SybilLimit: A Near-Optimal Social SybilLimit: A Near-Optimal Social Network Defense Against Sybil AttacksNetwork Defense Against Sybil Attacks
Haifeng Yu National University of Singapore
Phillip B. Gibbons Intel Research Pittsburgh
Michael Kaminsky Intel Research Pittsburgh
Feng Xiao National University of Singapore
Haifeng Yu, National University of Singapore 2
Background: Sybil AttackBackground: Sybil Attack
Sybil attack: Single user pretends many fake/sybil identities Already observed in real-world
p2p systems
Sybil identities can become a large fraction of all identities “Out-vote” honest users in
collaborative tasks
launchsybilattack
honest
malicious
Haifeng Yu, National University of Singapore 3
Background: Defending Against Sybil AttackBackground: Defending Against Sybil Attack Using trusted central authority to tie identities to
human beings – not always desirable
Much harder without a trusted central authority [Douceur’02] Resource challenges not sufficient
IP address-based approach not sufficient
Widely considered as real & challenging: Over 40 papers acknowledging the problem of sybil
attack, without having a distributed solution
Haifeng Yu, National University of Singapore 4
SybilGuard / SybilLimit Basic Insight: SybilGuard / SybilLimit Basic Insight: Leveraging Social NetworksLeveraging Social Networks
Nodes = identities
Undirected edges = strong mutual trust E.g., colleagues, relatives in
real-world
Not online friends !
SybilGuard [SIGCOMM’06] / SybilLimit [Oakland’08]:
The first to leverage social networks for thwarting sybil attacks with provable guarantees.
Haifeng Yu, National University of Singapore 5
Attack ModelAttack Model
malicioususers
honestnodes
Observation: Adversary cannot create extra edges between honest nodes and sybil nodes
attack edges
n honest users: One identity/node each
Malicious users: Multiple identities each (sybil nodes)
sybil nodes
sybil nodes may collude – the adversary
Haifeng Yu, National University of Singapore 6
SybilGuard/SybilLimit Basic InsightSybilGuard/SybilLimit Basic Insight
honest nodes sybil nodes
Dis-proportionally small cut disconnecting a large number of identities
But cannot search brute-force…attack
edges
Haifeng Yu, National University of Singapore 7
SybilGuard / SybilLimit End GuaranteesSybilGuard / SybilLimit End Guarantees
Completely decentralized
Enables any given verifier node to decide whether to accept any given suspect node Accept: Provide service to / receive service from
Ideally: Accept and only accept honest nodes – unfortunately not possible
SybilGuard / SybilLimit provably Bound # of accepted sybil nodes (w.h.p.)
Accept all honest nodes except a small fraction (w.h.p.)
Haifeng Yu, National University of Singapore 8
Example Application ScenariosExample Application Scenarios
If # of sybil nodes accepted
Then applications can do
< n/2 byzantine consensus
< n majority voting
< n/c for some constant c secure DHT [Awerbuch’06, Castro’02,
Fiat’05]
… …
Haifeng Yu, National University of Singapore 9
total number of attack edges
SybilGuard [SIGCOMM’06]
SybilLimit [Oakland’08]
nnOg log/ )log( nn )(log n
)(log nunbounded
# sybil nodes accepted (smaller is better) per attack edge
nn log/ nnO log/
g between
and
g
~2000 ~10
~10
SybilLimit Contribution 1: “Pushing the Limit” SybilLimit Contribution 1: “Pushing the Limit”
We also prove that SybilLimit is away from optimal)(log nO
Haifeng Yu, National University of Singapore 10
OutlineOutline
Motivation, basic insight, and end guarantees
SybilLimit Contribution 1: “Pushing the Limit” The near-optimal SybilLimit design
SybilLimit Contribution 2: Validation on Real-World Social Networks
Haifeng Yu, National University of Singapore 11
Identity Registration in SybilLimitIdentity Registration in SybilLimit
Each node (honest or sybil) has a locally generated public/private key pair
“Identity”: V accepts S = V accepts S’s public key KS
We do not assume/need PKI
In SybilLimit, every suspect S “registers” KS on
some other nodes
Haifeng Yu, National University of Singapore 12
SybilLimit: Strawman Design – Step 1SybilLimit: Strawman Design – Step 1
Ensure that sybil nodes (collectively) register only on limited number of honest nodes
Still provide enough “registration opportunities” for honest nodes
sybil regionhonest region
K: registered keys of sybil nodes
K K
K
KK
K
K K
K
K
K
K
K
KK K
K: registered keys of honest nodes
Haifeng Yu, National University of Singapore 13
SybilLimit: Strawman Design – Step 2SybilLimit: Strawman Design – Step 2
Accept S only if KS is
register on sufficiently many honest nodes
Without knowing where the honest region is !
Circular design? We can break this circle…
K K
K
KK
K
K K
K
K
K
K
K
KK K
sybil regionhonest region
K: registered keys of sybil nodes
K: registered keys of honest nodes
Haifeng Yu, National University of Singapore 14
Three Interrelated Key TechniquesThree Interrelated Key Techniques
Technique 1: Use the tails of random routes for registration Will achieve Step 1
Random routes are from SybilGuard
Novelty: The use of tails
Novelty: The use of multiple independent instances of shorter random routes
Haifeng Yu, National University of Singapore 15
Three Interrelated Key TechniquesThree Interrelated Key Techniques Technique 2: Use intersection condition and
balance condition to verify suspects Will break the circular design and achieve Step 2
SybilGuard also has intersection condition
Novelty: Intersection on edges
Novelty: SybilGuard has no balance condition
Technique 3: Use benchmarking technique to estimate unknown parameters Breaks another seemingly circular design…
Novelty: SybilGuard has no such technique
Haifeng Yu, National University of Singapore 16
Three Interrelated Key TechniquesThree Interrelated Key Techniques
Technique 1: Use the tails of random routes for registration Will achieve Step 1
Random routes are from SybilGuard
Novelty: The use of tails
Novelty: The use of multiple independent instances of shorter random routes
Haifeng Yu, National University of Singapore 17
Random 1 to 1 mapping between incoming edge and outgoing edge
Random Route: ConvergenceRandom Route: Convergence
a db ac bd c
d ee df f
a
b
c
d e
f
randomized
routing table
Using routing table gives Convergence Property:
Routes merge if crossing the same edge
Haifeng Yu, National University of Singapore 18
Registering Public Keys with TailsRegistering Public Keys with Tails Every node initiates a “secure” random route of length w from itself
See paper for discussion on w
See paper for how to make it “secure”
A B C D
edge “CD” is the tail of A’s random routew = 3
D records KA
under name “CD”
Haifeng Yu, National University of Singapore 19
Tails of Sybil SuspectsTails of Sybil Suspects Imagine that every sybil suspect initiates a
random route from itself
total 1 tainted tail
honestnodes
sybilnodes
tainted tail
Haifeng Yu, National University of Singapore 20
Counting The Number of Tainted TailsCounting The Number of Tainted Tails
Claim: There are at most w tainted tails per attack edge Convergence: At most w tainted tails per attack edge
Regardless of whether sybil nodes follow the protocol
honestnodes
sybilnodes
attack edge
Haifeng Yu, National University of Singapore 21
Back to the Strawman Design Step 1Back to the Strawman Design Step 1
# of K ’s gw Independent of # sybil
nodes
# of K ’s n – gw From “backtrace-ability”
property of random routes
See paper…
honest region
K
K
K
K
K
K
KStep 1 achieved !
K: registered keys of sybil nodes
K: registered keys of honest nodes
Haifeng Yu, National University of Singapore 22
OutlineOutline SybilLimit Contribution 1: “Pushing the Limit”
Independent instances, intersection condition, balance condition, benchmarking technique
Avoids multiple seemingly circular designs (hardest part…)
Also see paper for Performance overheads…
Near-optimality …
SybilLimit Contribution 2: Validation on Real-World Social Networks
Haifeng Yu, National University of Singapore 23
Validation on Real-World Social NetworksValidation on Real-World Social Networks
SybilGuard / SybilLimit assumption: Honest nodes are not behind disproportionally small cuts Rigorously: Social networks (without sybil nodes) have
small mixing time
Mixing time affects # sybil nodes accepted and # honest nodes accepted
Synthetic social networks – proof in [SIGCOMM’06]
Real-world social networks? Social communities, social groups, ….
Haifeng Yu, National University of Singapore 24
Simulation SetupSimulation Setup
We experiment with: Different number and placement of attack edges
Different graph sizes -- full size to 100-node sub-graphs
Sybil attackers use the optimal strategy
# nodes # edges
Friendster 0.9M 7.8M
Livejournal 0.9M 8.7M
DBLP 0.1M 0.6M
Crawled online social networks used in experiments
Haifeng Yu, National University of Singapore 25
Brief Summary of Simulation ResultsBrief Summary of Simulation Results
In all cases we experimented with:
Fraction of honest nodes accepted: ~95%
# sybil nodes accepted: ~10 per attack edge for Friendster and LiveJournal
~15 per attack edge for DBLP
Haifeng Yu, National University of Singapore 26
ConclusionsConclusions
Sybil attack: Widely considered as a real and challenging problem
SybilLimit: Fully decentralized defense protocol based on social networks Provable near-optimal guarantees
Experimental validation on real-world social networks
Future work: Implement SybilLimit with real apps