1 / 16

“SybilGuard: Defending Against Sybil Attacks via Social Networks”

“SybilGuard: Defending Against Sybil Attacks via Social Networks”. Authors: Haifeng Yu, Phillip B. Gibbons, and Suman Nath (several slides based on authors’). The Problem. Redundancy lets distributed systems compensate for faulty nodes Ex: Store data on multiple nodes

moesha
Download Presentation

“SybilGuard: Defending Against Sybil Attacks via Social Networks”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “SybilGuard: Defending Against Sybil Attacks via Social Networks” Authors: Haifeng Yu, Phillip B. Gibbons, and Suman Nath (several slides based on authors’)

  2. The Problem • Redundancy lets distributed systems compensate for faulty nodes • Ex: Store data on multiple nodes • The Sybil Attack undermines redundancy • Need a central authority to determine which nodes are honest

  3. SybilGuard’s Central Authority • Main Idea: Use a social network as the “central authority” • A node trusts its neighbours • Each node learns about the network from its neighbours

  4. Sybil Nodes and Attack Edges Sybil nodes Attack Edges honest nodes - Edges to honest nodes are “human established” - Attack edges are difficult for Sybil nodes to create

  5. Attack Edges Are Rare • SybilGuard hinges on having relatively few attack edges • To subvert system an attacker must compromise many honest nodes

  6. SybilGuard’s Model A social network exists containing honest nodes and Sybil nodes Honest nodes provide a service to or receive a service from nodes that they “accept” Ideally, only honest nodes are accepted

  7. SybilGuard’s Guarantees With high probability an honest node… • Accepts most honest nodes • Is accepted by most honest nodes • Accepts at most a bounded number of Sybil nodes • (Can partition accepted nodes into sets, of which a bounded number contain Sybil nodes)

  8. Segue: Random Routes • Every node picks a random routing from input to output edges • A directed edge is in exactly one route of unbounded length • A directed edge is in at most w routes of length w e

  9. Clever Use of Random Routes Each node finds all the length w random routes that start at it Honest node V accepts node S if most of V’s random routes intersect a random route of S Why does this work?

  10. Random Route Intersection: Honest Nodes WHP verifier’s route stays within honest region routes from two honest nodes intersect Verifier Suspect honest nodes sybil nodes

  11. Random Route Intersection: Sybil Nodes Each attack edge gives one intersection Intersection points are SybilGuard’s equivalence sets Verifier Suspect same intersection honest nodes sybil nodes

  12. Nodes Accepted per Intersection Verifier accepts at most w nodes per intersection Verifier for a given intersection

  13. Bounds on Accepted Sybil Nodes • For routes of length w in a network with g attack edges, WHP, • Accepted nodes can be partitioned into sets of which at most g contain Sybil nodes • Honest nodes accept at most w*g Sybil nodes

  14. Applications of SybilGuard • Can SybilGuard be applied to any current distributed systems? • Does it allow any new systems to be created?

  15. Restrictions Imposed On Applications • There must be a social network • Nodes must create and maintain their friendships • How many social networks will we need? • One for each application, or • A single network used by many applications

  16. Privacy Implications • Information about friends spreads along routes • Verification involves nodes sharing all their routes • Bloom filters help here • Nodes are not anonymous

More Related