REVIEW: The Sybil Attack

From: Nilton Bila <nilton_REMOVE_THIS_FROM_EMAIL_FIRST_at_cs.toronto.edu>
Date: Thu, 17 Nov 2005 10:53:26 -0500

REVIEW: The Sybil Attack

The paper argues for the use of centralized certification authorities to
prevent Sybil attacks in peer-to-peer systems. It argues that without one
such centralized authority, Sybil attacks would always be possible. Sybil
attacks occur when a malicious node can own a large enough set of nodeIds
in the network and can thus control a large portion of the system. As
identified by the paper, a problem with Sybil attacks is that if a node is
able to respond for multiple nodeIds, attempts by nodes to replicate data
can be thwarted.

The paper states that the only direct means for two nodes to convince a
third one they are not the same is by performing a single task a single
entity could not. This dependends, however, on the available resources in
the nodes thus a capable malicious node could perform such task and pass
the test. It further states as its second lemma that when an entity
accepts entities not validated simultaneusly, then a signle failure can
result in an arbitraririly large number of malicious nodes, and applies
transitive property for lemmas 3 and 4.

In arguing that the only way to prevent Sybil attacks is by means of
centralized authorities, the paper fails to point out a weakness of such
approach: centralized authorities represent easy targets for denial of
service attacks which can shut down the enire system as nodes are unable
to obtain and verify ids. The paper sees failed replication as the one
problem with Sybil attacks. Security problems are unaddressed, for example
malicious nodes can corrupt, drop messages, control objects, access
anauthorized information by pretending to be another node as well as
control access to the network by other nodes.
Although the goal of the paper was to show that centralized certification
is the only way to prevent Sybil attacks, it fails to convice that no
other technique is as effective. It did a poor job of explaining why only
by asking two nodes to perform a single task a single entity could not is
a node able to directly certify nodes. It would be beneficial to discuss
how other possible attempts at doing so would fail, for example why
couldn't a node apply a one-way hashing function to the IP address of the
source and verify if it matches the nodeId supplied?
Received on Thu Nov 17 2005 - 10:53:31 EST

This archive was generated by hypermail 2.2.0 : Thu Nov 17 2005 - 10:53:31 EST