Defending Against Sybil Attacks via Social Networks - PowerPoint PPT Presentation

About This Presentation
Title:

Defending Against Sybil Attacks via Social Networks

Description:

Defending Against Sybil Attacks. via Social Networks. Haifeng Yu ... Talk based on three papers [SIGCOMM'06, ToN'08] (SybilGuard) [IEEE S&P'08] (SybilLimit) ... – PowerPoint PPT presentation

Number of Views:1490
Avg rating:3.0/5.0
Slides: 40
Provided by: compN
Category:

less

Transcript and Presenter's Notes

Title: Defending Against Sybil Attacks via Social Networks


1
Defending Against Sybil Attacks via Social
Networks
  • Haifeng Yu
  • School of Computing
  • National University of Singapore

2
Acknowledgments
  • Talk based on three papers
  • SIGCOMM06, ToN08 (SybilGuard)
  • IEEE SP08 (SybilLimit)
  • Available on my homepage google my name
  • Co-authors
  • Phillip B. Gibbons
  • Michael Kaminsky
  • Feng Xiao
  • Abie Flaxman

3
Background Sybil Attack
honest
  • Sybil attack Single user pretends many
    fake/sybil identities
  • I.e., Creating multiple accounts
  • Already observed in real-world p2p systems
  • Sybil identities can become a large fraction of
    all identities

malicious
4
Background Sybil Attack
  • Enables malicious users to easily out-vote
    honest users
  • Byzantine consensus exceed the 1/3 threshold
  • Majority voting cast more than one vote
  • DHT control a large portion of the ring
  • Recommendation systems manipulate the
    recommendations

5
Background Defending Against Sybil Attack
  • Using trusted central authority to tie identities
    to human beings not always desirable
  • Much harder without a trusted central authority
    Douceur02
  • Resource challenges not sufficient
  • IP address-based approach not sufficient
  • Widely considered as real challenging
  • Over 40 papers acknowledging the problem of sybil
    attack, without having a distributed solution

6
SybilGuard / SybilLimit Basic Insight
Leveraging Social Networks
SybilGuard / SybilLimit is the first to use
social networks for thwarting sybil attacks with
provable guarantees.
  • Nodes identities
  • Undirected edges strong mutual trust
  • E.g., colleagues, relatives in real-world
  • Not online friends!

7
SybilGuard / SybilLimit Basic Insight
  • n honest users One identity/node each
  • Malicious users Multiple identities each (sybil
    nodes)

honest nodes
attack edges
malicious users
Observation Adversary cannot create extra edges
between honest nodes and sybil nodes
8
SybilGuard/SybilLimit Basic Insight
  • Dis-proportionally small cut disconnecting a
    large number of identities

But cannot search brute-force
attack edges
honest nodes
sybil nodes
9
SybilGuard / SybilLimit End Guarantees
  • Completely decentralized
  • Enables any given verifier node to decide whether
    to accept any given suspect node
  • Accept Provide service to / receive service from
  • Ideally Accept and only accept honest nodes
    unfortunately not possible
  • SybilGuard / SybilLimit provably
  • Bound of accepted sybil nodes (w.h.p.)
  • Accept all honest nodes except a small ? fraction
    (w.h.p.)

10
Example Application Scenarios
If of sybil nodes accepted Then applications can do
lt n majority voting
lt n/2 byzantine consensus
lt n/c for some constant c secure DHT Awerbuch06, Castro02, Fiat05

11
SybilGuard vs. SybilLimit
sybil nodes accepted (smaller is better) per
attack edge
total number of attack edges SybilGuard SIGCOMM06 SybilLimit Oakland08


between
unbounded
and
12
Outline
  • Motivation, basic insight, and end guarantees
  • SybilLimit design
  • Will focus on intuition
  • Evaluation results on real-world social networks

13
Cryptographic Keys
  • Each edge in social network corresponds to a
    symmetric edge key
  • Established out of band
  • Each node (honest or sybil) has a locally
    generated public/private key pair
  • Identity V accepts S V accepts Ss public
    key KS
  • When running SybilLimit, every suspect S is
    allowed to register KS on some other nodes

14
SybilLimit Strawman Design Step 1
K registered keys of sybil nodes
  • Ensure that sybil nodes (collectively) register
    only on limited number of honest nodes
  • Still provide enough registration opportunities
    for honest nodes

K registered keys of honest nodes
K
K
K
K
K
K
sybil region
honest region
15
SybilLimit Strawman Design Step 2
K registered keys of sybil nodes
  • Accept S iff KS is register on sufficiently many
    honest nodes
  • Without knowing where the honest region is !
  • Circular design? We can break this circle

K registered keys of honest nodes
K
K
K
K
K
K
K
K
K
K
K
K
K
K
K
K
sybil region
honest region
16
Three Interrelated Key Techniques
  • Technique 1 Use the tails of random routes for
    registration
  • Will achieve Step 1
  • SybilGuard novelty Random routes
  • SybilLimit novelty The use of tails
  • SybilLimit novelty The use of multiple
    independent instances of shorter random routes

17
Three Interrelated Key Techniques
  • Technique 2 Use intersection condition and
    balance condition to verify suspects
  • Will break the circular design and achieve Step 2
  • SybilGuard novelty Intersection on nodes
  • SybilLimit novelty Intersection on edges
  • SybilLimit novelty Balance condition
  • Technique 3 Use benchmarking technique to
    estimate unknown parameters
  • Breaks another seemingly circular design
  • SybilLimit novelty Benchmarking technique

18
Random Route Convergence
f
a
e
b
d
a ? d
d ? e
c
randomized routing table
b ? a
e ? d
c ? b
f ? f
d ? c
Using routing table gives Convergence Property
Routes merge if crossing the same edge
19
Securely Registering Public Keys
record KA under name C?D
A
i 1 KA
i 2 KA
i 3 KA
i 3 KA
To register KA, A initiates a random route
(assuming w 3)
  • All random routes in SybilLimit are of length w
  • All nodes know w
  • Nodes communicate via authenticated channels

20
Tails of Sybil Suspects
  • Imagine that every sybil suspect initiates a
    random route from itself

sybil nodes
honest nodes
total 1 tainted tail
21
Counting The Number of Tainted Tails
attack edge
honest nodes
sybil nodes
  • Claim There are at most w tainted tails per
    attack edge
  • Proof By the Convergence property
  • Regardless of whether sybil nodes follow the
    protocol

22
Back to the Strawman Design Step 1
  • of K s ? g?w
  • Independent of sybil nodes
  • of K s ? n g?w
  • From backtrace-ability property of random
    routes
  • See paper

K registered keys of sybil nodes K registered
keys of honest nodes
K
K
K
K
honest region
K
K
K
Step 1 achieved !
23
Independent Instances
  • SybilLimit uses independent instances
    of the registration protocol
  • m of edges in the honest region
  • Number of Ks
  • Number of Ks
  • Goal Accept S iff KS is registered on
    tails in the honest region
  • Sybil suspects accepted
  • Honest suspects accepted

24
Three Techniques
  • Technique 1 Use novel random routes to register
    public keys
  • Will achieve Step 1
  • Technique 2 Use intersection condition and
    balance condition to verify suspects
  • Challenge SybilLimit does not know which region
    is the honest region
  • Technique 3 Use benchmarking technique to
    estimate unknown parameters

25
The Intersection Condition
  • Verifier V obtains tails by doing
    random routes of length w
  • Using different instances see paper
  • Some tails are in the sybil region ignore for
    now
  • S satisfies intersection condition if
  • Ss and Vs tails intersect
  • Ss public key is registered with the
    intersecting tail

26
Intersection Condition Verification Procedure
S
V
3.common tail E?F
4 messages involved
S satisfies intersection condition
27
Leveraging Known Random Walk Theory
  • (Approximate) Theorem
  • If w is roughly the mixing time of the social
    network, then all tails (Vs and Ss) are roughly
    uniformly random edges
  • If social networks have mixing
    time, then

28
Leveraging a Sharp Distribution
  • Assuming V has tails in the honest
    region

Intersection prob p
1.0
Birthday paradox
This is why SybilLimit does edge intersection
0
of Ss tails in honest region
29
Back to the Strawman Design Step 2
K registered keys of sybil nodes
  • Accept S iff KS is register on sufficiently many
    honest nodes
  • Sufficiently many
  • Intersection occurs iff S has tails
    in the honest region

K registered keys of honest nodes
K
K
K
K
K
K
K
K
K
K
K
K
K
K
K
K
sybil region
honest region
30
Omitted Challenges
  • Some of Vs tails are in the sybil region
  • We do not know which tails are in the sybil
    region
  • Balance condition hardest part to prove in
    SybilLimit
  • Adversary has many strategies to allocated the
    tainted tails
  • Tainted tails are not uniformly random
  • See paper for details

31
Three Interrelated Key Techniques
  • Technique 1 Random routes
  • Technique 2 Intersection condition and balance
    condition
  • Technique 3 Novel and counter-intuitive
    benchmarking technique
  • Avoids another seemingly circular design
  • See paper
  • Claims on near-optimality See paper

32
Performance Aspects
  • Random routes are performed only once
  • Re-do only when social network changes
    infrequently
  • Can be done incrementally
  • Doing random routes is not time-critical
  • Only delays a new suspect being accepted
  • Churn is a non-problem
  • Verification involves O(1) messages
  • See paper

33
Outline
  • Motivation, basic insight, and end guarantees
  • SybilLimit design
  • Evaluation results on real-world social networks

34
Validation on Real-World Social Networks
  • SybilGuard / SybilLimit assumption Honest nodes
    are not behind disproportionally small cuts
  • Rigorously Social networks (without sybil nodes)
    have small mixing time
  • Mixing time affects sybil nodes accepted
  • Synthetic social networks proof in SIGCOMM06
  • Real-world social networks?
  • Social communities, social groups, .

35
Simulation Setup
Crawled online social networks used in experiments
nodes edges
Friendster 0.9M 7.8M
Livejournal 0.9M 8.7M
DBLP 0.1M 0.6M
  • We experiment with
  • Different number and placement of attack edges
  • Different graph sizes -- full size to 100-node
    sub-graphs
  • Sybil attackers use the optimal strategy

36
Brief Summary of Simulation Results
  • In all cases we experimented with
  • Average honest verifier accepts 95 of all
    honest suspects
  • Average honest suspect is accepted by 95 of all
    honest verifiers
  • sybil nodes accepted
  • 10 per attack edge for Friendster and
    LiveJournal
  • 15 per attack edge for DBLP

37
Other Social Networks?
  • Other social networks likely to have small mixing
    time too (DBLP as a worst-case)
  • What if the mixing time is large?
  • Graceful degradation of SybilLimits guarantees
    -- Accept more sybil nodes

38
Conclusions
  • Sybil attack
  • Widely considered as a real and challenging
    problem
  • SybilLimit Fully decentralized defense protocol
    based on social networks
  • Provable near-optimal guarantees
  • Experimental validation on real-world social
    networks
  • Future work Implement SybilLimit with real apps

39
Post Doc Opening
  • NUS Ranked 31st globally by Newsweek
  • E.g., we have 11 SIGMOD papers in 2008
  • I have post doc opening in distributed systems
    and distributed algorithms
  • Minimum 1 year, renewable up to multiple years
  • 2 years funding already committed
  • Main job duty Publish in top venues
  • Help you to build up track record for career
    after post doc
  • Salary Comparable (if not better) than US post
    docs
  • Singapore living cost and tax are lower than US
  • Contact me to inquire or apply google my name
Write a Comment
User Comments (0)
About PowerShow.com