1 / 14

The Sybil Attack

The Sybil Attack. By John R. Douceur. Outline. Terminology Background Motivation for Sybil Attack Formal Model Lemmas Conclusion Resources. Terminology. Entity An entity is a collection of material resources , of specifiable minimal size , under control of a single group Identity

freira
Télécharger la présentation

The Sybil Attack

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Sybil Attack By John R. Douceur Presented by Samuel Petreski March 31, 2009

  2. Outline • Terminology • Background • Motivation for Sybil Attack • Formal Model • Lemmas • Conclusion • Resources

  3. Terminology • Entity • An entity is a collection of material resources, of specifiable minimal size, under control of a single group • Identity • Persistent information abstraction provably associated with a set of communication events • Validation • Determination of identity differences

  4. Background • Existence of multiple unique identities to mitigate possible damage by other hostile entities • Increase and improve system reliability (replication) • Protect against integrity violations (data loss) and privacy violations (data leakage) • Lowers system reliability • The same entity creates multiple identities

  5. Motivation for Sybil Attack • One entity presents multiple identities for malicious intent • Disrupt geographic and multi-path routing protocols by “being in more than one place at once” and reducing diversity • Relevant in many contexts • P2P network • Ad hoc networks • Wireless sensor networks

  6. Formal Model • A set of infrastructural entities e • A broadcast communication cloud • A pipeconnecting each entity to the cloud • Entity Subset C ( correct ) • Entity Subset F ( faulty ) • Links are virtual, not physical • Accounts for spoofing and packet sniffing • Does not provide for central means of ID

  7. Formal Model

  8. Lemmas (Direct Validation) • Lemma 1 • “If p is the ratio of the resources of a faulty entity to the resources of a minimally capable entity, then f can present g=floor(p) distinct identities to local entity L” • Lower bound ->Upper bound • Restricting communication resources • Restricting storage resources • Restricting computation resources

  9. Lemmas (Direct Validation) • Lemma 2 • “If a local entity L accepts entities that are not validated simultaneously, then a single faulty entity f can present an arbitrarily large number of distinct identities to entity L” • Intrinsically temporal resources, make this lemma insurmountable • If an accepted entity ever fails to meet a challenge, we can catch a Sybil attack

  10. Lemmas (Indirect Validation) • Lemma 3 • “If local entity L accepts any identity vouched for by q accepted identities, then a set F of faulty entities can present an arbitrarily large number of distinct to L if either |F|>=q, or the collective resources available to F at least equals q+|F| minimally capable entities” • Trivially evident

  11. Lemmas (Indirect Validation) • Lemma 4 • “If the correct entities in set C do not coordinate time intervals during which they accept identities, and if local entity L accepts any identity vouched for by q accepted identities, then even a minimally capable faulty entity f can present g=floor(|C|/q) distinct identities to L.” • As in Lemma 1, this shows that a faulty entity can amplify its influence, and related number of faulty entities to faulty identities.

  12. Conclusion • P2P systems use redundancy to diminish dependence on hostile peers • Systems relying on implicit certification are particularly vulnerable ( eg. IPv6 ) • Absence of identification authority requires issuance of ‘challenges’ to determine veracity

  13. Questions

  14. Resources • John Douceur: The Sybil Attack. IPTPS 2003. http://www.cs.rice.edu/Conferences/IPTPS02/101.pdf • http://ww2.cs.fsu.edu/~jiangyhu/sybil-attack.ppt • Brian N. Levin: A Survey of Solutions to the Sybil Attack. http://prisms.cs.umass.edu/brian/pubs/levine.sybil.tr.2006.pdf • Wikipedia: Sybil Attack. http://en.wikipedia.org/wiki/Sybil_attack

More Related