey not only enumerates the methods for trust computation and trust aggregation but also illustrates the scenarios in which these methods are applied in the studies that are of interest. iii) Our study also classifies the studies (policy-based, prediction-based, weighted sum based/ weighted linear combination based) in accordance with the types of trust computation/ aggregation methods being used. iv) We've classified the research (reputation-based, recommendation-based, knowledge-based) depending on the types of feedback/opinions used to calculate trust values (global feedback/opinion, feedback from a friend, trustor's own opinion considering the trustee's information). v) According to the Trust Updates and Trust Propagation Schemes that are being employed, our analysis classifies the studies. In addition to incorporating pertinent research from Google Scholar, IEEE Explore, Science Direct, ACM DL, Springer, ProQuest, and ISI Web of Science, our work also gives publishing trends of pertinent studies in terms of the frequency of publications since 2012. vi) Our study presents an insight into trust-related attacks in SIoT. The work identifies the attacks as ''Intrin- sic'' or ''Extrinsic'' and further elaborates on scenarios that provide resiliency against attacks in the relevant studies. vii) The survey covers a brief description of the most widely used simulators with respect to trust management in SIoT. Additionally, the study provides a list of simulators/analysis tools utilized in the experiments in the respective studies. viii) In our survey, we divide research into two camps, those that take a context-based approach to trust management and those that take a context-free approach. ix) Lastly our work includes Application Areas, Challenges, and Future Direction for trust management in SIoT.
Section I gives a context for our study, followed by related work in Section II. Section III gives the survey methodology, Section IV presents trust management frameworks, and findings in accordance with the pertinent studies, and Section V provides discussion and analysis. Section VI describes SIoT application areas, whereas Section VII discusses challenges and future directions. Section VIII presents the conclusion.

II. RELATED WORK
Trust properties and models are presented in surveys [26], however, the associated trust management systems, simulation tools, and components are not described. These surveys do not include challenges, future directions, and potential trust aggregation schemes.
In [27] a limited number of studies are considered, and analysis is based on various performance metrics. These surveys do not cover trust update schemes, trust properties and trust propagation schemes.
The surveys [28] describe SIoT trust and ''friendliness'' techniques, in which the concept of SIoT is examined for supporting cloud computing, multiagent systems and Industry 4.0. A contrast of various trust and friendliness techniques in SIoT is provided. There is however no discussion of trust management strategies, notably for SIoT.
In [29] a holistic perspective of the SIoT domain is provided, including recent research developments in SIoT, such as the discovery of services and their composition, management of relationships between services, and trust management frameworks. Subjective/ objective and dynamic trust management schemes are described, but a contrast of the most recent trust management frameworks/ models in the SIoT domain is not included.
Another survey [12] contrasts and evaluates trust management approaches in various fields, including Wireless Sensor Networks (WSN) and the Internet of Things (IoT), followed by a description of various trust management aspects. However, the comparison is not limited to SIoT trust management processes; it also incorporates IoT trust management.
The survey [30] presents a comparative evaluation of trust models for SIoT and Online Social Networks (OSN). In [30] the key components and parameters needed to create a realistic trust model specific to MOOC platforms are described, aimed to provide an appealing learning environment for learners. Trust models are compared based on their architecture, the initial value of trust, trust updates, a trust decay factor, context/ risk, resistance to attack, and scalability.
The survey [31] investigates common themes between IoT and SIoT domains; SIoT-related architectures are examined, and SIoT trust management platforms are compared, along with a discussion of future research challenges in SIoT. This work lacks an assessment of trust in SIoT-based applications, SIoT platforms, and potential research challenges in trust assessment for SIoT.

III. METHODOLOGY
This section provides the methodological process, as shown in Figure 2, for conducting the literature review. Figure 3 represents the structure of our survey.

B. INCLUSION/EXCLUSION OF RESEARCH STUDIES 1) INCLUSION
Only research articles, over the time period 2012-2022, related to trust management in the domain of SIoT are considered. These research articles are published as journal articles, conference papers or book chapters.

2) EXCLUSION
All other studies not related to trust management aspects of SIoT domain are filtered out. The studies which are not in English and research studies for which full text is not available are excluded.

C. FORMATION OF RESEARCH QUESTIONS
The research questions in Table 1 are for analysis purposes, to comprehend the three general steps of the Trust Management Framework (Sec IV).   Table 2 contains a list of the abbreviations which is used frequently in the succeeding sections.

IV. TRUST MANAGEMENT FRAMEWORK IN SIoT AND FINDINGS A. CONCEPT OF TRUST
A deep belief in the dependability, honesty, sincerity, justice, and good confidence of others to carry out a deal, transaction, commitment, agreement, etc. in line with established principles, norms, laws, expectations, and undertakings is referred to as trust [32], [33]. The concept of trustworthiness can be explained in terms of the relationship among entities in trusting exchanges. Trustworthiness, therefore, depends on the attributes of the trustees in the given context [33].

1) TRUST IN VARIOUS FIELDS
The concept of trust isn't restricted to IoT or SIoT; it's also used in psychology, economics, organizational management, sociology, networking, computers, and many other sectors. Trust's definition varies by field [34]. Security has always been a fundamental barrier to technology adoption. SIoT says security and trust are vital for device interaction. ''Sociological trust'' refers to an assessor's prior subjective likelihood that a subject (or agent, or group) would conduct particular actions that have an impact on the assessor as defined by Gambetta [35]. The study [36] applied Gambetta's trust concept to the sociological concept of trust by rephrasing it as a continuous variable and quantifying it based on context or risk acceptance.
When people accept risks because of ambiguity or insufficient knowledge, trust is viewed as an expectation in the field of ''economics'' [37].
Cognitive techniques and orientations have been used to describe ''Psychological'' trust [38].
In ''organizational management,'' ''trust'' refers to the degree to which one side is prepared to rely on someone or something with relative security notwithstanding potential consequences [39]. Trust is the willingness to take a chance on someone's competence, integrity, and benevolence, according to a study [40]. They stated that trust isn't always reciprocated.
When it comes to create collaborative settings to maximize system objectives the idea of trust has long been appealing to ''communication and network'' protocol developers. Trust is defined as ''a collection of network-related relationships'' [41]. These relationships are based on prior protocol interactions. Because they've been consistent with their protocols, trust has built up between these two entities. Capra [42] suggests human interactions based trust paradigm for MANETs.
In SIoT, trust is a process the trustor employs to assign responsibilities to the trustee and use the trustee's actions that will forward their objectives. The trustor evaluates the trustee's competence and willingness. The trustor acknowledges the risk of being exposed by placing the trustee in a certain environment. Each party evaluates the other's trustworthiness. It's affected by environmental unpredictability, behavioral consequences, and the context of the task [7].

2) CLASSICAL TRUST MANAGEMENT FRAMEWORKS AND DEVELOPMENTS
Marsh's 1994 Ph.D. dissertation [43] is considered the first formal, computer-based trust model. His primary problems with trusting were a lack of clarity, a plethora of terminology, and not being formally used in scholarly works and daily life. Marsh proposed a set of subjective variables that might be merged into a single (continuous) trust value [1,1]. For many, this range means full distrust or trust. Marsh said ultimate trust or distrust is unrealistic. Marsh distinguished three types of trust: fundamental, which exists in all situations, general, which occurs between two individuals in all encounters, and situational, which occurs between two people only when they are in the same setting. Marsh also noted that time affects trust. Authors who quote Marsh typically simplify his work (e.g., trust is a continuous value, and its composition is unimportant) or don't follow his model because getting values for specific variables required to calculate trust is difficult (e.g., importance, utility, competence, risk).
Centralized or decentralized/distributed trust frameworks are categorized by trust management strategies. To ensure data security, centralized trust-related data management systems typically involve a third party. For IoT objects, a trusted central server delivers robust and effective data administration, maintains data consistency, and makes system deployment easier [44]. One central authority that can compute controls the centralized trust framework [45].
Reference [46] manages a centralized trust management approach. The trust management concept includes a service server and a trust management server. The service server handles node authentication, registration, service discovery, the community of interest proposal, and dynamic similarity computation. The trust management server collects node feedback to calculate contextual trust and reputation to classify and forecast node behavior. The advantage of the centralized trust management approach is that only centralized devices need sufficient hardware for trust management [45]. For a decentralized trust management approach, each decentralized node must maintain trust information about other network nodes for subsequent use, shortening their lifetime [46]. However, these centralized trust management techniques have scalability and single-point-of-failure problems Next, trust-related frameworks are developed utilizing a decentralized or distributed method to improve scalability and avoid single points of failure. Authentication and cooperation amongst IoT devices facilitate data transmission and sharing in a decentralized trust management system, where trust-related data is stored locally and interactively communicated and shared. As cloud computing, IoT, SIoT, and fog computing gain prominence, trust management remains a concern.
P2P systems play an important role in distributed systems, thus we cover some traditional trust models. Eigen Trust [47] is a popular P2P trust paradigm. Each peer in a P2P filesharing network has a unique global trust value, reducing the number of inauthentic files downloaded. Pre-trusted peers are a crucial aspect of the Eigen trust model, however, they don't always exist when the community is created, so this feature isn't always beneficial The CuboidTrust is a global reputation trust management technique that builds four relationships among three trust sources, including resource quality, peer system contribution, and peer trustworthiness (with reporting feedback) [48]. Power iteration calculates each peer's global trust value. This architecture does, however, include the idea of pre-trusted peers, which is not always appropriate. In the CuboidTrust model, direct and indirect trusts receive the same treatment and are not given separate handling The PeerTrust paradigm uses a transaction-based feedback mechanism to calculate and compare peers' trustworthiness [49]. PeerTrust is a reputation-based trust-supporting framework. Five parameters to assess trust includes: feedback from peers, total transactions performed by peers, the legitimacy of the sources of peer feedback, and context factors with respect to transaction and community. It explains a general trust metric to integrate parameters [49]. PeerTrust does not differentiate between task and recommendation trust. It assumes peers with higher trust values always deliver more trustworthy feedback.
AntRep [50], [51] disperses reputation evidence across a P2P network. These authors suggested employing an ant system, which is easily adaptable to P2P networks' dynamic topology, to create trust. AntRep only distributes reputational evidence, not evaluates it VectorTrust [52] provides P2P trust management. Single value expresses trust level. Along the chains, trust is multiplied. When there are multiple routes between two users, it chooses the most reliable one. Indirect trust is only used when the truster doesn't trust the trustee directly Distributed approaches are better for scenarios with fewer events and nodes that do not need to execute frequent calculations, as each node in distributed trust management is responsible for maintaining robustness and computing trust degree [45]. Decentralized trust management offers fault tolerance, resiliency, no single point of failure, and increased security.

B. GENERAL STEPS IN TRUST MANAGEMENT FRAMEWORK
The general steps in trust management frameworks are depicted in Figure 4. It is to be noted that trust values are propagated for the computation of global trust / overall trust either in a centralized or decentralized manner.

1) COMPUTATION OF TRUST VALUES
Trust computation steps focus on converting abstract theory and the concept of trust into precise numerical representation (e.g., a fuzzy representation of trust). In short, this step provides a better comprehension of trust by associating understandable and meaningful values with trust. This step is concerned with providing a ''local view'' of trust as experienced by the entity. The computation of trust is based on three basic steps.
-Selection of Trust Attributes based on but not limited to trust properties. -Computation of Local Trust.
-Computation of Overall Trust / Global Trust. The properties of Trust Attributes (TAs) are mostly classified as but are not limited to: (i) general trust attributes; and (ii) social trust attributes. General trust attributes reflect the generalized characteristics and are applicable to all domains and contexts. However, trust attributes specifically related to the social context are categorized as social trust attributes. Social networks are crucial for establishing connections of trust between different entities, according to researchers. Golbeck [61], [62] proposes the use of social networks as a bridge to create trust relationships between entities in order to establish the notion of ''Social Trust''.

a: GENERAL TRUST PROPERTIES
-Direct: in this case, trust is based upon direct interactions that take place between the trustor and trustee -generally based on their own experience [26], Indirect: in this case, when an entity or trustor has no information regarding the trustee then trust values based upon recommendations are considered. Thus, indirect interactions come into play to determine trust in an entity [26]. -Local: this view of trust solely depends upon the interaction between a trustor and a trustee. To elaborate on this, node a trusts node b, or node f trusts node b but node c does not trust node b. There is a factor of distrust between nodes c and b irrespective of the fact that both a and f individually trust node b. In other words, this trust is computed on the basis of the ''object-object relationship'' [26]. -Global: this value of trust is based upon the cumulative trust value of all nodes (that have interacted with the one being evaluated) towards the node being evaluated. Thus, it can be stated that this trust is computed on the basis of the ''objects-object relationship'' [26]. -Asymmetric: this means a trustor a trusts b, but trustor b does not trust a [26]. -Context-dependent: trust in a given node may vary depending on the context of use [26]. -Subjective: trust is fundamentally a matter of personal opinion based on numerous pieces of information or evidence, some of which may be more important than others [26]. -Objective: this trust value is computed by considering the QoS characteristics of the nodes or devices [26].

b: SOCIAL TRUST PROPERTIES
-Honesty -This trust characteristic states whether a node is honest or not. It is possible that SP provides good services only to those on the friend list and deliberately provides degraded services to other SCs. Nodes that exhibit dishonest attitudes cause extreme damage to trust management in social internet of things networks. Therefore, it is mandatory to draw a line between honest and dishonest nodes. Honesty is assessed by direct and indirect interactions [63]. -Cooperativeness -This feature represents whether a node is cooperative in terms of social aspects or not.
In other words, to determine whether the SP and SC are cooperative with each other or not we use cooperativeness. SP can be cooperative with their friends SC and vice versa. Friends tend to cooperate with each other. A node can exhibit cooperativeness only when those are classified as its friends or with those nodes with which it has strong social links [63]. -Community of interest -This feature represents whether the nodes belong to the same community such as cowork, co-location, or not [63]. -Centrality -The centrality defines the importance of nodes with reference to the number of directly connected nodes which is termed Degree Centrality. If a node requires only a few intermediaries to contact others, then this indicates that the node is independent in a structural context. This type of centrality is termed Closeness Centrality. The third concept of centrality deals with the information flow control in a network. The fourth centrality concept is the quotient of the counts of all shortest paths between nodes in a particular network that consists of the regarded node and the total count of all shortest paths present in that network is termed Betweenness Centrality [64].

2) AGGREGATION OF TRUST VALUES
The process of aggregating different trust values based on direct and indirect interactions and experience comes under this step. Various methods are proposed for the aggregation of trust values. This aggregated value provides a broader view of trust. This section provides a discussion of the methods/ processes involved in the computation of trust. These schemes are further used to calculate the aggregated value which is a vital phenomenon in the overall trust calculation.
Weighted Sum is one of the most commonly used techniques for trust calculation. If P is a set of parameters and W is the set of weights, where each parameter is assigned a weight, VOLUME 10, 2022 then the weighted sum total value (WSTV) is calculated as: Wi * Pi where Pi = {p 1 , p 2 , p 3 ,. . . ,p n }; Wi = { w 1 ,w 2 ,w 3 ,. . . w n } Weights can be adjusted dynamically [65], [66] or statically thus providing ease of implementation, with low computational cost.
Bayes' theorem underpins the Bayesian System. Prior probability, posterior probability, and likelihood function are Bayes theory components. When given a prior probability and likelihood function, the goal is to calculate an item's posterior probability [67], [68]. Formula: where ρ(x/y) = posterior probability of x given that y is true, ρ(y/x)= likelihood function of y occurring given that x is true ρ(x) = prior probability that x would occur ρ(y) = evidence or probability that y would occur Inferences depend upon the data.
A machine learning model uses input data to automatically achieve a goal without being explicitly written (i.e., ''hardcoded''). These methods are ''soft-programmed'' to improve with time. Training involves supplying input data samples and desired results. In Machine Learning, unsupervised [69], supervised, and semi-supervised learning is used [70].
Multiplicative Attribute Graphs (MAG) are generative models for node-attribute systems. MAG combines node attributes and affinities to determine connection probability [71]. Positive or negative node affinities can exist. Homophily, heterophily, core-periphery, and Random are four affinities [71], [72]. MAG model reflects interactions between network structure and node's attributes.
Fuzzy logic focuses on uncertainty. It supports approximate values [73]. The fuzzy controller transforms real values into fuzzy logic. Fuzzy logic may easily reflect complex ambiguous problems, unlike Boolean logic, which only takes two values (0 and 1).
Deep learning is the calculation of hierarchical representations of observable data, where higher-level factors are described from lower-level factors [74]. Deep learning can be supervised or unsupervised. Deep learning networks include DNN, CNN, etc. for supervised learning. Deep Boltzmann machines and autoencoders are utilized for unsupervised learning [75]. Deep learning is a multi-layered representation-learning process [76].
The weighted directed graph has weighted vertices and edges. Vertex degree represents edge count. User relationships are represented as edges [77].
Nuclear physics influenced fission computing, which splits the core into subparts while preserving their characteristics. The first stage is to identify an entity that may divide its activities into two or maybe more subordinates, and the second phase is to discover features that can be used to divide resources among its subordinates. The first and second stages might be interchanged depending on the situation. In the third phase, fission computing parameters are set [78]. Table 3 represents the analysis of studies conducted concerning trust computation and trust aggregation schemes. This table includes the TAs used in the corresponding studies and the relevant techniques deployed for trust values computation and trust values aggregation. Table 4 represents the scenarios for trust computation/ aggregation techniques.

3) UPDATES IN TRUST VALUES
With the passage of time, changes occur in an entity's trust due to a number of factors. The entity can: (i) become a target of an attacker(s); (ii) change from being honest to dishonest, etc. The trust values of the entity might vary depending on the scenario and context, so a continuous update process in trust values related to an entity is required. After trust computation and propagation, the previous trust values of nodes can be updated. The two possible schemes for trust updates can be event or time driven as shown in Figure 5.
An event-driven update scheme consumes a much large number of resources as compared to the time-driven. In this scheme, the trust is updated at the end of each interaction or event [12]. The event can be feedback, violation of some privacy rules, environmental changes, etc.
A time-driven update scheme involves a periodic update [12]. The Time-driven scheme is more resource-efficient. It is quite difficult to decide on the granularity level of the time frames which is required for updates. Table 5 presents the categorization of studies by trust update schemes. The update schemes exhibit the dynamic nature of trust, as trust in the entities may change over time. However, many relevant studies have not considered the update mechanism of trust values in their proposed trust management framework/ model. The studies are represented by their reference numbers.

4) TRUST VALUES PROPAGATION SCHEME
Trust propagation schemes fall into 3 categories: Centralized, Decentralized, and Hybrid as represented in Figure 6.
The centralized approach relies on a central authority for trust computation, trust propagation, and trust updating. The positive aspect of this scheme is its ease of understanding and inclusion in a trust management framework. However, the major disadvantage of such structures is the single point of failure [12], [95].
A decentralized approach requires nodes to be responsible for trust calculation, and propagation without the interference of any centralized authority. This approach avoids a single point of failure [12], but it has constraints such as latency, ''honest'' trust calculation, unbiased propagation of trust, and a complicated trust management architecture.
Hybrid or semi-centralized propagation allows part of the trust management framework to be implemented as a centralized structure whereas the other part is implemented as a decentralized or distributed architecture. Thus, it incorporates    the advantages of both centralized and decentralized architectures. Table 6 provides the classification based on the propagation schemes deployed for the computed trust values in the relevant studies. These schemes are classified as centralized, decentralized/ distributed, and hybrid/ semi-centralized. The studies are represented by their reference numbers.

C. TRUST RELATED ATTACKS IN THE SIoT DOMAIN
A node or object can use its social connections with other nodes to find the services it needs, but only if there is enough trust between them. The SIoT environment is made up of multiple social objects or devices with different characteristics. Misbehaving objects can take advantage of social interactions for launching attacks on a SIoT system as these malevolent nodes have ulterior motives. These misbehaving nodes or their owners want to get benefits from resources or services, but they do so at the expense of other nodes that can provide such services [133]. Thus, malicious nodes launch attacks on other nodes.
A malevolent node is dishonest and non-cooperative in a social context with the tendency to break the basic functionality of SIoT by executing attacks on various nodes [63]. In this context, trust management is crucial and assists SIoT nodes in overcoming perceptions of ambiguity and the risk of coming into contact with malevolent objects. In order to reduce the impact of malevolent devices, trust management systems for the SIoT encourage objects to collaborate honestly and constructively. These systems also forecast the most trustworthy trustee for a given trustor.
Due to the nature of cyber-physical systems, a successful attack on a SIoT system has the potential to be just as disastrous as the biggest industrial disasters to date [134]. Attacks are broadly categorized into two types: collaborative attacks and individual attacks [12]. These attacks are specifically related to SIoT, hence the attacks listed below are ''Intrinsic Attacks''.

1) COLLABORATIVE ATTACKS
In collaborative attacks entities (SCs) collude to launch an attack on an SP. There are two main types of Collaborative Attacks: -Bad Mouthing Attack: the SC deliberately provides unsatisfactory feedback after receiving satisfactory service. In this attack, multiple SCs act together and target a particular SP to provide negative feedback. Hence, attackers with bad ratings enhance their reputation by providing negative feedback to nodes having a good reputation. This results in attacking nodes uplifting their reputation scores [12]. -Ballot Stuffing Attack: multiple malevolent nodes collude to increase the reputation of another fraudulent node by constantly providing positive feedback about that node. It thus enhances the opportunities of the adversary being selected as a possible SP. The attackers and the target nodes are often not owned by a single    owner [12]. Instead, different nodes (attackers) collaborate to enhance the rating of nodes with a low reputation by assigning positive feedback to each other.

2) INDIVIDUAL ATTACKS
These are the attacks that are launched by individual nodes, and comprise: -Good Mouthing Attack/ Self-Promoting Attack: the entity projects itself as one of the most trustworthy SPs by providing good recommendations about itself [12]. In this instance, the attacker owns multiple SC nodes, all of which provide a good rating to an SP. In other words, the SP and SC are owned by attackers. -On-Off Attack: a node (SP) tries to maintain a consistent reputation by oscillating between good and bad service provisioning. When the node (SP) judges that its reputation is about to decrease below a threshold, it starts providing good service [12]. -Opportunistic Service Attack: SPs use their high trust value to get selected, but they cooperate with other malicious nodes to launch an attack on the targeted node [12], [31]. -Selective Behavior Attack: an SP provides good service for certain types of services and bad for others, e.g., an SP provides a good service when resource utilization is low, and bad otherwise [12]. -Whitewash Attack: a malicious node leaves the network and then joins after some time to nullify its previously gained trust values [31]. -Discriminatory Attack: nodes render an attack on nodes with whom it does not have strong social relations [31], regardless of the reputation of the other node.  Attacks are not typically related to SIoT networks, but once launched from outside the network, can cause greater damage to the targeted SIoT networks. These can be categorized as ''Extrinsic Attacks'' such as Denial of Service (DoS) or Distributed DoS, Sybil, Slandering, Message Spoofing, and Storage Attacks.

3) MOST WIDELY USED SIMULATORS/ ANALYSIS TOOLS
A number of simulation environments can be used to realize SIoT systems, these include: Network simulation via ns-3 [135], discrete event network simulation using an objectoriented approach, such as OMNET++, where message passing is used as a medium for the modules to communicate with each other [136]. Other similar types of simulation environments include COOJA, a network simulator for Contiki OS which is a lightweight OS specifically designed for IoT. COOJA enables the simulation of Contiki OS ''motes'' and different levels of granularity [137].
Multi-agent programming to support the modeling of social interaction between agents using NetLogo [138] and support for mobility modeling (by generating synthetic traces of mobility trends) using SWIM (Small World in Motion) [139]. Data analysis environments can be used to combine a number of different algorithms, e.g., Weka (Waikato Environment for Knowledge Analysis) [140]. Other approaches can also be used to develop the behavior of SIoT systems, e.g., using a fuzzy inference system [141]. Fuzzy rules can be derived from interaction with human operators. Apache Jena Framework is another framework to create semantic web and linked data apps [142], supporting various types of inference engines A simulator specifically for trust and reputation management frameworks [143], targeted for wireless sensor nodes called TRMSim-WSN [144]. It enables a user to define various parameters of the network using XML-based configuration [145].
More general-purpose systems include MATLAB and Octave, to create simulation and data analysis algorithms, VOLUME 10, 2022  and create graphical user interfaces [146]. MATLAB includes ''Simulink'' for designing and deploying IoT-based applications, also enabling integration and analysis of data from third-party platforms. Table 7 summarizes the simulators/ analysis tool used to evaluate trust in SIoT. This table also shows the type of trustrelated attacks considered in the corresponding studies. The term ''Extrinsic Attack'' is specifically used in Table 7 to differentiate them from ''Intrinsic Attacks''. All the other attacks where the ''Extrinsic Attacks'' term is not used are ''Intrinsic Attacks''.

V. DISCUSSION AND ANALYSIS A. PUBLICATION TRENDS: SIoT AND TRUST MANAGEMENT
Publication trends related to SIoT and trust management are shown in Figure 7. Details of relevant studies published between 2012 -2022 are represented in Table 8.

B. BRIEF DESCRIPTION OF THE RELEVANT STUDIES
A brief description of the relevant studies is presented in this section.
Reference [79] presents a trust management framework with respect to the behavior of nodes when BMA is launched. Expected and estimated trust is calculated using a Bayes Model and Weighted Sum, whereas overall trust is the product of the two. To prevent malicious attacks, the trust calculation uses previous and predicted behavior.   Reference [63] provides an adaptive trust management technique to strengthen security against hostile nodes. Dynamically changing node configuration prevents harmful attacks. Trust and network stability are traded off.
Reference [80] outlines a trust paradigm based on reputation and knowledge (based on the object and its ownership). This study examines human-to-human and human-to-object trust. Trust services include agent, broker, management, and analysis. A trust agent collects service-use data, whereas the trust broker distributes it. Trust calculation techniques, reasoning strategies, an information model, and knowledge assessment are described. Human-to-human knowledge is built on cooperation, honesty, experience, and community of interest, whereas human-to-object knowledge is based on services and things. This study employs a car-sharing scenario to demonstrate the important results.
REK is proposed in [81]. TAs include reputation and experience. Interaction intensity, classification of interactions as cooperative, non-cooperative, or neutral, and relationship status are used to calculate experience. Experience is increased, decreased, or decayed based on these factors. The authors conclude it's hard to develop trust, but when the SP is uncooperative, trust decays faster than it grows. Google Page Rank is used for reputation. The trust evaluation methodology uses a human cognitive process.
Reference [82] proposed a credit-and-reputation-based trust model. Credit determines if a node can afford communication, while reputation calculates trustworthiness and identifies malicious nodes. The guarantor finds an appropriate service for SC, and reputation determines the SP's trustworthiness. Once trust is established (>0.5), SP and SC conduct an end-to-end transaction. The reputation server computes the node's reputation once SC rates the SP. This model includes penalties for detecting and isolating malicious nodes.
A hybrid TR design for SIoT (TRM-SIoT) is presented in [83]. In this study, personal encounters define trust, while social interactions define reputation. Fraudulent service provision and recommendation constitute malicious behavior. The model uses fading factor, weight, and satisfaction. SP and SC interactions affect the fading factor. Service ''cruciality'' determines weight. SCs determine satisfaction. If SP and SC interactions for a service surpass a threshold (in this case 5), two trust values are calculated. One reflects long-term  satisfaction, and the other is recent trends. The minimum value is chosen.
Reference [84] suggests a subjective trust-based paradigm. Ability, benevolence, and integrity are key to trust management. ''Ability'' examines SP's (trustee) ability to do a task, ''Benevolence'' measures the trustee's collaboration, and ''Integrity'' measures the trustee's good reputation. The literature proposes a modified, weighted page-rank method to evaluate reputation. Reputation, experience, and knowledge are trust indicators. Mobile Crowd-Sensing is used to evaluate the trust model (MCS).
The architecture presented in [46] includes objects with varied capacities, a server that is responsible for each ''thing's'' authentication and user compatibility, and a trust management system to assess trust values and conduct trust calculations depending on context and feedback. Describes calculating node reputation in multiple contexts and services. Objects' computational capacities divide them into 3 types (high, low, and average). The trust management model has two modules: contextual trust and reputation, and behavioral classification and prediction. Feedback is centralized. This server saves the node's reputation. Decision trees predict node behavior.
Reference [85] compares the recommendation model to page rank. Weighted and directed graphs show object relationships. Good relationships are measured by an object's outbound links. PR ranks by outgoing connections. This model also filters out suspicious opinions. This model assigns rank values to the most trustworthy objects and zero to others.
Reference [86] computes trust on the basis of TAs. The suggested trust management strategy quickly identifies and segregates unreliable nodes. The technique resists objectoriented attacks. A trust management model using an ML algorithm is proposed in [87]. This work discovers trust-related attacks and segregates malicious nodes. The proposed mechanism constitutes two stages ''training stage'' and a ''steady-state stage''. To evaluate dynamic knowledge three metrics are described: (i) goodness score which evaluates how benevolent the entity is, (ii) the usefulness score which determines the current behavior of the entity, and (iii) perseverance score evaluates the constancy of the entity.
Reference [7] shows that trust is bilateral, as both SP and SC evaluate each other's trust. The study implies context and services should determine trustworthiness. Success, damage, gain, and cost are used to evaluate trust. The model's unique features are bilateral trust assessment, inferential trust transmission with identical tasks, trust transitivity, trustworthiness updates by delegation outcomes, and trustworthiness modified by a dynamically changing environment.
Reference [88] proposes a paradigm for managing the direct and indirect trust. This work presents a ''DTrustInfer'' technique, where the node with the highest value of centrality is the authenticator. The authenticator forms and issues secret codes to validate node messages.
Reference [89] protects an object's privacy through homomorphic encryption. This paper provides a self-enforcing privacy-preserving technique. The study evaluates the entity's and owner's trustworthiness. Trust assessment protects participant privacy. Different entities' feedback should be confidential and weighted. The bulletin board displays object ratings. Zero-knowledge proofs ensure every entity acts honestly.
Reference [90] introduces a trust management paradigm based on SIoT node behavior discrimination. The study uses DHT to allocate trust providers to the entities. Trust providers store entity trust values for indexes they cover. This study considers similarity and context-based services (using a service rating mechanism). Recent and past ratings are derived using weighted KNN and the decay factor.
Reference [91] uses a bipartite network, matrix factorization, and Hellinger distance to find trustworthy nodes. SIoT is represented as a bipartite graph per SC and SP. The Hellinger distance creates a social structure between SRs and SPs. Reliable SP is found using matrix factorization.
Reference [92] determining trust in SIoT devices based on interest preference, using similarity between the trustor and the entity making the recommendation.
Reference [93] proposes a trust architecture based on a ''Deep Chain'' for SIoT devices using Quora, Facebook, and Twitter. Traditional, conservative, and aggressive trust transitivity calculations evaluate bidirectional trustworthiness between the SP and SC. The suggested method blocks hostile nodes from the network. A context and characteristics based approach can evaluate malicious SIoT behavior. AI algorithms evaluate the trust assessment approach.
To build a mechanism for assessing the strength of links in a SIoT network, [94] assesses the accuracy of using connection statistics from the Facebook Friend graph.
Reference [95] proposes both subjective (distributed) and objective (centralized) trust management models. A distributed hash table is used in the centralized approach by pre-trusted objects, supporting trust queries for service providers. The suggested model isolates malevolent nodes at the cost of increased traffic in the network due to feedback exchange.
Reference [96] suggests basing SP trust on intimacy, sociability, service feedback, and transaction importance. Different service tiers represent SP's quality of service. This study proposes a trust predictability model for OOA based on a node's past behavior.
Reference [97] suggests a trust model comprising of a user, service, and device dimension. The work counters attack using ML and DL. This study classifies users as legitimate, maliciously recommending, and maliciously providing service.
Reference [98] considers direct and indirect interactions for trust computation in a service-oriented environment. The suggested trust management approach considers entity behavior.
Reference [99] proposes a subjective trust management model based on direct and indirect interaction. Indirect engagement considers friends' opinions and experiences. The proposed feedback system combines nodes' credibility and centrality.
Reference [100] presents a ''community of interest'' trust management technique employing a Kalman filter to evaluate and predict trust values. Nodes communicate based on common interests. The proposed technique involves community building, trust value initialization, administrator election, and member updates. After nodes are validated and registered, they elect an ''Admin'' based on trust, sociability, and capability. These admins manage the community of interest.
The model proposed in [101] suggests the use of trust attributes in the context of an attack. In the trust aggregation stage, an artificial neural network algorithm is used whereas a time-driven strategy is used for trust updates.
In [58], a trust aggregation strategy is proposed using K-means clustering, to distinguish between the interactions which are trustworthy and non-trustworthy. To understand VOLUME 10, 2022 the influence of individual features on the overall trust score, a prediction mechanism for trust is used.
Reference [102] presents a context-aware trust mechanism for SIoT service delegation leveraging competence, social relationship, and willingness. For competence quantification, the Degree of Importance (DoI) and Degree of Social Relationships (DoSR) are considered, whereas willingness quantification also considers the Degree of Contribution (DoC) along with DoSR. DoI measures SPs' storage, communication, and computing capacities. DoC is based upon the willingness of those who are providing services. DoSR weighs competence and willingness.
Reference [103] includes three attributes of social relationship evaluation: friendship, the community of interest, and relationship. To accommodate a context-awareness scenario, the device status, environment, and type of task are included. The presented model selects the most trustworthy services and then proceeds with recommending those services to SCs.
Reference [104] suggests a trust model based on the similarity between nodes in terms of friendship, co-work, and community of interest. The proposed trust model combines two different types: direct trust and indirect trust. Recommendations are taken into account in absence of direct past experience.
Reference [77] proposes a trust recommender system based on implicit trust. To remove the basic problems associated with implicit trusts, the proposed model suggests three key steps: construction of trust networks that are asymmetric, calculating of the trust networks which are latent, and then predicting recommendations based on trust networks.
Reference [105] puts forward a trust management strategy based on trust of service rather than focusing on SP -as the service itself tends to act inappropriately. Service trust is used as a selection criterion, composed of multiple factors such as availability, execution time, response time, and overall transaction time.
Reference [106] proposes a trust strategy based on social similarity where K-means clustering along with random forest classification is used for the analysis of the trust values of nodes.
Reference [107] takes into consideration the trustworthiness of IoT and makes use of Online Social Networks (OSN) to create smart city services. This trust model takes into account the interaction and trust value within an OSN. The trust factor in the proposed trust scheme ensures the integrity of data. The suggested scheme uses publicly available data sets from Slashdot, Facebook, and Twitter.
Reference [108] put forwards a weighted trust scheme using soft set theory.
Reference [109] presents a trust and relationship management mechanism for reliable service provisioning in SIoT called F-TRM on the basis of the friendliness factor. This study advises using a dynamic friendship supervision technique (DFS) with an updated friendship directory (UFD). UFD's encrypted service delivery ensures privacy. Reference [110] proposing an algorithm for truthful friend selection using an exhaustive search. Static and dynamic friend relationships are studied. Static friendship metrics include data profiling and distance. Interaction history drives dynamic friendship. Distance and interactions define trust.
Reference [111] calculates SIoT trust with context. Social science and psychology are used to compute node-owner trust. Familiarity and similarity measure trust. Similarity trust uses centrality and community of interest. Direct trust and recommendation determine familiarity trust. Familiarity trust is computed using a kernel-based nonlinear multivariate grey prediction model and fuzzy logic.
Reference [78] proposes a trust and privacy scheme for SIoT based on the concept of ''fission'' computing. The study proposes a scheme that eliminates reliance on centralized servers by building a scalable and distributed approach that leverages end-user devices as mini-edge servers. Edge-crowd integration for trust maintenance and privacy preservation rules.
The trust evaluation scheme in [112] is used to calculate the trustworthiness of data providers with the help of trusted static sensor nodes in edge computing. The study also put forward a service assessment strategy based on trustworthiness, which comprises both local and global assessments of trust.
The trust management scheme presented in [113] includes deep learning for the detection of attacks related to trust and the isolation of malicious nodes.
Reference [71] presents a trust management strategy in SIoT based on a multiplicative attribute graph (MAG). A set of attributes is linked with each node. Trust in this research work is presented as a link probability between two nodes, with the overall between nodes computed using MAG.
Reference [114] suggests a trust management scheme based on cloud-based calculation. Overall, trust is based on direct and indirect trust values.
In [115], a novel methodology for assessing the trustworthiness of nodes and identifying the most reliable SP is proposed. SPs are filtered based on contextual information from recommendations and QoS in order to reduce trust calculation time and identify the most reliable service provider.
Reference [116] presents an attack detection strategy based on an ML approach to identify and isolate malevolent nodes. Furthermore, in this study, the behavior of the nodes is classified as benign or malicious. This study uses the Weighted Sum technique for trust aggregation.
Reference [56] presents a trust management scheme based on blockchain. For reputation calculation, this study uses Information Entropy. To evaluate trust, this study uses smart contracts.
Reference [117] presents a trust management scheme based on blockchain. A lightweight trust management algorithm is proposed by limiting the interaction overload. Privacy-preserving feature of nodes is addressed. The social tie is computed as similarity-based on ownership, similarity based on owner friendship, and similarity-based on device friendship.
Reference [118] presents energy and trust based opportunistic transmission strategy for CR-SIoT (Cognitive Radio Social Internet of Things). In CR-SIoT, a novel routing parameter uses stopping theory to determine forwarding candidates, and network coding is employed for data transmission between trustworthy nodes. The authors also suggest a game-theoretic approach for allocating the trusted route for CR-SIoT based on estimated network gain.
The study [119] suggests a group-based servicemanagement approach for SIoT. SP is chosen based on trustworthiness and performance analysis. The study examines selfish behavior in SIoT. The study advises punishing selfish behavior in trustworthiness assessments. Reputation assessment is based on the HITS algorithm.
In this research [120], the authors present an intelligent TMS for MOOC (Massive Open Online Course) ecosystems based on ML approaches that can dynamically measure learner trust, allowing not only a categorization but also a forecast of their future conduct.
Reference [121] introduces a trustworthy crowdsourcing scheme in the domain of SIoT by incorporating the concepts of the social cloud and sensing nodes based on a social awareness process. The study put forwards a message-forwarding algorithm to select a winner and determine payment by assessing the reliability of the participants of crowdsourcing. An auction process is incorporated into a crowdsourcing platform that is based on reputation.
The paper [122] provides a dynamic peer recommendation procedure with a trust management method to address MOOC's (Massive Open Online Course) dynamism. This architecture facilitates MOOC participants to select partners, ensures an immersive learning environment, and encourages peer interaction.
This research [123] provides a preference-based trust management approach that considers IoT node operational conditions. The scheme estimates a SloT member's trustworthiness based on social relationships and residual energy. Co-work, parental object, co-location, and ownership object relationships are studied. On-off time, residual energy, and interference level measure communication trust, whereas manufacturer capabilities and functional and operational support measure operational trust. Recommendations and reputation calculate indirect trust. The technique detects malicious nodes.
Reference [124] puts forward the TIRec model, which incorporates rating along with direct trust, the indirect trustbased relationships, as a trustworthy and lightweight matrix factorization platform based on trust inference. The literature addressed two types of malicious attacks. In order to select trustworthy users, the study proposes a user-weighted centrality metric. The study infers an indirect trust relationship through the use of a path selection algorithm that is lightweight and a trust inference computation algorithm.
This paper [125] offered a multi-tiered architecture for increasing the responsiveness of social entity service provisioning in SIoT contexts. The work uses fog computing to improve the network's navigability, and management of resources along with scalability, and dependability. Based on social characteristics, reputation, and availability of resources, an effective technique for evaluating SP's trust has also been offered.
Reference [126] presents a trust management framework in the SIoT context based on blockchain. The study provides a modifiable and adaptive trust calculation process to increase the reliability of nodes in terms of trustworthiness computation. Blockchain is used for storage and retrieval purposes of the data associated with trust.
This study [127] presents a hybrid trust management system, that combines the intelligence of humans and devices to create HMST (Hybrid Multi-service Social Tie-graph). OSN Social tie-graph of IoT nodes inputs human intelligence into HMST. IoT nodes' direct opinions form the basis for social ties in HMST, including device intelligence. Each social tie's probability is based on its trustworthiness. P-NO (Probabilistic-Neighborhood Overlap) estimates the strength of node ties.
This study [128] presents a computational trust model for decision-making in uncertain SOA-based SIoT contexts. Several specific and general sources of uncertainty were modeled and used in the context with respect to IoT interactions and data analysis. In this model, QoS certainty, recommender honesty, and context circumstances were evaluated independently and combined to generate ultimate trust. INNs were used in the suggested model to consider uncertainty. The proposed model was utilized in a social context.
The study [129] provides an effective, reliable decisionmaking solution that is applicable to SIoT systems and helps users in a widely dispersed network to prevent malevolent interactions. The study puts forward an attack detection process comprising of three steps: i) actors' identification ii) feature extraction iii) attack classification. The study employs ML techniques to categorize interactions amongst nodes as benign or trustworthy on the basis of social trust and quality of service characteristics.
In the study [130], the authors provide a cutting-edge technique for recommending SIoT services to consumers, particularly those who have little training data. The suggested method uses a latent variable model to first learn user preferences from item or entity usage events. After that, the authors build a knowledge graph by connecting various social links between SIoT devices and user preferences. The suggested approach specifically integrates users, items/ entities, services, and their associated relations into a shared lower-dimensional space. Then, using graph embeddings to break down the SIoT service suggestion into a connected prediction process while taking into account the user's item usage event and the item's social relationships, the authors model SIoT service recommendation as a knowledge graph completion problem.
Object recommendation plays a vital role in trust management. In the study [131], the authors introduced a time-aware SIoT object recommendation model by taking into account the temporal impact on user-object interactions and the social similarity of smart objects. The suggested recommendation mechanism uses events associated with user object usage to develop a latent probabilistic model that tracks user preferences over time. For users who only use a few objects, the model disseminates their preferences on the basis of latent classes that display user and object properties. The suggested technique evaluates the social similarity of smart entities by embedding entities and their social ties in a shared lower-dimensional space. In the last step, the model integrates the user's temporal preference and the entity's social similarity to provide object-based collaborative filtering recommendations.
The study [132] presents a context-dependent trust management strategy (ConTrust) for identifying a trustworthy SP and allocating jobs in SIoT. Integrating trust theory with social networks leads to the generation of a SIoT trust model. Combining capability, commitment, and satisfaction along with feature-property matching enhances trust evaluation and resolves context-dependent problems. This study also provides strategies to incorporate resiliency against trust-related attacks in SIoT.

C. CLASSIFICATION OF STUDIES ACCORDING TO THE TYPES OF TRUST ATTRIBUTES (TAs)
TAs can be broadly categorized into two trust metrics: Social Trust and Quality of Service (QoS) as represented in Figure 8. Examples of Social Trust attributes include: honesty, cooperativeness, centrality, etc. Examples of QoS Trust attributes include capability, response time, number of interactions, throughput, data delivery ratio, energy, etc.

D. CLASSIFICATION OF STUDIES ACCORDING TO THE TYPES OF OPINIONS
Based on the types of assessment (feedback/ opinions) involved in calculating and aggregating trust values, the trust-based decision schemes can be broadly categorized as Reputation-based, Recommendation-based, Knowledgebased, and Hybrid as shown in Figure 9. -Reputation-based -The reputation of a node includes global opinions in the form of ratings. -Recommendation-based -Based upon indirect opinions (opinions given by friends or the friends of friends) about a particular node. -Knowledge-based -using information given by the trustee to analyze its trustworthiness and consists of particular Trust Attributes. -Hybrid -Consists of more than one of the abovementioned schemes.

E. CLASSIFICATION OF STUDIES ON THE BASIS OF TYPES OF COMPUTATION/ AGGREGATION METHODS
Based on the type of trust aggregation or trust computation, the trust schemes can be broadly classified as but not limited to Prediction-based, Policy-based, Weighted Sum-based, and Hybrid as depicted in Figure 10.
-Prediction-based -These techniques involve Artificial Intelligence (AI) methods (Such as Machine Learning, Deep Learning algorithms) to predict the trust values. -Policy-based -These techniques make use of rules or policies such as fuzzy logic by which trust is aggregated or computed. -Weighted Sum Model / Weighted Linear Combination of Simple Additive Weighting -These techniques' prime focus is to assign weights to different components and then based upon the weights perform trust aggregation or trust computation. -Hybrid -Consists of more than one above-mentioned scheme.

F. CLASSIFICATION OF STUDIES ON THE BASIS OF CONTEXT-BASED OR CONTEXT-FREE APPROACH
Based upon the inclusion of environment/ context or not during trust computation, trust aggregation, and trust evaluation, the schemes can be broadly classified as Context-based or Context-free as shown in Figure 11. -Context-based -The context is taken into consideration whether it's related to service or device or environment. -Context-free -The context is not taken into consideration.

G. MECHANISMS TO PROVIDE RESILIENCY AGAINST INTRINSIC AND EXTRINSIC SIoT ATTACKS
This section presents a discussion on the mechanisms proposed in the studies to provide resiliency against Intrinsic and Extrinsic attacks.
In the study [79] A significant criterion for identifying 'on off' selective forwarding attackers is the expected trust. In the implementation, a threshold trust value of 0.4 was set. The object may be the target of an 'on off' attack if the overall trust value is below the threshold value.
In [63], BMA/ BSA is detected by comparing the recommendation with its own trust values, categorizing nodes as honest or dishonest. SPA by node 'j' is detected when it boosts its cooperativeness and/or community-interest trust to increase its chances of being chosen as the service provider but then gives a subpar service. The protocol's honestydetecting techniques reduce the node 'j's trust.
In the research work [82], the proposed model detects faulty nodes by using 'credit' and 'reputation' as parameters and isolates fraudulent nodes by using penalties for malicious conduct.
In [83], the Platform's algorithm incorporates the random surfer notion to address this issue of the Sybil attack. One log file is preserved per service to combat malicious nodes that change their behavior according to the service they deliver.  Reference [84], selects four TAs (cooperativeness, community interest, honesty, and similarity) to identify whether a social entity is trustworthy or malevolent, along with the risks associated with SIoT environment, including SPA, BMA, and BSA. These four TAs determine an entity's credibility within a social network.
In [46], the Decision tree is used for the selection of trustworthy SPs. The social similarity which is used as an indicator of credibility (the greater the similarity is, the greater the credibility) is calculated between the selected SP and SR. However, once a malevolent object is detected, it is punished double to prevent fraudulent activity.
Reference [86], takes energy into account to detect 'on off' or selective forwarding attacks as a node performing these attacks will have a relatively higher energy level (because the node falls into the off state during crucial transactions). The node is isolated from the network when it falls victim to an 'on off' selective forwarding attack because its calculated trust value surpasses the minimum value.
Reference [87] proposes a decentralized trust management approach where each node computes and records data about other nodes to form its own opinion of the network. Hostile attacks like DA that change behavior based on requester are easily detected. Malignant nodes that launch OOA and OSA often change behavior. The proposed approach uses TA 'Dynamic Knowledge' to learn from and adjust to potentially harmful behaviors. The authors use two parameters (Usefulness Score and Perseverance Score) to assess the service provider's behavior. Because the model values direct observations over recommendations, the proposed model also addresses BMA. In BSA, two mutually harmful friends recommend a malicious supplier to the requester node. Such recommendations are only utilized in the startup stage of the model to combat this attack, and as 'Dynamic Knowledge' gains experience, their weight diminishes with the number of transactions. The model automatically avoids SPA and Sybil attacks.
Reference [88] uses DTrustInfer to calculate node trust and Secure codes to secure node communication. Honest nodes mix quickly, but Sybils don't. Using DTrustInfer, cuts the graph between Sybil and honest. This helps find the Sybil region.
In [90] DATM (discriminative-aware trust management), ratings determine trust values. Nodes cannot record their own ratings to prevent SPA. Ratings cannot be given equal weights since BMA/BSA may occur. In this study, attacks are rated based on their owner's reputation and times. The malevolent node that launches OSA causes the trust values to get lower whenever these fraudulent nodes provide subpar services resulting in the detection of OSA.
Reference [91] uses Hellinger distance-based matrix factorization for trust management. Using the proposed method, the trustworthiness of SIoT nodes remains constant during evaluation, except for hostile nodes that conduct OSA. Any drop in trustworthiness detects OSA.
Grouping nodes by CoI (Community of interest) in [92] prevents DA attacks. The proposed system defends against SPA by evaluating trust indirectly and testing recommendations for relevance. The suggested trust scheme counters WA by tracking past trust values. The suggested trust protocol is effective against BMA and BSA because it considers trustorrecommender relationships.
Reference [93] proposes assessing trustworthiness on both sides of the SIoT to protect the trust relationship between the trustor and trustee. SIoT devices accept task delegation based on requests, ensuring resources aren't misused. Only authorized users can use the services, and hostile nodes can't infiltrate the network. This context and characteristics based trustworthiness paradigm can detect malicious SIoT node activity.
In [95] the subjective model states that each node retains and controls the feedback needed to determine local trustworthiness. Malicious nodes that provide misleading references and are connected to unreliable network areas receive negative feedback. The objective approach stores node trustworthiness values in a DHT-structured distributed system on the network. Every node's feedback is weighed to reduce the risk of malevolent nodes providing misleading feedback to undermine the reputation system.
The proposed strategy in [96], tackles SPA by using feedback assessment for a particular service. BMA and BSA are prevented by assessing the trust of a node towards its recommender. The trust predictability approach is used to deal with OSA and OOA.
Reference [97] uses supervised Machine Learning to distinguish malevolent from legitimate nodes. The 'credibility' factor compares the user rating vector with the total rating matrix to determine a node's credibility. If the node's rating differs from most users', it's incredible. It combats BMA, BSA, and SPA. The authors use 'Rating-trend' to determine a user's optimism and network behavior, identifying DA. ''Relationship strength'' measures the strength of the relationship between two nodes to detect colluding attacks.
Reference [98], suggests a trust management approach that uses the 'intended trust' factor to distinguish between the malicious and legitimate nodes.
The study [100] implements a Kalman filter-based prediction model to prevent OOA. When dishonest behavior is discovered, the model recommends punishing the fraudulent nodes twice.
In [101], the model suggests selecting different trust features based on the attack context (SPA, BSA, BMA, DA, OSA). In the machine learning-based trust aggregation phase, the ANN algorithm is used to calculate the trust score. At the output layer of the ANN, a probability determines whether a trustee is malicious or benign, identifying malicious nodes.
In [102], the suggested trust model uses past service records to determine trustworthiness. This prevents SPA. In order to combat OSA, the likelihood of service delegation is decreased if a malicious SP is deemed to be less trustworthy. It can't increase its credibility by quickly offering many services. The malevolent node must break all existing trust relationships with other SRs when joining the network with a new identity, so WA is prevented. To successfully make BMA against an honest SP, a fraudulent node must not only establish a high DoSR factor with SR but also minimize the amount of trust-related information SR gathers from other sources about the honest SP. Certain model conditions prevent BSA. Malicious SPs can't launch DAs without first identifying as many social ties as possible to cause conflict. Dishonest SPs lose trustworthiness if they send DAs to reputable SRs.
In research [103], using feedback variance lowers a dishonest device's trust value when it offers subpar services. According to the model, the honest device's trustworthiness has increased while the dishonest device's has decreased.
Even if previous dishonest devices helped the dishonest node gain trust, it loses it after providing subpar services. Despite bad recommendations destroying the honest device's trustworthiness, following successful service has increased it.
In [104], the model only takes into account the recommendations from the trustor's immediate friends during the merging of recommendations with the direct trust in order to deal with various forms of attacks, such as BSA, BMA, and GMA.
In the research study [109], the proposed mechanism uses the 'Detection Probability' feature which is a measure of a mechanism's capacity to adapt to any network circumstance and sensibly manage incorrect service references during navigation.
Reference [109] ensures service delivery in a secured manner by incorporating the Privacy Protection Paradigm (PPP) constituting of three main phases: (1) Encryption of friend list using Genetic Algorithm based Pseudo Random Sequence Generation (GA-PRSG) technique, (2) Verification of device authentication via inspection of the Updated Friendship Directory (UFD), and (3) Attribute based Encryption (ABE) of the requested data in order to control who has access to it.
Reference [111] Based on Direct Trust and Recommendation Trust computation techniques, the suggested model resists cheating attacks and reduces their impact. The model uses interactive results to confirm the precision of recommendations without being impacted by additional malicious objects. The proposed model combats BMA by removing dishonest recommendations and reducing judgment errors.
In the study [78], the proposed system provides defense against the Sybil attack by not relying on a central reputation system.
Reference [113] proposes an attack-detection system that calls for a thorough examination of node activity. Using deep learning techniques to provide resiliency against BMA, BSA, SPA, and DA.
In the research work [115], the suggested approach penalizes relationship types that value cooperation and honesty less, lowering the likelihood of attacks. The model defends against malicious attacks like SPA, BMA, OOA, and SBA with the help of the optimization strategy utilized to alter the parameter 'weighting factors.' As the percentage of malevolent nodes rises, the value of the weighting parameter also rises, thus strengthening the model's defenses against BSA and BMA.
Reference [116] Using machine learning, the proposed approach extracts and analyses node behavior in fraudulent transactions. Then, it is categorized according to the kind of trust-related attacks that were carried out. These elements are based on the trust system's service quality and social metrics. This paradigm uses reputation and cooperativeness to detect attacks and deal with the attacker node's damaging activities.
To cope with OSA, the attacker node is recognized by its low reputation history and positive current reputation value. For WA, the trust mechanism recognizes that the misbehaving node's numerous identities share one IP address. When determining OOA, the model considers its reputation. In OOA attack detection, the model assesses a node's honesty.
In the study [56], feedback is stored on the blockchain, making it transparent and accessible to all nodes thus preventing BMA. Each node in the proposed trust assessment mechanism uses its own and other nodes' expertise. Using entropy to assess reputation indirectly reduces the impact of forged feedback and increases trust assessment reliability. Social connection analysis stops the attack. Trustors also consider cooperativeness and community-interest metrics. Because social connections are granted by trusted owners, this restricts the access of nodes with weak social ties to the trustor. The suggested approach is immune to BSA because it uses direct and indirect experience among system nodes, entropy in reputation analysis, and network social link assessment. Random nodes can't join the system without their owners' permission to prevent a DoS attack. If an authorized node tries to send a fraudulent transaction to the network, its reputation in the trust management system will be ruined, and the system will stop it from sending transactions. The transaction costs reduce the incentive for a malicious node to launch such an attack. The proposed solution uses blockchain technology and unchangeable blockchain data to defend against storage attacks.
In [117], a defense against BMA is provided as there is no way for enemies to influence a node's trust assessment other than by being on its 'counselor list' Each node relies on both its own judgment and the suggestions from its 'counselor list' Nodes regularly edit their list of counselors, removing any nodes whose feedback differs greatly from others. Attack via BSA is addressed by utilizing counselor lists, which shows that the suggested framework is immune to forged positive recommendations. In a Message Spoofing Attack, the blockchain checks the identity of the message sender for each transaction to prevent spoofing authorized users' identities. DoS-launching nodes lose credibility, so the system denies their requests. To prevent DoS, the requester must pay the transaction fee, reducing the attackers' incentive. Only immutable blockchain trust values can be read that provide defense against a Storage Attack Reference [118] suggests an approach to defend against boost attacks and defamation attacks. In the proposed approach, with the passage of time, the average trust value of victim nodes (Defamation victims or Boost victims) fluctuates until it eventually reaches the average trust value of normal nodes. The suggested method effectively detects malicious nodes in the network by using a novel routing metric to choose candidate forwarders.
In [119], the authors developed a method to punish selfish objects based on their behavior. When a service provider renders an unreliable service in a group, the group manager bans the object from rendering any services. This object cannot request services. False feedback forces an object into the feedback punishment cycle. In this case, group managers disqualify the malicious object from contributing. The mea-surement criteria are service reliability and feedback validity threshold. A service provider or feedback source is unreliable below a certain point. The model uses cosine similarity to avoid BMA or GMA when assessing feedback honesty.
In the study [121], a reliable crowdsourcing model is put forward to deal with DDoS attacks by crowdsourcing participants. Social awareness is introduced to combat DoS attacks by self-centered nodes in SIoT. To assess the reliability of crowdsourcing participants and identify unreliable participants of crowdsourcing, a reputation method is deployed.
Reference [123], states that the malicious nodes running BMA or SPA display a high volume of activity in a short amount of time. Therefore, numerous operations over a short time period are an indication of potential malevolent behavior. To reduce ownership-based trust violations, edge-based validation and recommendations from the same ownership nodes are used to calculate the value of ownership-based trust. To reduce co-location based trust violation, the edge-based validation and recommendation by the co-location nodes are used to calculate the co-location based trust value.
Reference [124] proposes comparing trust values to identify trustworthy nodes. In a social trust network, a user is trusted if the ratio of trust values acquired or given is greater than distrust values, where the threshold is 0.5. Unreliable users are excluded from trust inference calculations. By emphasizing last-hop users and assessing their dependability, divergent user viewpoints are resolved, and BMA risk is reduced. Neighbor user feedback can identify false recommendations and diminish collusive users' reputations.
Reference [126] prevents the BSA, WA, SPA, and BMA through the use and implementation of complete and accurate service history and information related to trust.
Reference [127] states a slandering attack cannot be repeated in the proposed trust structure because the malicious node 'm' has nothing to gain. The edge {'m'→'y'} would only disappear after the initial impact on node 'y'. Second, (1/b), where b is the number of node 'x' service providers for each service S * , excluding node 'y', limits the slandering attack's impact. Finally, and most significantly, in order to damage node ''y,'' malicious node ''m'' must itself be a genuine service provider for some service S * to node ''x.'' Value(b) Value(n) is necessary to reduce the effects of the Sybil + Slandering attack, where b is the total number of trusted service providers of node 'x' and 'n' is the number of instances of malevolent node 'm'. Each instance of the fraudulent node is required to offer trusted services to the targeted node. In a Sybil+Self-Promotional attack and BSA due to the verified provider restriction on the malevolent node instances and a cap on the maximum damage as a consequence of the P-NO computation process, the attacks are selflimiting. In the proposed model, a victim node notifies any untrustworthy behavior by a malevolent node towards the victim node on the SIoT network in order to counteract OOA.
In [128] to tackle the attacks generated by the malicious recommenders, the malevolent recommenders are identified by examining their recommendations and ignoring their opinions over time. Fraudulent SPs are quickly and correctly identified, and users are sent notifications about malevolent SPs.
In [129], Three phases are used to carry out trust-related threat detection. i) actors identification ii) features extraction iii) attacks classification. In the actor's identification phase, for each trust-related attack, three fundamental characteristics (transaction type, malicious node, and targeted node) are noted. In the Feature extraction phase, the tackling of attacks is based on different features (honesty, reputation, and social similarity). To tackle SPA, BSA, and OSA, malevolent nodes' actions can be analyzed and identified on the basis of TAs like reputation, social similarity, and honesty. In order to detect BMA, the study takes into account social similarity and honesty. To identify OOA, the TAs (honesty and reputation) are evaluated. WA is detected by poor reputation and lack of social similarity. Low honesty and reputation values help in identifying the malevolent node launching DA. In the Attacks classification stage, an ML algorithm assesses the values and classifies them in accordance with the conducted attack, if one exists.
In [132] the low reputation value of malevolent SP and penalty mechanism combat OSA. To tackle SPA, misleading feedbacks have less weight (as perceived by SRs), and the trust-related information the fraudulent nodes supply is useless in evaluating the malevolent SP's trustworthiness. Moreover, the framework uses a potential SP's job history to judge its reliability, so preventing the SPA by ensuring that the SR does not accept the prospective malevolent SP's selfrecommendation. WA is tackled by identifying weak security issues in addition to the checks related to the identification. To launch DA, an attacker must first find as many social relationships as possible between entities to cause conflict, which is complicated and unrealistic. This leads to the model's adversary being penalized for lack of trust. When a fraudulent node launches DA on a powerful SR, its trust value declines. This leads to unsuccessful DA attempts. For an adversary to launch BMA against a trustworthy SP, it must build a high social connection with SR and restricts the access of SR to trust-related feedback from other entities about the trustworthy SP. Adversaries have a hard time identifying or incorrectly affecting trust-related feedback, thus making BMA hard to launch. To launch BSA, the capability factor should be greater than or equal to the capability threshold and the commitment factor should be greater than or equal to the commitment threshold which is extremely difficult to achieve.

VI. APPLICATION AREAS OF SIoT CONCERNING TRUST MANAGEMENT
A description of application areas of trust management in the SIoT domain as shown in Figure 12 as follows: A. CROWDSOURCING Allows people to pool their resources and establish an ad hoc network. The community's resources aid in the resolution of a variety of low-complexity computing tasks. Crowdsourcing is considered a huge possibility for IoT to facilitate its nodes' social strength. There are numerous options for crowdsourcing solutions in IoT. Crowdsourcing is a social aspect of IoT that requires trust management [78].

B. MOOC (MASSIVE OPEN ONLINE COURSE)
These intelligent learning ecosystems can enhance learners' access to courses anytime, anywhere. Despite the expansion of MOOCs, disengagement and completion are challenges. Overcrowded MOOCs result in strong interactions, varied communications, and changing behaviors. In quest of a partner who can provide needed service and assistance, trust issues can arise. The lack of trust-based partnerships among learners is a major source of attrition and disinterest [122]. Trust issues may prevent students from communicating with peers. They spend a lot of time looking for a communication and collaboration partner. So, trust evaluation in SIoT can allow learners to find trustworthy peers to collaborate with or minimize uncertainty when they interact. [122].

C. HEALTHCARE SECTORS
IoT health care consists of smart devices that accompany the patient. A third-party company may have deployed these Things/ smart devices for a different purpose [147]. Health care is unknown and risky; therefore, trust is crucial. It's a prerequisite for implementing innovative healthcare services. Patient happiness, adherence, the durability of interaction with healthcare practitioners, and correct and fast diagnosis all influence healthcare quality. Trust represents patients' impressions of healthcare providers and their willingness to recommend one [148]. SIoT improves the healthcare sector's trust evaluation.

D. SMART AGRICULTURE
Smart agriculture integrates IoT, Big Data, GPS, Cloud Computing, and AI into traditional farming. By using a large number of sensors in fields, greenhouses, woodland gardens, and pastures, a smart agricultural IoT platform may collect real-time information on breeding or planting [149].
Malicious sensors for sensing temperature, water level, soil condition, light, etc. affect agricultural decision-making [150]. To effectively cope with SIoT trust-related attacks, several trust-related aspects must be examined depending on the nodes' relationships E. NETWORK NAVIGABILITY Short pathways between nodes determine network navigability [151]. To improve the service discovery process by leveraging multiple relationships (e.g., friendship among nodes, communities of interest, and co-location) and exploiting these social links to traverse the network, reducing the average path length [152].
The study [153] highlights friendship selection and node distance during SIoT navigation. According to the report, SIoT nodes route information and service requests, distribute data and assess network member trust. SIoT elements that affect the performance of these operations include the social network's structure, the categories of service/information requests, and the rules for navigating the social network. This study simulates all these elements. Measures of navigability include average path length, network diameter, and component size. This study [153] analyses two types of distances across nodes: geographical distance (computed using objects' most recent coordinates) and object distance (similarity between two objects).

F. TRAFFIC MANAGEMENT
Understanding the Internet of Vehicles (IoV) has led to the Social Internet of Vehicles (SIoV), which evolved from SIoT. In SIoV, vehicles are viewed as smart objects. This capacity to socialize helps these vehicles to handle a range of issues, such as service discovery (SD), which allows heterogeneous vehicles to provide dependable services to SCs. This improves road safety and driver experience. In SIoV, a group of vehicles may have a social aim. SIoV relies on trustworthy services [154].

VII. CHALLENGES AND FUTURE DIRECTION
The following challenges are identified in the trust management framework for SIoT: (i) Lack of context-based simulators/ analysis tools to effectively develop the trust management framework; (ii) Lack of context-based trust management frameworks: many SIoT research studies propose a trust management framework without considering the context for trust computation, aggregation, propagation, and evaluation; (iii) Lack of standard set of Trust Attributes (TAs) which could be evaluated in every trust management framework irrespective of the scenarios being considered; (iv) Lack of resiliency against trust-related attacks: this survey demonstrates that many studies have proposed a trust management framework without incorporating a resiliency mechanism against attacks in SIoT. (v) Lack of using a hybrid trust management approach: this survey shows that there is a lack of using a hybrid approach for trust management which could result in acquiring the benefits of both the centralized and decentralized approaches. VOLUME 10, 2022 Future research directions associated with trust management in SIoT include: (i) development of standard Trust Attributes to be used in every trust management scheme; (ii) development of context-based simulators for trust management framework; (iii) use of Blockchain for tamper-free storage and calculation of trust values. This would lead to the trustor having enhanced trust in the trustee. The trust ratings provided by SCs after acquiring services should be kept in a tamper-free environment. (iv) more focus on hybrid trust management frameworks to leverage the benefits of both the centralized and decentralized approaches.

VIII. CONCLUSION
Our research study provides a comprehensive analysis in the field of SIoT based on the trust management framework/models. Different SIoT architectures are covered in the introduction section. Social relationships are the pillars of any SIoT architecture in any context. Therefore, this study also covers various social relationships which play an important role in the development of trust management frameworks as part of the introduction section.
Our prime focus is on the analysis of the trust management aspect in SIoT therefore this study covers different aspects of trust in detail. Each trust management framework comprises Trust Attributes (TAs) whose properties are broadly classified as general trust properties and trust properties specifically related to the social aspects in the SIoT domain. Our survey includes the classification of studies on the types of TAs (''Social Trust'' or ''Quality of Service (QoS)'') being used. Any trust management framework is based on three general steps: trust computation, trust aggregation, and trust updates. The three general steps make use of TAs to perform the calculation. The local trust values are accumulated or aggregated to form an overall or global trust by using various trust aggregation schemes. Our research work also covers many distinguished trust computation and trust aggregation techniques in detail. The weighted Sum technique is one of the widely used techniques because of its low cost and ease of use. However, the use of machine learning algorithms is an emerging trend, but these methods are not cost-effective. Our research work also covers the scenarios where various trust computation and trust aggregation schemes are used. When the trust value is computed and aggregated, the next step is to update the already computed or assigned trust values to the nodes present in the network. The analysis of corresponding studies suggests that the most widely used method is event-driven as compared to the time-driven trust update scheme. Trust propagation focuses on three different trust propagation schemes: centralized, distributed/ decentralized and semi-centralized/ hybrid. Based on these studies, the most commonly used trust propagation schemes are decentralized. Although centralized schemes are easier to implement, they lead to a single point of failure. More focus should be given to developing hybrid trust management frameworks so that the benefits of both the centralized and decentralized approaches can be availed.
In the SIoT domain, trust-related attacks fall into two wide categories: collaborative attacks and individual attacks. Hence, our research study presents different attacks addressed in the relevant studies. Our research work also discusses the mechanisms addressed in these studies to provide resiliency against trust-related attacks. Our study also classifies attacks as ''Intrinsic'' and ''Extrinsic'' attacks.
Simulators or analysis tools provide the basis to evaluate trust models in a controlled context, consequently, these have been included in our study. Different trust strategies aim for different use of simulators or analysis tools. ns-3, NetLogo, and MATLAB are some of the most commonly used simulators.
Our research also classifies studies (reputation-based, recommendation-based, knowledge-based) based on opinions (global feedback or opinion, feedback from a friend, trustor's own opinion based on the information provided by the trustee) used in computing and aggregating trust values. We also include the classification of studies (policy-based, prediction-based, weighted sum based/ weighted linear combination based) according to the types of trust computation/ aggregation methods being used in our work.
This survey of trust management frameworks in the SIoT domain suggests that more importance should be given to a context-based approach while developing simulators/ analysis tools for trust management frameworks. A standard set of trust attributes should be developed to be used in every trust management model and scheme irrespective of the context. The analysis also suggests the need to derive a tamper-free technique for storing trust values assuring immutability and transparency. Merging blockchain in the trust management framework is another area that is a domain for future study for supporting trust management in SIoT.