1

SybilGuard: Defending Against Sybil Attacks via Social Networks

Haifeng YuMichael KaminskyPhillip B. GibbonsAbraham Flaxman

Presented byJohn Mak, Janet Yung

2

Outline

• Introduction to Sybil Attack

• Model & Problem formulation

• Sybil Guard Overview

• Simulation Result & Analysis

• Conclusion

• Our views

3

Introduction to Sybil Attack

• P2p and decentralized, distributed systems particularly vulnerable

• Malicious user obtains multiple fake identities

• Gain large influence by “out vote” honest users

4

Introduction to Sybil Attack

• Malicious user obtains multiple fake identities

• Malicious behavior becomes a norm (e.g. Byzantine failures)

• Many protocols assume < 1/3 malicious nodes

• Easily create 1/3 nodes Break defense

5

Introduction to Sybil Attack

• Centralized authority:– Control Sybil attack easily– Verify real life credential– Hard for worldwide to trust– Single point of failure – bottleneck, DOS– Scare away potential users – requires

sensitive information

6

Introduction to Sybil Attack

• Decentralized approach is hard:– Harvest (Steal) IP addresses

• No common IP prefix Hard to filter

– Advertise BGP route on unused block of IP address

– Botnet - Co-opt large number of end-user machines

7

Introduction to Sybil Attack

• Not very successful defense approaches:– Resource-challenge approach (computational

puzzles)– Network coordinates– Reputation system based on historical

behavior

8

Model & Problem Formulation

• Users:– n honest users: single identity– 1+ malicious user: multiple identities

• Identity:– Also called “node”– Sybil identity: malicious user’s identity

• Defense system– Verifier node V accept another node S– Ideally, V only accept honest nodes.

9

Model & Problem Formulation

• Bounding no. of sybil groups– Divide all nodes into at most g equivalence

groups– Sybil Group: equivalence group contains at

least one Sybil node– Defense system guarantees no. of groups,

without need to know if the group is sybil

10

Model & Problem Formulation

• Bounding size of Sybil Group– at most w nodes in a group– limit no. of sybil nodes accepted each node can

accept

• Summary– decentralized– honest node accepts, and is accepted by most other

honest nodes– honest node accepts a bounded number of sybil

nodes.

11

Social Network

• Consists of users (nodes)• Human established trust relationships• Nodes connected by an edge (friend) • Real life relationship can bound both the number

and size of sybil groups– Usually degree ~ 30

• Malicious user fools honest user to trust him/her– an attack edge connected a malicious user and an

honest user

12

SybilGuard Overview

• Ensures honest user share at most one edge with sybil nodes created by a malicious user

• A protocol enables honest nodes to accept a large fraction of the other honest nodes

• SybilGuard does not increase or decrease the number of edges in the social network as a result of its execution

13

SybilGuard Overview

• Random routes direct random walk for all nodes • Pre-computed random permutation

– one-to-one mapping from incoming edges to out-going edges

• Random routes– convergence property– back-traceable property

• Multiple random routes of a certain length (w)

14

Random route

• Basis of SybilGuard

• Honest node (verifier) decides whether or not to accept another node (suspect)

• Honest node’s random route– highly likely to stay within the honest region– Highly likely to intersect within (w) steps

• If there are (g) attack edges, the number of sybil groups is bounded by (g)

15

Fast mixing property

• Assume social networks tend to be fast mixing, which necessarily means that subsets of honest nodes have good connectivity to the rest of the social network

• Assume the verifier is itself an honest node

16

Attack edge

17

Key exchange

• Each pair of friendly nodes shares a unique symmetric secret key (password) called the edge key

• Key distribution is done out-of-band

• Each honest node constrains its degree within some constant (e.g. 30) in order to prevent the adversary from increasing the number of attack edges (g) dramatically

18

Limits attack edges

• Limited number of attack edges (g)

• Adding new attack edge needs out-of-band verification

• Malicious users:– Hard to convince honest users to be friends– Quite difficult to do on a large scale

19

Common ways adversary may use to increase g

• Befriending with honest users in real life• Convince honest node to accept sybil nodes as

friends• Compromises a large fraction of nodes in the

system.– The adversary does not even need to launch a sybil

attack. SybilGuard will not help here.

• Botnet– Challenging to acquire a botnet containing many

nodes that already in the system.

20

Random route

• Convergence property– Once two routes traverse the same edge along

the same direction, they will merge and stay merged (i.e. the convergence property)

• Back-traceable property– Using a permutation as the routing table

further guarantees that the random routes are back-traceable

• There can be only one route with length (w) that traverses the same section of route (e)

21

Problems of random route

• Loop (same edge more than once)– Unlikely to form in a fast mixing graph

• Enters the sybil region– Unlikely according to:

THEOREM 1. For any connected and non-bipartite social network, the probability that a length-w random walk starting from a uniformly random honest node will ever traverse any of the g attack edges is upper bounded by gw/n. In particular, when w = Θ(√nlogn) and g = o(√n/logn), this probability is o(1).

22

SybilGuard Design

• Use redundancy– Instead of performing one random route– A node with degree (d) performs random

routes along each of its edges

• Verifier V accept suspect S– If exist d/2 routes from the verifier node– One of V’s route accept S if that route

intersect with one of S’s route

23

Registry table

• Each node will maintain and propagate one’s registry tables and witness tables to its neighbors

• SybilGuard requires a node to register with all (w) nodes along each of its routes by using public key cryptography

• When a verifier V wants to verify S, V will ask the intersection point between S’s route and V’s route whether S is indeed registered

24

Registry & Witness tables

25

Bandwidth consumption

• Studying a one million nodes social network• w=2000• Data sent by each node for registry table is small• Bandwidth consumption acceptable

– since the registry table updates are needed only when social trust relationships change

26

Witness table

• Propagated and updated in a similar fashion as the registry table

• Backward• Updated when a node’s IP address changes

• Can be done lazily in the verification process

27

Verify process

• For a node V to verify a node S– find the intersection nodes for all of its routes by the

witness tables downstream– Authenticates the intersection node one by one by the

private key– Ask that node to check if S’s public key is store in one

of its registry tables.– If S’s public key is found, that route of V will accept S

28

Verify Process

• If more than half of the route from V accept S,– node V will accept node S– V will interact will S later by request S to encrypt its

message by its private key

• For the sybil nodes region with (g) attack edges,– Polluted entries in registry tables bounded by g*w*w/2– still less than half of the total number of entries n*d*w– even with g*w tends to (n) with (d) being the degree of

each node (d >= 2) and (n) being the total number of nodes

29

Route length w

Constraints:• Must be sufficiently small to ensure remains

entirely within the honest region

• Must be sufficiently large to ensure that routes will intersect with high probability

• w related to n– Challenging because we do not know n for a

decentralized system

30

Route length w

• Determine locally by sampling

• Node A performs short random walk (e.g. 10 hops) at node B

• Assume B is honest (with high probability)

• A checks no. of hops for intersection with their random routes– A asks for the witness tables from B.

• Repeat above, calculate median value.

31

Sybil Guard under Dynamics

• Bypass offline nodes– V verify other node S

• Probably multiple intersection points• V have at least one intersection point online

– Propagate registry & witness tables• User creation / deletion / ip address change• Infrequent changes

– Lookahead route table• Store information of next K hops

32

Sybil Guard under Dynamics

• Incremental routing table maintenance– Instead of re-create a new permutation– Make changes in current permutation

• Add– X1 X2 X3 X4 (insert at end)– X1 X2 (insert here) X4 X3

• Delete “3”– Before: X1 X2 X3 X4 X5

– After: X1 X2 X5 X4

33

Attacks Exploiting Node Dynamics

• Potential attacks under Node Dynamics– Malicious user M change public key to key2– Suppose DABC– Suppose revoke key1– Random routes along all directions – D’s key3 will overwrite key2

34

Probability of Intersection

• Kleinberg’s synthetic social network model• a million-node graph with average node

degree of 24

35

Results with no Sybil Attackers

• Probability of random routes being loops– Loop reduces effective length of random route– Loop is very rare– 99.3% of the routes do not form loops in their

first 2500 hops

36

Results with no Sybil Attackers

• Probably of honest node being accepted– at least one intersection point online– If at least 10 online/offline intersection points

verification succeeds– In 1 million-node graph

• w = 300• probability = 99.96% having >=10 intersections

37

Results with no Sybil Attackers

• Estimate random route length w– Sampling technique to determine w– Node A choose a node B to determine w– Node B – not necessarily uniformly random– Need to re-estimate daily

38

Probability of routes in honest region

• 1 million-node graph• 100% for g <=2000; 99.8% for g=2500• 0.2% -- Nodes befriending with sybil

attackers

39

Probability of honest nodes being accepted

• Still 99.8% with 2500 attack edges• Redundancy is necessary

40

Our views

• Hard to link real life to virtual network?– My real life friends may not join the virtual

network– Maybe centralized authentication better?

• 99.8% honest nodes accepted, but 0.2% not accepted.– The 0.2% is honest

41

Others’ views

• Fast mixing assumption in social network– Japanese’s social network may not mix with

US social network?