Presentation is loading. Please wait.

Presentation is loading. Please wait.

SybilGuard: Defending Against Sybil Attacks via Social Networks.

Published byVivien Rice Modified over 8 years ago

Similar presentations

Presentation on theme: "SybilGuard: Defending Against Sybil Attacks via Social Networks."— Presentation transcript:

1 SybilGuard: Defending Against Sybil Attacks via Social Networks

2 2 - Sailesh Kumar - 12/16/2015 Overview n Introduction to sybil attack n Graph Theoretic Model and Problem Formulation n Overview of SybilGuard n Complete Design n Simulation Results and Analysis n Conclusion

3 3 - Sailesh Kumar - 12/16/2015 Introduction to the Problem n As the scale of a decentralized distributed system increases »Malicious behavior become a norm »If 1/3 nodes are malicious => no guarantee »Sybil attacks: a user takes multiple identities –Can easily create n/3 sybil nodes n Using Central Authority »Can Control Sybil attacks »Worldwide trusted central authority is problematic »Central authority may become the bottleneck –DoS »May scare away potential users n Defending against sybil attacks is difficult »IP address harvesting »Intelligent adversary

4 4 - Sailesh Kumar - 12/16/2015 Problem Formulation and Objective n Social network »n honest human users »1+ malicious users : multiple sybil identities n Devise a defense system against sybil attacks »SybilGuard enables an honest node to identify other nodes »Verifier node V can verify if suspect node S is malicious n Guaranteed bound on number of sybil groups »Divides n nodes into m equivalence classes »A group is sybil if it contains 1+ sybil nodes n Guaranteed bound on size of sybil groups »In a group, at most w sybil nodes n Completely decentralized »An honest node accepts honest nodes with high probability »Rejects malicious nodes with high probability »Accepts bounded number of sybil nodes

5 5 - Sailesh Kumar - 12/16/2015 Social Network n Millions of users (nodes) n Friends are connected by an edge (friends) »Usually degree of a nodes is small (~30) n A malicious user fools an honest user »Creates an attack edge n SybilGuard limits number of attack edges »Independent of number of sybil identities –Friends share a secret edge key –Edge keys are assigned out-of-band

6 6 - Sailesh Kumar - 12/16/2015 Trends n Social networks are fast mixing n Many sybil nodes disrupts this property »Creates a low quotient cut in the graph n We assume that number of attack edges are few »Out-of-band edge creation »In real life a malicious user can not create many real friends »Multiple identities are not useful n SybilGuard does not try to detect low quotient cuts but rather proposes an effective decentralized approach

7 7 - Sailesh Kumar - 12/16/2015 Random Routes n Foundation of SybilGuard: different from random walk n Random route begins at a random edge of a node n At every node »For an incoming edge i, there is a unique outgoing edge j »Thus, input to output is one-to-one mapped n A node A with d neighbors uniformly randomly chooses a permutation “x1,x2,...,xd” among all permutations of 1,2,...,d. n If a random route comes from the ith edge, A uses edge xi as the next hop.

8 8 - Sailesh Kumar - 12/16/2015 Properties of Random Routes n Convergence »Once two routes merge, they will remain merged n Routes are back-traceable n There can be only one route with length w that traverses e along the given direction at its ith hop n If two random routes ever share an edge in the same direction, then one of them must start in the middle of the other n Cycles can exist, but with low probability »Prob. (diameter k cycle) = 1/d (k-2)

9 9 - Sailesh Kumar - 12/16/2015 SybilGuard Algorithm n node V: verify node S »V computes d random routes (length w) »S computes d random routes (length w) »If d/2 random routes intersects, accept S »Else reject S n If few attack edges, then a sybil node’s random route is less likely to reach honest region n And vice-versa

10 10 - Sailesh Kumar - 12/16/2015 SybilGuard Design n Decentralized design n Each node performs d random routes n A node registers with all nodes along its random routes »Registration is done using public-private key

11 11 - Sailesh Kumar - 12/16/2015 SybilGuard Design n Witness tables »Reverse registration table »Stores all downstream nodes along a random route –Registration table stores upstream nodes »This table also contains IP addresses of the nodes –Will see why?

12 12 - Sailesh Kumar - 12/16/2015 Validation Process (V verifies S) n S sends all its witness tables to V n V intersects its own witness tables with those of S n If intersection point X »V contacts X (using IP address in witness table) »Authenticates with private key of X »Checks if V is present in X’s registry table »If yes, then this route accepts S n If d/2 routes accept S, then V accepts S V S X

13 13 - Sailesh Kumar - 12/16/2015 Length of Random Routes n It has been shown that »If w = Θ(√nlogn), then honest routes will intersect with high probability »Also the probability that a honest random route will reach sybil region is low n Nodes locally determine w »Node A does small random walk and lets say reaches node B »A and B intersects their witness table »The distance m of first intersection point determines w »w = 2.1m »2.1 is derived from analysis of Birthday Paradox distributions

14 14 - Sailesh Kumar - 12/16/2015 SybilGuard Dynamics n Dealing with offline nodes »Bypass them »Use lookahead routing tables –Store information about next k hops n Incremental routing table maintenance »New nodes only slightly changes current routing permutation »Like DHT

15 15 - Sailesh Kumar - 12/16/2015 Probability of Intersection n Probability of intersection of honest routes »1 million nodes »Node degree = 24 24 random routes, Accept if 10 intersections

16 16 - Sailesh Kumar - 12/16/2015 Probability of False Detection n Probability that honest routes remain in honest region

17 17 - Sailesh Kumar - 12/16/2015 Discussion n An honest node accepts other honest nodes with 99.8% prob? »How about remaining 0.2% probability? n How to apply SybilGuard to completely virtual social networks where there are few real friends? n Compromised computers »Hundreds of thousands »Millions of attacks edges »SybilGuard will fail n Are Social networks indeed big or small?

Download ppt "SybilGuard: Defending Against Sybil Attacks via Social Networks."

Similar presentations

Cooperative Trajectory-based Map Construction Wei Chang, Jie Wu, and Chiu C. Tan IEEE TrustCom 2012, June, Liverpool, UK Temple University, USA 12012-6-26.

Cooperative Trajectory-based Map Construction Wei Chang, Jie Wu, and Chiu C. Tan IEEE TrustCom 2012, June, Liverpool, UK Temple University, USA
COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Krishna P. Gummadi Networked Systems Research Group MPI-SWS

Krishna P. Gummadi Networked Systems Research Group MPI-SWS
The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04.

The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04.
Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.

Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.

© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.
An Analysis of Social Network-Based Sybil Defenses Sybil Defender

An Analysis of Social Network-Based Sybil Defenses Sybil Defender
Toward an Optimal Social Network Defense Against Sybil Attacks Haifeng Yu National University of Singapore Phillip B. Gibbons Intel Research Pittsburgh.

Toward an Optimal Social Network Defense Against Sybil Attacks Haifeng Yu National University of Singapore Phillip B. Gibbons Intel Research Pittsburgh.
A Sybil-proof DHT using a social network Socialnets workshop April 1, 2008 Chris Lesniewski-Laas MIT CSAIL.

A Sybil-proof DHT using a social network Socialnets workshop April 1, 2008 Chris Lesniewski-Laas MIT CSAIL.
Haifeng Yu National University of Singapore

Haifeng Yu National University of Singapore
Sybil Attack Hyeontaek Lim 15-744 November 12, 2010.

Sybil Attack Hyeontaek Lim November 12, 2010.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
1 SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu Michael Kaminsky Phillip B. Gibbons Abraham Flaxman Presented by John Mak,

1 SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu Michael Kaminsky Phillip B. Gibbons Abraham Flaxman Presented by John Mak,
Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.

Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.
Parallel Routing Bruce, Chiu-Wing Sham. Overview Background Routing in parallel computers Routing in hypercube network –Bit-fixing routing algorithm –Randomized.

Parallel Routing Bruce, Chiu-Wing Sham. Overview Background Routing in parallel computers Routing in hypercube network –Bit-fixing routing algorithm –Randomized.
Sampling from Large Graphs. Motivation Our purpose is to analyze and model social networks –An online social network graph is composed of millions of.

Sampling from Large Graphs. Motivation Our purpose is to analyze and model social networks –An online social network graph is composed of millions of.
Small Worlds and the Security of Ubiquitous Computing From : IEEE CNF Author : Harald Vogt Presented by Chen Shih Yu.

Small Worlds and the Security of Ubiquitous Computing From : IEEE CNF Author : Harald Vogt Presented by Chen Shih Yu.
March 2009 (IETF 74)IETF - P2PRG1 Security Issues and Solutions in Peer-to- peer Systems for Real-time Communications draft-schulzrinne-p2prg-rtc-security-00.

March 2009 (IETF 74)IETF - P2PRG1 Security Issues and Solutions in Peer-to- peer Systems for Real-time Communications draft-schulzrinne-p2prg-rtc-security-00.

Similar presentations

Ads by Google