Presentation is loading. Please wait.

Presentation is loading. Please wait.

Defending Against Sybil Attacks Paul Parker Advisor: Shouhuai Xu.

Published byRosanna Beasley Modified over 9 years ago

Similar presentations

Presentation on theme: "Defending Against Sybil Attacks Paul Parker Advisor: Shouhuai Xu."— Presentation transcript:

1 Defending Against Sybil Attacks Paul Parker Advisor: Shouhuai Xu

2 Talk Outline Intro and Motivation Problem Definition Existing Work Intended Approach Results So Far

3 P2P and Other Self-Organizing Networks Backup File Sharing Distributed Computation Distributed File Systems Farsite GFS Organic GRID

4 Sybil Attack

5 Why Use Sybil Attack? disruption for-profit motives: RIAA [drop?] disproportionate access to resources (computation, storage) control network

6 Problem Definition Detect creation of multiple node identities from a single physical node without a central certifying authority

7 Existing Work: Is Preventing Sybil Attacks Possible? John Douceur, Microsoft Research “The Sybil Attack”, IPTPS '01 (First International Workshop on Peer-to-Peer Systems (revised paper 2002)) named and introduced problem strong negative theoretical results for networks without a centralized authority

8 Douceur’s Assumptions set of entities (i.e., nodes) synchronous broadcast cloud message recv’d by all entities w/i bounded time message finite length bit string no direct links between entities (“form of centrally supplied authentication”) identity – abstraction that persists across multiple communication events Assumptions meant to be extremely general

9 Douceur’s Model Entity behavior: correct entities will present 1 legitimate identity faulty entities will present 1 legitimate identiy and ≥ 1 counterfeit identity How could we possibly verify identities? Assume attacker has limited resources Distinguish identities via resource-consumption challenge: CPU storage network bandwidth Example: simultaneously issue puzzle to all claimed identities that takes 1 second for 1 GHz computer to solve

10 Douceur’s Lemmas Direct validation: 1.Any faulty entity f can present as many distinct identities as the ratio of its power to minimal power e.g., 3 GHz CPU could present 3 identities at 1 GHz minimum 2.If an entity l accepts identities that are not validate simultaneously, a single f can present arbitrarily many distinct identities to l e.g., 1 GHz computer could present 3 identities over 3 seconds Indirect validation: 3.If an entity l accepts identities vouched for by q accepted identities, then F can present arbitrarily many identities to l if |F| > q or F has at least q + |F| resources 4.Without simultaneous challenges, even a minimally-capable entity f can present |C|/q distinct identities to l. Possibly not actual proofs, but very closely reasoned

11 Douceur’s Conclusion “attacks always possible except under extreme and unrealistic assumptions of resource parity and coordination among entities” i.e., to prevent attacks must assume: all entities have nearly identical capabilities all presented identities are simultaneously checked by all entities across the entire system therefore in heterogeneous real systems such as Internet, Sybil attacks always possible

12 Existing Work: New Ideas On the Establishment of Distinct Identities in Overlay Networks, Bazzi & Konjevod, PODC 2005 establishing pairwise distinctness often helpful distinctness test yields true or unknown Douceur abstracted out potentially helpful details real networks physically embedded in geometric spaces

13 BK2005 Assumptions actual distance between 2 entities approx. satisfies metric properties symmetry (bc=cb) definiteness (ab exists) triangle inequality (ab+bc≥ac) sending message to and from 2 entities (Round-Trip Time) no faster than function of the actual distance a bc 4 3 3 5

14 BK2005 Example: Using Latency to Distinguish Nodes A and B sign certificates for C and D Practical technique Assumptions: triangle inequality holds (c ≤ a + b) occasional network quiescence A (trusted) B (trusted) CD 100 ms RTT 30 ms RTT ??

15 More BK2005 Assumptions Euclidean or Spherical Geometry can model RTT distances: i.e., nodes can be embedded into Euclidean space R d or spherical space S d with little or no error on RTT distance Hence have metric properties Note similar to assuming efficient routing Limited number of corrupt beacons Asynchronous unreliable network over long periods of time, occasional quiescence will allow synchrony and reliability these allow computing distance between beacons Broadcast or point-to-point message models

16 BK2005 Theorems Can certify distinctness in presence of: trusted beacons: corrupt applicant (in convex hull in R d, or in S d anywhere) multiple colluding entities for broadcast up to d multiple colluding entities for point-to- point (d=dimensionality of space) up to f corrupt beacons at least f+d+1 correct ones, one corrupt applicant or multiple colluding corrupt applicants

17 BK2005 Conclusions can prevent Sybil attacks via geometric distinctness certification (given assumptions) nice theoretical results translation to real work requires significant investigation “a lot more work” to make this of “more practical value” generalization of first example “has a good chance of leading to solutions that can be used in practice”

18 Existing Work: Another Idea Remote physical device fingerprinting Kohno, Broido, and claffy, UCSD, IEEE S&P 2005 (“Oakland”) Computers have clocks quartz crystal resonant frequency function of size frequency varies slightly between typical crystals First derivative of clock frequency is skew (“fast” or “slow”- ness of clock) Time reported by OS varies with hardware skew and OS factors Thus, particular skew distinguishes computer

19 Kohno et al Details TCP spec includes TCP Timestamping option TCP stack inserts a timestamp when sending packet Clock skew can be estimated by observing these over time Thus, fingerprint remote physical device by observing TCP streams 5-6 bits of entropy (“distinctness”) TSOpt field can be disabled or scrubbed

20 Our Intended Approach Provisional: Do BK experiments Combine multiple approaches (intelligently) (some of mine are new proposals) BK2005 approach Kohno et al approach neighborhood memory latency computational puzzles OS fingerprinting

21 PlanetLab (to use for BK testbed) Worldwide research overlay network More than 600 nodes at 300 sites www.planet-lab.org

22 Planned BK Experiments (so far) Data-based experiments: Test triangle inequality (to w/i a margin) Test technique applicability Actual experiments: Testbed for trying technique

23 Results So Far Analyzing Triangle Inequality w/ PlanetLab Nodes: 481 Theoretical possible triangles: 110,591,520 Number with 3 sides: 50,963,180 % of theoretical % of 3-sided Obeying triangle inequality 8.9419.50 Almost obeying (within 15%) 23.7351.49 Approximately obeying 32.6770.89

24 Results So Far: Timestamping and OS Fingerprinting p0f – passive OS fingerprinting tool Issues: p0f ran in less accurate SYN+ACK mode for Web trace, because host initiated all connections intersection of p0f result and reasonable clock skew low (15% even on Web trace) good timestamping data hard to obtain most traces truncate TCP header before TSOpt Implications: OS fingerprinting probably a secondary technique (also because can be faked) Timestamping didn’t work well on brief streams (not enough data?)

25 Directions for Future Work Can a self-organizing network automatically defend against Sybil attacks, without starting from a set of trusted nodes? Can we provide identities for nodes, or merely distinguish them? If not, how much distinguishability can we provide?

26 Questions? ?

Download ppt "Defending Against Sybil Attacks Paul Parker Advisor: Shouhuai Xu."

Similar presentations

Remote Physical Device Fingerprinting Authors Tadayoshi Kohno, Andre Broido, KC Claffy Appears in IEEE Symposium on Security and Privacy, 2005 Presented.

Remote Physical Device Fingerprinting Authors Tadayoshi Kohno, Andre Broido, KC Claffy Appears in IEEE Symposium on Security and Privacy, 2005 Presented.
Tadayoshi Kohno: CSE Department, UC San Diego Andre Broido: CAIDA, UC San Diego kc claffy: CAIDA, UC San Diego 2005 IEEE Symposium on Security and Privacy.

Tadayoshi Kohno: CSE Department, UC San Diego Andre Broido: CAIDA, UC San Diego kc claffy: CAIDA, UC San Diego 2005 IEEE Symposium on Security and Privacy.
Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.

Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.
The Sybil Attack By John R. Douceur Presented by Samuel Petreski March 31, 2009.

The Sybil Attack By John R. Douceur Presented by Samuel Petreski March 31, 2009.
Cristian Lumezanu Dave Levin Neil Spring PeerWise Discovery and Negotiation of Faster Paths.

Cristian Lumezanu Dave Levin Neil Spring PeerWise Discovery and Negotiation of Faster Paths.
Prepared by Ilya Kolchinsky.  n generals, communicating through messengers  some of the generals (up to m) might be traitors  all loyal generals should.

Prepared by Ilya Kolchinsky.  n generals, communicating through messengers  some of the generals (up to m) might be traitors  all loyal generals should.
Beyond the MDS Bound in Distributed Cloud Storage

Beyond the MDS Bound in Distributed Cloud Storage
Efficient Query Evaluation on Probabilistic Databases

Efficient Query Evaluation on Probabilistic Databases
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
Byzantine Generals Problem: Solution using signed messages.

Byzantine Generals Problem: Solution using signed messages.
Models and Security Requirements for IDS. Overview The system and attack model Security requirements for IDS –Sensitivity –Detection Analysis methodology.

Models and Security Requirements for IDS. Overview The system and attack model Security requirements for IDS –Sensitivity –Detection Analysis methodology.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
A Parallel Computational Model for Heterogeneous Clusters Jose Luis Bosque, Luis Pastor, IEEE TRASACTION ON PARALLEL AND DISTRIBUTED SYSTEM, VOL. 17, NO.

A Parallel Computational Model for Heterogeneous Clusters Jose Luis Bosque, Luis Pastor, IEEE TRASACTION ON PARALLEL AND DISTRIBUTED SYSTEM, VOL. 17, NO.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.

Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.
1 The Sybil Attack John R. Douceur Microsoft Research Presented for Cs294-4 by Benjamin Poon.

1 The Sybil Attack John R. Douceur Microsoft Research Presented for Cs294-4 by Benjamin Poon.
1 University of Freiburg Computer Networks and Telematics Prof. Christian Schindelhauer Wireless Sensor Networks 13th Lecture 06.12.2006 Christian Schindelhauer.

1 University of Freiburg Computer Networks and Telematics Prof. Christian Schindelhauer Wireless Sensor Networks 13th Lecture Christian Schindelhauer.
On the Difficulty of Scalably Detecting Network Attacks Kirill Levchenko with Ramamohan Paturi and George Varghese.

On the Difficulty of Scalably Detecting Network Attacks Kirill Levchenko with Ramamohan Paturi and George Varghese.
Wireless Sensor Network Security Anuj Nagar CS 590.

Wireless Sensor Network Security Anuj Nagar CS 590.

Similar presentations

Ads by Google