The Sybil Attack - PowerPoint Presentation

Slide1

The Sybil Attack

By John R. Douceur

Presented by Samuel Petreski

March 31, 2009Slide2

Terminology

BackgroundMotivation for Sybil AttackFormal Model

Lemmas

ConclusionResources

OutlineSlide3

Entity

An entity is a collection of material resources

, of specifiable minimal

size, under control of a single group

Identity

Persistent information abstraction provably associated with a set of communication eventsValidationDetermination of identity differences

TerminologySlide4

Existence

of multiple unique identities to mitigate possible damage by other hostile entitiesIncrease and improve system reliability (replication)

P

rotect against integrity violations (data loss) and privacy violations (data leakage)

Lowers system reliability

The same entity creates multiple identities

BackgroundSlide5

One entity presents multiple identities for malicious

intentDisrupt geographic and multi-path routing protocols by “being in more than one place at once” and reducing

diversity

Relevant in many contextsP2P network

Ad hoc networks

Wireless sensor networksMotivation for Sybil AttackSlide6

A set of infrastructural entities e

A broadcast communication cloudA pipe connecting each entity to the cloud

Entity Subset C ( correct )

Entity Subset F ( faulty )Links are virtual, not physicalAccounts for spoofing and packet sniffing

Does not provide for central means of ID

Formal ModelSlide7

Formal ModelSlide8

Lemma 1

“If p is the ratio of the resources of a faulty entity to the resources of a minimally capable entity, then f can present g=floor(p) distinct identities to local entity L”Lower bound ->Upper bound

Restricting communication resources

Restricting storage resourcesRestricting computation resources

Lemmas (Direct Validation)Slide9

Lemma 2

“If a local entity L accepts entities that are not validated simultaneously, then a single faulty entity f can present an arbitrarily large number of distinct identities to entity L”Intrinsically temporal resources, make this lemma insurmountable

If an accepted entity ever fails to meet a challenge, we can catch a Sybil

attack

Lemmas (Direct Validation)Slide10

Lemma 3

“If local entity L accepts any identity vouched for by q accepted identities, then a set F of faulty entities can present an arbitrarily large number of distinct to L if either |F|>=q, or the collective resources available to F at least equals q+|F| minimally capable entities”

Trivially evident

Lemmas (Indirect Validation)Slide11

Lemma 4

“If the correct entities in set C do not coordinate time intervals during which they accept identities, and if local entity L accepts any identity vouched for by q accepted identities, then even a minimally capable faulty entity f can present g=floor(|C|/q) distinct identities to L.”

As in Lemma 1, this shows that a faulty entity can amplify its influence, and related number of faulty entities to faulty identities.

Lemmas (Indirect Validation)Slide12

P2P systems use redundancy to diminish dependence on hostile peers

Systems relying on implicit certification are particularly vulnerable ( eg. IPv6 )Absence of identification authority requires issuance of ‘challenges’ to determine veracity

ConclusionSlide13

QuestionsSlide14

John Douceur: The Sybil Attack. IPTPS 2003.

http://www.cs.rice.edu/Conferences/IPTPS02/101.pdf

http://ww2.cs.fsu.edu/~

jiangyhu/sybil-attack.pptBrian N. Levin: A Survey of Solutions to the Sybil

Attack.

http://prisms.cs.umass.edu/brian/pubs/levine.sybil.tr.2006.pdfWikipedia: Sybil Attack. http

://

en.wikipedia.org/wiki/Sybil_attack

Resources