Securing P2P systems from Sybil attacks through adaptive identity management

An effective approach to tackle Sybil attacks consists in establishing computational puzzles to be solved prior to granting new identities. Solutions based on this approach, despite their potential, do not distinguish between identity requests originated from correct users and attackers, requiring both to pay the same cost for an identity requested. Assuming computational puzzles of similar complexity, attackers having access to high performance computing hardware might be able to solve them orders of magnitude faster than legitimate users. Consequently, attackers may obtain a larger number of identities. However, simply increasing the complexity of puzzles would hamper the admission of legitimate peers to the network. To address this problem, we propose the use of adaptive computational puzzles as an approach to limit the spread of Sybils. The key idea is to estimate a trust score of the source from which identity requests depart, calculated as a proportion to the recurrence rate of identity requests originated from other sources. The higher the frequency (the) user(s) associated to a source perform(s) identity requests, the lower the trust score of that source and, consequently, the higher the complexity of the puzzle to be solved. Results achieved by means of an experimental evaluation show the effectiveness of our solution. While comparatively more complex puzzles are assigned to potential attackers, legitimate users are minimally penalized with easier-to-solve puzzles.

[1]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[2]  Jonathan Katz,et al.  KeyChains: A Decentralized Public-Key Infrastructure , 2006 .

[3]  Luciano Paschoal Gaspary,et al.  Choking polluters in BitTorrent file sharing communities , 2010, 2010 IEEE Network Operations and Management Symposium - NOMS 2010.

[4]  Feng Xiao,et al.  SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[5]  Karl Aberer,et al.  A decentralised public key infrastructure for customer-to-customer e-commerce , 2005, Int. J. Bus. Process. Integr. Manag..

[6]  Nikita Borisov,et al.  Computational Puzzles as Sybil Defenses , 2006, Sixth IEEE International Conference on Peer-to-Peer Computing (P2P'06).

[7]  Atul Singh,et al.  Eclipse Attacks on Overlay Networks: Threats and Defenses , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[8]  Christos H. Papadimitriou,et al.  Free-riding and whitewashing in peer-to-peer systems , 2004, IEEE Journal on Selected Areas in Communications.

[9]  Marinho P. Barcellos,et al.  Protecting BitTorrent: Design and Evaluation of Effective Countermeasures against DoS Attacks , 2008, 2008 Symposium on Reliable Distributed Systems.

[10]  George Danezis,et al.  Sybil-Resistant DHT Routing , 2005, ESORICS.

[11]  Thomas F. La Porta,et al.  Limiting Sybil Attacks in Structured P2P Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[12]  Micah Sherr,et al.  Veracity: Practical Secure Network Coordinates via Vote-based Agreements , 2009, USENIX Annual Technical Conference.

[13]  Robert Tappan Morris,et al.  Vivaldi: a decentralized network coordinate system , 2004, SIGCOMM '04.