Make it green and useful: Reshaping puzzles for identity management in large-scale distributed systems

A vast number of large-scale distributed systems offer a lightweight process for creating new accounts, so that users can easily join them. Although convenient, such lightweight process fosters the spread of fake accounts (Sybil attack). Existing identity management schemes lack mechanisms to make identity creation easier for honest users and at the same time increasingly harder for an attacker. In this paper, we focus on identity lifecycle management as an (alternative) approach in order to augment the cost of possessing several identities, and thus reduce the volume of counterfeit ones. We build on adaptive puzzles and combine them with waiting time to introduce a green design for lightweight, long-term identity management; it minimally penalizes honest users (by assigning easier-to-solve puzzles to them), and reduces the energy consumption caused by puzzle-solving (by adopting passive wait to reduce their average complexity). We also take advantage of lessons learned from massive distributed computing to come up with a design that makes puzzle-processing useful. We evaluate our proposal via simulation and experimentation using PlanetLab. In summary, we show that an attacker must dedicate a large amount of resources to control a given fraction of identities. We also provide evidence that the overhead imposed to honest users is kept to a minimum.

[1]  Spyros G. Denazis,et al.  Identity management directions in future internet , 2011, IEEE Communications Magazine.

[2]  Keith W. Ross,et al.  Efficient Blacklisting and Pollution-Level Estimation in P2P File-Sharing Systems , 2005, AINTEC.

[3]  Audun Jøsang,et al.  A survey of trust and reputation systems for online service provision , 2007, Decis. Support Syst..

[4]  George Danezis,et al.  SybilInfer: Detecting Sybil Nodes using Social Networks , 2009, NDSS.

[5]  Ben Y. Zhao,et al.  Uncovering social network sybils in the wild , 2011, IMC '11.

[6]  Luciano Paschoal Gaspary,et al.  Identity management based on adaptive puzzles to protect P2P systems from Sybil attacks , 2012, Comput. Networks.

[7]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[8]  Micah Sherr,et al.  Veracity: Practical Secure Network Coordinates via Vote-based Agreements , 2009, USENIX Annual Technical Conference.

[9]  Christos H. Papadimitriou,et al.  Free-riding and whitewashing in peer-to-peer systems , 2004, IEEE Journal on Selected Areas in Communications.

[10]  Hannes Hartenstein,et al.  Quantitative Analysis of the Sybil Attack and Effective Sybil Resistance in Peer-to-Peer Systems , 2010, 2010 IEEE International Conference on Communications.

[11]  Karl Aberer,et al.  A decentralised public key infrastructure for customer-to-customer e-commerce , 2005, Int. J. Bus. Process. Integr. Manag..

[12]  Nikita Borisov,et al.  Computational Puzzles as Sybil Defenses , 2006, Sixth IEEE International Conference on Peer-to-Peer Computing (P2P'06).

[13]  Michael Sirivianos,et al.  Aiding the Detection of Fake Accounts in Large Scale Social Online Services , 2012, NSDI.

[14]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[15]  Feng Xiao,et al.  SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[16]  Aziz Mohaisen,et al.  Measuring the mixing time of social graphs , 2010, IMC '10.

[17]  Michael Kaminsky,et al.  SybilGuard: Defending Against Sybil Attacks via Social Networks , 2008, IEEE/ACM Transactions on Networking.

[18]  立花 篤男,et al.  13^ IFIP/IEEE International Symposium on Integrated Network Management (IM2013)報告(特別講演,管理機能,理論・運用方法論,及び一般) , 2013 .

[19]  Thomas F. La Porta,et al.  Limiting Sybil Attacks in Structured P2P Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[20]  Manuel Blum,et al.  reCAPTCHA: Human-Based Character Recognition via Web Security Measures , 2008, Science.