SybilCast:Broadcast on the Open AirwavesSETH GILBERT, CHAODONG ZHENGNational University of Singapore
Base Station
u v
Sunday afternoon in Starbucks
v2
v3
v1
v4
v7
v8
v6
v9
v5
We have a Sybil attack!
Sybil identities:
Alice Sean
B/2 B/2
B/10 B/10 B/10…
Radios can access many channels
u
msgAck for msg
x msg
channel one
channel two
Honest users:always pass the test!
Malicious users:lose (fake) id with 50% chance!
Use radio resource testing!
[1] N. James, E. Shi, D. Song, and A. Perrig. The sybil attack in sensor networks: Analysis & defenses.[2] D. Mónica, J. Leitão, L. Rodrigues, and C. Ribeiro. On the use of radio resource tests in wireless ad-hoc networks.
Base Stationv y
!ALERT!
Challenges Colluding:
Malicious users can cover more than one channel Other malicious behavior:
Malicious user jam channels, and/or spoof messages Continuous nature of the system:
Cannot run a set of tests and then stick to normal data deliver protocols
Efficiency of detection: Overhead for detecting sybil identities must be low
Overview
1. Introducing sybil attacks2. Model and problem3. The SybilCast protocol:
Structure Why it works
Model Synchronous wireless network:
Single-hop channels
Users: One (authenticated) base station up to real users (unauthenticated) that come and go
Radios: Everyone has one radio, choose one channel in a round Transmit or receive
Base Station
v
w
Channel two
Channel c
…
Channel one
Channel two
Channel c
…
Channel one
Malicious users Malicious users:
At most Colluding
Capabilities: Create sybil identities Jam channels Spoof messages
Each has only one radio transceiver as well!
Base Station
v
w
Sean Shirley
x y q r
#$%@#%#^@#^@Quit
Channel two
Channel c
…
Channel one
Problem: fair bandwidth access Basic problem:
Users arrive and request data Base station delivers data to user
Goal: every user gets a fair share of the bandwidth: If there are at most users in the system during request Request gets of the total bandwidth
u Sean Shirley
dataBase Station
Introducing SybilCast Three phases per epoch:
Registration phase: new users join the network Data phase: registered users receive data and
authentication information Verification phase: base station checks registered users
time
…
d registered identities
registration phase:at most d new ids registered
2(( )log )Nd c
data phase:at most 2d ids present
2(( )log )d c N
verification phase:s ids removed(( )log )d c N
2d-s registeredidentities
…
one epoch
Why those lengths? Balance sybil identities’ admission rate and honest
identities’ admission rate: Fast admission → Low registration overhead However: Fast admission → More sybil identities → Low
throughput
Registered identities at most double!
time
…
d registered identities
registration phase:at most d new ids registered
data phase:at most 2d ids present
verification phase:s ids removed
2(( )log )Nd c 2(( )log )d c N (( )log )d c N
2d-s registeredidentities
…
one epoch
2(( )log )Nd c 2(( )log )d c N (( ) log )d c N
Registration phase Goal: delivers a final seed to each request:
Long random binary string Used as a frequency hopping sequence Hidden from the malicious users
Procedure: Divide phase into sub-phases of In each sub-phase, deliver partial seed to user User takes XOR of all partial seeds
2(( )log )x c N …
(log )N…
Challenges and Tools Avoid jamming
Random uncoordinated frequency hopping Authenticating nodes (to counter spoofing):
Hash chain Avoid contention among nodes:
Backoff protocol (ensures delivery of single partial seed) Registration list (ensures enough partial seeds)
Channel one
Channel two
Channel three
Data phase Goal: deliver data and nonces to registered identities Procedure for each round:
Base station chooses a random registered identity Send a packet on the pre-agreed channel with data and nonce Intended receiver get the data All nodes on that channel record the nonce!
Base Station u v
w
¿𝑚𝑢∨𝑟1>¿ ¿𝑚𝑢∨𝑟1>¿ ¿×∨𝑟 1>¿
¿𝑚𝑤∨𝑟2>¿ ¿𝑚𝑤∨𝑟2>¿ ¿×∨𝑟 1,𝑟2>¿
random binary string
data nonce
The Power of the NonceTM
Most sybil identities miss many nonces: Many sybil identities → spread on many channels. Spread on many channels → high likelihood to lose nonces. We show, if there are sybil identities, after data rounds, of
them will lose nonces.
Honest identities do not miss many nonces: For an honest node, it lose each nonce with probability . After data rounds, each honest node loses nonces.
We show , honest nodes win!
Verification phase Procedure:
Users send collected nonces back to base station (Uncoordinated) frequency hopping to resolve jamming
and contention. Threshold :
Base station eliminates identities without enough nonces
Guarantee: No honest users are eliminated (w.h.p.) All but 12t sybil identities are eliminated (w.h.p.)
p finishes registration
Putting everything together For a request from honest node
= maximum number of active real nodes = maximum number of registered identities
time
…
p initiate a request
…epoch i epoch i+1 epoch i+2 epoch j
p obtains first partial seed
𝑂 ((𝑛∗+𝑐 )𝑐 log3𝑁 ) 𝑂 ((𝑑∗+𝑐 ) log2𝑁 )
Putting everything together finishes reg. time.
However, may count (many) sybil identities! We need to constrain !
By the end of any epoch: remaining identities at most sybils. , hence
In next epoch, at most new identities We have .
finishes registration in time.
Putting everything together finishes registration in time.
Once registered, gets in time.
In total, needs time. If , this is just time!
I.e., (asymptotically) optimal time!
SybilCast’s key property Theorem:
If an honest user requests a data of size , and if there are at most concurrently active real nodes at any point during the request, then the download will complete in time w.h.p.
Corollary:On average, each honest user corresponds to sybil identities, hence each honest user can finish data download in asymptotically optimal time.
THIS IS IT! SybilCast solves fair bandwidth allocation despite:
Sybil attacks! Jamming! Spoofing!
Combination of existing tools: Radio resource testing, frequency hopping, hash chain,
… And innovations:
Admission rate control, deferred verification, …
Distri-SybilCast?
If you have questions, now is the time!
Conclusion