Upload
gwendolyn-chambers
View
218
Download
0
Tags:
Embed Size (px)
Citation preview
Md. Tanvir Al Amin 04 09 05 2064
Shah Md. Rifat Ahsan 10 09 05 2060
CSE 6809 – Distributed Search Techniques
A 1973 book by F. R. Schreiber about a patient called “Sybil Dorsett” (pseudonym)“Sybil” was suffering from dissociative identity
disorderShe manifested 16 different personalities
• Douceur [IPTPS 2002] was the first to consider the multiple identity problem in the context of structured peer-to-peer networks, which was named "Sybil Attack"
In a sybil attack, a malicious user obtains multiple fake identities and pretends to be multiple, distinct nodes in the system.
Is found in both P2P and non P2P systems.
Structured overlays are efficient node lookup systems.
They are highly scalable, efficient, and reliable. These characteristics are achieved by
deterministically replicating and recalling content within awidely distributed and decentralized network.
One practical limitation of these networks is that they are frequently subject to Sybil attacksMalicious parties can compromise the network by
generating and controlling large numbers of shadow identities.
Rig Internet polling by using multiple IP addresses to submit votes.
Increase Google Page-Rank rating of a page.Reputation systems are a common target for Sybil
attacks.Bugmenot.comSharing of iTunes passwords for shared media accessSybil attacks have been observed in the Maze P2P
system (Lian et al., ICDCS 2007) Steiner et al., CCR 2007 Demonstrated to be
surprisingly easy in practice, e.g., in the widely-used eMule system
Structured P2P networks such as Chord take very limited measures against a Sybil attack, an attacker can obtain many IDs and hence many nodes in the network. This will allow an attacker to take advantage of two major vulnerabilities from which such networks suffer, routing mechanism andobject serving mechanism.
Sybil nodes can be malicious. They can provide wrong informationThink about a sybil node taking part at
SETI@HOME projectSybil nodes can launch a DoS attack on a P2P
systemSuppose the DHT lookup includes a sybil node
You may fall in Infinite loop !!Or the Sybil node may provide ostensibly
wrong data !!A virus in place of a program
Imagine that there is network of dissident free-thinkers (called honest nodes) in the Byzantine Empire
They are connected by social links Each dissident keeps track of his immediate
friends, so they are always in contact.
The regime employs a number of spies (Sybil nodes) who infiltrate the network by gaining the trust of honest nodes.
A link between an honest node and a Sybil node is called an attack edge. Honest nodes cannot distinguish between attack edges and honest edges, and furthermore, spies can create an arbitrary number of connections to an arbitrary number of other spies (the regime’s Sybil identities).
P2P mania!
Chord, Pastry, Tapestry, CAN
The Sybil Attack [Douceur], Security Considerations [Sit, Morris]
Restricted tables [Castro et al]
BFT [Rodrigues, Liskov]
SPROUT, Turtle, Bootstrap graphs
Puzzles [Borisov]
CAPTCHA [Rowaihy et al]
SybilLimit [Yu et al]
SybilInfer, SumUp, DSybil
Whanau
P2P mania!
Because Sybil attacks result from entities misidentifying themselves, requiring all nodes to authenticate with public keys is a one approach to securing these networks.
Douceur showed that without the use of a centralized authority that certifies all nodes, it is impossible to prevent this attack.
Srivatsa and Liu [18] suggested the use of certificates with limited lifetime issued by the bootstrap entry point that bind a node with a unique ID. This would limit the number of IDs an adversary can obtain during a time period and will depend on the lifetime of the ticket. However, requiring all nodes to obtain a certificate that will bind it with a unique ID is not only expensive but will require either releasing private information or paying an amount of money for the service.
Decentralized mechanisms for limiting Sybil attacks are therefore more palatable.
Threshold-based protocols: In this scheme, a new node becomes the part of the network if it gets a pre-specified number of trust certificates from a group of trusted nodes. This method does not provide high-level security because a Sybil attacker can take control of the network by generating the identities to meet the threshold requirements.
Sybil Resisting DHT Routing: A routing strategy that is performed using a diverse set of nodes that minimizes the reliance only on the local nodes which may be controlled by the malicious node. Reduced number of corrupted nodes in the honest node's routing table makes a significant difference on the performance of DHTs.
Trusted Devices: In this scheme, entities in an application can be linked in some secure fashion to a specific hardware device. Here exists no special methods of preventing an attacker from obtaining multiple devices. The idea is that the cost of acquiring multiple devices is high.
Storage Give each node a large amount of uncompressible data
and randomly verify small excerpts.
Computation Ask the node to solve a difficult computational puzzle
whose solution is easy to check.
Money Charge some amount of money for each new Money:
Charge some amount of money for each new identity.
Sybil-proof routing using social
network A set of honest nodes connected by trust relationship and there is no idea of central trusted node.
An adversary node creates multiple identities and try to gain the trust of the honest nodes.
But the assumption here is that most honest nodes have more social connection to other honest nodes than the sybils.
SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu Michael Kaminsky Phillip B. Gibbons Abraham
Flaxman SIGCOMM 2006
SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks Haifeng Yu Michael Kaminsky Phillip B. Gibbons Feng
Xiao Oakland 2008
A Sybil-Proof Distributed Hash TableChris Lesniewski-Laas, M. Frans Kaashoek NSDI 2010
Slide courtesy Kaashoek, Lesniewski-Laas
Slide courtesy Kaashoek, Lesniewski-Laas
Sybil regionHonest
region
…
Attack edges
Slide courtesy Kaashoek, Lesniewski-Laas
We want to incorporate AI based features in Sybil detection.Trusted voting mechanismLearning mechanism (Bayesian learning or some
other advanced learning)Feature discovery options for Trust zone and
Sybil zone.Maximum likelihood Framework
Efficient DHT lookup bypassing Sybil nodesLearning mechanismRedundancy in lookupEffective use of majority voting
The Sybil Attack -John R.Douceur,Microsoft Research Security Considerations for Peer-to-Peer Distributed Hash Tables -
Emil Sit and Robert Morris Sybil-resistant DHT routing -George Danezis1, Chris Lesniewski-
Laas,M. Frans Kaashoek2, and Ross Anderson1 Computational Puzzles as Sybil Defenses- Nikita Borisov SybilGuard: Defending Against Sybil Attacks via Social Networks -
Haifeng Yu Michael Kaminsky, Phillip B. Gibbons Abraham Flaxman A Survey of Solutions to the Sybil Attack - Brian Neil Levine1 Clay
Shields2 N. Boris Margolin1
CybilOccupation Chief Mouser to the
Cabinet Office
Employer Queen Elizabeth II
Title Downing Street cat
Do you know my name is Cybil
too ??