Abstract
Peer-to-peer and other decentralized,distributed systems are known to be particularly vulnerable to sybil attacks. In a sybil attack,a malicious user obtains multiple fake identities and pretends to be multiple, distinct nodes in the system. By controlling a large fraction of the nodes in the system,the malicious user is able to "out vote" the honest users in collaborative tasks such as Byzantine failure defenses. This paper presents SybilGuard, a novel protocol for limiting the corruptive influences of sybil attacks.Our protocol is based on the "social network "among user identities, where an edge between two identities indicates a human-established trust relationship. Malicious users can create many identities but few trust relationships. Thus, there is a disproportionately-small "cut" in the graph between the sybil nodes and the honest nodes. SybilGuard exploits this property to bound the number of identities a malicious user can create.We show the effectiveness of SybilGuard both analytically and experimentally.
- Center for Computational Analysis of Social and Organizational Systems (CASOS), 2006. http://www.casos.cs.cmu.edu/computational_tools/data.php.]]Google Scholar
- International Network for Social Network Analysis, 2006. http://www.insna.org/INSNA/data_inf.htm.]]Google Scholar
- I. Abraham and D. Malkhi. Probabilistic quorums for dynamic systems. In DISC, 2003.]] Google ScholarDigital Library
- R. Bazzi and G. Konjevod. On the establishment of distinct identities in overlay networks. In ACM PODC ,2005.]] Google ScholarDigital Library
- W. J. Bolosky, J. R. Douceur, D. Ely,and M. Theimer. Feasibility of a serverless distributed file system deployed on an existing set of desktop PCs. In ACM SIGMETRICS, 2000.]] Google ScholarDigital Library
- S. Boyd, A. Ghosh, B. Prabhakar, and D. Shah. Gossip algorithms: Design, analysis and applications. In IEEE INFOCOM, 2005.]]Google ScholarCross Ref
- A. Cheng and E. Friedman. Sybilproof reputation mechanisms. In ACM SIGCOMM Workshop on Economics of Peer-to-Peer Systems, 2005.]] Google ScholarDigital Library
- G. Danezis, C. Lesniewski-Laas, M. F. Kaashoek, and R. Anderson. Sybil-resistant DHT routing. In European Symposium On Research In Computer Security, 2005.]] Google ScholarDigital Library
- J. Douceur. The Sybil attack. In IPTPS, 2002.]] Google ScholarDigital Library
- M. Feldman, K. Lai, I. Stoica, and J. Chuang. Robust incentive techniques for peer-to-peer networks. In ACM Electronic Commerce, 2004.]] Google ScholarDigital Library
- A. D. Flaxman. Expansion and lack thereof in randomly perturbed graphs. Manuscript under submission, 2006.]]Google Scholar
- J. Kleinberg. The small-world phenomenon: An algorithm perspective. In STOC, 2000.]] Google ScholarDigital Library
- P. Maniatis, M. Roussopoulos, T. Giuli, D. S. H. Rosenthal, and M. Baker. The LOCKSS peer-to-peer digital preservation system. ACM TOCS, 23(1), 2005.]] Google ScholarDigital Library
- M. Mitzenmacher and E. Upfal. Probability and Computing. Cambridge University Press, 2005.]]Google ScholarCross Ref
- R. Morselli, B. Bhattacharjee, A. Srinivasan, and M. Marsh. Efficient lookup on unstructured topologies. In ACM PODC, 2005.]] Google ScholarDigital Library
- J. Newsome, E. Shi, D. Song, and A. Perrig. The Sybil attack in sensor networks: Analysis & defenses. In ACM/IEEE IPSN, 2004.]] Google ScholarDigital Library
- T. S. E. Ng and H. Zhang. Predicting internet network distance with coordinates-based approaches. In IEEE INFOCOM, 2002.]]Google ScholarCross Ref
- B. Parno, A. Perrig, and V. Gligor. Distributed detection of node replication attacks in sensor networks. In IEEE Symposium on Security and Privacy, 2005.]] Google ScholarDigital Library
- A. Ramachandran and N. Feamster. Understanding the network-level behavior of spammers. In ACM SIGCOMM, 2006.]] Google ScholarDigital Library
- M. Richardson, R. Agrawal, and P.Domingos. Trust management for the semantic web. In International Semantic Web Conference, 2003.]]Google ScholarDigital Library
- N. Sastry, U. Shankar, and D. Wagner. Secure verification of location claims. In ACM Workshop on Wireless Security, 2003.]] Google ScholarDigital Library
- I. Stoica, R. Morris, D. Karger, F. Kaashoek, and H. Balakrishnan. Chord: A scalable peer-to-peer lookup service for internet applications. In ACM SIGCOMM, 2001.]] Google ScholarDigital Library
- L. von Ahn, M. Blum, N. J. Hopper, and J. Langford. CAPTCHA: Telling humans and computers apart. In Eurocrypt, 2003.]]Google Scholar
- K. Walsh and E. G. Sirer. Experience with an object reputation system for peer-to-peer filesharing. In USENIX NSDI, 2006.]] Google ScholarDigital Library
- D. J. Watts and S. H. Strogatz. Collective dynamics of 'small-world' networks. Nature, 393(6684), 1998.]]Google Scholar
- Y. Xie, V. Sekar, D. Maltz, M. Reiter, and H. Zhang. Worm origin identification using random moonwalks. In IEEE Symposium on Security and Privacy, 2005.]] Google ScholarDigital Library
- H. Yu, M. Kaminsky, P. B. Gibbons, and A. Flaxman. SybilGuard: Defending against sybil attacks via social networks. Technical Report IRP-TR-06-01, Intel Research Pittsburgh, June 2006. Also available at http://www.cs.cmu.edu/.yhf/sybilguard-tr.pdf.]]Google Scholar
Index Terms
- SybilGuard: defending against sybil attacks via social networks
Recommendations
SybilGuard: defending against sybil attacks via social networks
SIGCOMM '06: Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communicationsPeer-to-peer and other decentralized,distributed systems are known to be particularly vulnerable to sybil attacks. In a sybil attack,a malicious user obtains multiple fake identities and pretends to be multiple, distinct nodes in the system. By ...
SybilLimit: a near-optimal social network defense against sybil attacks
Open-access distributed systems such as peer-to-peer systems are particularly vulnerable to sybil attacks, where a malicious user creates multiple fake identities (called sybil nodes). Without a trusted central authority that can tie identities to real ...
SybilGuard: defending against sybil attacks via social networks
Peer-to-peer and other decentralized, distributed systems are known to be particularly vulnerable to sybil attacks. In a sybil attack, a malicious user obtains multiple fake identities and pretends to be multiple, distinct nodes in the system. By ...
Comments