Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs The University of Michigan Scott Wolchok J. Alex Halderman The University of Texas at Austin Owen S. Hofmann Christopher J. Rossbach Brent Waters Emmett Witchel Princeton University Nadia Heninger Edward W. Felten

 Generally target reputation systems  The attacker creates a huge number of pseudonyms  Results in attacker controlling a huge percentage of “entities” aka nodes in the system  Synonymous with “pseudospoofing”  “Sybil attack” circa 2002, “pseudospoofing” pre-2002

 Nodes and keys each have a 160-bit Identifier.  Each node stores keys which are “closest to it”  To join, a node does a lookup for its own ID, which eventually results in discovering the 20 peers closest to it in the DHT  When an existing node is contacted by a new peer that is within the 20 closest to itself, it identifies the keys which should be owned by that new node and immediately stores those keys to the new node  Nodes are forced to use nodeID = H(IP,Port)

 Sybil Attacks are difficult and expensive to execute against the 1M+ Node Vuze DHT

 An experimental private Vuze DHT was used to attempt a Sybil attack  In an 8K node DHT, 600 Sybils were not able to recover even 1 in 1000 experimental VDO’s  In the same 8K node DHT, 710 Sybils were able to recover 25% of nodes with N=150, T=70%  Calculated that 820 Sybils are required to crack 25% of VDO’s with N=50, T=90%  Concluded that ≥87,000 Sybils required to crack 25% VDO’s on the real Vuze DHT

 Calculated that a single “small” Amazon EC2 instance could run 50 Sybils  Calculated that to run 87,000 simultaneous Sybils would cost $860K/year (in 2009)

 If the analysis by the Vanish authors is correct, some people would be well assured they are safe  May lead to irresponsible data handling practices by vanish users

Image Credit: “Defeating Vanish” ; Wolchok et al. (2010) pp5

 Uses the native Vuze DHT client with minor modifications  One DHT client joins the Vuze DHT for only 150 seconds  While it is joined, any store request between bytes is archived to permanent storage  After 150 seconds, the client is restarted and “hops” to a new UPD port – Therefore obtaining a new Node ID

 10x “small” amazon EC2 instances  Each instance can support 50 concurrent Vuze DHT clients (due to 1.7Gb memory constraint)

 To recover 92% of key shares, it would cost $23,500 to operate UnVanish continuously for 1 year using Amazon EC2

 A new (incomplete) Vuze DHT client  Written in 2036 lines of C  Responds to all PING and STORE commands  Responds selectively to FIND-NODE commands  Completely ignores all other DHT protocol commands  A single process manages “many” DHT clients  DHT clients are on the network for 3 minutes between hops

 10x “small” Amazon EC2 instances  (320K effective Sybils)  A single EC2 instance can host “Thousands” of effective DHT clients

 Tested the N=10 and T=70% “default” FireVanish configuration  320K Effective Sybils  99.4% of shares were found and archived

 Tested N=10, T=70%  270K Effective Sybils  99.5% of shares were found and archived

 Tested N=10, T=70  80K Effective Sybils  91.8% of shares found and archived  Similar to the 92% of shares recovered by UnVanish.

Image Credit: “Defeating Vanish” ; Wolchok et al. (2010) pp8

 For N=10, T=70%  $1950/yr = 25% VDO Recovery  $3750/yr = 90% VDO Recovery  $5900/yr = 99% VDO Recovery  For N=10, T=90%  $3150 /yr = 25% VDO Recovery  $7350 /yr = 90% VDO Recovery  $11950/yr = 99% VDO Recovery  For N=50, T=90%  $4850/yr = 25% VDO Recovery  $6900/yr = 90% VDO Recovery  $9000/yr = 99% VDO Recovery  Storage Costs are not included, but the authors estimate storage costs would be about $80/year to store 510 GB of data that matches the fingerprint of a “share” for vanish.

Image Credit: “Defeating Vanish” ; Wolchok et al. (2010) pp9

#1 Reason:  The Vanish authors assumed that nodes must remain online constantly to carry out the Sybil attack, when actually they only needed about 3 minutes of up time in the 8-hour period.

#2 Reason  The Vanish authors extrapolated incorrectly Image Credit: “Vanish” ; Geambasu, Kohno, Levy, Levy (2009) pp14

 The “Defeating Vanish” Authors show that the difference between 25% of VDO’s vs. 90% of VDO only takes a 53% increase in effective Sybils  This is because they use a probabilistic model instead of extrapolating experimental data

 Raise the threshold  Bad Idea – 99/100 shares required would make VTO’s expire too early  Attacker could be more vigilant in scraping the DHT  Switch Vanish to a Private DHT  Node membership is closed – Bad Idea – Fewer maintainers make fewer hands to grease  Would essentially be a trusted 3 rd party  Solutions already exist that are easier to implement and faster

 Add Client Puzzles  Would certainly raise the cost of Sybil attack from EC2  Botnets would still easily solve this problem  Restrict Node ID’s  Right now, a single IP can have simultaneous registered nodes.  Limiting nodes per IP would increase the number of IP addresses required to do the Sybil attack  Does not limit botnet attacks

 Detect Attackers  Look for nodes that don’t act like other nodes and penalize them  Look for IP addresses with lots of nodes  Peruse – Can scan the entire Vuze network in less than 60 minutes  Found that the vast majority of IP addresses host a single node  Identified all of their test systems  Identified 10 systems at the University of Washington used for Vanish demonstrations

 Social Networking  Require that nodes certify that they “know” other nodes  Social networks have shown people will claim to know other people when in fact they don’t  Could affect viability of DHT – Less participation with higher entry barrier