A Sybil attack is a type of attack on the computer network service in which an attacker creates multiple pseudonymous identities, upsetting the service’s reputation system and using them to achieve disproportionate effect. It is named after the subject of the book Sybil, a case study of a woman diagnosed with dissociative identity disorder.
What is Sybil Attack?
The Sybil attack in computer security is an attack in which a reputation system is overturned by creating multiple identities. The vulnerability of a reputation system to a Sybil attack depends on how cheaply identities can be produced, the degree to which the reputation system accepts input from entities that do not have a chain of trust linking them to a trusted entity, and whether reputation exists. The system treats all entities the same. Evidence from research results as of 2012 showed that large-scale Sybil attacks can be carried out very cheaply and efficiently on existing realistic systems such as BitTorrent Mainline DHT.
An entity in a peer-to-peer network is a piece of software that has access to local resources. An entity identifies itself in the peer-to-peer network by presenting an identity. Multiple identities can correspond to a single entity. In other words, the mapping of identities to entities is many-to-one. Entities in peer-to-peer networks use multiple identities for redundancy, resource sharing, reliability, and integrity. In peer-to-peer networks, identity is used as an abstraction so that a remote entity can be aware of identities without necessarily knowing that the identities correspond to local entities. By default, each separate ID is usually assumed to correspond to a separate local entity. In reality, many identities may correspond to the same local entity.
An adversary can present multiple identities to a peer-to-peer network to appear and function as multiple different nodes. Thus, for example, by influencing voting results, the competitor can gain a disproportionate level of control over the network.
In the context of online (human) communities, such multiple identities are sometimes known as sock puppets.
Sybil Attack Examples
For several months in 2014, a notable Sybil attack was launched, linked to a traffic verification attack against the Tor anonymity network.
This includes 2020 Bitcoin address rewrite attacks. The attacker controlled a quarter of all Tor exit relays and used SSL to lower the level of secure connections and route funds to the wallet of the threat actor known as BTCMITM20.
Another notable example is the 2017-2021 attack by threat actor KAX17. This entity has controlled more than 900 malicious servers, mainly midpoints, in an attempt to anonymize Tor users.
How to Prevent Sybil Attacks
Known approaches to preventing Sybil attacks include authentication, social trust graph algorithms, or personality verification along with economic costs, and application-specific defenses.
Identity
Authentication techniques can be used to prevent Sybil attacks and to eliminate masked hostile entities. A local entity may accept a remote identity based on a central authority that provides a one-to-one correspondence between an identity and an entity and may even provide reverse lookup. An identity can be verified directly or indirectly. In direct authentication, the local entity queries the central authority to authenticate remote identities. In indirect verification, the local entity relies on previously accepted identities that vouch for the validity of that remote identity.
Practical network applications and services often use phone number authentication, credit card authentication, and even various identity proxies based on a client’s IP address to achieve limited Sybil attack resistance. These methods have limitations; it is often possible to obtain such identity proxies for a certain cost or even at low cost through techniques such as SMS spoofing or IP address spoofing. The use of such identity proxies may also exclude those who do not have ready access to the required identity proxy: for example, those who do not have their own mobile phone or credit card, or users behind it…
Identity authentication techniques often provide accountability at the expense of anonymity; this can be an undesirable tradeoff, especially in online forums that want to allow uncensored exchange of information and open discussion of sensitive topics. A verification authority may try to protect users’ anonymity by refusing to perform a reverse lookup, but this approach makes the verification authority the primary target for attack. Protocols using threshold cryptography can potentially distribute the role of such an authentication authority among multiple servers and maintain the anonymity of users even if one or a limited number of authentication servers are compromised.
Social Confidence Charts
Sybil prevention techniques based on the connectivity features of social graphics can limit the extent of damage a particular Sybil attacker can cause while maintaining anonymity. Examples of such prevention techniques include SybilGuard, SybilLimit, Advogato Trust Metric, SybilRank, and the sparsity-based metric for identifying Sybil clusters in a distributed P2P-based reputation system.
These techniques cannot completely prevent Sybil attacks and may be vulnerable to common small-scale Sybil attacks. It is also unclear whether real-world online social networks meet the trust or connection assumptions these algorithms assume.
Alternatively, imposing economic costs as artificial barriers to entry can be used to make Sybil attacks more expensive. For example, proof-of-work requires a user to prove that a certain amount of computational effort has been put into solving a cryptographic puzzle. In Bitcoin and related permissionless cryptocurrencies, miners compete to add blocks to a blockchain and earn rewards roughly proportional to the amount of computational effort they invest in a given time frame. Investments in other resources such as storage or shares in existing cryptocurrency can similarly be used to impose economic costs.
Personality Verification
As an alternative to authentication that attempts to maintain a strict “one per person” allocation rule, an authentication authority may use some mechanism without knowledge of a user’s true identity. Such proof-of-personality approaches have been proposed as a basis for permissionless blockchains and cryptocurrencies, where each human participant will cast exactly one vote in the consensus. Various approaches to proving personality have been proposed, although many usability and security issues remain.
Application-Specific Defenses
A set of distributed protocols has been designed with Sybil attack protection in mind. SumUp and DSybil are Sybil resistant algorithms for online content recommendation and voting. Whanau is a Sybil-resistant distributed hash table algorithm. I2P’s Kademlia implementation also has provisions to mitigate Sybil attacks.
