Sybil Attacks
One-way security can break down is
in a Sybil attack. Named after the case study of a woman with multiple
personality disorder, a Sybil attack is a type of security threat when a node
in a network claims multiple identities.
Most networks, like a peer-to-peer
network, depend on on assumptions of identity, where each computer denotes one
identity. A Sybil attack occurs when an insecure computer is hijacked to claim
multiple identities. Problems arise when a reputation system (such as a
file-sharing reputation on a torrent network) is tricked into thinking that an
attacking computer has a disproportionally large influence. Similarly, an
attacker with many identities can use them to act maliciously, by either
stealing information or troublemaking communication. It is important to
recognize a Sybil attack and note its danger in order to protect yourself from
being a target.
First defined by Microsoft researcher
John Douceur, a Sybil attack relies on the fact that a network of computers
cannot guarantee that each unknown computing component is a distinct, physical
computer. A number of authorities have attempted to establish the identity of
computers on a network (or nodes) by using certification software such as
VeriSign, employing IP addresses to identify nodes, requiring passwords and
usernames, and so forth. However, impersonation, both in the real and digital
worlds, is commonplace. Friends may share passwords, communities may share
website registrations and some services provide a single IP address that is
shared among users.
Sybil attacks have appeared in many
scenarios, with wide implications for security, safety and trust. For example,
an internet poll can be rigged using multiple IP addresses to submit a large
number of votes. Some companies have also used Sybil attacks to gain better
ratings on Google Page Rank. Reputation systems like eBay's have also been
victims of this type of attack.
There are few sure-fire ways to
protect a network from a Sybil attack, but there is a wide range of literature
dedicated to discussing options for protection and verification of computing
identities. One way is by using trusted certification in which a single,
central authority establishes and verifies each identity via a certificate.
Trusted certification is not foolproof, however, and it can use up large
amounts of resources and bottleneck traffic on the network.
Another option is called resource
testing. The aim of resource testing is to determine whether a collection of
identities possess fewer resources than they would if they were independent.
Resource testing scans computing power, storage space, network bandwidth and
other parameters to determine if the collection is from a single,
Sybil-attacking computer or a series of true identities.
Utilizing trusted devices is
similar to using trusted certification to defend against a Sybil attack. In
this case, identities are associated to specific hardware devices. Similar to a
central authority creating certificates, there are few ways to prevent an
attacker from attaining multiple devices.
It is important to know what
threats are out there. In a typical home or office setting, a Sybil attack may
not have as much direct effect as a virus or Trojan attack, but this type of
attack can affect the fabric of internet commerce and communication. Understanding
what a Sybil attack is and how to spot one is essential for any savvy internet
user.
Comments
Post a Comment