Sybil attack
Encyclopedia
The Sybil attack in computer security is an attack wherein a reputation system
is subverted by forging identities in peer-to-peer networks
. It is named after the subject of the book Sybil
, a fictional case study of a woman with multiple personality disorder
. The name was suggested in or before 2002 by Brian Zill at Microsoft Research
.
of a peer-to-peer
network
by creating a large number of pseudonymous
entities, using them to gain a disproportionately large influence. A reputation system's vulnerability to a Sybil attack depends on how cheaply identities can be generated, the degree to which the reputation system accepts inputs from entities that do not have a chain of trust linking them to a trusted entity, and whether the reputation system treats all entities identically.
An entity on a peer-to-peer network is a piece of software which has access to local resources. An entity advertises itself on the peer-to-peer network by presenting itself with an identity. More than one identity can correspond to a single entity. In other words the mapping of identities to entities is many to one. Entities in peer-to-peer networks use multiple identities for purposes of redundancy, resource sharing, reliability and integrity. In peer-to-peer networks the identity is used as an abstraction so that a remote entity is aware of identities without necessarily knowing the correspondence of the identities with their local entities. By default, each distinct identity is usually assumed to correspond to a distinct local entity. In reality many identities may correspond to the same local entity.
A faulty node or an adversary may present multiple identities to a peer-to-peer network in order to appear and function as distinct nodes. By becoming part of the peer-to-peer network, the adversary may then overhear communications or act maliciously. By masquerading and presenting multiple identities, the adversary can control the network substantially.
In the context of (human) online communities
, such multiple identities are known as sockpuppet
s.
Identity-based validation techniques generally provide accountability at the expense of anonymity
, which can be an undesirable tradeoff especially in online forums that wish to permit censorship
-free information exchange and open discussion of sensitive topics. A validation authority can attempt to preserve users' anonymity by refusing to perform reverse lookups, but this approach makes the validation authority a prime target for attack. Alternatively, the authority can use some mechanism other than knowledge of a user's real identity - such as verification of an unidentified person's physical presence at a particular place and time - to enforce a one-to-one correspondence between online identities and real-world users.
Sybil prevention techniques based on the connectivity characteristics of social graphs can also limit the extent of damage that can be caused by a given sybil attacker while preserving anonymity, though these techniques cannot prevent sybil attacks entirely, and may be vulnerable to widespread small-scale sybil attacks.
Reputation system
A reputation system computes and publishes reputation scores for a set of objects within a community or domain, based on a collection of opinions that other entities hold about the objects...
is subverted by forging identities in peer-to-peer networks
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
. It is named after the subject of the book Sybil
Sybil (book)
Sybil is a 1973 book by Flora Rheta Schreiber about the treatment of Sybil Dorsett for dissociative identity disorder by her psychoanalyst, Cornelia B...
, a fictional case study of a woman with multiple personality disorder
Dissociative identity disorder
Dissociative identity disorder is a psychiatric diagnosis and describes a condition in which a person displays multiple distinct identities , each with its own pattern of perceiving and interacting with the environment....
. The name was suggested in or before 2002 by Brian Zill at Microsoft Research
Microsoft Research
Microsoft Research is the research division of Microsoft created in 1991 for developing various computer science ideas and integrating them into Microsoft products. It currently employs Turing Award winners C.A.R. Hoare, Butler Lampson, and Charles P...
.
Description
A Sybil attack is one in which an attacker subverts the reputation systemReputation system
A reputation system computes and publishes reputation scores for a set of objects within a community or domain, based on a collection of opinions that other entities hold about the objects...
of a peer-to-peer
Peer-to-peer
Peer-to-peer computing or networking is a distributed application architecture that partitions tasks or workloads among peers. Peers are equally privileged, equipotent participants in the application...
network
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
by creating a large number of pseudonymous
Pseudonymity
Pseudonymity is a word derived from pseudonym, meaning 'false name', and anonymity, meaning unknown or undeclared source, describing a state of disguised identity. The pseudonym identifies a holder, that is, one or more human beings who possess but do not disclose their true names...
entities, using them to gain a disproportionately large influence. A reputation system's vulnerability to a Sybil attack depends on how cheaply identities can be generated, the degree to which the reputation system accepts inputs from entities that do not have a chain of trust linking them to a trusted entity, and whether the reputation system treats all entities identically.
An entity on a peer-to-peer network is a piece of software which has access to local resources. An entity advertises itself on the peer-to-peer network by presenting itself with an identity. More than one identity can correspond to a single entity. In other words the mapping of identities to entities is many to one. Entities in peer-to-peer networks use multiple identities for purposes of redundancy, resource sharing, reliability and integrity. In peer-to-peer networks the identity is used as an abstraction so that a remote entity is aware of identities without necessarily knowing the correspondence of the identities with their local entities. By default, each distinct identity is usually assumed to correspond to a distinct local entity. In reality many identities may correspond to the same local entity.
A faulty node or an adversary may present multiple identities to a peer-to-peer network in order to appear and function as distinct nodes. By becoming part of the peer-to-peer network, the adversary may then overhear communications or act maliciously. By masquerading and presenting multiple identities, the adversary can control the network substantially.
In the context of (human) online communities
Online community
An online community is a virtual community that exists online and whose members enable its existence through taking part in membership ritual. An online community can take the form of an information system where anyone can post content, such as a Bulletin board system or one where only a restricted...
, such multiple identities are known as sockpuppet
Sockpuppet (Internet)
A sockpuppet is an online identity used for purposes of deception. The term—a reference to the manipulation of a simple hand puppet made from a sock—originally referred to a false identity assumed by a member of an internet community who spoke to, or about himself while pretending to be another...
s.
Prevention
Validation techniques can be used to prevent Sybil attacks and dismiss masquerading hostile entities. A local entity may accept a remote identity based on a central authority which ensures a one-to-one correspondence between an identity and an entity and may even provide a reverse lookup. An identity may be validated either directly or indirectly. In direct validation the local entity queries the central authority to validate the remote identities. In indirect validation the local entity relies on already accepted identities which in turn vouch for the validity of the remote identity in question.Identity-based validation techniques generally provide accountability at the expense of anonymity
Anonymity
Anonymity is derived from the Greek word ἀνωνυμία, anonymia, meaning "without a name" or "namelessness". In colloquial use, anonymity typically refers to the state of an individual's personal identity, or personally identifiable information, being publicly unknown.There are many reasons why a...
, which can be an undesirable tradeoff especially in online forums that wish to permit censorship
Censorship
thumb|[[Book burning]] following the [[1973 Chilean coup d'état|1973 coup]] that installed the [[Military government of Chile |Pinochet regime]] in Chile...
-free information exchange and open discussion of sensitive topics. A validation authority can attempt to preserve users' anonymity by refusing to perform reverse lookups, but this approach makes the validation authority a prime target for attack. Alternatively, the authority can use some mechanism other than knowledge of a user's real identity - such as verification of an unidentified person's physical presence at a particular place and time - to enforce a one-to-one correspondence between online identities and real-world users.
Sybil prevention techniques based on the connectivity characteristics of social graphs can also limit the extent of damage that can be caused by a given sybil attacker while preserving anonymity, though these techniques cannot prevent sybil attacks entirely, and may be vulnerable to widespread small-scale sybil attacks.