CSE 6809 – Distributed Search Techniques Md. Tanvir Al Amin 04 09 05 2064 Shah Md. Rifat Ahsan 10 09 05 2060 A 1973 book by F. R. Schreiber about a patient called “Sybil Dorsett” (pseudonym) “Sybil” was suffering from dissociative identity disorder She manifested 16 different personalities • Douceur [IPTPS 2002] was the first to consider the multiple identity problem in the context of structured peer-to-peer networks, which was named "Sybil Attack" In a sybil attack, a malicious user obtains multiple fake identities and pretends to be multiple, distinct nodes in the system. Is found in both P2P and non P2P systems. Structured overlays are efficient node lookup systems. They are highly scalable, efficient, and reliable. These characteristics are achieved by deterministically replicating and recalling content within awidely distributed and decentralized network. One practical limitation of these networks is that they are frequently subject to Sybil attacks Malicious parties can compromise the network by generating and controlling large numbers of shadow identities. Rig Internet polling by using multiple IP addresses to submit votes. Increase Google Page-Rank rating of a page. Reputation systems are a common target for Sybil attacks. Bugmenot.com Sharing of iTunes passwords for shared media access Sybil attacks have been observed in the Maze P2P system (Lian et al., ICDCS 2007) Steiner et al., CCR 2007 Demonstrated to be surprisingly easy in practice, e.g., in the widely-used eMule system Structured P2P networks such as Chord take very limited measures against a Sybil attack, an attacker can obtain many IDs and hence many nodes in the network. This will allow an attacker to take advantage of two major vulnerabilities from which such networks suffer, routing mechanism and object serving mechanism. Sybil nodes can be malicious. They can provide wrong information Think about a sybil node taking part at SETI@HOME project Sybil nodes can launch a DoS attack on a P2P system Suppose the DHT lookup includes a sybil node You may fall in Infinite loop !! Or the Sybil node may provide ostensibly wrong data !! A virus in place of a program Imagine that there is network of dissident free- thinkers (called honest nodes) in the Byzantine Empire They are connected by social links Each dissident keeps track of his immediate friends, so they are always in contact. The regime employs a number of spies (Sybil nodes) who infiltrate the network by gaining the trust of honest nodes. A link between an honest node and a Sybil node is called an attack edge. Honest nodes cannot distinguish between attack edges and honest edges, and furthermore, spies can create an arbitrary number of connections to an arbitrary number of other spies (the regime’s Sybil identities). P2P mania! Chord, Pastry, Tapestry, CAN The Sybil Attack [Douceur], Security Considerations [Sit, Morris] Restricted tables [Castro et al] BFT [Rodrigues, Liskov] SPROUT, Turtle, Bootstrap graphs Puzzles [Borisov] CAPTCHA [Rowaihy et al] SybilLimit [Yu et al] SybilInfer, SumUp, DSybil Whanau P2P mania! Because Sybil attacks result from entities misidentifying themselves, requiring all nodes to authenticate with public keys is a one approach to securing these networks. Douceur showed that without the use of a centralized authority that certifies all nodes, it is impossible to prevent this attack. Srivatsa and Liu [18] suggested the use of certificates with limited lifetime issued by the bootstrap entry point that bind a node with a unique ID. This would limit the number of IDs an adversary can obtain during a time period and will depend on the lifetime of the ticket. However, requiring all nodes to obtain a certificate that will bind it with a unique ID is not only expensive but will require either releasing private information or paying an amount of money for the service. Decentralized mechanisms for limiting Sybil attacks are therefore more palatable. Threshold-based protocols: In this scheme, a new node becomes the part of the network if it gets a pre-specified number of trust certificates from a group of trusted nodes. This method does not provide high-level security because a Sybil attacker can take control of the network by generating the identities to meet the threshold requirements. Sybil Resisting DHT Routing: A routing strategy that is performed using a diverse set of nodes that minimizes the reliance only on the local nodes which may be controlled by the malicious node. Reduced number of corrupted nodes in the honest node's routing table makes a significant difference on the performance of DHTs. Trusted Devices: In this scheme, entities in an application can be linked in some secure fashion to a specific hardware device. Here exists no special methods of preventing an attacker from obtaining multiple devices. The idea is that the cost of acquiring multiple devices is high. Storage Give each node a large amount of uncompressible data and randomly verify small excerpts. Computation Ask the node to solve a difficult computational puzzle whose solution is easy to check. Money Charge some amount of money for each new Money: Charge some amount of money for each new identity. Sybil-proof routing using social network A set of honest nodes connected by trust relationship and there is no idea of central trusted node. An adversary node creates multiple identities and try to gain the trust of the honest nodes. But the assumption here is that most honest nodes have more social connection to other honest nodes than the sybils. SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu Michael Kaminsky Phillip B. Gibbons Abraham Flaxman SIGCOMM 2006 SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks Haifeng Yu Michael Kaminsky Phillip B. Gibbons Feng Xiao Oakland 2008 A Sybil-Proof Distributed Hash Table Chris Lesniewski-Laas, M. Frans Kaashoek NSDI 2010 Slide courtesy Kaashoek, Lesniewski-Laas Slide courtesy Kaashoek, Lesniewski-Laas Honest region Attack edges Slide courtesy Kaashoek, Lesniewski-Laas Sybil region … We want to incorporate AI based features in Sybil detection. Trusted voting mechanism Learning mechanism (Bayesian learning or some other advanced learning) Feature discovery options for Trust zone and Sybil zone. Maximum likelihood Framework Efficient DHT lookup bypassing Sybil nodes Learning mechanism Redundancy in lookup Effective use of majority voting The Sybil Attack -John R.Douceur,Microsoft Research Security Considerations for Peer-to-Peer Distributed Hash Tables -Emil Sit and Robert Morris Sybil-resistant DHT routing -George Danezis1, Chris Lesniewski-Laas,M. Frans Kaashoek2, and Ross Anderson1 Computational Puzzles as Sybil Defenses- Nikita Borisov SybilGuard: Defending Against Sybil Attacks via Social Networks - Haifeng Yu Michael Kaminsky, Phillip B. Gibbons Abraham Flaxman A Survey of Solutions to the Sybil Attack - Brian Neil Levine1 Clay Shields2 N. Boris Margolin1 Do you know my name is Cybil too ?? Cybil Occupation Chief Mouser to the Cabinet Office Employer Queen Elizabeth II Title Downing Street cat