SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman Presented by Ryan.

Slides:

Advertisements

Similar presentations

An analysis of Social Network-based Sybil defenses Bimal Viswanath § Ansley Post § Krishna Gummadi § Alan Mislove ¶ § MPI-SWS ¶ Northeastern University.

Advertisements

Chris Karlof and David Wagner

I have a DREAM! (DiffeRentially privatE smArt Metering) Gergely Acs and Claude Castelluccia {gergely.acs, INRIA 2011.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Krishna P. Gummadi Networked Systems Research Group MPI-SWS

Identity Theft Protection in Structured Overlays Lakshmi Ganesh Ben Y. Zhao University of California, Santa Barbara NPSec 2005.

Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.

An Analysis of Social Network-Based Sybil Defenses Sybil Defender

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

TRUST Spring Conference, April 2-3, 2008 Write Markers for Probabilistic Quorum Systems Michael Merideth, Carnegie Mellon University Michael Reiter, University.

Toward an Optimal Social Network Defense Against Sybil Attacks Haifeng Yu National University of Singapore Phillip B. Gibbons Intel Research Pittsburgh.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL

A Distributed and Oblivious Heap Christian Scheideler and Stefan Schmid Dept. of Computer Science University of Paderborn.

A Sybil-proof DHT using a social network Socialnets workshop April 1, 2008 Chris Lesniewski-Laas MIT CSAIL.

Haifeng Yu National University of Singapore

L-27 Social Networks and Other Stuff. Overview Social Networks Multiplayer Games Class Feedback Discussion 2.

Sybil Attack Hyeontaek Lim November 12, 2010.

1 Defragmenting DHT-based Distributed File Systems Jeffrey Pang, Srinivasan Seshan Carnegie Mellon University Phillip B. Gibbons, Michael Kaminsky Intel.

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

1 SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu Michael Kaminsky Phillip B. Gibbons Abraham Flaxman Presented by John Mak,

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi.

Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.

1 The Sybil Attack John R. Douceur Microsoft Research Presented for Cs294-4 by Benjamin Poon.

 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.

1CS 6401 Peer-to-Peer Networks Outline Overview Gnutella Structured Overlays BitTorrent.

SocialFilter: Introducing Social Trust to Collaborative Spam Mitigation Michael Sirivianos Telefonica Research Telefonica Research Joint work with Kyungbaek.

Adaptively Secure Broadcast, Revisited

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

Slicing the Onion: Anonymity Using Unreliable Overlays Sachin Katti Jeffrey Cohen & Dina Katabi.

OSN Research As If Sociology Mattered Krishna P. Gummadi Networked Systems Research Group MPI-SWS.

Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.

Secure Cell Relay Routing Protocol for Sensor Networks Xiaojiang Du, Fengiing Lin Department of Computer Science North Dakota State University 24th IEEE.

FaceTrust: Assessing the Credibility of Online Personas via Social Networks Michael Sirivianos, Kyungbaek Kim and Xiaowei Yang in collaboration with J.W.

Terminodes and Sybil: Public-key management in MANET Dave MacCallum (Brendon Stanton) Apr. 9, 2004.

Reputations Based On Transitive Trust Slides by Josh Albrecht.

Collusion-Resistance Misbehaving User Detection Schemes Speaker: Jing-Kai Lou 2015/10/131.

Secure and Highly-Available Aggregation Queries via Set Sampling Haifeng Yu National University of Singapore.

Security Mechanisms for Distributed Computing Systems A9ID1007, Xu Ling Kobayashi Laboratory GSIS, TOHOKU UNIVERSITY 2011/12/15 1.

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)

Md. Tanvir Al Amin Shah Md. Rifat Ahsan CSE 6809 – Distributed Search Techniques.

Bimal Viswanath § Ansley Post § Krishna Gummadi § Alan Mislove ¶ § MPI-SWS ¶ Northeastern University SIGCOMM 2010 Presented by Junyao Zhang Many of the.

SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Tracy Wagner CDA 6938.

“SybilGuard: Defending Against Sybil Attacks via Social Networks” Authors: Haifeng Yu, Phillip B. Gibbons, and Suman Nath (several slides based on authors’)

The new protocol of freenet Taken from Ian Clarke and Oskar Sandberg (The Freenet Project)

The Sybil Attack, J. R. Douceur, IPTPS Clifton Forlines CSC2231 Online Social Networks 11/1/2007.

Anonymized Social Networks, Hidden Patterns, and Structural Stenography Lars Backstrom, Cynthia Dwork, Jon Kleinberg WWW 2007 – Best Paper.

Eclipse Attacks on Overlay Networks: Threats and Defenses By Atul Singh, et. al Presented by Samuel Petreski March 31, 2009.

SybilGuard: Defending Against Sybil Attacks via Social Networks.

Measuring Behavioral Trust in Social Networks

Company LOGO User Authentication Threat Modelling from User and Social Perspective “Defending the Weakest Link: Intrusion.

DSybil: Optimal Sybil-Resistance for Recommendation Systems Haifeng Yu National University of Singapore Chenwei Shi National University of Singapore Michael.

Mix networks with restricted routes PET 2003 Mix Networks with Restricted Routes George Danezis University of Cambridge Computer Laboratory Privacy Enhancing.

1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.

A Sybil-Proof Distributed Hash Table Chris Lesniewski-LaasM. Frans Kaashoek MIT 28 April 2010 NSDI

Privacy Preserving in Social Network Based System PRENTER: YI LIANG.

Sybil Attacks VS Identity Clone Attacks in Online Social Networks Lei Jin, Xuelian Long, Hassan Takabi, James B.D. Joshi School of Information Sciences.

Decentralized Trust Management for Ad-Hoc Peer-to-Peer Networks Thomas Repantis Vana Kalogeraki Department of Computer Science & Engineering University.

SYNERGY: A Game-Theoretical Approach for Cooperative Key Generation in Wireless Networks Jingchao Sun, Xu Chen, Jinxue Zhang, Yanchao Zhang, and Junshan.

Measuring the Mixing Time of Social Graphs Abedelaziz Mohaisen, Aaram Yun, and Yongdae Kim Computer Science and Engineering Department University of Minnesota.

Presenter: Yawen Wei Author: Loukas Lazos and Radha Poovendran

Dieudo Mulamba November 2017

Networked Systems Practicum

A Sybil-proof DHT using a social network

By group 3(not the ones who made the paper :D)

Binghui Wang, Le Zhang, Neil Zhenqiang Gong

Graph-based Security and Privacy Analytics via Collective Classification with Joint Weight Learning and Propagation Binghui Wang, Jinyuan Jia, and Neil.

GANG: Detecting Fraudulent Users in OSNs

Social Network-Based Sybil Defenses

Presentation transcript:

SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman Presented by Ryan Carr Slides adapted from a presentation by Haifeng Yupresentation

Haifeng Yu, Intel Research / CMU  National University of Singapore 2 Background: Sybil Attack  Sybil attack: Single user obtains many fake identities  Creating multiple accounts from different IP addresses  Sybil identities can become a large fraction of all identities  Out-vote honest users in collaborative tasks launch sybil attack honest malicious

Haifeng Yu, Intel Research / CMU  National University of Singapore 3 Background: Defending Against Sybil Attack  Using a trusted central authority  Tie identities to actual human beings  Not always desirable  Can be hard to find such authority  Sensitive info may scare away users  Potential bottleneck and target of attack  Without a trusted central authority  Impossible unless using special assumptions [Douceur’02]  Resource challenges not sufficient -- adversary can have much more resources than typical user

Haifeng Yu, Intel Research / CMU  National University of Singapore 4 SybilGuard Basic Insight: Leveraging Social Networks  Undirected graph  Nodes = identities  Edges = strong trust  e.g., colleagues, relatives Our Social Network Definition

Haifeng Yu, Intel Research / CMU  National University of Singapore 5 SybilGuard Basic Insight malicious user honest nodes sybil nodes Observation: Adversary cannot create extra edges between honest nodes and sybil nodes attack edges  n honest users: One identity/node each  Malicious users: Multiple identities each (sybil nodes)‏ All Sybil nodes can collude Sybil nodes = The Adversary

Haifeng Yu, Intel Research / CMU  National University of Singapore 6 SybilGuard Basic Insight honest nodes sybil nodes Disproportionally small cut disconnecting a large number of identities But cannot search for such cut via brute-force…

Haifeng Yu, Intel Research / CMU  National University of Singapore 7 Outline  Motivation and SybilGuard basic insight  Overview of SybilGuard: Random routes  Properties of SybilGuard protocol  Evaluation results  Conclusions

Haifeng Yu, Intel Research / CMU  National University of Singapore 8 Goal of Sybil Defense  Goal: Enable a verifier node to decide whether to accept another suspect node  Accept: Provide service to / receive service from  Idealized guarantee: An honest node accepts and only accepts other honest nodes  SybilGuard:  Bounds the number of sybil nodes accepted  Guarantees are with high probability  Approach: Acceptance based on random route intersection between verifier and suspect

Haifeng Yu, Intel Research / CMU  National University of Singapore 9 Random Walk Review pick random edge d pick random edge c pick random edge e a bd e f c

Haifeng Yu, Intel Research / CMU  National University of Singapore 10 Random 1 to 1 mapping between incoming edge and outgoing edge Random Route: Convergence a -> d b -> a c -> b d -> c d -> e e -> d f -> f a b c d e f randomized routing table Using routing table gives Convergence Property: Routes merge if crossing the same edge

Haifeng Yu, Intel Research / CMU  National University of Singapore 11 Random Route: Back-traceable a -> d b -> a c -> b d -> c d -> e e -> d f -> f a b c d e f Using 1-1 mapping gives Back-traceable Property: Routes may be back-traced If we know the route traverses edge e, then we know the whole route

Haifeng Yu, Intel Research / CMU  National University of Singapore 12 Random Route Intersection: Honest Nodes  Verifier accepts a suspect if the two routes intersect  Route length w:  W.h.p., verifier’s route stays within honest region  W.h.p., routes from two honest nodes intersect sybil nodeshonest nodes Verifier Suspect

Haifeng Yu, Intel Research / CMU  National University of Singapore 13 Random Route Intersection: Sybil Nodes  SybilGuard bounds the number of accepted sybil nodes within g*w  g: Number of attack edges  w: Length of random routes  Next …  Convergence property to bound the number of intersections within g  Back-traceable property to bound the number of accepted sybil nodes per intersection within w

Haifeng Yu, Intel Research / CMU  National University of Singapore 14 Bound # Intersections Within g  Convergence: Each attack edge gives one intersection At most g intersections with g attack edges sybil nodeshonest nodes Verifier Suspect must cross attack edge to intersect even if sybil nodes do not follow the protocol same intersection Intersection = (node, incoming edge

Haifeng Yu, Intel Research / CMU  National University of Singapore 15 Bound # Sybil Nodes Accepted per Intersection within w  Back-traceable: Each intersection should correspond to routes from at most w honest nodes  Verifier accepts at most w nodes per intersection  Will not hurt honest nodes Verifier for a given intersection

Haifeng Yu, Intel Research / CMU  National University of Singapore 16 Summary of SybilGuard Guarantees  Power of the adversary:  Unlimited number of colluding sybil nodes  Sybil nodes may not follow SybilGuard protocol  W.h.p., honest node accepts ≤ g*w sybil nodes  g: # of attack edges  w: Length of random route effective replication not much larger than n majority voting n byzantine consensus n/2n/2 Then apps can do If SybilGuard bounds # accepted sybil nodes within

Haifeng Yu, Intel Research / CMU  National University of Singapore 17 Outline  Motivation and SybilGuard basic insight  Overview of SybilGuard: Random routes  Properties of SybilGuard protocol  Evaluation results  Conclusions

Haifeng Yu, Intel Research / CMU  National University of Singapore 18 SybilGuard Protocol  Security:  Protocol ensures that nodes cannot lie about their random routes in the honest region  Decentralized:  No one has global view  Nodes only communicate with direct neighbors in the social network when doing random routes

Haifeng Yu, Intel Research / CMU  National University of Singapore 19   Efficiency: Random routes are performed only once and then “remembered”   No more message exchanges needed unless the social network changes   Verifier incurs O(1) messages to verify a suspect   User and node dynamics:   Different from DHTs, node churn is a non-problem in SybilGuard …   See paper for all the details … SybilGuard Protocol (continued)‏

Haifeng Yu, Intel Research / CMU  National University of Singapore 20 Outline  Motivation and SybilGuard basic insight  Overview of SybilGuard: Random routes  Properties of SybilGuard protocol  Evaluation results  Conclusions

Haifeng Yu, Intel Research / CMU  National University of Singapore 21 Evaluation Results  Simulation based on synthetic social network model [Kleinberg’00] for 10 6, 10 4, 10 2 nodes  With 2500 attack edges (i.e., adversary has acquired 2500 social trust relationships):  Honest node accepts honest node with 99.8% prob  99.8% honest node properly bounds the number of accepted sybil nodes  See paper for full results …

Haifeng Yu, Intel Research / CMU  National University of Singapore 22 Outline  Motivation and SybilGuard basic insight  Overview of SybilGuard: Random routes  Properties of SybilGuard protocol  Evaluation results  Conclusions

Haifeng Yu, Intel Research / CMU  National University of Singapore 23 Conclusions  Sybil attack: Serious threat to collaborative tasks in decentralized systems  SybilGuard: Fully decentralized defense protocol  Based on random routes on social networks  Effectiveness shown via simulation and analysis  Future work:  Implementation nearly finished  Evaluation using real and large-scale social networks

SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky, Phillip Gibbons, Abraham Flaxman Full Technical Report available at: or Google “SybilGuard”