Defending Against Sybil Attacks

1
Defending Against Sybil Attacks

• Paul Parker
• Advisor Shouhuai Xu

2
Talk Outline

• Intro and Motivation
• Problem Definition
• Existing Work
• Intended Approach
• Results So Far

3
P2P and Other Self-Organizing Networks

• Backup
• File Sharing
• Distributed Computation
• Distributed File Systems
• Farsite
• GFS
• Organic GRID

4
Sybil Attack
5
Why Use Sybil Attack?

• disruption
• for-profit motives
• RIAA drop?
• disproportionate access to resources
  (computation, storage)
• control network

6
Problem Definition
Detect creation of multiple node identities from
a single physical node without a central
certifying authority
7
Existing WorkIs Preventing Sybil Attacks
Possible?

• John Douceur, Microsoft Research
• The Sybil Attack, IPTPS '01 (First
  International Workshop on Peer-to-Peer Systems
  (revised paper 2002))
• named and introduced problem
• strong negative theoretical results for networks
  without a centralized authority

8
Douceurs Assumptions

• set of entities (i.e., nodes)
• synchronous broadcast cloud
• message recvd by all entities w/i bounded time
• message
• finite length bit string
• no direct links between entities (form of
  centrally supplied authentication)
• identity abstraction that persists across
  multiple communication events
• Assumptions meant to be extremely general

9
Douceurs Model

• Entity behavior
• correct entities will present 1 legitimate
  identity
• faulty entities will present 1 legitimate identiy
  and 1 counterfeit identity
• How could we possibly verify identities?
• Assume attacker has limited resources
• Distinguish identities via resource-consumption
  challenge
• CPU
• storage
• network bandwidth
• Example
• simultaneously issue puzzle to all claimed
  identities that takes 1 second for 1 GHz computer
  to solve

10
Douceurs Lemmas

• Direct validation
• 1. Any faulty entity f can present as many
  distinct identities as the ratio of its power to
  minimal power
• e.g., 3 GHz CPU could present 3 identities at 1
  GHz minimum
• 2. If an entity l accepts identities that are not
  validate simultaneously, a single f can present
  arbitrarily many distinct identities to l
• e.g., 1 GHz computer could present 3 identities
  over 3 seconds
• Indirect validation
• 3. If an entity l accepts identities vouched for
  by q accepted identities, then F can present
  arbitrarily many identities to l if F gt q or F
  has at least q F resources
• 4. Without simultaneous challenges, even a
  minimally-capable entity f can present C/q
  distinct identities to l.
• Possibly not actual proofs, but very closely
  reasoned

11
Douceurs Conclusion

• attacks always possible except under extreme and
  unrealistic assumptions of resource parity and
  coordination among entities
• i.e., to prevent attacks must assume
• all entities have nearly identical capabilities
• all presented identities are simultaneously
  checked by all entities across the entire system
• therefore in heterogeneous real systems such as
  Internet, Sybil attacks always possible

12
Existing WorkNew Ideas

• On the Establishment of Distinct Identities in
  Overlay Networks, Bazzi Konjevod, PODC 2005
• establishing pairwise distinctness often helpful
• distinctness test yields true or unknown
• Douceur abstracted out potentially helpful
  details
• real networks physically embedded in geometric
  spaces

13
BK2005 Assumptions

• actual distance between 2 entities approx.
  satisfies metric properties
• symmetry (bccb)
• definiteness (ab exists)
• triangle inequality (abbcac)
• sending message to and from 2 entities
  (Round-Trip Time) no faster than function of the
  actual distance

5
4
3
3
14
BK2005 ExampleUsing Latency to Distinguish Nodes
?
?
C
D
100 ms RTT
A (trusted)
B (trusted)
30 ms RTT
30 ms RTT

• A and B sign certificates for C and D
• Practical technique
• Assumptions
• triangle inequality holds (c a b)
• occasional network quiescence

15
More BK2005 Assumptions

• Euclidean or Spherical Geometry can model RTT
  distances
• i.e., nodes can be embedded into Euclidean space
  Rd or spherical space Sd with little or no error
  on RTT distance
• Hence have metric properties
• Note similar to assuming efficient routing
• Limited number of corrupt beacons
• Asynchronous unreliable network
• over long periods of time, occasional quiescence
  will allow synchrony and reliability
• these allow computing distance between beacons
• Broadcast or point-to-point message models

16
BK2005 Theorems

• Can certify distinctness in presence of
• trusted beacons
• corrupt applicant (in convex hull in Rd, or in Sd
  anywhere)
• multiple colluding entities for broadcast
• up to d multiple colluding entities for
  point-to-point (ddimensionality of space)
• up to f corrupt beacons
• at least fd1 correct ones, one corrupt
  applicant or multiple colluding corrupt
  applicants

17
BK2005 Conclusions

• can prevent Sybil attacks via geometric
  distinctness certification (given assumptions)
• nice theoretical results
• translation to real work requires significant
  investigation
• a lot more work to make this of more practical
  value
• generalization of first example has a good
  chance of leading to solutions that can be used
  in practice

18
Existing WorkAnother Idea

• Remote physical device fingerprinting
• Kohno, Broido, and claffy, UCSD, IEEE SP 2005
  (Oakland)
• Computers have clocks
• quartz crystal
• resonant frequency function of size
• frequency varies slightly between typical
  crystals
• First derivative of clock frequency is skew
  (fast or slow-ness of clock)
• Time reported by OS varies with hardware skew and
  OS factors
• Thus, particular skew distinguishes computer

19
Kohno et al Details

• TCP spec includes TCP Timestamping option
• TCP stack inserts a timestamp when sending packet
• Clock skew can be estimated by observing these
  over time
• Thus, fingerprint remote physical device by
  observing TCP streams
• 5-6 bits of entropy (distinctness)
• TSOpt field can be disabled or scrubbed

20
Our Intended Approach

• Provisional
• Do BK experiments
• Combine multiple approaches (intelligently) (some
  of mine are new proposals)
• BK2005 approach
• Kohno et al approach
• neighborhood
• memory latency computational puzzles
• OS fingerprinting

21
PlanetLab(to use for BK testbed)

• Worldwide research overlay network
• More than 600 nodes at 300 sites
• www.planet-lab.org

22
Planned BK Experiments(so far)

• Data-based experiments
• Test triangle inequality (to w/i a margin)
• Test technique applicability
• Actual experiments
• Testbed for trying technique

23
Results So Far

• Analyzing Triangle Inequality w/ PlanetLab
• Nodes 481
• Theoretical possible triangles 110,591,520
• Number with 3 sides 50,963,180

24
Results So Far Timestamping and OS
Fingerprinting

• p0f passive OS fingerprinting tool
• Issues
• p0f ran in less accurate SYNACK mode for Web
  trace, because host initiated all connections
• intersection of p0f result and reasonable clock
  skew low (15 even on Web trace)
• good timestamping data hard to obtain
• most traces truncate TCP header before TSOpt
• Implications
• OS fingerprinting probably a secondary technique
  (also because can be faked)
• Timestamping didnt work well on brief streams
  (not enough data?)

25
Directions for Future Work

• Can a self-organizing network automatically
  defend against Sybil attacks, without starting
  from a set of trusted nodes?
• Can we provide identities for nodes, or merely
  distinguish them? If not, how much
  distinguishability can we provide?

26
Questions?

• ?