Large scale p2p systems use redundancy to diminish the security threats
from faulty nodes. However, the redundancy may be undermined by the Sybil
attack in which a faulty node may counterfeit multiple identities. This
paper claims that the Sybil attack is unavoidable in a large scale
distributed system if there is no logically centralized authority.
The authors propose a model of distributed environment. Based on this
model, a node can identify other nodes in two ways without a trusted
agency. One is direct validation that the node identifies remote nodes
directly; the other way is indirect validation in which the node accepts
remote nodes only because the remote nodes are accepted by a trusted node.
For direct validation, the number of identities counterfeited by a faulty
node has a constant lower bound; its upper bound is open if correct nodes
cannot simultaneously validate the identities they are presented, which is
common in real systems. For indirect validation, with the increasing p2p
network size, faulty nodes can counterfeit an unbounded number of
identities. In both cases, the Sybil attack is always possible.
According to this paper, the Sybil attack is unavoidable in the p2p
systems. No solution is perfect for p2p security. Security mechanisms only
make the p2p system more complicated. They may defense the system from
some attacks, but not all attacks. The designers trade performance and
complexity to security. In real p2p application, a simple but practical
solution is preferred. It is suitable for applications that may tolerate
attacks to some extend. If an application tolerates no attacks, it must
have a centralized, trusted authorization agency.
Received on Wed Nov 16 2005 - 22:03:03 EST
This archive was generated by hypermail 2.2.0 : Wed Nov 16 2005 - 22:48:46 EST