150 likes | 423 Views
The Sybil Attack. By John R. Douceur. Outline. Terminology Background Motivation for Sybil Attack Formal Model Lemmas Conclusion Resources. Terminology. Entity An entity is a collection of material resources , of specifiable minimal size , under control of a single group Identity
E N D
The Sybil Attack By John R. Douceur Presented by Samuel Petreski March 31, 2009
Outline • Terminology • Background • Motivation for Sybil Attack • Formal Model • Lemmas • Conclusion • Resources
Terminology • Entity • An entity is a collection of material resources, of specifiable minimal size, under control of a single group • Identity • Persistent information abstraction provably associated with a set of communication events • Validation • Determination of identity differences
Background • Existence of multiple unique identities to mitigate possible damage by other hostile entities • Increase and improve system reliability (replication) • Protect against integrity violations (data loss) and privacy violations (data leakage) • Lowers system reliability • The same entity creates multiple identities
Motivation for Sybil Attack • One entity presents multiple identities for malicious intent • Disrupt geographic and multi-path routing protocols by “being in more than one place at once” and reducing diversity • Relevant in many contexts • P2P network • Ad hoc networks • Wireless sensor networks
Formal Model • A set of infrastructural entities e • A broadcast communication cloud • A pipeconnecting each entity to the cloud • Entity Subset C ( correct ) • Entity Subset F ( faulty ) • Links are virtual, not physical • Accounts for spoofing and packet sniffing • Does not provide for central means of ID
Lemmas (Direct Validation) • Lemma 1 • “If p is the ratio of the resources of a faulty entity to the resources of a minimally capable entity, then f can present g=floor(p) distinct identities to local entity L” • Lower bound ->Upper bound • Restricting communication resources • Restricting storage resources • Restricting computation resources
Lemmas (Direct Validation) • Lemma 2 • “If a local entity L accepts entities that are not validated simultaneously, then a single faulty entity f can present an arbitrarily large number of distinct identities to entity L” • Intrinsically temporal resources, make this lemma insurmountable • If an accepted entity ever fails to meet a challenge, we can catch a Sybil attack
Lemmas (Indirect Validation) • Lemma 3 • “If local entity L accepts any identity vouched for by q accepted identities, then a set F of faulty entities can present an arbitrarily large number of distinct to L if either |F|>=q, or the collective resources available to F at least equals q+|F| minimally capable entities” • Trivially evident
Lemmas (Indirect Validation) • Lemma 4 • “If the correct entities in set C do not coordinate time intervals during which they accept identities, and if local entity L accepts any identity vouched for by q accepted identities, then even a minimally capable faulty entity f can present g=floor(|C|/q) distinct identities to L.” • As in Lemma 1, this shows that a faulty entity can amplify its influence, and related number of faulty entities to faulty identities.
Conclusion • P2P systems use redundancy to diminish dependence on hostile peers • Systems relying on implicit certification are particularly vulnerable ( eg. IPv6 ) • Absence of identification authority requires issuance of ‘challenges’ to determine veracity
Resources • John Douceur: The Sybil Attack. IPTPS 2003. http://www.cs.rice.edu/Conferences/IPTPS02/101.pdf • http://ww2.cs.fsu.edu/~jiangyhu/sybil-attack.ppt • Brian N. Levin: A Survey of Solutions to the Sybil Attack. http://prisms.cs.umass.edu/brian/pubs/levine.sybil.tr.2006.pdf • Wikipedia: Sybil Attack. http://en.wikipedia.org/wiki/Sybil_attack