Sybil defenses via social networks

Similar documents
SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks

SYBIL attacks [1] refer to individual malicious users creating

Supplementary file for SybilDefender: A Defense Mechanism for Sybil Attacks in Large Social Networks

NodeId Verification Method against Routing Table Poisoning Attack in Chord DHT

SybilGuard: Defending Against Sybil Attacks via Social Networks

SybilGuard: Defending Against Sybil Attacks via Social Networks

Measuring the Mixing Time of Social Graphs

Intent Search and Centralized Sybil Defence Mechanism for Social Network

Problems in Reputation based Methods in P2P Networks

Keep your friends close: Incorporating trust into social network-based Sybil defenses

Overview. Background: Sybil Attack. Background: Defending Against Sybil Attack. Social Networks. Multiplayer Games. Class Feedback Discussion

Veracity: Practical Secure Network Coordinates via Vote-Based Agreements

Social Networking for Anonymous Communication Systems: A Survey

DISTRIBUTED systems are vulnerable to sybil attacks [1],

On the Mixing Time of Directed Social Graphs and Security Implications

An Offline Foundation for Accountable Pseudonyms

Aiding the Detection of Fake Accounts in Large Scale Social Online Services

Understanding Social Networks Properties for Trustworthy Computing

DSybil: Optimal Sybil-Resistance for Recommendation Systems

Lecture 6: Overlay Networks. CS 598: Advanced Internetworking Matthew Caesar February 15, 2011

Security for Structured Peer-to-peer Overlay Networks. Acknowledgement. Outline. By Miguel Castro et al. OSDI 02 Presented by Shiping Chen in IT818

Secure Algorithms and Data Structures for Massive Networks

Recommendation/Reputation. Ennan Zhai

Pisces: Anonymous Communication Using Social Networks

Network Economics and Security Engineering

Towards Trustworthy Computing on Social Networks

Towards Analyzing and Improving Service Accessibility under Resource Enumeration Attack

Peer-to-Peer Systems. Network Science: Introduction. P2P History: P2P History: 1999 today

Choosing a Random Peer

Introduction to Peer-to-Peer Systems

Sybil-Resilient Online Content Rating

ipersea : The Improved Persea with Sybil Detection Mechanism

Trustworthy Distributed Computing on Social Networks

Collaboration in Social Network-based Information Dissemination

Effective Cluster Based Certificate Revocation with Vindication Capability in MANETS Project Report

SybilExposer: An Effective Scheme to Detect Sybil Communities in Online Social Networks

Making P2P Downloading Dependable by Exploiting Social Networks

Peer-to-peer systems and overlay networks

Detecting and Recovering from Overlay Routing Attacks in Peer-to-Peer Distributed Hash Tables

Peer-to-Peer Systems and Security

Algorand: Scaling Byzantine Agreements for Cryptocurrencies

Saarland University Faculty of Natural Sciences and Technology I Department of Computer Science. Masters Thesis

Evaluation of the p2p Structured Systems Resistance against the Starvation Attack

CS555: Distributed Systems [Fall 2017] Dept. Of Computer Science, Colorado State University

Blockchain. CS 240: Computing Systems and Concurrency Lecture 20. Marco Canini

Peer-to-Peer Systems and Distributed Hash Tables

Problem: Equivocation!

ReDS: Reputation for Directory Services in P2P Systems

How Bitcoin achieves Decentralization. How Bitcoin achieves Decentralization

Securing Chord for ShadowWalker. Nandit Tiku Department of Computer Science University of Illinois at Urbana-Champaign

Wireless Network Security Spring 2015

GNUnet Distributed Data Storage

CS 261 Notes: Algorand

Robust Decentralized Authentication for Public Keys and Geographic Location

Distributed Computing Column 61 Distributed Algorithmic Foundations of Dynamic Networks

arxiv: v1 [cs.dc] 10 Dec 2011

Defending against Eclipse attacks on overlay networks

SocialFilter: Introducing Social Trust to Collaborative Spam Mitigation

Sybil Attack Detection and Prevention Using AODV in VANET

Detecting and Recovering from Overlay Routing. Distributed Hash Tables. MS Thesis Defense Keith Needels March 20, 2009

TELCOM2125: Network Science and Analysis

Purpose and security analysis of RASTER

Analysis of Black-Hole Attack in MANET using AODV Routing Protocol

Today. Why might P2P be a win? What is a Peer-to-Peer (P2P) system? Peer-to-Peer Systems and Distributed Hash Tables

Peer-to-peer Sender Authentication for . Vivek Pathak and Liviu Iftode Rutgers University

Overview. Peer-to-Peer Systems and Security. Chapter Attacks and Attack Mitigation. Motivation. Illustration: Byzantine Generals Problem

Wireless Network Security Spring 2016

Efficient DHT attack mitigation through peers ID distribution

Sybil Attack Detection in Mobile Adhoc Network

A Brief Comparison of Security Patterns for Peer to Peer Systems

Content Overlays. Nick Feamster CS 7260 March 12, 2007

CISC859: Topics in Advanced Networks & Distributed Computing: Network & Distributed System Security. A Brief Overview of Security & Privacy Issues

Secure Path-Key Revocation for Symmetric Key Pre-distribution Schemes in Sensor Networks

On Demand secure routing protocol resilient to Byzantine failures

Dandelion: Privacy-Preserving Transaction Propagation in Bitcoin s P2P Network

Scalable Anonymous Communication with Provable Security

Clustering Based Certificate Revocation Scheme for Malicious Nodes in MANET

Protocols for Anonymous Communication

Peer-To-Peer Techniques

Towards Scalable and Robust Overlay Networks

CS246: Mining Massive Datasets Jure Leskovec, Stanford University

Sybil Attack Detection with Reduced Bandwidth overhead in Urban Vehicular Networks

CPSC 426/526. Reputation Systems. Ennan Zhai. Computer Science Department Yale University

DISTRIBUTED HASH TABLE PROTOCOL DETECTION IN WIRELESS SENSOR NETWORKS

BYZANTINE CONSENSUS THROUGH BITCOIN S PROOF- OF-WORK

Anonymity in Structured Peer-to-Peer Networks. Nikita Borisov and Jason Waddle

A Pigeon Agents based Analytical Model to Optimize Communication in Delay Tolerant Network

An Authentication Service Based on Trust and Clustering in Mobile Ad Hoc Networks

Secure Routing in Peer-to-Peer Distributed Hash Tables

X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

Combating Sybil attacks in cooperative systems

SYBIL attacks, where a single entity emulates the behavior

A Case For OneSwarm. Tom Anderson University of Washington.

Real-World Sybil Attacks in BitTorrent Mainline DHT

Distributed Hash Tables

Data-Centric Query in Sensor Networks

Early Measurements of a Cluster-based Architecture for P2P Systems

ReDS: A Framework for Reputation-Enhanced DHTs

SOFIA: Social Filtering for Niche Markets

On Network formation, (Sybil attacks and Reputation systems)

Transcription:

Sybil defenses via social networks Abhishek University of Oslo, Norway 19/04/2012 1 / 24

Sybil identities Single user pretends many fake/sybil identities i.e., creating multiple accounts observed in real-world P2P systems also observed in open systems such as Amazon No one-to-one correspondence between entity and identity Sybil identities can become a large fraction of all identities Identities Entity 2 / 24

Sybil attack Enables malicious users to out-vote honest users Majority voting: cast more than one vote Byzantine consensus: exceed the 1/3 threshold DHT: control large portion of the ring Recommendation systems: manipulate the recommendations 3 / 24

Defending against sybil attacks Requires binding entities to identities Is difficult in absence of trusted central authority [Douceur 2002] Simple sybil defenses include CAPTCHAs IP address filtering Computational puzzles Simple defenses are either leaves out large number of honest users, or too weak to deter resourceful attacker 4 / 24

Social graph Social graph Identities Undirected edges (strong mutual trust) System model Social graph G n honest users with single honest identity Multiple malicious users, each with multiple identities (sybil nodes) Assumption: Neighbors in social graph share secret symmetric keys 5 / 24

Goal of sybil defense Social graph Identities Undirected edges (strong mutual trust) Goal Allow any given honest identity V to label any other given identity S as either honest or sybil Bound the total number of false negatives below the tolerance threshold of the distributed system Small fraction of false positives can be tolerated 6 / 24

Insights for SybilLimit solution Key insights Assumption: The number of attack edges is independent of the number of sybil identities Assumption: The cut along the attack edges will have a small quotient number of attack edges i.e., is small number of nodes disconnected Break symmetry to properly label nodes 7 / 24

General approach for the SybilLimit solution Given an honest node V, search for a subgraph H of G such that H contains V H has n nodes (n: number of honest nodes in system) the minimum quotient cut of H is not excessively small Challenge Make sure that H does not grow in sybil region 8 / 24

From cuts to mixing time Difficulty with cuts Need to perform computation over all nodes Centralized Idea If a subgraph has small quotient cut, then the mixing time of the subgraph is large Advantage Can be performed in incremental manner Decentralized 9 / 24

Mixing time P = Stationary distribution of a random walk a probability distribution π that is invariant to the transition matrix P i.e., πp = π Mixing time of a random walk, T [ π = minimal length of the random walk in order to reach the stationary distribution 1 0 deg(v 1 )... 0 1 1 deg(v 2 ) 0... deg(v 2 ).... 1 deg(v n ) 0... 0 deg(v 1 ) 2m deg(v 2 ) 2m... deg(v k ) 2m m : number of edges in the undirected graph ] Random walk 10 / 24

Assumption for mixing time of H Assumption for SybilLimit The honest region (i.e. subgraph) of G has a mixing time no larger than t(n), where t(n) is a function of the size n of the honest region SybilLimit assumes t = O(log n) Theoretical evidences exist to support t = O(log n) for some models of social networks such as Kleinberg s social network model Solution basis Use random walks in G to exploit its abnormal mixing time for differentiating sybil nodes from honest nodes 11 / 24

Escaping random walks and escaping nodes Probability for escaping random walks Escaping probability of a length-w random walk starting from a uniformly random honest node is at most gw/n g: total number of attack edges n: total number of honest nodes assumes honest nodes form a connected component 12 / 24

Escaping random walks and escaping nodes Only protects non-escaping nodes For at most ε fraction of honest nodes, corresponding probability is above (gw)/(nε) Provable guarantees only for non-escaping nodes Escaping nodes are likely to be close to attack edges 12 / 24

Birthday paradox Approximate probability of at least two people sharing a birthday amongst a certain number of people Assumes all birthdays are equally likely In the honest region, all edges are equally likely to be tail of random walks 13 / 24

SybilLimit protocol in honest region Tail edge Random walks Verifier S S performs random walks and registers itself and the tail of the random walk at the last node visited Scenario when both Verifier and S are in honest region S performs Θ( m) random walks where m is the number of edges in honest region Θ( m) random walks results in Θ( m) tail edges 14 / 24

SybilLimit protocol in honest region Tail edge S sends the list of tail edges and the nodes where it is registered Verifier S Scenario when both Verifier and S are in honest region S performs Θ( m) random walks where m is the number of edges in honest region Θ( m) random walks results in Θ( m) tail edges 14 / 24

SybilLimit protocol in honest region Verifier performs random walks Matching tail edges Verifier S Verifier asks destination node for to confirm if the edge is registered at the node If there is a matching edge, Verifier accepts S All edges in honest region are equally likely By Birthday paradox, there is a high probability that a matching edge is found by the Verifier 14 / 24

SybilLimit protocol when sybil nodes are involved Honest region Sybil region Secure random walk version is used Attack edge Verifier S Once two random walks enter at a node in honest region, the random walks stay converged Scenario S is in sybil region 15 / 24

SybilLimit protocol when sybil nodes are involved Honest region Sybil region Attack edge Verifier S Chances that random routes from verifier will intersect at S s tail edges are less Scenario S is in sybil region 15 / 24

SybilLimit protocol when sybil nodes are involved Honest region Sybil region Attack edge Verifier There is a small chance that random routes from verifier will intersect at S s S Verifier uses a balance condition to select only a small no. of nodes per intersecting tail edge Scenario S is in sybil region 15 / 24

SybilLimit results Formal guarantees Assuming Honest region has mixing time no larger than t Number of attack edges, g = o(n/t) A honest node V with probability at least 1 δ (for δ > 0) labels At least (1 ε)n honest nodes as honest (for ε > 0) At most O(t) sybil nodes per attack edge as honest Numerical example Sample social network sizes: 100,000 to 1,000,000 honest nodes Sybil nodes generated synthetically Labels 95% of honest nodes as honest Labels 10-20 sybil nodes as honest per attack edge 16 / 24

Practical implication and deployment considerations What can be used as a social network for sybil defense? Do social networks have really small mixing time? Research community divided into 2 camps SybilLimit removes low-degree nodes while performing evaluation Do we really need small mixing time? Will targeted sybil attacks break these defenses in practice? 17 / 24

Future directions Real systems and real deployments A significant step is to find appropriate social network Other graph properties that will affected by sybil attack Use insights for SybilLimit for other applications Make PageRank robust against sybil webpages Detection of email spams based on email graph 18 / 24

Questions for discussion Lack of representative dataset. For evaluation, they artificially introduce sybil nodes Does SybilLimit protocol introduces many constraints on the social graph? Effect of churn on verification process Can we perform community detection in decentralized manner? Is privacy of users participating in running sybil defense protocol is maintained? 19 / 24

Comparison of social-based social defenses Assumption 1: The honest region (i.e., subgraph) of G has mixing time no larger than O(logn) Assumption 2: The honest region (i.e., subgraph) of G is reasonably balanced 20 / 24

Comparison of defenses against sybil attacks not based on social graph Techniques Advantages Disadvantages - Controls who can join the system - Administrative overhead Certificates signed by trusted authority (Castro et al. 2002) - Certificate revocation may be costly Distributed registration - No barriers to enter - Fails under attacks involving large no. of IPs (Dinger et al. 2006) - Decentralized - New attacks possible - No barriers to enter - Significant overhead Use of bootstrap graph based on social network (Danezis et al. 2005) - Decentralized - Not sure if it scales 21 / 24

Comparison of defenses against sybil attacks not based on social graph... Techniques Advantages Disadvantages Use of physical network characteristics to identify nodes (Wang et al. 2005) - No barrier to enter - Lack of consistent identity resulting from change in measurement over time Use of network coordinates to group nodes (Bazzi et al. 2005) Use of network coordinates to differentiate nodes (Bazzi et al. 2006) - Works when a single node is reporting multiple identities - Works when a group of nearby nodes are colluding - Hop-count distance used to tell physically nodes separated nodes apart - Changes to the network measurement infrastructure may invalidate the identity of all nodes - Fails when attacker controls large number of nodes in multiple network positions - May require a trusted network measurement infrastructure - Fails when attacker controls large number of nodes in multiple network positions - Requires appropriately placed trusted beacons 22 / 24

Comparison of defenses against sybil attacks not based on social graph... Techniques Advantages Disadvantages Computational puzzles - Works for computationally limited adversaries - Overhead for honest nodes (Borisov 2006) - Decentralized - Difficult to choose appropriate puzzle - Nodes can choose their ID, which facilitates targeted attacks Computational puzzles generated hierarchically (Rowaihy et al. 2007) - Works for computationally limited adversaries - Requires centralized online trusted authority - Requires reliable nodes in the upper levels of the certification hierarchy Economic incentives - Decentralized - Requires implementation of currency (Margolin et al. 2007) - Requires expressing all costs and utilities in terms of a currency - Only detection of attack 23 / 24

References 1. John R. Douceur. 2002. The Sybil Attack. In Revised Papers from the First International Workshop on Peer-to-Peer Systems (IPTPS 01) 2. Abedelaziz Mohaisen, Aaram Yun, and Yongdae Kim. 2010. Measuring the mixing time of social graphs. In Proceedings of the 10th annual conference on Internet measurement (IMC 10). ACM, New York, NY, USA, 383-389. 3. Haifeng Yu. 2011. Sybil defenses via social networks: a tutorial and survey. SIGACT News 42, 3 (October 2011), 80-101. 4. Haifeng Yu, Phillip B. Gibbons, Michael Kaminsky, and Feng Xiao. 2010. SybilLimit: a near-optimal social network defense against sybil attacks. IEEE/ACM Trans. Netw. 18, 3 (June 2010), 885-898. 5. Guido Urdaneta, Guillaume Pierre, and Maarten Van Steen. 2011. A survey of DHT security techniques. ACM Comput. Surv. 43, 2, Article 8 (February 2011), 49 pages. 24 / 24

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback