TY - GEN
T1 - Limiting sybil attacks in structured P2P networks
AU - Rowaihy, Hosam
AU - Enck, William
AU - McDaniel, Patrick
AU - La Porta, Thomas
PY - 2007
Y1 - 2007
N2 - One practical limitation of structured peer-to-peer (P2P) networks is that they are frequently subject to Sybil attacks: malicious parties can compromise the network by generating and controlling large numbers of shadow identities. In this paper, we propose an admission control system that mitigates Sybil attacks by adaptively constructing a hierarchy of cooperative peers. The admission control system vets joining nodes via client puzzles. A node wishing to join the network is serially challenged by the nodes from a leaf to the root of the hierarchy. Nodes completing the puzzles of all nodes in the chain are provided a cryptographic proof of the vetted identity. We evaluate our solution and show that an adversary must perform days or weeks of effort to obtain even a small percentage of nodes in small P2P networks, and that this effort increases linearly with the size of the network. We further show that we can place a ceiling on the number of IDs any adversary may obtain by requiring periodic reassertion of the IDs continued validity.
AB - One practical limitation of structured peer-to-peer (P2P) networks is that they are frequently subject to Sybil attacks: malicious parties can compromise the network by generating and controlling large numbers of shadow identities. In this paper, we propose an admission control system that mitigates Sybil attacks by adaptively constructing a hierarchy of cooperative peers. The admission control system vets joining nodes via client puzzles. A node wishing to join the network is serially challenged by the nodes from a leaf to the root of the hierarchy. Nodes completing the puzzles of all nodes in the chain are provided a cryptographic proof of the vetted identity. We evaluate our solution and show that an adversary must perform days or weeks of effort to obtain even a small percentage of nodes in small P2P networks, and that this effort increases linearly with the size of the network. We further show that we can place a ceiling on the number of IDs any adversary may obtain by requiring periodic reassertion of the IDs continued validity.
UR - http://www.scopus.com/inward/record.url?scp=34548349212&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=34548349212&partnerID=8YFLogxK
U2 - 10.1109/INFCOM.2007.328
DO - 10.1109/INFCOM.2007.328
M3 - Conference contribution
AN - SCOPUS:34548349212
SN - 1424410479
SN - 9781424410477
T3 - Proceedings - IEEE INFOCOM
SP - 2596
EP - 2600
BT - Proceedings - IEEE INFOCOM 2007
T2 - IEEE INFOCOM 2007: 26th IEEE International Conference on Computer Communications
Y2 - 6 May 2007 through 12 May 2007
ER -