1 The Sybil Attack John R. Douceur Microsoft Research Presented for Cs294-4 by Benjamin Poon.

Slides:



Advertisements
Similar presentations
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Advertisements

The Sybil Attack By John R. Douceur Presented by Samuel Petreski March 31, 2009.
Scalable Content-Addressable Network Lintao Liu
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
A Survey of Secure Wireless Ad Hoc Routing
Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.
Samsara: Honor Among Thieves in Peer-to-Peer Storage Landon P. Cox and Brian D. Noble University of Michigan.
Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.
Haifeng Yu National University of Singapore
SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Small-world Overlay P2P Network
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
FRIENDS: File Retrieval In a dEcentralized Network Distribution System Steven Huang, Kevin Li Computer Science and Engineering University of California,
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.
Group Communication Phuong Hoai Ha & Yi Zhang Introduction to Lab. assignments March 24 th, 2004.
The Goldreich-Levin Theorem: List-decoding the Hadamard code
Centre for Wireless Communications University of Oulu, Finland
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
On The Cryptographic Applications of Random Functions Oded Goldreich Shafi Goldwasser Silvio Micali Advances in Cryptology-CRYPTO ‘ 84 報告人 : 陳昱升.
Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.
Address Auto-configuration in Mobile Ad Hoc Networks Current Approaches and Future Directions Date : 2005 / 1 / 20 Speaker : Xu Jia-Hao Advisor : Ke Kai-Wei.
Learning from the Past for Resolving Dilemmas of Asynchrony Paul Ezhilchelvan and Santosh Shrivastava Newcastle University England, UK.
Wide-area cooperative storage with CFS
The Sybil Attack in Sensor Networks: Analysis & Defenses James Newsome, Elaine Shi, Dawn Song, Adrian Perrig Presenter: Yi Xian.
SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman Presented by Ryan.
 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.
Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2
Disrupting Peer-to-Peer Networks Sybil & Eclipse Attacks Lee Brintle University of Iowa.
Solutions to Security and Privacy Issues in Mobile Social Networking
SecureMR: A Service Integrity Assurance Framework for MapReduce Author: Wei Wei, Juan Du, Ting Yu, Xiaohui Gu Source: Annual Computer Security Applications.
Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science Cryptographic Security Secret Sharing, Vanishing Data.
Cloud and Big Data Summer School, Stockholm, Aug., 2015 Jeffrey D. Ullman.
Terminodes and Sybil: Public-key management in MANET Dave MacCallum (Brendon Stanton) Apr. 9, 2004.
CS4231 Parallel and Distributed Algorithms AY 2006/2007 Semester 2 Lecture 10 Instructor: Haifeng YU.
The EigenTrust Algorithm for Reputation Management in P2P Networks
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
Security Michael Foukarakis – 13/12/2004 A Survey of Peer-to-Peer Security Issues Dan S. Wallach Rice University,
Group Rekeying for Filtering False Data in Sensor Networks: A Predistribution and Local Collaboration-Based Approach Wensheng Zhang and Guohong Cao.
Cryptographic Security Secret Sharing, Vanishing Data 1Dennis Kafura – CS5204 – Operating Systems.
Practical Byzantine Fault Tolerance
Evoting using collaborative clustering Justin Gray Osama Khaleel Joey LaConte Frank Watson.
The Sybil Attack in Sensor Networks: Analysis & Defenses
Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.
Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications.
1 Distributed Databases BUAD/American University Distributed Databases.
Robustness in the Salus scalable block store Yang Wang, Manos Kapritsos, Zuocheng Ren, Prince Mahajan, Jeevitha Kirubanandam, Lorenzo Alvisi, and Mike.
Intrusion Tolerant Software Architectures Bruno Dutertre and Hassen Saïdi System Design Laboratory, SRI International OASIS PI Meeting.
WISTP’08 ©LAM /05/2008 A Self-Certified and Sybil-Free Framework for Secure Digital Identity Domain Buildup Christer Andersson Markulf Kohlweiss.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.
Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.
The Sybil Attack, J. R. Douceur, IPTPS Clifton Forlines CSC2231 Online Social Networks 11/1/2007.
Prof. Mort AnvariStrayer University at Arlington, VAAugust Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
DHT-based unicast for mobile ad hoc networks Thomas Zahn, Jochen Schiller Institute of Computer Science Freie Universitat Berlin 報告 : 羅世豪.
SybilGuard: Defending Against Sybil Attacks via Social Networks.
Establishing authenticated channels and secure identifiers in ad-hoc networks Authors: B. Sieka and A. D. Kshemkalyani (University of Illinois at Chicago)
Defending Against Sybil Attacks Paul Parker Advisor: Shouhuai Xu.
The Sybil attack “One can have, some claim, as many electronic persons as one has time and energy to create.” – Judith S. Donath.
Large Scale Sharing Marco F. Duarte COMP 520: Distributed Systems September 19, 2004.
Using Rhythmic Nonces for Puzzle-Based DoS Resistance Ellick M. Chan, Carl A. Gunter, Sonia Jahid, Evgeni Peryshkin, and Daniel Rebolledo University of.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
Reliability of Disk Systems. Reliability So far, we looked at ways to improve the performance of disk systems. Next, we will look at ways to improve the.
Skype.
CS791Aravind Elango Maintenance-Free Global Data Storage Sean Rhea, Chris Wells, Patrick Eaten, Dennis Geels, Ben Zhao, Hakim Weatherspoon and John Kubiatowicz.
Topic 36: Zero-Knowledge Proofs
Compact routing schemes with improved stretch
Presentation transcript:

1 The Sybil Attack John R. Douceur Microsoft Research Presented for Cs294-4 by Benjamin Poon

Cs294-4 Benjamin Poon Outline Background Motivation Model Lemmas Conclusion

Cs294-4 Benjamin Poon Outline Background Motivation Model Lemmas Conclusion

Cs294-4 Benjamin Poon Background P2P systems use multiple, independent entities to mitigate possible damage by other hostile entities Replication Computations Storage Fragmentation Protects against privacy violations Sybil Attack Attacker can assume multiple identities Aims to control substantial fraction of system

Cs294-4 Benjamin Poon Motivation (1/2) Must protect against Sybil Attack Using replication or fragmentation requires ability to determine if entities are really different Paper claims Sybil attacks always possible except under extreme, unrealistic assumptions Need logically centralized authority

Cs294-4 Benjamin Poon Motivation (2/2) Centralized authority possibilities VeriSign Explicit certification CFS (cooperative storage) Identities assigned using hash of IP address Problem? SFS (network file system) Identities assigned using host identifier + DNS name EMBASSY (multiparty trust system) Identities assigned using hardware-embedded cryptographic keys Issues?

Cs294-4 Benjamin Poon Outline Background Motivation Model Lemmas Conclusion

Cs294-4 Benjamin Poon Model – Overview Generic distributed computing environment Entities E Correct C union Faulty F = E Send messages Pipe Messages  cloud Messages Uninterrupted, finite-length bit string Cloud Broadcast Bounded time Guaranteed Unordered

Cs294-4 Benjamin Poon Model – Definitions Identity Abstract representation that persists across multiple communication events Entities perceive other entities through identities Present Each entity presents an identity to other entities in the system Local entity L A specific entity that results are stated with respect to Accept If an entity e successfully presents an identity i for itself to L, L accepts i

Cs294-4 Benjamin Poon Model – Characteristics General Leaves internals of cloud unspecified Includes any topology/geometry Friendly Limits obstructive power of corrupt entities DoS attacks not possible Strengthens negative results Q: Any drawbacks of the model?

Cs294-4 Benjamin Poon Model – Resources Entities can perform operations with complexity polynomial in n Allows public-key cryptography Entities can establish point-to-point communication

Cs294-4 Benjamin Poon Model – Main Idea Each entity e attempts to present one legitimate identity Each faulty entity f additionally attempts to present one or more counterfeit identities Goal: system should accept all legitimate identities, zero counterfeit

Cs294-4 Benjamin Poon Outline Background Motivation Model Lemmas Conclusion

Cs294-4 Benjamin Poon Lemmas Four lemmas Collectively show impracticality of establishing distinct identities in large-scale distributed system Proofs trivial (refer to paper) In absence of trusted authority, entities accept identities only when identity is: 1. Validated by entity itself (direct validation) Lemmas 1 and 2 2. Vouched for by other already validated identities (indirect validation) Lemmas 3 and 4

Cs294-4 Benjamin Poon Lemma 1: Resources Let min = minimally capable entity R x = resources of x ρ = R f / R min f can present floor(ρ) distinct identities to L

Cs294-4 Benjamin Poon Lemma 1: Resources Gives lower bound on damage achievable by f Achieve upper bound by exploiting limitations in resources Communication: L broadcasts request for identities and accept replies that come within given time interval Storage: L challenges identities to store large amount of unique, uncompressible data Computation: L challenges identities to solve unique computational puzzle

Cs294-4 Benjamin Poon Lemma 1: Resources Computational puzzle example Generate large random value y Challenge identity to find (in limited time) pair of values x and z such that least significant n bits of hash(x | y | z) = 0 Given y, find x, z s.t. LSB n (hash(x | y | z)) = 0 Time to solve proportional to 2 n-1 Time to verify constant

Cs294-4 Benjamin Poon Lemma 2: Concurrency If L accepts entities not validated simultaneously f presents a distinct identity to L using R f R f is freed and f repeats process Single f can present many counterfeit identities to L

Cs294-4 Benjamin Poon Lemma 2: Concurrency Works for temporal resources (computation and communication), not storage L can indefinitely extend challenge duration: periodically demand different data excerpts Challenge consumes R, so real work limited

Cs294-4 Benjamin Poon Lemma 3: Resources If L accepts any identity vouched for by q accepted identities, a group F can present many counterfeit identities to L if either: Size of group F >= q R F >= resources taken by q + |F| minimally capable entities

Cs294-4 Benjamin Poon Lemma 4: Concurrency If correct entities C do not coordinate time intervals to accept identities, and if L accepts any identity vouched for by q accepted identities Minimally capable f can present floor( |C| / q ) counterfeit identities to L

Cs294-4 Benjamin Poon Lemma 4: Concurrency Shows need for multiple entities in C to issue concurrent challenges May or may not be possible depending on resource Communication: possible because of broadcast cloud Storage: information theory says “probably not” Computation: possible by combining puzzles

Cs294-4 Benjamin Poon Lemma 4: Concurrency Simultaneous computational puzzle example Same puzzle, but has m of them to solve Given m puzzles y1, y2, …, ym, find w s.t. LSB n (hash(0 | y1 | y2 | … | ym | w)) = 0 Solution to each puzzle yk is x k = 0 | y1 | y2 | … | y k-1 and z k = y k-1 | … | ym | w If validating entity challenges m identities all made by one f, then f can use this method Validating entity can check if this happens by x1 | y1 | z1 = x2 | y2 | z2

Cs294-4 Benjamin Poon Outline Background Motivation Model Lemmas Conclusion

Cs294-4 Benjamin Poon Conclusion Without centralized authority, Sybil attacks always possible except when: All entities have nearly identical resources All presented identities are validated simultaneously When accepting identities not directly validated, required number of vouchers exceeds number of system-wide failures Not justifiable as assumptions Not practically realizable as requirements

Cs294-4 Benjamin Poon Pros/Cons Pros General model for distributed computing environments with well thought-out reasons behind design Good reminder to keep Sybil attacks in mind when designing large-scale distributed systems Cons Leaves the fact that faulty nodes can solve multiple puzzles by combining them