Identity management based on adaptive puzzles to protect P2P systems from Sybil attacks

The Sybil attack consists on the indiscriminate creation of counterfeit identities, by a malicious user (attacker), in large-scale, dynamic distributed systems (for example, Peer-to-Peer). An effective approach to tackle this attack consists in establishing computational puzzles to be solved prior to granting new identities. Solutions based on this approach have the potential to slow down the assignment of identities to malicious users, but unfortunately may affect normal users as well. To address this problem, we propose the use of adaptive computational puzzles as an approach to limit the spread of Sybils. The key idea is to estimate a trust score of the source from which identity requests depart, calculated as a proportion of the number of identities already granted to (the) user(s) associated to that source, in regard to the average of identities granted to users associated to other sources. The higher the frequency (the) user(s) associated to a source obtain(s) identities, the lower the trust score of that source and, consequently, the higher the complexity of the puzzle to be solved. An in-depth analysis of both (i) the performance of our mechanism under various parameter and environment settings, and (ii) the results achieved with an experimental evaluation, considering real-life traces from a Peer-to-Peer file sharing community, has shown the effectiveness of the proposed mechanism in limiting the spread of Sybil identities. While comparatively more complex puzzles were assigned to potential attackers, legitimate users were minimally penalized with easier-to-solve puzzles.

[1]  Marinho P. Barcellos,et al.  Attacking a Swarm with a Band of Liars: evaluating the impact of attacks on BitTorrent , 2007, Seventh IEEE International Conference on Peer-to-Peer Computing (P2P 2007).

[2]  Feng Xiao,et al.  SybilLimit: A Near-Optimal Social Network Defense Against Sybil Attacks , 2010, IEEE/ACM Trans. Netw..

[3]  Anja Feldmann,et al.  NAT Usage in Residential Broadband Networks , 2011, PAM.

[4]  Ramesh K. Sitaraman,et al.  The power of two random choices: a survey of tech-niques and results , 2001 .

[5]  Karl Aberer,et al.  A decentralised public key infrastructure for customer-to-customer e-commerce , 2005, Int. J. Bus. Process. Integr. Manag..

[6]  Robert Tappan Morris,et al.  Vivaldi: a decentralized network coordinate system , 2004, SIGCOMM '04.

[7]  Atul Singh,et al.  Eclipse Attacks on Overlay Networks: Threats and Defenses , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[8]  Sanguthevar Rajasekaran Handbook of randomized computing , 2001 .

[9]  Micah Sherr,et al.  Veracity: Practical Secure Network Coordinates via Vote-based Agreements , 2009, USENIX Annual Technical Conference.

[10]  Hannes Hartenstein,et al.  Quantitative Analysis of the Sybil Attack and Effective Sybil Resistance in Peer-to-Peer Systems , 2010, 2010 IEEE International Conference on Communications.

[11]  Nikita Borisov,et al.  Computational Puzzles as Sybil Defenses , 2006, Sixth IEEE International Conference on Peer-to-Peer Computing (P2P'06).

[12]  B. Cohen,et al.  Incentives Build Robustness in Bit-Torrent , 2003 .

[13]  Jonathan Katz,et al.  KeyChains: A Decentralized Public-Key Infrastructure , 2006 .

[14]  Miguel Castro,et al.  Secure routing for structured peer-to-peer overlay networks , 2002, OSDI '02.

[15]  Keith W. Ross,et al.  Efficient Blacklisting and Pollution-Level Estimation in P2P File-Sharing Systems , 2005, AINTEC.

[16]  Luciano Paschoal Gaspary,et al.  Choking polluters in BitTorrent file sharing communities , 2010, 2010 IEEE Network Operations and Management Symposium - NOMS 2010.

[17]  Thomas F. La Porta,et al.  Limiting Sybil Attacks in Structured P2P Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[18]  Lakshminarayanan Subramanian,et al.  Optimal Sybil-resilient node admission control , 2011, 2011 Proceedings IEEE INFOCOM.

[19]  Christos H. Papadimitriou,et al.  Free-riding and whitewashing in peer-to-peer systems , 2004, IEEE Journal on Selected Areas in Communications.

[20]  Marinho P. Barcellos,et al.  Protecting BitTorrent: Design and Evaluation of Effective Countermeasures against DoS Attacks , 2008, 2008 Symposium on Reliable Distributed Systems.

[21]  Michael Kaminsky,et al.  SybilGuard: defending against sybil attacks via social networks , 2006, SIGCOMM.

[22]  Ben Y. Zhao,et al.  Uncovering social network sybils in the wild , 2011, IMC '11.

[23]  Chandra Prakash,et al.  SybilInfer: Detecting Sybil Nodes using Social Networks , 2011 .

[24]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[25]  Luciano Paschoal Gaspary,et al.  Securing P2P systems from Sybil attacks through adaptive identity management , 2011, 2011 7th International Conference on Network and Service Management.