Other attributes
A Sybil attack is a type of security threat in which a single user attempts to overtake an online network through multiple fake accounts, nodes, or computers. These attacks often occur in peer-to-peer networks where they can gain control of a network, such as social media networks or decentralized systems, where a single user with multiple fake accounts (including bots) can influence or overtake a network. The result of a Sybil attack can provide the attacker with the ability to perform unauthorized actions in a system, including creating several identities that are recognized as real to block other users in a system, gain access to private and sensitive information, and carry out a 51% attack.
The name of the Sybil attacks came from the title of an 1873 book by F. R. Schreiber, Sybil, whose titular character—Sybil Dorsett—suffered from dissociative identity disorder. The term was coined by Microsoft researchers Biran Zill and John R. Douceur, who defined a Sybil attack in the early 2000s in a research paper.
To launch a Sybil attack, a perpetrator requires many accounts on a given network, which are used to impersonate legitimate users while also gaining access to a legitimate account to impersonate a legitimate user. A legitimate account can be accessed by compromising an email address or password. The use of a legitimate account offers the attacker the account history that, especially if the user is a trusted user, offers the attacker a chance to create trust for the illegitimate accounts, thereby creating more "trust" around the attacker to allow them greater access to the network.
Sybil attacks are not limited to blockchain, although with the decentralized nature of blockchains and their relative popularity, Sybil attacks tend to affect them more than other systems. Other than blockchain, these attacks can happen on other P2P networks, such as social media, where an attacker can use fake accounts to create greater implied trust or authority around a main account.
There are a few types of Sybil attacks, and the classification helps explain how Sybil attacks work overall. The types of Sybil attacks are generally broken down according to how malicious and authentic nodes communicate on the same network. They tend to be classified into either direct or indirect attacks, busy or idle, simultaneous or non-simultaneous, and insider or outsider.
In a direct attack, Sybil nodes directly influence honest nodes on a network, with the malicious nodes communicating with authentic nodes while also mimicking honest nodes. In a direct attack, the real nodes do not realize which, if any, nodes are inauthentic and can therefore be led astray, accepting influence from the inauthentic nodes.
In an indirect attack, a set of nodes act as middlemen. These unsuspecting nodes will be under the influence of the Sybil nodes, remaining compromised but keeping the communication between the Sybil nodes and honest nodes indirect. These types of attacks attempt to allow Sybil nodes to influence a network in a more undetectable way than a direct attack.
This type of Sybil attack occurs when only a few Sybil accounts or identities participate in the network, and others remain idle, and where the power of the attacker comes from the number of identities they hold. The attacker can enhance this type of attack by making these identities appear more realistic, including making them leave and join the network multiple times. This type of attack still requires a certain number of identities to ensure there are enough accounts to perpetuate an attack.
In a simultaneous Sybil attack, the attacker works to use all of their malicious identities at the same time to perform an attack, or a single node can change its identities in regular time periods to appear as if all the identities are being used at the same time.
In a non-simultaneous attack, an attacker may bring identities into a network slowly over a period of time and only uses a few identities at a given time. This is often achieved by pretending a certain identity—or set of identities—leaves the network while other malicious identities are loaded on at the same time. This type of attacker can also use several different physical identities where they can switch among other identities on these devices to perform the attack.
This describes whether a Sybil attacker is inside or outside the attacked network. If the attacker holds at least one real identity, then they are called an insider. Otherwise, if they do not hold a real identity, they are called an outsider. Both types can introduce fake identities. An insider can pretend to communicate with other nodes, including their authentic node, with those fake identities to create greater authenticity around the insider. Whereas, for an outsider, introducing Sybil identities can be more difficult, especially if the network employs some kind of authentication procedure.
Problems caused by a Sybil attack
One of the more popular areas for Sybil attacks is on blockchains because the blockchain is inherently decentralized and peer-to-peer networks are based on multiple identities and can lead to the control of various nodes. Since the nodes are pseudonymous, there are no clear connections between a given node and an offline entity. This makes it difficult to distinguish between fake nodes and genuine nodes, making a Sybil attack a more inviting avenue for an individual interested in compromising a given blockchain. The attacker can flood the network with fake identities and fake nodes and mislead honest nodes—with sufficient influence on the network—to accept alternative truths on the network.
The vulnerability to Sybil attacks depends on how quickly and cheaply new nodes can be created. If the generation process is free and requires little to no computational effort, launching a Sybil attack can be easy. If the vulnerability is a question of trust, a system that places trust in nodes in the network without evidence of the nodes' history of honesty is easier to exploit. However, these vulnerabilities can be reduced, such as requiring an economic cost for node generation or a system in which trustworthiness has to be earned.
Whether a blockchain or other peer-to-peer or social network, there are several ways to protect against or prevent a Sybil attack. In some cases, the Sybil attack is considered to be fairly easy to avoid with a few simple, common security practices, including the following:
Many methods of preventing a Sybil attack have nothing to do with making it impossible to create a Sybil node, but they make it inefficient to make a Sybil node. A primary purpose of the Sybil attack is to manipulate the blockchain for financial gain. If the cost of creating a node makes it outweigh any potential financial gain, then a Sybil attack is less likely to happen. This is one reason Bitcoin is rarely targeted for a Sybil attack—because the cost of creating a new block, especially a fake block, is too expensive to make it worth the attack.
Beyond creating an application fee or a cost of developing a single new node, an effective barrier to Sybil attacks can be to make the action more expensive. This can include requiring users to invest in resources or show proof of mining, making the network in this way too expensive to make a Sybil attack worth the effort and cost. However, this can go too far and begin to discourage legitimate users, and some Sybil attackers may be motivated by more than money. With deep enough pockets, they could engage in a Sybil attack by throwing money at the problem until they have successfully attacked the network.
Since Sybil attacks require the creation of various new identities, one potential way of reducing attacks is to create a reputation in which different members have different levels of authority in the network based on their established trust. This means those users who have been in the network longer will be able to perform more interactions, and it discourages attacks as this type of network would require a potential Sybil attacker to wait a while and interact honestly in the network for a while to establish that trust, creating another type of cost. This type of system can be difficult to implement and can place a lot of responsibility in the hands of individual users, but it allows those nodes with trust to override potential Sybil nodes.
In a system where privacy is a concern and discouraging an attack is not considered to be enough, the network can work to validate each user's identity. There are several techniques to validate identity. In a blockchain, the network can use direct validation where a central authority validates each identity or indirect validation where already-accepted identities vouch for new identities. In direct validation, users are often required to submit information, such as a telephone number, IP address, or credit card. While this tends to be simple and generally reliable, it can be susceptible to attack through spoofing techniques. Meanwhile, indirect validation can be a little more resistant to identity proxies, but it tends to be more time-consuming when adding a new identity.
Another way to try and prevent Sybil attacks is to ensure that only a single identity is able to control each node. It relies on strict validation for each identity creation, with users required to pass a test to ensure that they are real humans and that they are not in control of other nodes. There are a few ways to achieve this, such as Captcha tests, conversations with other users, or a pseudonym party (which requires users to go to a specific website at a designated time). This works to validate identities without requiring personal identification. However, this type of validation needs to be designed so it does not frustrate real users but can weed out bots and potential Sybil attacks.
A social trust graph works to analyze connectivity data among nodes. These tools consider the activity within a blockchain, so abnormal nodes can be identified and halted. Depending on the social trust graph, different techniques are used, such as sparsity-based metrics, while others analyze user attributes within a topographical structure. The graph will then try to partition the portion of the network with Sybil nodes and keep them from altering honest nodes.
