Presentation is loading. Please wait.

Presentation is loading. Please wait.

SybilCast: Broadcast on the Open Airwaves SETH GILBERT, CHAODONG ZHENG National University of Singapore.

Published byAmos Thornton Modified over 9 years ago

Similar presentations

Presentation on theme: "SybilCast: Broadcast on the Open Airwaves SETH GILBERT, CHAODONG ZHENG National University of Singapore."— Presentation transcript:

1 SybilCast: Broadcast on the Open Airwaves SETH GILBERT, CHAODONG ZHENG National University of Singapore

2 Base Station u u v v Sunday afternoon in Starbucks  v2 v3 v1 v4 v7 v8 v6 v9 v5 We have a Sybil attack!  Sybil identities: AliceSean B/2 B/10 …

3 Radios can access many channels u u msgAck for msg x x  msg  channel one channel two Honest users: always pass the test! Malicious users: lose (fake) id with 50% chance! Use radio resource testing! [1] N. James, E. Shi, D. Song, and A. Perrig. The sybil attack in sensor networks: Analysis & defenses. [2] D. Mónica, J. Leitão, L. Rodrigues, and C. Ribeiro. On the use of radio resource tests in wireless ad-hoc networks. Base Station v v y y !ALERT!

4 Challenges  Colluding:  Malicious users can cover more than one channel  Other malicious behavior:  Malicious user jam channels, and/or spoof messages  Continuous nature of the system:  Cannot run a set of tests and then stick to normal data deliver protocols  Efficiency of detection:  Overhead for detecting sybil identities must be low

5 Overview 1. Introducing sybil attacks 2. Model and problem 3. The SybilCast protocol:  Structure  Why it works

6 Model Base Station v v w w Channel two Channel c … Channel one

7 Channel two Channel c … Channel one Malicious users Base Station v v w w Sean Shirley x x y y q q r r #$%@#%#^@#^@ Quit

8 Channel two Channel c … Channel one Problem: fair bandwidth access u u Sean Shirley data Base Station

9 Introducing SybilCast  Three phases per epoch:  Registration phase: new users join the network  Data phase: registered users receive data and authentication information  Verification phase: base station checks registered users time … d registered identities registration phase: at most d new ids registered data phase: at most 2d ids present verification phase: s ids removed 2d-s registered identities … one epoch

10 Why those lengths?  Balance sybil identities’ admission rate and honest identities’ admission rate:  Fast admission → Low registration overhead  However: Fast admission → More sybil identities → Low throughput  Registered identities at most double! time … d registered identities registration phase: at most d new ids registered data phase: at most 2d ids present verification phase: s ids removed 2d-s registered identities … one epoch

11 Registration phase … …

12 Challenges and Tools  Avoid jamming  Random uncoordinated frequency hopping  Authenticating nodes (to counter spoofing):  Hash chain  Avoid contention among nodes:  Backoff protocol (ensures delivery of single partial seed)  Registration list (ensures enough partial seeds)

13 Structure of SybilCast  Three phases per epoch:  Registration phase: new users join the network  Data phase: registered users receive data and authentication information  Verification phase: base station checks registered users time … d registered identities registration phase: at most d new ids registered data phase: at most 2d ids present verification phase: s ids removed 2d-s registered identities … one epoch

14 Channel one Channel two Channel three Data phase  Goal: deliver data and nonces to registered identities  Procedure for each round:  Base station chooses a random registered identity  Send a packet on the pre-agreed channel with data and nonce  Intended receiver get the data  All nodes on that channel record the nonce! Base Station u u v v w w random binary string datanonce

15 The Power of the Nonce TM

16 Verification phase

17 p finishes registration Putting everything together time … p initiate a request … epoch iepoch i+1epoch i+2epoch j p obtains first partial seed

18 Putting everything together

19

20 SybilCast’s key property

21 THIS IS IT!  SybilCast solves fair bandwidth allocation despite:  Sybil attacks! Jamming! Spoofing!  Combination of existing tools:  Radio resource testing, frequency hopping, hash chain, …  And innovations:  Admission rate control, deferred verification, …  Distri-SybilCast?  If you have questions, now is the time! Conclusion

Download ppt "SybilCast: Broadcast on the Open Airwaves SETH GILBERT, CHAODONG ZHENG National University of Singapore."

Similar presentations

A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,

A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,
Chris Karlof and David Wagner

Chris Karlof and David Wagner
Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.

Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.
Min Song 1, Yanxiao Zhao 1, Jun Wang 1, E. K. Park 2 1 Old Dominion University, USA 2 University of Missouri at Kansas City, USA IEEE ICC 2009 A High Throughput.

Min Song 1, Yanxiao Zhao 1, Jun Wang 1, E. K. Park 2 1 Old Dominion University, USA 2 University of Missouri at Kansas City, USA IEEE ICC 2009 A High Throughput.
Fine-grained Channel Access in Wireless LAN SIGCOMM 2010 Kun Tan, Ji Fang, Yuanyang Zhang,Shouyuan Chen, Lixin Shi, Jiansong Zhang, Yongguang Zhang.

Fine-grained Channel Access in Wireless LAN SIGCOMM 2010 Kun Tan, Ji Fang, Yuanyang Zhang,Shouyuan Chen, Lixin Shi, Jiansong Zhang, Yongguang Zhang.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
KAIS T Message-In-a-Bottle: User-Friendly and Secure Key Deployment for Sensor Nodes Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig(CMU), Sensys07 2007.

KAIS T Message-In-a-Bottle: User-Friendly and Secure Key Deployment for Sensor Nodes Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig(CMU), Sensys
The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04.

The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04.
Luu Anh Tuan. Security protocol Intruder Intruder behaviors Overhead and intercept any messages being passed in the system Decrypt messages that are.

Luu Anh Tuan. Security protocol Intruder Intruder behaviors Overhead and intercept any messages being passed in the system Decrypt messages that are.
Explicit and Implicit Pipelining in Wireless MAC Nitin Vaidya University of Illinois at Urbana-Champaign Joint work with Xue Yang, UIUC.

Explicit and Implicit Pipelining in Wireless MAC Nitin Vaidya University of Illinois at Urbana-Champaign Joint work with Xue Yang, UIUC.
Multiple Access Methods. When nodes or stations are connected and use a common link (cable or air), called a multipoint or broadcast link, we need a.

Multiple Access Methods. When nodes or stations are connected and use a common link (cable or air), called a multipoint or broadcast link, we need a.
LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006.

LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.

Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.
Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi.

Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
1 Sustaining Cooperation in Multi-Hop Wireless Networks Ratul Mahajan, Maya Rodrig, David Wetherall and John Zahorjan University of Washington Presented.

1 Sustaining Cooperation in Multi-Hop Wireless Networks Ratul Mahajan, Maya Rodrig, David Wetherall and John Zahorjan University of Washington Presented.
Cooperation in Wireless Networks Andrea G. Forte Henning Schulzrinne November 14, 2005.

Cooperation in Wireless Networks Andrea G. Forte Henning Schulzrinne November 14, 2005.
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
TiZo-MAC The TIME-ZONE PROTOCOL for mobile wireless sensor networks by Antonio G. Ruzzelli Supervisor : Paul Havinga This work is performed as part of.

TiZo-MAC The TIME-ZONE PROTOCOL for mobile wireless sensor networks by Antonio G. Ruzzelli Supervisor : Paul Havinga This work is performed as part of.

Similar presentations

Ads by Google