Haifeng Yu National University of Singapore

Slides:



Advertisements
Similar presentations
Defending against large-scale crawls in online social networks Mainack Mondal Bimal Viswanath Allen Clement Peter Druschel Krishna Gummadi Alan Mislove.
Advertisements

An analysis of Social Network-based Sybil defenses Bimal Viswanath § Ansley Post § Krishna Gummadi § Alan Mislove ¶ § MPI-SWS ¶ Northeastern University.
I have a DREAM! (DiffeRentially privatE smArt Metering) Gergely Acs and Claude Castelluccia {gergely.acs, INRIA 2011.
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Krishna P. Gummadi Networked Systems Research Group MPI-SWS
Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.
Social Network SystemsApr 26, 2010 Building secure systems on & for Social Networks Or, Securing the ties that bind us Nishanth Sastry Lecture 2.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.
An Analysis of Social Network-Based Sybil Defenses Sybil Defender
Fun with Networks: Social, Sensor, and Shape-Shifting Phillip B. Gibbons Intel Research Pittsburgh DISC’08 / Graal’08 September 24, 2008 Slides (except.
Toward an Optimal Social Network Defense Against Sybil Attacks Haifeng Yu National University of Singapore Phillip B. Gibbons Intel Research Pittsburgh.
A Sybil-proof DHT using a social network Socialnets workshop April 1, 2008 Chris Lesniewski-Laas MIT CSAIL.
Distributed Algorithms for Secure Multipath Routing
L-27 Social Networks and Other Stuff. Overview Social Networks Multiplayer Games Class Feedback Discussion 2.
Sybil Attack Hyeontaek Lim November 12, 2010.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
1 Defragmenting DHT-based Distributed File Systems Jeffrey Pang, Srinivasan Seshan Carnegie Mellon University Phillip B. Gibbons, Michael Kaminsky Intel.
1 SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu Michael Kaminsky Phillip B. Gibbons Abraham Flaxman Presented by John Mak,
Measurement and Analysis of Online Social Networks By Alan Mislove, Massimiliano Marcon, Krishna P. Gummadi, Peter Druschel, Bobby Bhattacharjee Attacked.
1 The Sybil Attack John R. Douceur Microsoft Research Presented for Cs294-4 by Benjamin Poon.
2. Attacks on Anonymized Social Networks. Setting A social network Edges may be private –E.g., “communication graph” The study of social structure by.
SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman Presented by Ryan.
 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.
SocialFilter: Introducing Social Trust to Collaborative Spam Mitigation Michael Sirivianos Telefonica Research Telefonica Research Joint work with Kyungbaek.
MOCA : Mobile Certificate Authority for Wireless Ad Hoc Networks The 2nd Annual PKI Research Workshop (PKI 2003) Seung Yi, Robin Kravets September. 25,
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
A Locality Preserving Decentralized File System Jeffrey Pang, Suman Nath, Srini Seshan Carnegie Mellon University Haifeng Yu, Phil Gibbons, Michael Kaminsky.
PIC: Practical Internet Coordinates for Distance Estimation Manuel Costa joint work with Miguel Castro, Ant Rowstron, Peter Key Microsoft Research Cambridge.
OSN Research As If Sociology Mattered Krishna P. Gummadi Networked Systems Research Group MPI-SWS.
Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.
Terminodes and Sybil: Public-key management in MANET Dave MacCallum (Brendon Stanton) Apr. 9, 2004.
How Secure are Secure Inter- Domain Routing Protocols? SIGCOMM 2010 Presenter: kcir.
CS4231 Parallel and Distributed Algorithms AY 2006/2007 Semester 2 Lecture 10 Instructor: Haifeng YU.
Reputations Based On Transitive Trust Slides by Josh Albrecht.
Defending Sybil Attack in Peer2Peer Networks Md. Tanvir Al Amin Shah Md. Rifat Ahsan Adviser : Dr. Reaz Ahmed Distributed Search.
Distributed Algorithms Rajmohan Rajaraman Northeastern University, Boston May 2012 Chennai Network Optimization WorkshopDistributed Algorithms1.
Leveraging Social Networks to Defend against Sybil attacks Krishna Gummadi Networked Systems Research Group Max Planck Institute for Software Systems Germany.
Secure and Highly-Available Aggregation Queries via Set Sampling Haifeng Yu National University of Singapore.
CIS 640-2, Presenter: Yun Mao1 Security for Structured Peer- to-peer Overlay Networks By Miguel Castro et al. OSDI ’ 02 Presented by Yun Mao in CIS640.
Security Mechanisms for Distributed Computing Systems A9ID1007, Xu Ling Kobayashi Laboratory GSIS, TOHOKU UNIVERSITY 2011/12/15 1.
Md. Tanvir Al Amin Shah Md. Rifat Ahsan CSE 6809 – Distributed Search Techniques.
Bimal Viswanath § Ansley Post § Krishna Gummadi § Alan Mislove ¶ § MPI-SWS ¶ Northeastern University SIGCOMM 2010 Presented by Junyao Zhang Many of the.
“SybilGuard: Defending Against Sybil Attacks via Social Networks” Authors: Haifeng Yu, Phillip B. Gibbons, and Suman Nath (several slides based on authors’)
Computer Science Department, Peking University
WISTP’08 ©LAM /05/2008 A Self-Certified and Sybil-Free Framework for Secure Digital Identity Domain Buildup Christer Andersson Markulf Kohlweiss.
Vulnerability in Socially-informed Peer-to-Peer Systems Jeremy Blackburn Nicolas Kourtellis Adriana Iamnitchi University of South Florida.
The new protocol of freenet Taken from Ian Clarke and Oskar Sandberg (The Freenet Project)
SIGCOMM 2012 (August 16, 2012) Private and Verifiable Interdomain Routing Decisions Mingchen Zhao * Wenchao Zhou * Alexander Gurney * Andreas Haeberlen.
The Sybil Attack, J. R. Douceur, IPTPS Clifton Forlines CSC2231 Online Social Networks 11/1/2007.
Eclipse Attacks on Overlay Networks: Threats and Defenses By Atul Singh, et. al Presented by Samuel Petreski March 31, 2009.
SybilGuard: Defending Against Sybil Attacks via Social Networks.
Measuring Behavioral Trust in Social Networks
SOSP 2007 © 2007 Andreas Haeberlen, MPI-SWS 1 Practical accountability for distributed systems Andreas Haeberlen MPI-SWS / Rice University Petr Kuznetsov.
DSybil: Optimal Sybil-Resistance for Recommendation Systems Haifeng Yu National University of Singapore Chenwei Shi National University of Singapore Michael.
Mix networks with restricted routes PET 2003 Mix Networks with Restricted Routes George Danezis University of Cambridge Computer Laboratory Privacy Enhancing.
The Sybil attack “One can have, some claim, as many electronic persons as one has time and energy to create.” – Judith S. Donath.
Towards a Scalable and Robust DHT Baruch Awerbuch Johns Hopkins University Christian Scheideler Technical University of Munich.
Social Turing Tests: Crowdsourcing Sybil Detection Gang Wang, Manish Mohanlal, Christo Wilson, Xiao Wang Miriam Metzger, Haitao Zheng and Ben Y. Zhao Computer.
Social Networks and Peer to Peer As Presented by Jeremy Robinson 3/22/2007.
A Sybil-Proof Distributed Hash Table Chris Lesniewski-LaasM. Frans Kaashoek MIT 28 April 2010 NSDI
Privacy Preserving in Social Network Based System PRENTER: YI LIANG.
ICICS2002, Singapore 1 A Group Signature Scheme Committing the Group Toru Nakanishi, Masayuki Tao, and Yuji Sugiyama Dept. of Communication Network Engineering.
Sybil Attacks VS Identity Clone Attacks in Online Social Networks Lei Jin, Xuelian Long, Hassan Takabi, James B.D. Joshi School of Information Sciences.
Decentralized Trust Management for Ad-Hoc Peer-to-Peer Networks Thomas Repantis Vana Kalogeraki Department of Computer Science & Engineering University.
Measuring the Mixing Time of Social Graphs Abedelaziz Mohaisen, Aaram Yun, and Yongdae Kim Computer Science and Engineering Department University of Minnesota.
Peer-to-peer networking
Networked Systems Practicum
A Sybil-proof DHT using a social network
By group 3(not the ones who made the paper :D)
Social Network-Based Sybil Defenses
Presentation transcript:

SybilLimit: A Near-Optimal Social Network Defense Against Sybil Attacks Haifeng Yu National University of Singapore Phillip B. Gibbons Intel Research Pittsburgh Michael Kaminsky Intel Research Pittsburgh Feng Xiao National University of Singapore

Background: Sybil Attack Sybil attack: Single user pretends many fake/sybil identities Already observed in real-world p2p systems Sybil identities can become a large fraction of all identities “Out-vote” honest users in collaborative tasks honest malicious launch sybil attack Haifeng Yu, National University of Singapore

Background: Defending Against Sybil Attack Using trusted central authority to tie identities to human beings – not always desirable Much harder without a trusted central authority [Douceur’02] Resource challenges not sufficient IP address-based approach not sufficient Widely considered as real & challenging: Over 40 papers acknowledging the problem of sybil attack, without having a distributed solution Haifeng Yu, National University of Singapore

SybilGuard / SybilLimit Basic Insight: Leveraging Social Networks SybilGuard [SIGCOMM’06] / SybilLimit [Oakland’08]: The first to leverage social networks for thwarting sybil attacks with provable guarantees. Nodes = identities Undirected edges = strong mutual trust E.g., colleagues, relatives in real-world Not online friends ! Haifeng Yu, National University of Singapore

Haifeng Yu, National University of Singapore Attack Model n honest users: One identity/node each Malicious users: Multiple identities each (sybil nodes) honest nodes sybil nodes sybil nodes may collude – the adversary attack edges malicious users Observation: Adversary cannot create extra edges between honest nodes and sybil nodes Haifeng Yu, National University of Singapore

SybilGuard/SybilLimit Basic Insight Dis-proportionally small cut disconnecting a large number of identities But cannot search brute-force… attack edges honest nodes sybil nodes Haifeng Yu, National University of Singapore

SybilGuard / SybilLimit End Guarantees Completely decentralized Enables any given verifier node to decide whether to accept any given suspect node Accept: Provide service to / receive service from Ideally: Accept and only accept honest nodes – unfortunately not possible SybilGuard / SybilLimit provably Bound # of accepted sybil nodes (w.h.p.) Accept all honest nodes except a small  fraction (w.h.p.) Haifeng Yu, National University of Singapore

Example Application Scenarios If # of sybil nodes accepted Then applications can do < n/2 byzantine consensus < n majority voting < n/c for some constant c secure DHT [Awerbuch’06, Castro’02, Fiat’05] … Haifeng Yu, National University of Singapore

SybilLimit Contribution 1: “Pushing the Limit” # sybil nodes accepted (smaller is better) per attack edge total number of attack edges SybilGuard [SIGCOMM’06] SybilLimit [Oakland’08] ~2000 ~10 between unbounded say: 1. 200 times improvement 2. SybilGuard’s guarantee is fundamental in its design and achieving these improvements needs simultaneously address multiple challenges and We also prove that SybilLimit is away from optimal Haifeng Yu, National University of Singapore

Haifeng Yu, National University of Singapore Outline Motivation, basic insight, and end guarantees SybilLimit Contribution 1: “Pushing the Limit” The near-optimal SybilLimit design SybilLimit Contribution 2: Validation on Real-World Social Networks Haifeng Yu, National University of Singapore

Identity Registration in SybilLimit Each node (honest or sybil) has a locally generated public/private key pair “Identity”: V accepts S = V accepts S’s public key KS We do not assume/need PKI In SybilLimit, every suspect S “registers” KS on some other nodes Haifeng Yu, National University of Singapore

SybilLimit: Strawman Design – Step 1 K: registered keys of sybil nodes Ensure that sybil nodes (collectively) register only on limited number of honest nodes Still provide enough “registration opportunities” for honest nodes K: registered keys of honest nodes K K K K K K K K honest region sybil region Haifeng Yu, National University of Singapore

SybilLimit: Strawman Design – Step 2 K: registered keys of sybil nodes Accept S only if KS is register on sufficiently many honest nodes Without knowing where the honest region is ! Circular design? We can break this circle… K: registered keys of honest nodes K K K K K K K K K K K K K K K K honest region sybil region Haifeng Yu, National University of Singapore

Three Interrelated Key Techniques Technique 1: Use the tails of random routes for registration Will achieve Step 1 Random routes are from SybilGuard Novelty: The use of tails Novelty: The use of multiple independent instances of shorter random routes Haifeng Yu, National University of Singapore

Three Interrelated Key Techniques Technique 2: Use intersection condition and balance condition to verify suspects Will break the circular design and achieve Step 2 SybilGuard also has intersection condition Novelty: Intersection on edges Novelty: SybilGuard has no balance condition Technique 3: Use benchmarking technique to estimate unknown parameters Breaks another seemingly circular design… Novelty: SybilGuard has no such technique Haifeng Yu, National University of Singapore

Three Interrelated Key Techniques Technique 1: Use the tails of random routes for registration Will achieve Step 1 Random routes are from SybilGuard Novelty: The use of tails Novelty: The use of multiple independent instances of shorter random routes Haifeng Yu, National University of Singapore

Random Route: Convergence f e b d Random 1 to 1 mapping between incoming edge and outgoing edge a  d d  e c randomized routing table b  a e  d c  b f  f d  c Using routing table gives Convergence Property: Routes merge if crossing the same edge Haifeng Yu, National University of Singapore

Registering Public Keys with Tails Every node initiates a “secure” random route of length w from itself See paper for discussion on w See paper for how to make it “secure” edge “CD” is the tail of A’s random route w = 3 A B C D D records KA under name “CD” Haifeng Yu, National University of Singapore

Tails of Sybil Suspects Imagine that every sybil suspect initiates a random route from itself tainted tail sybil nodes honest nodes total 1 tainted tail Haifeng Yu, National University of Singapore

Counting The Number of Tainted Tails attack edge honest nodes sybil nodes Claim: There are at most w tainted tails per attack edge Convergence: At most w tainted tails per attack edge Regardless of whether sybil nodes follow the protocol Haifeng Yu, National University of Singapore

Back to the Strawman Design Step 1 # of K ’s  gw Independent of # sybil nodes # of K ’s  n – gw From “backtrace-ability” property of random routes See paper… K: registered keys of sybil nodes K: registered keys of honest nodes K K K honest region K K K K Step 1 achieved ! Haifeng Yu, National University of Singapore

Haifeng Yu, National University of Singapore Outline SybilLimit Contribution 1: “Pushing the Limit” Independent instances, intersection condition, balance condition, benchmarking technique Avoids multiple seemingly circular designs (hardest part…) Also see paper for Performance overheads… Near-optimality … SybilLimit Contribution 2: Validation on Real-World Social Networks Haifeng Yu, National University of Singapore

Validation on Real-World Social Networks SybilGuard / SybilLimit assumption: Honest nodes are not behind disproportionally small cuts Rigorously: Social networks (without sybil nodes) have small mixing time Mixing time affects # sybil nodes accepted and # honest nodes accepted Synthetic social networks – proof in [SIGCOMM’06] Real-world social networks? Social communities, social groups, …. Haifeng Yu, National University of Singapore

Haifeng Yu, National University of Singapore Simulation Setup Crawled online social networks used in experiments # nodes # edges Friendster 0.9M 7.8M Livejournal 8.7M DBLP 0.1M 0.6M We experiment with: Different number and placement of attack edges Different graph sizes -- full size to 100-node sub-graphs Sybil attackers use the optimal strategy Haifeng Yu, National University of Singapore

Brief Summary of Simulation Results In all cases we experimented with: Fraction of honest nodes accepted: ~95% # sybil nodes accepted: ~10 per attack edge for Friendster and LiveJournal ~15 per attack edge for DBLP Haifeng Yu, National University of Singapore

Haifeng Yu, National University of Singapore Conclusions Sybil attack: Widely considered as a real and challenging problem SybilLimit: Fully decentralized defense protocol based on social networks Provable near-optimal guarantees Experimental validation on real-world social networks Future work: Implement SybilLimit with real apps Haifeng Yu, National University of Singapore

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.