1. The Sybil Attack By John R. Douceur Presented by Samuel Petreski March 31, 2009

2.  Terminology  Background  Motivation for Sybil Attack  Formal Model  Lemmas  Conclusion  Resources Outline

3.  Entity › An entity is a collection of material resources, of specifiable minimal size, under control of a single group  Identity › Persistent information abstraction provably associated with a set of communication events  Validation › Determination of identity differences Terminology

4.  Existence of multiple unique identities to mitigate possible damage by other hostile entities › Increase and improve system reliability (replication) › Protect against integrity violations (data loss) and privacy violations (data leakage)  Lowers system reliability › The same entity creates multiple identities Background

5.  One entity presents multiple identities for malicious intent  Disrupt geographic and multi-path routing protocols by “being in more than one place at once” and reducing diversity  Relevant in many contexts › P2P network › Ad hoc networks › Wireless sensor networks Motivation for Sybil Attack

6.  A set of infrastructural entities e  A broadcast communication cloud  A pipe connecting each entity to the cloud  Entity Subset C ( correct )  Entity Subset F ( faulty )  Links are virtual, not physical › Accounts for spoofing and packet sniffing › Does not provide for central means of ID Formal Model

8.  Lemma 1 › “If p is the ratio of the resources of a faulty entity to the resources of a minimally capable entity, then f can present g=floor(p) distinct identities to local entity L” › Lower bound ->Upper bound  Restricting communication resources  Restricting storage resources  Restricting computation resources Lemmas (Direct Validation)

9.  Lemma 2 › “If a local entity L accepts entities that are not validated simultaneously, then a single faulty entity f can present an arbitrarily large number of distinct identities to entity L”  Intrinsically temporal resources, make this lemma insurmountable  If an accepted entity ever fails to meet a challenge, we can catch a Sybil attack Lemmas (Direct Validation)

10.  Lemma 3 › “If local entity L accepts any identity vouched for by q accepted identities, then a set F of faulty entities can present an arbitrarily large number of distinct to L if either |F|>=q, or the collective resources available to F at least equals q+|F| minimally capable entities” › Trivially evident Lemmas (Indirect Validation)

11.  Lemma 4 › “If the correct entities in set C do not coordinate time intervals during which they accept identities, and if local entity L accepts any identity vouched for by q accepted identities, then even a minimally capable faulty entity f can present g=floor(|C|/q) distinct identities to L.” › As in Lemma 1, this shows that a faulty entity can amplify its influence, and related number of faulty entities to faulty identities. Lemmas (Indirect Validation)

12.  P2P systems use redundancy to diminish dependence on hostile peers  Systems relying on implicit certification are particularly vulnerable ( eg. IPv6 )  Absence of identification authority requires issuance of ‘challenges’ to determine veracity Conclusion

13. Questions

14.  John Douceur: The Sybil Attack. IPTPS 2003. http://www.cs.rice.edu/Conferences/IPTPS0 2/101.pdf http://www.cs.rice.edu/Conferences/IPTPS0 2/101.pdf  http://ww2.cs.fsu.edu/~jiangyhu/sybil- attack.ppt http://ww2.cs.fsu.edu/~jiangyhu/sybil- attack.ppt  Brian N. Levin: A Survey of Solutions to the Sybil Attack. http://prisms.cs.umass.edu/brian/pubs/levin e.sybil.tr.2006.pdf http://prisms.cs.umass.edu/brian/pubs/levin e.sybil.tr.2006.pdf  Wikipedia: Sybil Attack. http://en.wikipedia.org/wiki/Sybil_attack http://en.wikipedia.org/wiki/Sybil_attack Resources