1 / 9

The Sybil attack

The Sybil attack. “One can have, some claim, as many electronic persons as one has time and energy to create.” – Judith S. Donath. The Sybil attack. B. A. M. Terminology. Entity Collection of material resources, of specifiable minimal size, under control of a single agency

brooklyn
Download Presentation

The Sybil attack

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Sybil attack “One can have, some claim, as many electronic persons as one has time and energy to create.” – Judith S. Donath

  2. The Sybil attack B A M

  3. Terminology • Entity Collection of material resources, of specifiable minimal size, under control of a single agency E.g., one mobile node • Identity Persistent informational abstraction provably associated with a set of communication events E.g., a public key • Validation Determination of identity distinctness

  4. The Sybil attack • One entity presents multiple identities for malicious intent. • Disrupt geographic and multi-path routing protocols by “being in more than one place at once” and reducing diversity. • Relevant in many context: • P2P network • Ad hoc networks • Wireless sensor networks

  5. Validation • Goal: accept all legitimate identities, but no counterfeits. • Verify identities: • Direct validation • Indirect validation

  6. Direct validation Validate the distinctness of two entities by asking them to perform task that one entity can not do: • If the communication resource is restricted, the verifier broadcasts a request for identities and then only accepts replies that occur within a given time interval. • If the storage resource is restricted, the verifier can challenges each identity to store large amount of unique data. The verifier verifies by keeping small excerpts of the data. • If the computation resource is restricted, the verifier challenges each identity to solve a unique computational problem.

  7. Direct validation • Assumption: • all entities have identical resource constraints. • all involved entities are verified simultaneously. Extreme and unrealistic!

  8. Indirect validation • Accept identities that have been validated by a sufficient count of other identities that it has already accepted. • Danger: a group of faulty entities can vouch for counterfeit identities.

  9. Discussion • A centralized identification authority is important, but not enough. • Identity verification. • Authenticated broadcast. • Link-layer encryption and authentication.

More Related