Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu Michael Kaminsky Phillip B. Gibbons Abraham Flaxman Presented by John Mak,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu Michael Kaminsky Phillip B. Gibbons Abraham Flaxman Presented by John Mak,"— Presentation transcript:

1 1 SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu Michael Kaminsky Phillip B. Gibbons Abraham Flaxman Presented by John Mak, Janet Yung

2 2 Outline Introduction to Sybil Attack Model & Problem formulation Sybil Guard Overview Simulation Result & Analysis Conclusion Our views

3 3 Introduction to Sybil Attack P2p and decentralized, distributed systems particularly vulnerable Malicious user obtains multiple fake identities Gain large influence by “out vote” honest users

4 4 Introduction to Sybil Attack Malicious user obtains multiple fake identities Malicious behavior becomes a norm (e.g. Byzantine failures) Many protocols assume < 1/3 malicious nodes Easily create 1/3 nodes  Break defense

5 5 Introduction to Sybil Attack Centralized authority: –Control Sybil attack easily –Verify real life credential –Hard for worldwide to trust –Single point of failure – bottleneck, DOS –Scare away potential users – requires sensitive information

6 6 Introduction to Sybil Attack Decentralized approach is hard: –Harvest (Steal) IP addresses No common IP prefix  Hard to filter –Advertise BGP route on unused block of IP address –Botnet - Co-opt large number of end-user machines

7 7 Introduction to Sybil Attack Not very successful defense approaches: –Resource-challenge approach (computational puzzles) –Network coordinates –Reputation system based on historical behavior

8 8 Model & Problem Formulation Users: –n honest users: single identity –1+ malicious user: multiple identities Identity: –Also called “node” –Sybil identity: malicious user’s identity Defense system –Verifier node V accept another node S –Ideally, V only accept honest nodes.

9 9 Model & Problem Formulation Bounding no. of sybil groups –Divide all nodes into at most g equivalence groups –Sybil Group: equivalence group contains at least one Sybil node –Defense system guarantees no. of groups, without need to know if the group is sybil

10 10 Model & Problem Formulation Bounding size of Sybil Group –at most w nodes in a group –limit no. of sybil nodes accepted each node can accept Summary –decentralized –honest node accepts, and is accepted by most other honest nodes –honest node accepts a bounded number of sybil nodes.

11 11 Social Network Consists of users (nodes) Human established trust relationships Nodes connected by an edge (friend) Real life relationship can bound both the number and size of sybil groups –Usually degree ~ 30 Malicious user fools honest user to trust him/her –an attack edge connected a malicious user and an honest user

12 12 SybilGuard Overview Ensures honest user share at most one edge with sybil nodes created by a malicious user A protocol enables honest nodes to accept a large fraction of the other honest nodes SybilGuard does not increase or decrease the number of edges in the social network as a result of its execution

13 13 SybilGuard Overview Random routes direct random walk for all nodes Pre-computed random permutation –one-to-one mapping from incoming edges to out- going edges Random routes –convergence property –back-traceable property Multiple random routes of a certain length (w)

14 14 Random route Basis of SybilGuard Honest node (verifier) decides whether or not to accept another node (suspect) Honest node’s random route –highly likely to stay within the honest region –Highly likely to intersect within (w) steps If there are (g) attack edges, the number of sybil groups is bounded by (g)

15 15 Fast mixing property Assume social networks tend to be fast mixing, which necessarily means that subsets of honest nodes have good connectivity to the rest of the social network Assume the verifier is itself an honest node

16 16 Attack edge

17 17 Key exchange Each pair of friendly nodes shares a unique symmetric secret key (password) called the edge key Key distribution is done out-of-band Each honest node constrains its degree within some constant (e.g. 30) in order to prevent the adversary from increasing the number of attack edges (g) dramatically

18 18 Limits attack edges Limited number of attack edges (g) Adding new attack edge needs out-of- band verification Malicious users: –Hard to convince honest users to be friends –Quite difficult to do on a large scale

19 19 Common ways adversary may use to increase g Befriending with honest users in real life Convince honest node to accept sybil nodes as friends Compromises a large fraction of nodes in the system. –The adversary does not even need to launch a sybil attack. SybilGuard will not help here. Botnet –Challenging to acquire a botnet containing many nodes that already in the system.

20 20 Random route Convergence property –Once two routes traverse the same edge along the same direction, they will merge and stay merged (i.e. the convergence property) Back-traceable property –Using a permutation as the routing table further guarantees that the random routes are back-traceable There can be only one route with length (w) that traverses the same section of route (e)

21 21 Problems of random route Loop (same edge more than once) –Unlikely to form in a fast mixing graph Enters the sybil region –Unlikely according to: THEOREM 1. For any connected and non-bipartite social network, the probability that a length-w random walk starting from a uniformly random honest node will ever traverse any of the g attack edges is upper bounded by gw/n. In particular, when w = Θ(√nlogn) and g = o(√n/logn), this probability is o(1).

22 22 SybilGuard Design Use redundancy –Instead of performing one random route –A node with degree (d) performs random routes along each of its edges Verifier V accept suspect S –If exist d/2 routes from the verifier node –One of V’s route accept S if that route intersect with one of S’s route

23 23 Registry table Each node will maintain and propagate one’s registry tables and witness tables to its neighbors SybilGuard requires a node to register with all (w) nodes along each of its routes by using public key cryptography When a verifier V wants to verify S, V will ask the intersection point between S’s route and V’s route whether S is indeed registered

24 24 Registry & Witness tables

25 25 Bandwidth consumption Studying a one million nodes social network w=2000 Data sent by each node for registry table is small Bandwidth consumption acceptable –since the registry table updates are needed only when social trust relationships change

26 26 Witness table Propagated and updated in a similar fashion as the registry table Backward Updated when a node’s IP address changes Can be done lazily in the verification process

27 27 Verify process For a node V to verify a node S –find the intersection nodes for all of its routes by the witness tables downstream –Authenticates the intersection node one by one by the private key –Ask that node to check if S’s public key is store in one of its registry tables. –If S’s public key is found, that route of V will accept S

28 28 Verify Process If more than half of the route from V accept S, –node V will accept node S –V will interact will S later by request S to encrypt its message by its private key For the sybil nodes region with (g) attack edges, –Polluted entries in registry tables bounded by g*w*w/2 –still less than half of the total number of entries n*d*w –even with g*w tends to (n) with (d) being the degree of each node (d >= 2) and (n) being the total number of nodes

29 29 Route length w Constraints: Must be sufficiently small to ensure remains entirely within the honest region Must be sufficiently large to ensure that routes will intersect with high probability w related to n –Challenging because we do not know n for a decentralized system

30 30 Route length w Determine locally by sampling Node A performs short random walk (e.g. 10 hops) at node B Assume B is honest (with high probability) A checks no. of hops for intersection with their random routes –A asks for the witness tables from B. Repeat above, calculate median value.

31 31 Sybil Guard under Dynamics Bypass offline nodes –V verify other node S Probably multiple intersection points V have at least one intersection point online –Propagate registry & witness tables User creation / deletion / ip address change Infrequent changes –Lookahead route table Store information of next K hops

32 32 Sybil Guard under Dynamics Incremental routing table maintenance –Instead of re-create a new permutation –Make changes in current permutation Add –X 1  X 2  X 3  X 4  (insert at end) –X 1  X 2  (insert here)  X 4  X 3 Delete “3” –Before: X 1  X 2  X 3  X 4  X 5 –After: X 1  X 2  X 5  X 4

33 33 Attacks Exploiting Node Dynamics Potential attacks under Node Dynamics –Malicious user M change public key to key2 –Suppose D  A  B  C –Suppose revoke key1 –Random routes along all directions –D’s key3 will overwrite key2

34 34 Probability of Intersection Kleinberg’s synthetic social network model a million-node graph with average node degree of 24

35 35 Results with no Sybil Attackers Probability of random routes being loops –Loop reduces effective length of random route –Loop is very rare –99.3% of the routes do not form loops in their first 2500 hops

36 36 Results with no Sybil Attackers Probably of honest node being accepted –at least one intersection point online –If at least 10 online/offline intersection points  verification succeeds –In 1 million-node graph w = 300 probability = 99.96% having >=10 intersections

37 37 Results with no Sybil Attackers Estimate random route length w –Sampling technique to determine w –Node A choose a node B to determine w –Node B – not necessarily uniformly random –Need to re-estimate daily

38 38 Probability of routes in honest region 1 million-node graph 100% for g <=2000; 99.8% for g=2500 0.2% -- Nodes befriending with sybil attackers

39 39 Probability of honest nodes being accepted Still 99.8% with 2500 attack edges Redundancy is necessary

40 40 Our views Hard to link real life to virtual network? –My real life friends may not join the virtual network –Maybe centralized authentication better? 99.8% honest nodes accepted, but 0.2% not accepted. –The 0.2% is honest

41 41 Others’ views Fast mixing assumption in social network –Japanese’s social network may not mix with US social network?

Download ppt "1 SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu Michael Kaminsky Phillip B. Gibbons Abraham Flaxman Presented by John Mak,"

Similar presentations

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Krishna P. Gummadi Networked Systems Research Group MPI-SWS

Krishna P. Gummadi Networked Systems Research Group MPI-SWS
Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.

Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.

© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.
An Analysis of Social Network-Based Sybil Defenses Sybil Defender

An Analysis of Social Network-Based Sybil Defenses Sybil Defender
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Detecting Phantom Nodes in Wireless Sensor Networks Joengmin Hwang Tian He Yongdae Kim Department of Computer Science, University of Minnesota, Minneapolis.

Detecting Phantom Nodes in Wireless Sensor Networks Joengmin Hwang Tian He Yongdae Kim Department of Computer Science, University of Minnesota, Minneapolis.
Toward an Optimal Social Network Defense Against Sybil Attacks Haifeng Yu National University of Singapore Phillip B. Gibbons Intel Research Pittsburgh.

Toward an Optimal Social Network Defense Against Sybil Attacks Haifeng Yu National University of Singapore Phillip B. Gibbons Intel Research Pittsburgh.
Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.

Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.
Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.

Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Haifeng Yu National University of Singapore

Haifeng Yu National University of Singapore
Sybil Attack Hyeontaek Lim 15-744 November 12, 2010.

Sybil Attack Hyeontaek Lim November 12, 2010.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Peer to Peer File Sharing Huseyin Ozgur TAN. What is Peer-to-Peer?  Every node is designed to(but may not by user choice) provide some service that helps.

Peer to Peer File Sharing Huseyin Ozgur TAN. What is Peer-to-Peer?  Every node is designed to(but may not by user choice) provide some service that helps.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
© 2003 By Default! A Free sample background from www.powerpointbackgrounds.com Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,

© 2003 By Default! A Free sample background from Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)

1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)
Dynamic Hypercube Topology Stefan Schmid URAW 2005 Upper Rhine Algorithms Workshop University of Tübingen, Germany.

Dynamic Hypercube Topology Stefan Schmid URAW 2005 Upper Rhine Algorithms Workshop University of Tübingen, Germany.

Similar presentations

Ads by Google