The Sybil attack is an attack that a single faulty entity can impersonate
multiple identities. This paper thoroughly analyzes the influence of the
Sybil attack to a fully distributed system without a central authority.
The conclusion is pessimistic since it proves that Sybil attacks are
always possible unless some unrealistic assumptions are satisfied.
This claim indicates there are fundamental drawbacks in p2p system without
a CA. First, p2p system's heterogeneity can allow faulty entities are much
more capable that a single correct entity and thus nearly identical
resource constraints are not satisfied; second, p2p system's size could be
very large and thus simultaneous validation is impossible.
Of course, adding CA is a straightforward way to achieve security but CA's
maintenance is quite expensive and presents point of failure. Other method
like binding IP address with node id, is not feasible since it will limit
the number of users of p2p system since many users share a single IP
address or have dynamic IP addresses due to NAT or DHCP.
Another paper "secure routing for structured p2p overlay networks"
presents some ways to moderate the rate of Sybil attacks. Solving crypto
puzzles make the faulty entities consume their computation resources; and
periodically invalidate node Ids make the faulty entities apply node Ids
again; these two approaches try to keep the number of faulty entities low.
But no guarantee is given by using these two methods.
After we realize that we cannot completely solve the Sybil attack without
CA, we ask whether we should make a p2p system secure. Maybe we could only
apply p2p system into applications without strict security requirements,
such as Voice Over IP.
Received on Thu Nov 17 2005 - 08:23:56 EST
This archive was generated by hypermail 2.2.0 : Thu Nov 17 2005 - 09:00:28 EST