Limiting fake accounts in large-scale distributed systems through adaptive identity management

Various online, networked systems offer a lightweight process for obtaining identities (e.g., confirming a valid e-mail address), so that users can easily join them. Such convenience comes with a price, however: with minimum effort, an attacker can subvert the identity management scheme in place, obtain a multitude of fake accounts, and use them for malicious purposes. In this work, we approach the issue of fake accounts in large-scale, distributed systems, by proposing a framework for adaptive identity management. Instead of relying on users' personal information as a requirement for granting identities (unlike existing proposals), our key idea is to estimate a trust score for identity requests, and price them accordingly using a proof of work strategy. The research agenda that guided the development of this framework comprised three main items: (i) investigation of a candidate trust score function, based on an analysis of users' identity request patterns, (ii) combination of trust scores and proof of work strategies (e.g. cryptograhic puzzles) for adaptively pricing identity requests, and (iii) reshaping of traditional proof of work strategies, in order to make them more resource-efficient, without compromising their effectiveness (in stopping attackers).

[1]  Akihiro Nakao,et al.  A Resource-Efficient Method for Crawling Swarm Information in Multiple BitTorrent Networks , 2011, 2011 Tenth International Symposium on Autonomous Decentralized Systems.

[2]  Spyros G. Denazis,et al.  Identity management directions in future internet , 2011, IEEE Communications Magazine.

[3]  Chris Kanich,et al.  Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context , 2010, USENIX Security Symposium.

[4]  Michael Sirivianos,et al.  Aiding the Detection of Fake Accounts in Large Scale Social Online Services , 2012, NSDI.

[5]  Haifeng Yu,et al.  Sybil defenses via social networks: a tutorial and survey , 2011, SIGA.

[6]  Lakshminarayanan Subramanian,et al.  Optimal Sybil-resilient node admission control , 2011, 2011 Proceedings IEEE INFOCOM.

[7]  Alex Borges Vieira,et al.  SimplyRep: A simple and effective reputation system to fight pollution in P2P live streaming , 2013, Comput. Networks.

[8]  K. Tracy Identity management systems , 2008, IEEE Potentials.

[9]  Antony I. T. Rowstron,et al.  PAST: a large-scale, persistent peer-to-peer storage utility , 2001, Proceedings Eighth Workshop on Hot Topics in Operating Systems.

[10]  Luciano Paschoal Gaspary,et al.  Make it green and useful: Reshaping puzzles for identity management in large-scale distributed systems , 2013, 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013).

[11]  Christos H. Papadimitriou,et al.  Free-riding and whitewashing in peer-to-peer systems , 2004, IEEE Journal on Selected Areas in Communications.

[12]  Mark Handley,et al.  A scalable content-addressable network , 2001, SIGCOMM 2001.

[13]  Pengfei Liu,et al.  Defense against sybil attacks in directed social networks , 2014, 2014 19th International Conference on Digital Signal Processing.

[14]  Özgür Ulusoy,et al.  Free Riding in Peer-to-Peer Networks , 2009, IEEE Internet Computing.

[15]  Keith W. Ross,et al.  Efficient Blacklisting and Pollution-Level Estimation in P2P File-Sharing Systems , 2005, AINTEC.

[16]  Robert Tappan Morris,et al.  Vivaldi: a decentralized network coordinate system , 2004, SIGCOMM '04.

[17]  Xiaoning Ding,et al.  A performance study of BitTorrent-like peer-to-peer systems , 2007, IEEE Journal on Selected Areas in Communications.

[18]  Carl M. Ellison,et al.  Establishing identity without certification authorities , 1996 .

[19]  Maximilian Michel,et al.  Characterization of BitTorrent swarms and their distribution in the Internet , 2011, Comput. Networks.

[20]  Audun Jøsang,et al.  Robustness of Trust and Reputation Systems: Does It Matter? , 2012, IFIPTM.

[21]  Taoufik En-Najjary,et al.  Long Term Study of Peer Behavior in the kad DHT , 2009, IEEE/ACM Transactions on Networking.

[22]  Nina Taft,et al.  Passive and Active Measurement , 2012, Lecture Notes in Computer Science.

[23]  James F. Doyle,et al.  Peer-to-Peer: harnessing the power of disruptive technologies , 2001, UBIQ.

[24]  Olivier Festor,et al.  BitTorrent's Mainline DHT Security Assessment , 2011, 2011 4th IFIP International Conference on New Technologies, Mobility and Security.

[25]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[26]  Jonathan Katz,et al.  KeyChains: A Decentralized Public-Key Infrastructure , 2006 .

[27]  Keith W. Ross,et al.  BitTorrent Darknets , 2010, 2010 Proceedings IEEE INFOCOM.

[28]  Ramesh K. Sitaraman,et al.  The power of two random choices: a survey of tech-niques and results , 2001 .

[29]  Jussara M. Almeida,et al.  Reputation Systems for Fighting Pollution in Peer-to-Peer File Sharing Systems , 2007, Seventh IEEE International Conference on Peer-to-Peer Computing (P2P 2007).

[30]  Keqiu Li,et al.  DHTrust: A Robust and Distributed Reputation System for Trusted Peer-to-Peer Networks , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[31]  Jacob R. Lorch,et al.  TrInc: Small Trusted Hardware for Large Distributed Systems , 2009, NSDI.

[32]  Atul Singh,et al.  Eclipse Attacks on Overlay Networks: Threats and Defenses , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[33]  Sanguthevar Rajasekaran Handbook of randomized computing , 2001 .

[34]  Gustavo Huff Mauch Dois pesos, duas medidas : gerenciamento de identidades orientado a desafios adaptativos para contenção de Sybils. , 2010 .

[35]  Karl Aberer,et al.  A decentralised public key infrastructure for customer-to-customer e-commerce , 2005, Int. J. Bus. Process. Integr. Manag..

[36]  Marit Hansen,et al.  Privacy and Identity Management , 2008, IEEE Security & Privacy.

[37]  Nikita Borisov,et al.  Computational Puzzles as Sybil Defenses , 2006, Sixth IEEE International Conference on Peer-to-Peer Computing (P2P'06).

[38]  George Danezis,et al.  SybilInfer: Detecting Sybil Nodes using Social Networks , 2009, NDSS.

[39]  Thomas F. La Porta,et al.  Limiting Sybil Attacks in Structured P2P Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[40]  Luciano Paschoal Gaspary,et al.  Observing the BitTorrent universe through Telescopes , 2011, 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops.

[41]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[42]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[43]  Luciano Paschoal Gaspary,et al.  Beyond pollution and taste: A tag-based strategy to increase download quality in P2P file sharing systems , 2013, Comput. Commun..

[44]  Feng Xiao,et al.  SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[45]  Luciano Paschoal Gaspary,et al.  Securing P2P systems from Sybil attacks through adaptive identity management , 2011, 2011 7th International Conference on Network and Service Management.

[46]  Rakesh Kumar,et al.  Pollution in P2P file sharing systems , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[47]  Luciano Paschoal Gaspary,et al.  Identity management based on adaptive puzzles to protect P2P systems from Sybil attacks , 2012, Comput. Networks.

[48]  Keith W. Ross,et al.  The Index Poisoning Attack in P2P File Sharing Systems , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[49]  Thai Le Quy Bui,et al.  Using Spammers' Computing Resources for Volunteer Computing , 2014 .

[50]  Silvio Lattanzi,et al.  SoK: The Evolution of Sybil Defense via Social Networks , 2013, 2013 IEEE Symposium on Security and Privacy.

[51]  Bogdan Warinschi,et al.  Cryptographic puzzles and DoS resilience, revisited , 2014, Des. Codes Cryptogr..

[52]  Dan S. Wallach,et al.  A Survey of Peer-to-Peer Security Issues , 2002, ISSS.

[53]  Luciano Paschoal Gaspary,et al.  Choking polluters in BitTorrent file sharing communities , 2010, 2010 IEEE Network Operations and Management Symposium - NOMS 2010.

[54]  Reza Rejaie,et al.  Is content publishing in BitTorrent altruistic or profit-driven? , 2010, CoNEXT.

[55]  Beatrice Gralton,et al.  Washington DC - USA , 2008 .

[56]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[57]  Manuel Blum,et al.  reCAPTCHA: Human-Based Character Recognition via Web Security Measures , 2008, Science.

[58]  Johan A. Pouwelse,et al.  The Bittorrent P2P File-Sharing System: Measurements and Analysis , 2005, IPTPS.

[59]  Akihiro Nakao,et al.  Measuring BitTorrent swarms beyond reach , 2011, 2011 IEEE International Conference on Peer-to-Peer Computing.

[60]  Dmitri Loguinov,et al.  Node isolation model and age-based neighbor selection in unstructured P2P networks , 2009, TNET.

[61]  Luciano Paschoal Gaspary,et al.  Were You There? Bridging the Gap to Unveil Users' Online Sessions in Networked, Distributed Systems , 2014, 2014 Brazilian Symposium on Computer Networks and Distributed Systems.

[62]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[63]  G. Hardin,et al.  The Tragedy of the Commons , 1968, Green Planet Blues.

[64]  Javed I. Khan,et al.  Vulnerabilities of P2P Systems and a Critical Look at their Solutions , 2006 .

[65]  Di Wu,et al.  Unraveling the BitTorrent Ecosystem , 2011, IEEE Transactions on Parallel and Distributed Systems.

[66]  Rakesh Kumar,et al.  Fluid modeling of pollution proliferation in P2P networks , 2006, SIGMETRICS '06/Performance '06.

[67]  John Aycock,et al.  SPoIM: A close look at pollution attacks in P2P live streaming , 2010, 2010 IEEE 18th International Workshop on Quality of Service (IWQoS).

[68]  Diane E. Vaughan,et al.  A Survey of the Coupon Collector’s Problem with Random Sample Sizes , 2007 .

[69]  Ben Y. Zhao,et al.  Uncovering social network sybils in the wild , 2011, IMC '11.

[70]  Thomas Morris,et al.  Trusted Platform Module , 2011, Encyclopedia of Cryptography and Security.

[71]  Amos Fiat,et al.  Zero Knowledge Proofs of Identity , 1987, STOC.

[72]  Mark Handley,et al.  A scalable content-addressable network , 2001, SIGCOMM '01.

[73]  Michael Kaminsky,et al.  SybilGuard: Defending Against Sybil Attacks via Social Networks , 2008, IEEE/ACM Transactions on Networking.

[74]  Luciano Paschoal Gaspary,et al.  Funnel: Choking Polluters in BitTorrent File Sharing Communities , 2011, IEEE Transactions on Network and Service Management.

[75]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[76]  Anja Feldmann,et al.  NAT Usage in Residential Broadband Networks , 2011, PAM.

[77]  Aziz Mohaisen,et al.  Measuring the mixing time of social graphs , 2010, IMC '10.

[78]  Alexandru Iosup,et al.  The peer-to-peer trace archive: design and comparative trace analysis , 2010, CoNEXT '10 Student Workshop.

[79]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[80]  B. Cohen,et al.  Incentives Build Robustness in Bit-Torrent , 2003 .

[81]  Mario Gerla,et al.  Understanding Pollution Dynamics in P2P File Sharing , 2006, IPTPS.

[82]  Miguel Castro,et al.  Secure routing for structured peer-to-peer overlay networks , 2002, OSDI '02.

[83]  Audun Jøsang,et al.  A survey of trust and reputation systems for online service provision , 2007, Decis. Support Syst..

[84]  Hector Garcia-Molina,et al.  Taxonomy of trust: Categorizing P2P reputation systems , 2006, Comput. Networks.

[85]  Micah Sherr,et al.  Veracity: Practical Secure Network Coordinates via Vote-based Agreements , 2009, USENIX Annual Technical Conference.

[86]  Hannes Hartenstein,et al.  Quantitative Analysis of the Sybil Attack and Effective Sybil Resistance in Peer-to-Peer Systems , 2010, 2010 IEEE International Conference on Communications.

[87]  Susana Sargento,et al.  Proceedings of 2012 5th International Conference on New Technologies, Mobility and Security (NTMS) , 2012 .

[88]  Robert Morris,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM 2001.