2008 IEEE Symposium on Security and Privacy (sp 2008) (2008)
May 18, 2008 to May 21, 2008
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SP.2008.13
Decentralized distributed systems such as peer-to-peer systems are particularly vulnerable to sybil attacks, where a malicious user pretends to have multiple identities (called sybil nodes). Without a trusted central authority, defending against sybil attacks is quite challenging. Among the small number of decentralized approaches, our recent SybilGuard protocol  leverages a key insight on social networks to bound the number of sybil nodes accepted. Although its direction is promising, SybilGuard can allow a large number of sybil nodes to be accepted. Furthermore, SybilGuard assumes that social networks are fast mixing, which has never been confirmed in the real world. This paper presents the novel SybilLimit protocol that leverages the same insight as SybilGuard but offers dramatically improved and near-optimal guarantees. The number of sybil nodes accepted is reduced by a factor of Theta(sqrt(n)), or around 200 times in our experiments for a million-node system. We further prove that SybilLimit’s guarantee is atmost a log n factor away from optimal, when considering approaches based on fast-mixing social networks. Finally, based on three large-scale real-world social networks, we provide the first evidence that real-world social networks are indeed fast mixing. This validates the fundamental assumption behind SybilLimit’s and SybilGuard’s approach.
Sybil attack, sybil identity, SybilLimit, social networks
H. Yu, M. Kaminsky, F. Xiao and P. B. Gibbons, "SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks," 2008 IEEE Symposium on Security and Privacy (sp 2008)(SP), vol. 00, no. , pp. 3-17, 2008.