The Sybil Attack

foamyflumpMobile - Wireless

Nov 21, 2013 (3 years and 8 months ago)

68 views

The Sybil Attack

By John R. Douceur


Presented by Samuel Petreski

March 31, 2009


Terminology


Background


Motivation for Sybil Attack


Formal Model


Lemmas


Conclusion


Resources

Outline


Entity


An entity is
a collection of material
resources, of specifiable minimal size,
under control of a single group


Identity


Persistent information abstraction provably
associated with a set of communication
events


Validation


Determination of identity differences

Terminology


Existence of multiple unique identities to
mitigate possible damage by other
hostile entities


Increase and improve system reliability
(replication)


Protect against integrity violations (data loss)
and privacy violations (data leakage)


Lowers system reliability


The same entity creates multiple identities

Background


One entity presents multiple identities for
malicious intent


Disrupt geographic and multi
-
path
routing protocols by “being in more than
one place at once” and reducing
diversity


Relevant in many contexts


P2P network


Ad hoc networks


Wireless sensor networks

Motivation for Sybil Attack


A set of infrastructural entities e


A broadcast communication cloud


A pipe

connecting each entity to the
cloud


Entity Subset C ( correct )


Entity Subset F ( faulty )


Links are virtual, not physical


Accounts for spoofing and packet sniffing


Does not provide for central means of ID

Formal Model

Formal Model


Lemma 1


“If p is the ratio of the resources of a faulty
entity to the resources of a minimally
capable entity, then f can present g=floor(p)
distinct identities to local entity L”


Lower bound
-
>Upper bound


Restricting communication resources


Restricting storage resources


Restricting computation resources

Lemmas (Direct Validation)


Lemma 2


“If a local entity L accepts entities that are
not validated simultaneously, then a single
faulty entity f can present an arbitrarily large
number of distinct identities to entity L”


Intrinsically temporal resources, make this
lemma insurmountable


If an accepted entity ever fails to meet a
challenge, we can catch a Sybil attack

Lemmas (Direct Validation)


Lemma 3


“If local entity L accepts any identity
vouched for by q accepted identities, then
a set F of faulty entities can present an
arbitrarily large number of distinct to L if
either |F|>=q, or the collective resources
available to F at least equals q+|F|
minimally capable entities”


Trivially evident

Lemmas (Indirect Validation)


Lemma 4


“If the correct entities in set C do not
coordinate time intervals during which they
accept identities, and if local entity L
accepts any identity vouched for by q
accepted identities, then even a minimally
capable faulty entity f can present
g=floor(|C|/q) distinct identities to L.”


As in Lemma 1, this shows that a faulty entity
can amplify its influence, and related
number of faulty entities to faulty identities.

Lemmas (Indirect Validation)


P2P systems use redundancy to diminish
dependence on hostile peers


Systems relying on implicit certification
are particularly vulnerable (
eg
. IPv6 )


Absence of identification authority
requires issuance of ‘challenges’ to
determine veracity

Conclusion


Questions


John Douceur: The Sybil Attack. IPTPS 2003.
http://www.cs.rice.edu/Conferences/IPTPS0
2/101.pdf



http://ww2.cs.fsu.edu/~jiangyhu/sybil
-
attack.ppt


Brian N. Levin: A Survey of Solutions to the
Sybil Attack.
http://prisms.cs.umass.edu/brian/pubs/levin
e.sybil.tr.2006.pdf


Wikipedia: Sybil Attack.
http://en.wikipedia.org/wiki/Sybil_attack


Resources