Proposal Presentation

advertisement
CSE 6809 – Distributed Search Techniques
Md. Tanvir Al Amin 04 09 05 2064
Shah Md. Rifat Ahsan 10 09 05 2060
 A 1973 book by F. R. Schreiber about a patient called
“Sybil Dorsett” (pseudonym)
 “Sybil” was suffering from dissociative identity disorder
 She manifested 16 different personalities
• Douceur [IPTPS 2002] was the
first to consider the multiple identity
problem in the context of structured
peer-to-peer networks, which was
named "Sybil Attack"
 In a sybil attack, a malicious user obtains multiple fake
identities and pretends to be multiple, distinct nodes
in the system.
 Is found in both P2P and non P2P systems.
 Structured overlays are efficient node lookup systems.
 They are highly scalable, efficient, and reliable.
 These characteristics are achieved by deterministically
replicating and recalling content within awidely
distributed and decentralized network.
 One practical limitation of these networks is that they
are frequently subject to Sybil attacks
 Malicious parties can compromise the network by
generating and controlling large numbers of shadow
identities.
 Rig Internet polling by using multiple IP addresses to






submit votes.
Increase Google Page-Rank rating of a page.
Reputation systems are a common target for Sybil attacks.
Bugmenot.com
Sharing of iTunes passwords for shared media access
Sybil attacks have been observed in the Maze P2P system
(Lian et al., ICDCS 2007)
Steiner et al., CCR 2007 Demonstrated to be surprisingly
easy in practice, e.g., in the widely-used eMule system
 Structured P2P networks such as Chord take very
limited measures against a Sybil attack, an attacker can
obtain many IDs and hence many nodes in the
network. This will allow an attacker to take advantage
of two major vulnerabilities from which such networks
suffer,
 routing mechanism and
 object serving mechanism.
 Sybil nodes can be malicious. They can provide wrong
information
 Think about a sybil node taking part at SETI@HOME
project
 Sybil nodes can launch a DoS attack on a P2P system
 Suppose the DHT lookup includes a sybil node
 You may fall in Infinite loop !!
 Or the Sybil node may provide ostensibly wrong data !!
 A virus in place of a program
 Imagine that there is network of dissident free-
thinkers (called honest nodes) in the Byzantine
Empire
 They are connected by social links
 Each dissident keeps track of his immediate friends, so
they are always in contact.
 The regime employs a number of spies (Sybil nodes)
who infiltrate the network by gaining the trust of
honest nodes.
 A link between an honest node and a Sybil node is
called an attack edge. Honest nodes cannot
distinguish between attack edges and honest edges,
and furthermore, spies can create an arbitrary number
of connections to an arbitrary number of other spies
(the regime’s Sybil identities).
P2P mania!
Chord, Pastry, Tapestry, CAN
The Sybil Attack [Douceur], Security Considerations [Sit, Morris]
Restricted tables [Castro et al]
BFT [Rodrigues, Liskov]
SPROUT, Turtle, Bootstrap graphs
Puzzles [Borisov]
CAPTCHA [Rowaihy et al]
SybilLimit [Yu et al]
SybilInfer, SumUp, DSybil
Whanau
P2P mania!
 Because Sybil attacks result from entities
misidentifying themselves, requiring all nodes to
authenticate with public keys is a one approach to
securing these networks.
 Douceur showed that without the use of a centralized
authority that certifies all nodes, it is impossible to
prevent this attack.
 Srivatsa and Liu [18] suggested the use of certificates
with limited lifetime issued by the bootstrap entry
point that bind a node with a unique ID. This would
limit the number of IDs an adversary can obtain
during a time period and will depend on the lifetime
of the ticket. However, requiring all nodes to obtain a
certificate that will bind it with a unique ID is not only
expensive but will require either releasing private
information or paying an amount of money for the
service.
 Decentralized mechanisms for limiting Sybil attacks
are therefore more palatable.
Threshold-based protocols: In this scheme, a new node
becomes the part of the network if it gets a pre-specified number of
trust certificates from a group of trusted nodes. This method does not
provide high-level security because a Sybil attacker can take control of
the network by generating the identities to meet the threshold
requirements.
Sybil Resisting DHT Routing: A routing strategy that is
performed using a diverse set of nodes that minimizes the reliance only
on the local nodes which may be controlled by the malicious node.
Reduced number of corrupted nodes in the honest node's routing table
makes a significant difference on the performance of DHTs.
Trusted Devices: In this scheme, entities in an
application can be linked in some secure fashion to a
specific hardware device. Here exists no special methods
of preventing an attacker from obtaining multiple devices.
The idea is that the cost of acquiring multiple devices is
high.
 Storage
 Give each node a large amount of uncompressible data and
randomly verify small excerpts.
 Computation
 Ask the node to solve a difficult computational puzzle whose
solution is easy to check.
 Money
 Charge some amount of money for each new Money: Charge some
amount of money for each new identity.
 Sybil-proof routing using social network A set
of honest nodes connected by trust relationship
and there is no idea of central trusted node.
 An adversary node creates multiple identities and
try to gain the trust of the honest nodes.
 But the assumption here is that most honest nodes
have more social connection to other honest nodes
than the sybils.
 SybilGuard: Defending Against Sybil Attacks via Social
Networks
 Haifeng Yu Michael Kaminsky Phillip B. Gibbons Abraham
Flaxman
 SIGCOMM 2006
 SybilLimit: A Near-Optimal Social Network Defense
against Sybil Attacks
 Haifeng Yu Michael Kaminsky Phillip B. Gibbons Feng Xiao
 Oakland 2008
 A Sybil-Proof Distributed Hash Table
 Chris Lesniewski-Laas, M. Frans Kaashoek
 NSDI 2010
Slide courtesy Kaashoek, Lesniewski-Laas
Slide courtesy Kaashoek, Lesniewski-Laas
Honest
region
Attack edges
Slide courtesy Kaashoek, Lesniewski-Laas
Sybil
region
…
 We want to incorporate AI based features in Sybil
detection.
 Trusted voting mechanism
 Learning mechanism (Bayesian learning or some other
advanced learning)
 Feature discovery options for Trust zone and Sybil zone.
 Maximum likelihood Framework
 Efficient DHT lookup bypassing Sybil nodes
 Learning mechanism
 Redundancy in lookup
 Effective use of majority voting

The Sybil Attack -John R.Douceur,Microsoft Research

Security Considerations for Peer-to-Peer Distributed Hash Tables -Emil Sit and
Robert Morris

Sybil-resistant DHT routing -George Danezis1, Chris Lesniewski-Laas,M. Frans
Kaashoek2, and Ross Anderson1

Computational Puzzles as Sybil Defenses- Nikita Borisov

SybilGuard: Defending Against Sybil Attacks via Social Networks - Haifeng Yu
Michael Kaminsky, Phillip B. Gibbons Abraham Flaxman

A Survey of Solutions to the Sybil Attack - Brian Neil Levine1 Clay Shields2 N. Boris
Margolin1
Do you know my
name is Cybil too ??
Cybil
Occupation
Chief Mouser to the
Cabinet Office
Employer
Queen Elizabeth II
Title
Downing Street cat
Download