The Sybil Attack By John R. Douceur Presented by Samuel Petreski March 31, 2009.

Slides:

Advertisements

Similar presentations

Network Support for Sharing. 2 CABO: Concurrent Architectures are Better than One No single set of protocols or functions –Different applications with.

Advertisements

LinkSec Architecture Attempt 3

Chris Karlof and David Wagner

* Distributed Algorithms in Multi-channel Wireless Ad Hoc Networks under the SINR Model Dongxiao Yu Department of Computer Science The University of Hong.

Josh Alcorn Larry Brachfeld An in depth review of ad hoc mobile network & cloud security concerns.

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

A Survey of Secure Wireless Ad Hoc Routing

The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL

Lecture 1: Overview modified from slides of Lawrie Brown.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Sybil Attack Hyeontaek Lim November 12, 2010.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

MANETs A Mobile Ad Hoc Network (MANET) is a self-configuring network of mobile nodes connected by wireless links. Characteristics include: no fixed infrastructure.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.

1 The Sybil Attack John R. Douceur Microsoft Research Presented for Cs294-4 by Benjamin Poon.

Applied Cryptography for Network Security

Wireless Sensor Network Security Anuj Nagar CS 590.

Safeguarding Wireless Service Access Panos Papadimitratos Electrical and Computer Engineering Virginia Tech.

 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.

MOCA : Mobile Certificate Authority for Wireless Ad Hoc Networks The 2nd Annual PKI Research Workshop (PKI 2003) Seung Yi, Robin Kravets September. 25,

Effect of Intrusion Detection on Reliability Jin-Hee Cho, Member, IEEE, Ing-Ray Chen, Member, IEEE, and Phu-Gui Feng IEEE TRANSACTIONS ON RELIABILITY,

Secure Localization Algorithms for Wireless Sensor Networks proposed by A. Boukerche, H. Oliveira, E. Nakamura, and A. Loureiro (2008) Maria Berenice Carrasco.

Copyright © 2006, Dr. Carlos Cordeiro and Prof. Dharma P. Agrawal, All rights reserved. 1 Carlos Cordeiro Philips Research North America Briarcliff Manor,

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Protocols and the TCP/IP Suite

Disrupting Peer-to-Peer Networks Sybil & Eclipse Attacks Lee Brintle University of Iowa.

College of Engineering Non-uniform Grid- based Coordinated Routing Priyanka Kadiyala Major Advisor: Dr. Robert Akl Department of Computer Science and Engineering.

A Security-Aware Routing Protocol for Wireless Ad Hoc Networks

Using Directional Antennas to Prevent Wormhole Attacks Lingxuan HuDavid Evans Department of Computer Science University of Virginia.

Terminodes and Sybil: Public-key management in MANET Dave MacCallum (Brendon Stanton) Apr. 9, 2004.

Dennis Beard Sandra Murphy Yi Yang March 2003 Threats to Routing Protocols.

PERVASIVE COMPUTING MIDDLEWARE BY SCHIELE, HANDTE, AND BECKER A Presentation by Nancy Shah.

Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.

Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson

Secure routing in wireless sensor network: attacks and countermeasures Presenter: Haiou Xiang Author: Chris Karlof, David Wagner Appeared at the First.

The Sybil Attack in Sensor Networks: Analysis & Defenses

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)

1 Deterministic Collision-Free Communication Despite Continuous Motion ALGOSENSORS 2009 Saira Viqar Jennifer L. Welch Parasol Lab, Department of CS&E TEXAS.

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

Security in Ad Hoc Networks. What is an Ad hoc network? “…a collection of wireless mobile hosts forming a temporary network without the aid of any established.

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof David Wagner University of California at Berkeley 1st IEEE International.

© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.

A Dead-End Free Topology Maintenance Protocol for Geographic Forwarding in Wireless Sensor Networks IEEE Transactions on Computers, vol. 60, no. 11, November.

The Sybil Attack, J. R. Douceur, IPTPS Clifton Forlines CSC2231 Online Social Networks 11/1/2007.

KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.

Performance of Adaptive Beam Nulling in Multihop Ad Hoc Networks Under Jamming Suman Bhunia, Vahid Behzadan, Paulo Alexandre Regis, Shamik Sengupta.

Establishing authenticated channels and secure identifiers in ad-hoc networks Authors: B. Sieka and A. D. Kshemkalyani (University of Illinois at Chicago)

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Defending Against Sybil Attacks Paul Parker Advisor: Shouhuai Xu.

Computer Science and Engineering 1 Mobile Computing and Security.

The Sybil attack “One can have, some claim, as many electronic persons as one has time and energy to create.” – Judith S. Donath.

Hierarchical Trust Management for Wireless Sensor Networks and Its Applications to Trust-Based Routing and Intrusion Detection Wenhai Sun & Ruide Zhang.

1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.

1 Self-Certified Group Key-Generation for Ad Hoc Clusters in Wireless Sensor Networks Ortal Arazi, Hairong Qi Dept. Electrical & Computer Engineering The.

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

Ing-Ray Chen, Member, IEEE, Hamid Al-Hamadi Haili Dong Secure and Reliable Multisource Multipath Routing in Clustered Wireless Sensor Networks 1.

Presented by Edith Ngai MPhil Term 3 Presentation

Grid Computing Security Mechanisms: the state-of-the-art

Peer-to-peer networking

RealProct: Reliable Protocol Conformance Testing with Real Nodes for Wireless Sensor Networks Junjie Xiong

Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li University of Pittsburgh, Pittsburgh, PA Hui Ling.

Presentation transcript:

The Sybil Attack By John R. Douceur Presented by Samuel Petreski March 31, 2009

 Terminology  Background  Motivation for Sybil Attack  Formal Model  Lemmas  Conclusion  Resources Outline

 Entity › An entity is a collection of material resources, of specifiable minimal size, under control of a single group  Identity › Persistent information abstraction provably associated with a set of communication events  Validation › Determination of identity differences Terminology

 Existence of multiple unique identities to mitigate possible damage by other hostile entities › Increase and improve system reliability (replication) › Protect against integrity violations (data loss) and privacy violations (data leakage)  Lowers system reliability › The same entity creates multiple identities Background

 One entity presents multiple identities for malicious intent  Disrupt geographic and multi-path routing protocols by “being in more than one place at once” and reducing diversity  Relevant in many contexts › P2P network › Ad hoc networks › Wireless sensor networks Motivation for Sybil Attack

 A set of infrastructural entities e  A broadcast communication cloud  A pipe connecting each entity to the cloud  Entity Subset C ( correct )  Entity Subset F ( faulty )  Links are virtual, not physical › Accounts for spoofing and packet sniffing › Does not provide for central means of ID Formal Model

 Lemma 1 › “If p is the ratio of the resources of a faulty entity to the resources of a minimally capable entity, then f can present g=floor(p) distinct identities to local entity L” › Lower bound ->Upper bound  Restricting communication resources  Restricting storage resources  Restricting computation resources Lemmas (Direct Validation)

 Lemma 2 › “If a local entity L accepts entities that are not validated simultaneously, then a single faulty entity f can present an arbitrarily large number of distinct identities to entity L”  Intrinsically temporal resources, make this lemma insurmountable  If an accepted entity ever fails to meet a challenge, we can catch a Sybil attack Lemmas (Direct Validation)

 Lemma 3 › “If local entity L accepts any identity vouched for by q accepted identities, then a set F of faulty entities can present an arbitrarily large number of distinct to L if either |F|>=q, or the collective resources available to F at least equals q+|F| minimally capable entities” › Trivially evident Lemmas (Indirect Validation)

 Lemma 4 › “If the correct entities in set C do not coordinate time intervals during which they accept identities, and if local entity L accepts any identity vouched for by q accepted identities, then even a minimally capable faulty entity f can present g=floor(|C|/q) distinct identities to L.” › As in Lemma 1, this shows that a faulty entity can amplify its influence, and related number of faulty entities to faulty identities. Lemmas (Indirect Validation)

 P2P systems use redundancy to diminish dependence on hostile peers  Systems relying on implicit certification are particularly vulnerable ( eg. IPv6 )  Absence of identification authority requires issuance of ‘challenges’ to determine veracity Conclusion

Questions

 John Douceur: The Sybil Attack. IPTPS /101.pdf 2/101.pdf  attack.ppt attack.ppt  Brian N. Levin: A Survey of Solutions to the Sybil Attack. e.sybil.tr.2006.pdf e.sybil.tr.2006.pdf  Wikipedia: Sybil Attack. Resources