SYBIL ATTACK
The Sybil attack in computer security is an attack wherein
a reputation system is subverted by forging identities in peer-to-peer
networks. It is named after the subject of the book Sybil, a case study of a woman diagnosed with
dissociative identity disorder.
Most networks, like a
peer-to-peer network, rely on assumptions of identity, where each computer
represents one identity. A Sybil attack happens when an insecure computer is
hijacked to claim multiple identities. Problems arise when a reputation system
(such as a file-sharing reputation on a torrent network) is tricked into
thinking that an attacking computer has a disproportionally large influence.
Similarly, an attacker with many identities can use them to act maliciously, by
either stealing information or disrupting communication. It is important to
recognize a Sybil attack and note its danger in order to protect yourself from
being a target.
Large-scale
peer-to-peer systems face security threats from faulty or hostile remote
computing elements. To resist these threats, many such systems employ redundancy.
However, if a single faulty entity can present multiple identities, it can
control a substantial fraction of the system, thereby undermining this
redundancy. One approach to preventing these “Sybil attacks” is to have a
trusted agency certify identities.
Nodes that passively
monitor traffic in the network can detect a Sybil attacker that uses a number
of network identities simultaneously. We show through simulation that this
detection can be done by a single node, or that multiple trusted nodes can join
to improve the accuracy of detection. We then show that although the detection
mechanism will falsely identify groups of nodes travelling together as a Sybil
attacker, we can extend the protocol to monitor collisions at the MAC level to
differentiate between a single attacker spoofing many addresses and a group of
nodes travelling in close proximity.
No comments:
Post a Comment