SybilCast:Broadcast on the Open AirwavesSETH GILBERT, CHAODONG ZHENG

National University of Singapore

Base Station

u v

Sunday afternoon in Starbucks

v2

v3

v1

v4

v7

v8

v6

v9

v5

We have a Sybil attack!

Sybil identities:

Alice Sean

B/2 B/2

B/10 B/10 B/10…

Radios can access many channels

u

msgAck for msg

x

msg

channel one

channel two

Honest users:always pass the test!

Malicious users:lose (fake) id with 50% chance!

Use radio resource testing!

[1] N. James, E. Shi, D. Song, and A. Perrig. The sybil attack in sensor networks: Analysis & defenses.[2] D. Mónica, J. Leitão, L. Rodrigues, and C. Ribeiro. On the use of radio resource tests in wireless ad-hoc networks.

Base Stationv y

!ALERT!

Challenges

Colluding: Malicious users can cover more than one channel

Other malicious behavior: Malicious user jam channels, and/or spoof messages

Continuous nature of the system: Cannot run a set of tests and then stick to normal data

deliver protocols

Efficiency of detection: Overhead for detecting sybil identities must be low

Overview

1. Introducing sybil attacks

2. Model and problem

3. The SybilCast protocol: Structure

Why it works

Model Synchronous wireless network:

Single-hop

channels

Users:

One (authenticated) base station

up to real users (unauthenticated) that come and go

Radios:

Everyone has one radio, choose one channel in a round

Transmit or receive

Base Station

v

w

Channel two

Channel c

…

Channel one

Channel two

Channel c

…

Channel one

Malicious users Malicious users:

At most

Colluding

Capabilities: Create sybil identities

Jam channels

Spoof messages

Each has only one radio transceiver as well!

Base Station

v

w

Sean Shirley

x y q r

#$%@#%#^@#^@Quit

Channel two

Channel c

…

Channel one

Problem: fair bandwidth access

Basic problem:

Users arrive and request data

Base station delivers data to user

Goal: every user gets a fair share of the bandwidth:

If there are at most users in the system during request

Request gets of the total bandwidth

u

Sean ShirleydataBase

Station

Introducing SybilCast Three phases per epoch:

Registration phase: new users join the network

Data phase: registered users receive data and authentication information

Verification phase: base station checks registered users

time

…

d registered identities

registration phase:at most d new ids registered

2(( ) log )Nd c

data phase:at most 2d ids present

2(( ) log )d c N

verification phase:s ids removed

(( ) log )d c N

2d-s registeredidentities

…

one epoch

Why those lengths? Balance sybil identities’ admission rate and honest

identities’ admission rate: Fast admission → Low registration overhead

However: Fast admission → More sybil identities → Low throughput

Registered identities at most double!

time

…

d registered identities

registration phase:at most d new ids registered

data phase:at most 2d ids present

verification phase:s ids removed

2(( ) log )Nd c 2(( ) log )d c N (( ) log )d c N

2d-s registeredidentities

…

one epoch

2(( ) log )Nd c 2(( ) log )d c N (( ) log )d c N

Registration phase

Goal: delivers a final seed to each request: Long random binary string

Used as a frequency hopping sequence

Hidden from the malicious users

Procedure: Divide phase into sub-phases of

In each sub-phase, deliver partial seed to user

User takes XOR of all partial seeds

2(( ) log )x c N …

(log )N…

Challenges and Tools

Avoid jamming Random uncoordinated frequency hopping

Authenticating nodes (to counter spoofing): Hash chain

Avoid contention among nodes: Backoff protocol (ensures delivery of single partial seed)

Registration list (ensures enough partial seeds)

Channel one

Channel two

Channel three

Data phase

Goal: deliver data and nonces to registered identities

Procedure for each round:

Base station chooses a random registered identity

Send a packet on the pre-agreed channel with data and nonce

Intended receiver get the data

All nodes on that channel record the nonce!

Base Station u v

w

¿𝑚𝑢∨𝑟1>¿ ¿𝑚𝑢∨𝑟1>¿ ¿×∨𝑟 1>¿

¿𝑚𝑤∨𝑟2>¿ ¿𝑚𝑤∨𝑟2>¿ ¿×∨𝑟 1,𝑟2>¿

random binary string

data nonce

The Power of the NonceTM

Most sybil identities miss many nonces: Many sybil identities → spread on many channels.

Spread on many channels → high likelihood to lose nonces.

We show, if there are sybil identities, after data rounds, of them will lose nonces.

Honest identities do not miss many nonces: For an honest node, it lose each nonce with probability .

After data rounds, each honest node loses nonces.

We show , honest nodes win!

Verification phase Procedure:

Users send collected nonces back to base station

(Uncoordinated) frequency hopping to resolve jamming and contention.

Threshold :

Base station eliminates identities without enough nonces

Guarantee:

No honest users are eliminated (w.h.p.)

All but 12t sybil identities are eliminated (w.h.p.)

p finishes registration

Putting everything together

For a request from honest node = maximum number of active real nodes

= maximum number of registered identities

time

…

p initiate a request

…epoch i epoch i+1 epoch i+2 epoch j

p obtains first partial seed

𝑂 ((𝑛∗+𝑐 )𝑐 log3𝑁 ) 𝑂 ((𝑑∗+𝑐 ) log2𝑁 )

Putting everything together

finishes reg. time.

However, may count (many) sybil identities! We need to constrain !

By the end of any epoch: remaining identities

at most sybils.

, hence

In next epoch, at most new identities We have .

finishes registration in time.

Putting everything together

finishes registration in time.

Once registered, gets in time.

In total, needs time. If , this is just time!

I.e., (asymptotically) optimal time!

SybilCast’s key property

Theorem:If an honest user requests a data of size , and if there are at most concurrently active real nodes at any point during the request, then the download will complete in time w.h.p.

Corollary:On average, each honest user corresponds to sybil identities, hence each honest user can finish data download in asymptotically optimal time.

THIS IS IT! SybilCast solves fair bandwidth allocation despite:

Sybil attacks! Jamming! Spoofing!

Combination of existing tools:

Radio resource testing, frequency hopping, hash chain, …

And innovations:

Admission rate control, deferred verification, …

Distri-SybilCast?

If you have questions, now is the time!

Conclusion