Review - The Sybil Attack

This paper talks about Sybil attacks in P2P systems where a misbehaving
peer can hold multiple identities and control a disproportionate
fraction of the system. The consequence of this is that it undermines
the assumption of well-behaving peers to provide redundancy in P2P
systems and the author concludes by saying it is not practically
realizable to prevent Sybil attacks without a logically centralized
authority to manage a one-to-one "identity:entity" correspondence.

The strength of this paper lies in the recognition of weaknesses in the
very strength of P2P systems like DHTs: redundancy. It illustrates how,
in the absence of a logically centralized authority, we could mitigate
Sybil attacks. A peer could distinguish between two entities by issuing
some puzzle that can only be performed by two distinct entities,
assuming uniformity in the resources available to each peer. The author
then demonstrates that this holds under the strict condition of perfect
synchronization of validating peers but even then, a bounded Sybil
attack would be possible. If these assumptions do not hold, then an
unbounded attack can be carried out.

The weakness of this paper is that it assumes in the first place that a
user can potentially control a large fraction of the P2P system. Does
the average peer have enough resources, e.g. bandwidth, to sustain all
connections to the P2P system if it did have a sizable chunk of the
system? How "big" a chunk need a peer take to reduce the value of
redundancy in a "very big" P2P system?

As the author outlines, in a large distributed system like the Internet,
it is unrealistic to get synchronization in validation of peers due to
heterogeneity in peer capability, varying delays, etc.; and thus
impossible to prevent Sybil attacks. Peers in P2P systems will cheat
when there is an incentive to and maybe we should design our systems
with that in mind in the first place - "How to create incentives to be
fair in P2P systems?".
Received on Thu Nov 17 2005 - 09:27:05 EST