Identity management based on adaptive puzzles to protect P2P systems from Sybil attacks

摘要

The Sybil attack consists on the indiscriminate creation of counterfeit identities, by a malicious user (attacker), in large-scale, dynamic distributed systems (for example, Peer-to-Peer). An effective approach to tackle this attack consists in establishing computational puzzles to be solved prior to granting new identities. Solutions based on this approach have the potential to slow down the assignment of identities to malicious users, but unfortunately may affect normal users as well. To address this problem, we propose the use of adaptive computational puzzles as an approach to limit the spread of Sybils. The key idea is to estimate a trust score of the source from which identity requests depart, calculated as a proportion of the number of identities already granted to (the) user(s) associated to that source, in regard to the average of identities granted to users associated to other sources. The higher the frequency (the) user(s) associated to a source obtain(s) identities, the lower the trust score of that source and, consequently, the higher the complexity of the puzzle to be solved. An in-depth analysis of both (i) the performance of our mechanism under various parameter and environment settings, and (ii) the results achieved with an experimental evaluation, considering real-life traces from a Peer-to-Peer file sharing community, has shown the effectiveness of the proposed mechanism in limiting the spread of Sybil identities. While comparatively more complex puzzles were assigned to potential attackers, legitimate users were minimally penalized with easier-to-solve puzzles.