1 / 39

Defending Against Sybil Attacks via Social Networks

Defending Against Sybil Attacks via Social Networks. Haifeng Yu School of Computing National University of Singapore. Acknowledgments. Talk based on three papers [SIGCOMM’06, ToN’08] (SybilGuard) [IEEE S&P’08] (SybilLimit) Available on my homepage – google my name Co-authors:

rafal
Download Presentation

Defending Against Sybil Attacks via Social Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Defending Against Sybil Attacks via Social Networks Haifeng Yu School of Computing National University of Singapore

  2. Acknowledgments • Talk based on three papers • [SIGCOMM’06, ToN’08] (SybilGuard) • [IEEE S&P’08] (SybilLimit) • Available on my homepage – google my name • Co-authors: • Phillip B. Gibbons • Michael Kaminsky • Feng Xiao • Abie Flaxman Haifeng Yu, National University of Singapore

  3. launch sybil attack Background: Sybil Attack honest • Sybil attack: Single user pretends many fake/sybil identities • I.e., Creating multiple accounts • Already observed in real-world p2p systems • Sybil identities can become a large fraction of all identities malicious Haifeng Yu, National University of Singapore

  4. Background: Sybil Attack • Enables malicious users to easily “out-vote” honest users • Byzantine consensus – exceed the 1/3 threshold • Majority voting – cast more than one vote • DHT – control a large portion of the ring • Recommendation systems – manipulate the recommendations Haifeng Yu, National University of Singapore

  5. Background: Defending Against Sybil Attack • Using trusted central authority to tie identities to human beings – not always desirable • Much harder without a trusted central authority [Douceur’02] • Resource challenges not sufficient • IP address-based approach not sufficient • Widely considered as real & challenging: • Over 40 papers acknowledging the problem of sybil attack, without having a distributed solution Haifeng Yu, National University of Singapore

  6. SybilGuard / SybilLimit Basic Insight: Leveraging Social Networks • Nodes = identities • Undirected edges = strong mutual trust • E.g., colleagues, relatives in real-world • Not online friends! SybilGuard / SybilLimit is the first to use social networks for thwarting sybil attacks with provable guarantees. Haifeng Yu, National University of Singapore

  7. sybil nodes sybil nodes may collude – the adversary SybilGuard / SybilLimit Basic Insight • n honest users: One identity/node each • Malicious users: Multiple identities each (sybil nodes) honest nodes attack edges malicious users Observation: Adversary cannot create extra edges between honest nodes and sybil nodes Haifeng Yu, National University of Singapore

  8. SybilGuard/SybilLimit Basic Insight Dis-proportionally small cut disconnecting a large number of identities But cannot search brute-force… attack edges honest nodes sybil nodes Haifeng Yu, National University of Singapore

  9. SybilGuard / SybilLimit End Guarantees • Completely decentralized • Enables any given verifier node to decide whether to accept any given suspectnode • Accept: Provide service to / receive service from • Ideally: Accept and only accept honest nodes – unfortunately not possible • SybilGuard / SybilLimit provably • Bound # of accepted sybil nodes (w.h.p.) • Accept all honest nodes except a small  fraction (w.h.p.) Haifeng Yu, National University of Singapore

  10. Example Application Scenarios Haifeng Yu, National University of Singapore

  11. ~10 ~2000 ~10 We also prove that SybilLimit is away from optimal SybilGuard vs. SybilLimit # sybil nodes accepted (smaller is better) per attack edge between unbounded and Haifeng Yu, National University of Singapore

  12. Outline • Motivation, basic insight, and end guarantees • SybilLimit design • Will focus on intuition • Evaluation results on real-world social networks Haifeng Yu, National University of Singapore

  13. Cryptographic Keys • Each edge in social network corresponds to a symmetric edge key • Established out of band • Each node (honest or sybil) has a locally generated public/private key pair • “Identity”: V accepts S = V accepts S’s public key KS • When running SybilLimit, every suspect S is allowed to “register” KS on some other nodes Haifeng Yu, National University of Singapore

  14. K K K K K K K K K K SybilLimit: Strawman Design – Step 1 K: registered keys of sybil nodes • Ensure that sybil nodes (collectively) register only on limited number of honest nodes • Still provide enough “registration opportunities” for honest nodes K: registered keys of honest nodes K K K K K K honest region sybil region Haifeng Yu, National University of Singapore

  15. SybilLimit: Strawman Design – Step 2 K: registered keys of sybil nodes • Accept S iff KS is register on sufficiently many honest nodes • Without knowing where the honest region is ! • Circular design? We can break this circle… K: registered keys of honest nodes K K K K K K K K K K K K K K K K honest region sybil region Haifeng Yu, National University of Singapore

  16. Three Interrelated Key Techniques • Technique 1: Use the tails of random routes for registration • Will achieve Step 1 • SybilGuard novelty: Random routes • SybilLimit novelty: The use of tails • SybilLimit novelty: The use of multiple independent instances of shorter random routes Haifeng Yu, National University of Singapore

  17. Three Interrelated Key Techniques • Technique 2: Use intersection condition and balance condition to verify suspects • Will break the circular design and achieve Step 2 • SybilGuard novelty: Intersection on nodes • SybilLimit novelty: Intersection on edges • SybilLimit novelty: Balance condition • Technique 3: Use benchmarking technique to estimate unknown parameters • Breaks another seemingly circular design… • SybilLimit novelty: Benchmarking technique Haifeng Yu, National University of Singapore

  18. Random 1 to 1 mapping between incoming edge and outgoing edge Random Route: Convergence f a e b d a  d d  e c randomized routing table e  d b  a c  b f  f d  c Using routing table gives Convergence Property: Routes merge if crossing the same edge Haifeng Yu, National University of Singapore

  19. edge “CD” is the tail of A’s random route B C D Securely Registering Public Keys record KA under name “CD” • All random routes in SybilLimit are of length w • All nodes know w • Nodes communicate via authenticated channels A i = 1 KA i = 2 KA i = 3 KA i = 3 KA To register KA, A initiates a random route (assuming w = 3) Haifeng Yu, National University of Singapore

  20. tainted tail Tails of Sybil Suspects • Imagine that every sybil suspect initiates a random route from itself sybil nodes honest nodes total 1 tainted tail Haifeng Yu, National University of Singapore

  21. Counting The Number of Tainted Tails attack edge • Claim: There are at most w tainted tails per attack edge • Proof: By the Convergence property • Regardless of whether sybil nodes follow the protocol honest nodes sybil nodes Haifeng Yu, National University of Singapore

  22. Back to the Strawman Design Step 1 K: registered keys of sybil nodes K: registered keys of honest nodes • # of K’s gw • Independent of # sybil nodes • # of K’s  n – gw • From “backtrace-ability” property of random routes • See paper… K K K K honest region K K K Step 1 achieved ! Haifeng Yu, National University of Singapore

  23. Independent Instances • SybilLimit uses independent instances of the registration protocol • m: # of edges in the honest region • Number of K’s: • Number of K’s: • Goal: Accept S iff KS is registered on tails in the honest region • Sybil suspects accepted: • Honest suspects accepted: Haifeng Yu, National University of Singapore

  24. Three Techniques • Technique 1: Use novel random routes to register public keys • Will achieve Step 1 • Technique 2: Use intersection condition and balance condition to verify suspects • Challenge: SybilLimit does not know which region is the honest region • Technique 3: Use benchmarking technique to estimate unknown parameters Haifeng Yu, National University of Singapore

  25. The Intersection Condition • Verifier V obtains tails by doing random routes of length w • Using different instances – see paper… • Some tails are in the sybil region – ignore for now… • S satisfies intersection condition if: • S’s and V’s tails intersect • S’s public key is registered with the intersecting tail Haifeng Yu, National University of Singapore

  26. AB 1. request S’s set of tails 2. I have three tails AB; CD; EF 4. Is KS registered? EF CD F 5. Yes. Intersection Condition: Verification Procedure S V 3.common tail: EF 4 messages involved S satisfies intersection condition Haifeng Yu, National University of Singapore

  27. Leveraging Known Random Walk Theory • (Approximate) Theorem: • If w is roughly the mixing time of the social network, then all tails (V’s and S’s) are roughly uniformly random edges • If social networks have mixing time, then Haifeng Yu, National University of Singapore

  28. Help to bound # of sybil nodes accepted Leveraging a Sharp Distribution Assuming V has tails in the honest region Intersection prob p 1.0 Birthday paradox This is why SybilLimit does edge intersection … 0 # of S’s tails in honest region Haifeng Yu, National University of Singapore

  29. Back to the Strawman Design Step 2 K: registered keys of sybil nodes • Accept S iff KS is register on sufficiently many honest nodes • “Sufficiently many” = • Intersection occurs iff S has tails in the honest region K: registered keys of honest nodes K K K K K K K K K K K K K K K K honest region sybil region Haifeng Yu, National University of Singapore

  30. Omitted Challenges … • Some of V’s tails are in the sybil region • We do not know which tails are in the sybil region • Balance condition – hardest part to prove in SybilLimit… • Adversary has many strategies to allocated the tainted tails… • Tainted tails are not uniformly random… • See paper for details… Haifeng Yu, National University of Singapore

  31. Three Interrelated Key Techniques • Technique 1: Random routes • Technique 2: Intersection condition and balance condition • Technique 3: Novel and counter-intuitive benchmarking technique • Avoids another seemingly circular design… • See paper… • Claims on near-optimality: See paper… Haifeng Yu, National University of Singapore

  32. Performance Aspects • Random routes are performed only once • Re-do only when social network changes – infrequently • Can be done incrementally • Doing random routes is not time-critical • Only delays a new suspect being accepted • Churn is a non-problem… • Verification involves O(1) messages • See paper… Haifeng Yu, National University of Singapore

  33. Outline • Motivation, basic insight, and end guarantees • SybilLimit design • Evaluation results on real-world social networks Haifeng Yu, National University of Singapore

  34. Validation on Real-World Social Networks • SybilGuard / SybilLimit assumption: Honest nodes are not behind disproportionally small cuts • Rigorously: Social networks (without sybil nodes) have small mixing time • Mixing time affects # sybil nodes accepted • Synthetic social networks – proof in [SIGCOMM’06] • Real-world social networks? • Social communities, social groups, …. Haifeng Yu, National University of Singapore

  35. Simulation Setup Crawled online social networks used in experiments • We experiment with: • Different number and placement of attack edges • Different graph sizes -- full size to 100-node sub-graphs • Sybil attackers use the optimal strategy Haifeng Yu, National University of Singapore

  36. Brief Summary of Simulation Results • In all cases we experimented with: • Average honest verifier accepts ~95% of all honest suspects • Average honest suspect is accepted by ~95% of all honest verifiers • # sybil nodes accepted: • ~10 per attack edge for Friendster and LiveJournal • ~15 per attack edge for DBLP Haifeng Yu, National University of Singapore

  37. Other Social Networks? • Other social networks likely to have small mixing time too (DBLP as a worst-case) • What if the mixing time is large? • Graceful degradation of SybilLimit’s guarantees -- Accept more sybil nodes Haifeng Yu, National University of Singapore

  38. Conclusions • Sybil attack: • Widely considered as a real and challenging problem • SybilLimit: Fully decentralized defense protocol based on social networks • Provable near-optimal guarantees • Experimental validation on real-world social networks • Future work: Implement SybilLimit with real apps Haifeng Yu, National University of Singapore

  39. Post Doc Opening • NUS: Ranked 31st globally by Newsweek • E.g., we have 11 SIGMOD papers in 2008 • I have post doc opening in distributed systems and distributed algorithms • Minimum 1 year, renewable up to multiple years • 2 years funding already committed • Main job duty: Publish in top venues • Help you to build up track record for career after post doc • Salary: Comparable (if not better) than US post docs • Singapore living cost and tax are lower than US • Contact me to inquire or apply – google my name Haifeng Yu, National University of Singapore

More Related