1 / 26

SybilLimit: A Near-Optimal Social Network Defense Against Sybil Attacks

SybilLimit: A Near-Optimal Social Network Defense Against Sybil Attacks. Haifeng Yu National University of Singapore Phillip B. Gibbons Intel Research Pittsburgh Michael Kaminsky Intel Research Pittsburgh Feng Xiao National University of Singapore. launch sybil attack.

caraf
Download Presentation

SybilLimit: A Near-Optimal Social Network Defense Against Sybil Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SybilLimit: A Near-Optimal Social Network Defense Against Sybil Attacks Haifeng Yu National University of Singapore Phillip B. Gibbons Intel Research Pittsburgh Michael KaminskyIntel Research Pittsburgh Feng XiaoNational University of Singapore

  2. launch sybil attack Background: Sybil Attack honest • Sybil attack: Single user pretends many fake/sybil identities • Already observed in real-world p2p systems • Sybil identities can become a large fraction of all identities • “Out-vote” honest users in collaborative tasks malicious Haifeng Yu, National University of Singapore

  3. Background: Defending Against Sybil Attack • Using trusted central authority to tie identities to human beings – not always desirable • Much harder without a trusted central authority [Douceur’02] • Resource challenges not sufficient • IP address-based approach not sufficient • Widely considered as real & challenging: • Over 40 papers acknowledging the problem of sybil attack, without having a distributed solution Haifeng Yu, National University of Singapore

  4. SybilGuard / SybilLimit Basic Insight: Leveraging Social Networks • Nodes = identities • Undirected edges = strong mutual trust • E.g., colleagues, relatives in real-world • Not online friends ! SybilGuard [SIGCOMM’06] / SybilLimit [Oakland’08]: The first to leverage social networks for thwarting sybil attacks with provable guarantees. Haifeng Yu, National University of Singapore

  5. sybil nodes sybil nodes may collude – the adversary Attack Model • n honest users: One identity/node each • Malicious users: Multiple identities each (sybil nodes) honest nodes attack edges malicious users Observation: Adversary cannot create extra edges between honest nodes and sybil nodes Haifeng Yu, National University of Singapore

  6. SybilGuard/SybilLimit Basic Insight Dis-proportionally small cut disconnecting a large number of identities But cannot search brute-force… attack edges honest nodes sybil nodes Haifeng Yu, National University of Singapore

  7. SybilGuard / SybilLimit End Guarantees • Completely decentralized • Enables any given verifier node to decide whether to accept any given suspectnode • Accept: Provide service to / receive service from • Ideally: Accept and only accept honest nodes – unfortunately not possible • SybilGuard / SybilLimit provably • Bound # of accepted sybil nodes (w.h.p.) • Accept all honest nodes except a small  fraction (w.h.p.) Haifeng Yu, National University of Singapore

  8. Example Application Scenarios Haifeng Yu, National University of Singapore

  9. ~10 ~2000 ~10 We also prove that SybilLimit is away from optimal SybilLimit Contribution 1: “Pushing the Limit” # sybil nodes accepted (smaller is better) per attack edge between unbounded and Haifeng Yu, National University of Singapore

  10. Outline • Motivation, basic insight, and end guarantees • SybilLimit Contribution 1: “Pushing the Limit” • The near-optimal SybilLimit design • SybilLimit Contribution 2: Validation on Real-World Social Networks Haifeng Yu, National University of Singapore

  11. Identity Registration in SybilLimit • Each node (honest or sybil) has a locally generated public/private key pair • “Identity”: V accepts S = V accepts S’s public key KS • We do not assume/need PKI • In SybilLimit, every suspect S “registers” KS on some other nodes Haifeng Yu, National University of Singapore

  12. K K K K K K K K K K SybilLimit: Strawman Design – Step 1 K: registered keys of sybil nodes • Ensure that sybil nodes (collectively) register only on limited number of honest nodes • Still provide enough “registration opportunities” for honest nodes K: registered keys of honest nodes K K K K K K honest region sybil region Haifeng Yu, National University of Singapore

  13. SybilLimit: Strawman Design – Step 2 K: registered keys of sybil nodes • Accept S only if KS is register on sufficiently many honest nodes • Without knowing where the honest region is ! • Circular design? We can break this circle… K: registered keys of honest nodes K K K K K K K K K K K K K K K K honest region sybil region Haifeng Yu, National University of Singapore

  14. Three Interrelated Key Techniques • Technique 1: Use the tails of random routes for registration • Will achieve Step 1 • Random routes are from SybilGuard • Novelty: The use of tails • Novelty: The use of multiple independent instances of shorter random routes Haifeng Yu, National University of Singapore

  15. Three Interrelated Key Techniques • Technique 2: Use intersection condition and balance condition to verify suspects • Will break the circular design and achieve Step 2 • SybilGuard also has intersection condition • Novelty: Intersection on edges • Novelty: SybilGuard has no balance condition • Technique 3: Use benchmarking technique to estimate unknown parameters • Breaks another seemingly circular design… • Novelty: SybilGuard has no such technique Haifeng Yu, National University of Singapore

  16. Three Interrelated Key Techniques • Technique 1: Use the tails of random routes for registration • Will achieve Step 1 • Random routes are from SybilGuard • Novelty: The use of tails • Novelty: The use of multiple independent instances of shorter random routes Haifeng Yu, National University of Singapore

  17. Random 1 to 1 mapping between incoming edge and outgoing edge Random Route: Convergence f a e b d a  d d  e c randomized routing table e  d b  a c  b f  f d  c Using routing table gives Convergence Property: Routes merge if crossing the same edge Haifeng Yu, National University of Singapore

  18. B C D Registering Public Keys with Tails • Every node initiates a “secure” random route of length w from itself • See paper for discussion on w • See paper for how to make it “secure” edge “CD” is the tail of A’s random route w = 3 A D records KA under name “CD” Haifeng Yu, National University of Singapore

  19. tainted tail Tails of Sybil Suspects • Imagine that every sybil suspect initiates a random route from itself sybil nodes honest nodes total 1 tainted tail Haifeng Yu, National University of Singapore

  20. Counting The Number of Tainted Tails attack edge • Claim: There are at most w tainted tails per attack edge • Convergence: At most w tainted tails per attack edge • Regardless of whether sybil nodes follow the protocol honest nodes sybil nodes Haifeng Yu, National University of Singapore

  21. Back to the Strawman Design Step 1 K: registered keys of sybil nodes K: registered keys of honest nodes • # of K’s gw • Independent of # sybil nodes • # of K’s  n – gw • From “backtrace-ability” property of random routes • See paper… K K K K honest region K K K Step 1 achieved ! Haifeng Yu, National University of Singapore

  22. Outline • SybilLimit Contribution 1: “Pushing the Limit” • Independent instances, intersection condition, balance condition, benchmarking technique • Avoids multiple seemingly circular designs (hardest part…) • Also see paper for • Performance overheads… • Near-optimality … • SybilLimit Contribution 2: Validation on Real-World Social Networks Haifeng Yu, National University of Singapore

  23. Validation on Real-World Social Networks • SybilGuard / SybilLimit assumption: Honest nodes are not behind disproportionally small cuts • Rigorously: Social networks (without sybil nodes) have small mixing time • Mixing time affects # sybil nodes accepted and # honest nodes accepted • Synthetic social networks – proof in [SIGCOMM’06] • Real-world social networks? • Social communities, social groups, …. Haifeng Yu, National University of Singapore

  24. Simulation Setup Crawled online social networks used in experiments • We experiment with: • Different number and placement of attack edges • Different graph sizes -- full size to 100-node sub-graphs • Sybil attackers use the optimal strategy Haifeng Yu, National University of Singapore

  25. Brief Summary of Simulation Results • In all cases we experimented with: • Fraction of honest nodes accepted: • ~95% • # sybil nodes accepted: • ~10 per attack edge for Friendster and LiveJournal • ~15 per attack edge for DBLP Haifeng Yu, National University of Singapore

  26. Conclusions • Sybil attack: • Widely considered as a real and challenging problem • SybilLimit: Fully decentralized defense protocol based on social networks • Provable near-optimal guarantees • Experimental validation on real-world social networks • Future work: Implement SybilLimit with real apps Haifeng Yu, National University of Singapore

More Related