Sybil Attack is a type of attack seen in peer-to-peer networks in which a node in the network operates multiple identities actively at the same time and undermines the authority/power in reputation systems. The main aim of this attack is to gain the majority of influence in the network to carry out illegal(with respect to rules and laws set in the network) actions in the system. A single entity(a computer) has the capability to create and operate multiple identities(user accounts, IP address based accounts). To outside observers, these multiple fake identities appear to be real unique identities.
History of Sybil Attack
The attack is named after the subject of the book Sybil (subject’s name is Sybil Dorsett). A paper called The Sybil Attack was written by John R. Douceur at the Microsoft Research.
Few Examples:
- The recent alleged Russian interference in the United States’ election is a type of sybil attack in which multiple fake accounts on Facebook were operated. This attack falls in the category of pseudo-sybil attack because the platform used(Facebook) was not compromised itself.
- Sybil attacks are carried on the Tor network.
- The 51% attack in Blockchain networks.
- Multiple fake reviews on Amazon and other e-commerce platforms by only one identity(such mass computing power is available(unethically) for hire from countries like Bangladesh.
Formal Model
The model used in the Sybil Attack paper is a simple one. It consists of:
-
E entities = c(correct) entities + f(faulty) entities
correct – entities that follow the protocols and rules setup in the network honestly(whose honesty is verified).
faulty – entities whose behavior are arbitrary and can’t be predicted. They don’t honestly follow the protocols and rules in the network. - A communication cloud: A very general cloud through which messages between different entities travel.
- pipe: to connect an entity with the communication cloud
- In a direct attack, the honest nodes are influenced directly by the sybil node(s).
- In an indirect attack, the honest node(s) are attacked by a node which communicates directly with the sybil node(s). This middle node is compromised as it’s under malicious influence of sybil node(s).
- Direct validation : An already established member verifies the new joiner of the network
- Indirect validation: An established member verifies some other members who can, in turn, verify other new network joiners. As the members verifying the new joiners are verified and validated by an established entity, the new joiners are trusted to be honest.
Types of sybil attack
How the Bitcoin network prevents sybil attack ?
Bitcoin network uses the Proof of Work(PoW) consensus algorithm to prove the authenticity of any block that is added to the blockchain. A considerable amount of computing power is required to do the work which provides incentive to the miners to do honest work(a bitcoin reward; currently 12.5 bitcoins for every block mined) and no incentive for the faulty work. The transactions are verified by every node and rejected as invalid if faulty transactions are included in the block. A type of sybil attack, called the 51% attack is also practically impossible in the bitcoin network because of so many miners, it is very difficult for a single organization to control 51% of the miners.
Ways to prevent sybil attack
Giving different power to different members – This is on the basis of reputation systems. Members with different power levels are given different reputation levels.
Cost to create an identity – To prevent multiple fake identities in the network, we can put a cost for every identity that aims to join the network. A point to note is that it makes more sense to make it infeasible to operate multiple fake identities at the same time rather than creating new identities. Multiple identities can enforce security, anonymity, censorship prevention.
Validation of identities before joining the network –
Note: Even though above techniques make it difficult to do sybil attack on the network, such attacks are not impossible.