The Sybil Attack

foamyflumpΚινητά – Ασύρματες Τεχνολογίες

21 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

69 εμφανίσεις

The Sybil Attack

By John R. Douceur

Presented by Samuel Petreski

March 31, 2009



Motivation for Sybil Attack

Formal Model






An entity is
a collection of material
resources, of specifiable minimal size,
under control of a single group


Persistent information abstraction provably
associated with a set of communication


Determination of identity differences


Existence of multiple unique identities to
mitigate possible damage by other
hostile entities

Increase and improve system reliability

Protect against integrity violations (data loss)
and privacy violations (data leakage)

Lowers system reliability

The same entity creates multiple identities


One entity presents multiple identities for
malicious intent

Disrupt geographic and multi
routing protocols by “being in more than
one place at once” and reducing

Relevant in many contexts

P2P network

Ad hoc networks

Wireless sensor networks

Motivation for Sybil Attack

A set of infrastructural entities e

A broadcast communication cloud

A pipe

connecting each entity to the

Entity Subset C ( correct )

Entity Subset F ( faulty )

Links are virtual, not physical

Accounts for spoofing and packet sniffing

Does not provide for central means of ID

Formal Model

Formal Model

Lemma 1

“If p is the ratio of the resources of a faulty
entity to the resources of a minimally
capable entity, then f can present g=floor(p)
distinct identities to local entity L”

Lower bound
>Upper bound

Restricting communication resources

Restricting storage resources

Restricting computation resources

Lemmas (Direct Validation)

Lemma 2

“If a local entity L accepts entities that are
not validated simultaneously, then a single
faulty entity f can present an arbitrarily large
number of distinct identities to entity L”

Intrinsically temporal resources, make this
lemma insurmountable

If an accepted entity ever fails to meet a
challenge, we can catch a Sybil attack

Lemmas (Direct Validation)

Lemma 3

“If local entity L accepts any identity
vouched for by q accepted identities, then
a set F of faulty entities can present an
arbitrarily large number of distinct to L if
either |F|>=q, or the collective resources
available to F at least equals q+|F|
minimally capable entities”

Trivially evident

Lemmas (Indirect Validation)

Lemma 4

“If the correct entities in set C do not
coordinate time intervals during which they
accept identities, and if local entity L
accepts any identity vouched for by q
accepted identities, then even a minimally
capable faulty entity f can present
g=floor(|C|/q) distinct identities to L.”

As in Lemma 1, this shows that a faulty entity
can amplify its influence, and related
number of faulty entities to faulty identities.

Lemmas (Indirect Validation)

P2P systems use redundancy to diminish
dependence on hostile peers

Systems relying on implicit certification
are particularly vulnerable (
. IPv6 )

Absence of identification authority
requires issuance of ‘challenges’ to
determine veracity



John Douceur: The Sybil Attack. IPTPS 2003.

Brian N. Levin: A Survey of Solutions to the
Sybil Attack.

Wikipedia: Sybil Attack.