Presentation is loading. Please wait.

Presentation is loading. Please wait.

Md. Tanvir Al Amin 04 09 05 2064 Shah Md. Rifat Ahsan 10 09 05 2060 CSE 6809 – Distributed Search Techniques.

Published byGwendolyn Chambers Modified over 9 years ago

Similar presentations

Presentation on theme: "Md. Tanvir Al Amin 04 09 05 2064 Shah Md. Rifat Ahsan 10 09 05 2060 CSE 6809 – Distributed Search Techniques."— Presentation transcript:

1 Md. Tanvir Al Amin 04 09 05 2064 Shah Md. Rifat Ahsan 10 09 05 2060 CSE 6809 – Distributed Search Techniques

2 A 1973 book by F. R. Schreiber about a patient called “Sybil Dorsett” (pseudonym) “Sybil” was suffering from dissociative identity disorder She manifested 16 different personalities Douceur [IPTPS 2002] was the first to consider the multiple identity problem in the context of structured peer-to-peer networks, which was named "Sybil Attack"

3 In a sybil attack, a malicious user obtains multiple fake identities and pretends to be multiple, distinct nodes in the system. Is found in both P2P and non P2P systems.

4 Structured overlays are efficient node lookup systems. They are highly scalable, efficient, and reliable. These characteristics are achieved by deterministically replicating and recalling content within awidely distributed and decentralized network. One practical limitation of these networks is that they are frequently subject to Sybil attacks Malicious parties can compromise the network by generating and controlling large numbers of shadow identities.

5 Rig Internet polling by using multiple IP addresses to submit votes. Increase Google Page-Rank rating of a page. Reputation systems are a common target for Sybil attacks. Bugmenot.com Sharing of iTunes passwords for shared media access Sybil attacks have been observed in the Maze P2P system (Lian et al., ICDCS 2007) Steiner et al., CCR 2007 Demonstrated to be surprisingly easy in practice, e.g., in the widely-used eMule system

6 Structured P2P networks such as Chord take very limited measures against a Sybil attack, an attacker can obtain many IDs and hence many nodes in the network. This will allow an attacker to take advantage of two major vulnerabilities from which such networks suffer, routing mechanism and object serving mechanism.

7 Sybil nodes can be malicious. They can provide wrong information Think about a sybil node taking part at SETI@HOME project Sybil nodes can launch a DoS attack on a P2P system Suppose the DHT lookup includes a sybil node You may fall in Infinite loop !! Or the Sybil node may provide ostensibly wrong data !! A virus in place of a program

8 Imagine that there is network of dissident free- thinkers (called honest nodes) in the Byzantine Empire They are connected by social links Each dissident keeps track of his immediate friends, so they are always in contact.

9 The regime employs a number of spies (Sybil nodes) who infiltrate the network by gaining the trust of honest nodes. A link between an honest node and a Sybil node is called an attack edge. Honest nodes cannot distinguish between attack edges and honest edges, and furthermore, spies can create an arbitrary number of connections to an arbitrary number of other spies (the regime’s Sybil identities).

10

11 P2P mania! Chord, Pastry, Tapestry, CAN The Sybil Attack [Douceur], Security Considerations [Sit, Morris] Restricted tables [Castro et al] BFT [Rodrigues, Liskov] SPROUT, Turtle, Bootstrap graphs Puzzles [Borisov] CAPTCHA [Rowaihy et al] SybilLimit [Yu et al] SybilInfer, SumUp, DSybil Whanau P2P mania!

12 Because Sybil attacks result from entities misidentifying themselves, requiring all nodes to authenticate with public keys is a one approach to securing these networks. Douceur showed that without the use of a centralized authority that certifies all nodes, it is impossible to prevent this attack.

13 Srivatsa and Liu [18] suggested the use of certificates with limited lifetime issued by the bootstrap entry point that bind a node with a unique ID. This would limit the number of IDs an adversary can obtain during a time period and will depend on the lifetime of the ticket. However, requiring all nodes to obtain a certificate that will bind it with a unique ID is not only expensive but will require either releasing private information or paying an amount of money for the service. Decentralized mechanisms for limiting Sybil attacks are therefore more palatable.

14 Threshold-based protocols : In this scheme, a new node becomes the part of the network if it gets a pre-specified number of trust certificates from a group of trusted nodes. This method does not provide high-level security because a Sybil attacker can take control of the network by generating the identities to meet the threshold requirements. Sybil Resisting DHT Routing: A routing strategy that is performed using a diverse set of nodes that minimizes the reliance only on the local nodes which may be controlled by the malicious node. Reduced number of corrupted nodes in the honest node's routing table makes a significant difference on the performance of DHTs.

15 Trusted Devices : In this scheme, entities in an application can be linked in some secure fashion to a specific hardware device. Here exists no special methods of preventing an attacker from obtaining multiple devices. The idea is that the cost of acquiring multiple devices is high.

16 Storage Give each node a large amount of uncompressible data and randomly verify small excerpts. Computation Ask the node to solve a difficult computational puzzle whose solution is easy to check. Money Charge some amount of money for each new Money: Charge some amount of money for each new identity.

17 Sybil-proof routing using social network A set of honest nodes connected by trust relationship and there is no idea of central trusted node. An adversary node creates multiple identities and try to gain the trust of the honest nodes. But the assumption here is that most honest nodes have more social connection to other honest nodes than the sybils.

18 SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu Michael Kaminsky Phillip B. Gibbons Abraham Flaxman SIGCOMM 2006 SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks Haifeng Yu Michael Kaminsky Phillip B. Gibbons Feng Xiao Oakland 2008 A Sybil-Proof Distributed Hash Table Chris Lesniewski-Laas, M. Frans Kaashoek NSDI 2010

19 Slide courtesy Kaashoek, Lesniewski-Laas

20

21 Sybil region Honest region … Attack edges Slide courtesy Kaashoek, Lesniewski-Laas

22 We want to incorporate AI based features in Sybil detection. Trusted voting mechanism Learning mechanism (Bayesian learning or some other advanced learning) Feature discovery options for Trust zone and Sybil zone. Maximum likelihood Framework Efficient DHT lookup bypassing Sybil nodes Learning mechanism Redundancy in lookup Effective use of majority voting

23 The Sybil Attack -John R.Douceur,Microsoft Research Security Considerations for Peer-to-Peer Distributed Hash Tables -Emil Sit and Robert Morris Sybil-resistant DHT routing -George Danezis1, Chris Lesniewski-Laas,M. Frans Kaashoek2, and Ross Anderson1 Computational Puzzles as Sybil Defenses- Nikita Borisov SybilGuard: Defending Against Sybil Attacks via Social Networks - Haifeng Yu Michael Kaminsky, Phillip B. Gibbons Abraham Flaxman A Survey of Solutions to the Sybil Attack - Brian Neil Levine1 Clay Shields2 N. Boris Margolin1

24 Cybil Occupation Chief Mouser to the Cabinet Office EmployerQueen Elizabeth II TitleDowning Street cat Do you know my name is Cybil too ??

Download ppt "Md. Tanvir Al Amin 04 09 05 2064 Shah Md. Rifat Ahsan 10 09 05 2060 CSE 6809 – Distributed Search Techniques."

Similar presentations

An analysis of Social Network-based Sybil defenses Bimal Viswanath § Ansley Post § Krishna Gummadi § Alan Mislove ¶ § MPI-SWS ¶ Northeastern University.

An analysis of Social Network-based Sybil defenses Bimal Viswanath § Ansley Post § Krishna Gummadi § Alan Mislove ¶ § MPI-SWS ¶ Northeastern University.
Distributed Hash Tables

Distributed Hash Tables
Peer to Peer and Distributed Hash Tables

Peer to Peer and Distributed Hash Tables
The Sybil Attack By John R. Douceur Presented by Samuel Petreski March 31, 2009.

The Sybil Attack By John R. Douceur Presented by Samuel Petreski March 31, 2009.
CHORD – peer to peer lookup protocol Shankar Karthik Vaithianathan & Aravind Sivaraman University of Central Florida.

CHORD – peer to peer lookup protocol Shankar Karthik Vaithianathan & Aravind Sivaraman University of Central Florida.
Ion Stoica, Robert Morris, David Liben-Nowell, David R. Karger, M

Ion Stoica, Robert Morris, David Liben-Nowell, David R. Karger, M
Krishna P. Gummadi Networked Systems Research Group MPI-SWS

Krishna P. Gummadi Networked Systems Research Group MPI-SWS
Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.

Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.
Toward an Optimal Social Network Defense Against Sybil Attacks Haifeng Yu National University of Singapore Phillip B. Gibbons Intel Research Pittsburgh.

Toward an Optimal Social Network Defense Against Sybil Attacks Haifeng Yu National University of Singapore Phillip B. Gibbons Intel Research Pittsburgh.
Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.

Peer-to-Peer Systems Kulesh Shanmugasundaram Security Issues.
A Sybil-proof DHT using a social network Socialnets workshop April 1, 2008 Chris Lesniewski-Laas MIT CSAIL.

A Sybil-proof DHT using a social network Socialnets workshop April 1, 2008 Chris Lesniewski-Laas MIT CSAIL.
Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.

Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.
Haifeng Yu National University of Singapore

Haifeng Yu National University of Singapore
Sybil Attack Hyeontaek Lim 15-744 November 12, 2010.

Sybil Attack Hyeontaek Lim November 12, 2010.
1 SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu Michael Kaminsky Phillip B. Gibbons Abraham Flaxman Presented by John Mak,

1 SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu Michael Kaminsky Phillip B. Gibbons Abraham Flaxman Presented by John Mak,
FRIENDS: File Retrieval In a dEcentralized Network Distribution System Steven Huang, Kevin Li Computer Science and Engineering University of California,

FRIENDS: File Retrieval In a dEcentralized Network Distribution System Steven Huang, Kevin Li Computer Science and Engineering University of California,
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.
March 2009 (IETF 74)IETF - P2PRG1 Security Issues and Solutions in Peer-to- peer Systems for Real-time Communications draft-schulzrinne-p2prg-rtc-security-00.

March 2009 (IETF 74)IETF - P2PRG1 Security Issues and Solutions in Peer-to- peer Systems for Real-time Communications draft-schulzrinne-p2prg-rtc-security-00.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Similar presentations

Ads by Google