Education Series: Sybil Attacks

in blockchain •  7 years ago 

sybil_attack.jpg

In blockchain whitepapers you'll often see the term "Sybil attack" come up. Cryptocurrencies and their underlying network protocols can suffer several attacks, one of which is the Sybil attack. So what is it? Let's discuss what it is and how networks are dealing with it. Named after the subject of a book Sybil, which detailed the case study of a woman diagnosed with Dissociative Identity Disorder, a Sybil attack is a network threat when a node in a claims multiple pseudonymous of identities. Once the Sybil identities are accepted as peers they try to gain control and subvert the network.

Peer-to-peer (p2p networks rely on assumptions of identity. Each node represents one single identity. A Sybil attack happens when either a node is hijacked or intentionally claims multiple identities. Networks with a reputation system can be tricked into thinking that an attacking node has a disproportionally large influence. Due to its influence it can assert decisions on the network that otherwise would not have occurred. Another version of the Sybil attack is when the multiple identity attacker uses its powers maliciously to either steal information or disrupt communication.

In computer science, the Sybil attack was first described John Douceur, a Microsoft researcher. He described the attack's core issue as each node does not sure that every other node is a single distinct identity. A few third parties have tried to become "authorities" on the subject and assign a physical identifier to every computer on a network. VeriSign for example uses certification software to map IP addresses to a node. Each node would have a password and username before joining the network. But these measures are imperfect. Imagine the scenario of your friends sharing their Netflix password for you. The same could be done with network nodes.

Real world scenarios of Sybil attacks range from spamming internet votes, attaining better search results, or gaming reputation systems. In non-blockchain networks certifications can work to establish node identity to provide network access. But in decentralized blockchains this becomes more difficult. There are certainly private blockchains with permissioned methods of joining the network. But can that truly be called decentralized, blockchain? Networks such as Bitcoin and Ethereum are designed for any node to join the network. Defending against Sybil attacks on these networks require different solutions.

In Proof-of-Stake blockchains such as Ethereum a Sybil attack is defended by positing transaction fees. The rational being would avoid performing a Sybil attack to disrupt network communication because it would cost them a fee. In Bitcoin, a Proof-of-Work blockchain, Sybil attacks can wreak havoc in multiple ways. Nodes can connect to an attacking node which will have the wrong copy of the distributed ledger. Effectively the honest connecting nodes would be disconnected from the network. While Bitcoin does not perfectly prevent Sybil attacks it does make it more difficult to achieve. Nodes can only connect to one IP address in outbound communication and can receive unlimited communication inbound. Nodes will then verify the amount of work that went into the chain they received. The work history in the chain cannot be falsified. If the node receives a second communication inbound and the work between the two chains differs then something may be amiss. Nodes will continue to work until the honest ledger has taken over. This fails when an attacker has successfully taken over all the nodes connecting to an honest node, which is unlikely to happen. In a last resort, an honest node can always check the online block explorer to compare more data points.

Sybil attacks are a real problem on all p2p networks. Defending against them is important in order to ensure constant uptime and fully functioning outputs. Comment below if you have real world examples of these examples or want to know how other decentralized blockchains defend against these attacks.

steem_separator.png

Thank you for coming to the site. Quantalysus publishes blockchain research and analysis for the crypto community. Please follow on Twitter, Steem (please follow and upvote if you can – thanks!), Telegram channel (New!), and Medium to stay up to date.

If you want to earn Aelf (ELF) tokens for just using Twitter and Reddit, sign up for their candy / bounty program.

If you learned something:

Other posts:
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

You got a 24.19% upvote from @emperorofnaps courtesy of @quantalysus!

Want to promote your posts too? Send 0.05+ SBD or STEEM to @emperorofnaps to receive a share of a full upvote every 2.4 hours...Then go relax and take a nap!

On every post or just one off

You got a 46.84% upvote from @upmewhale courtesy of @quantalysus!

Earn 100% earning payout by delegating SP to @upmewhale. Visit http://www.upmewhale.com for details!

Congratulations! This post has been upvoted from the communal account, @minnowsupport, by quantalysus from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews, and netuoso. The goal is to help Steemit grow by supporting Minnows. Please find us at the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.

If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP.
Be sure to leave at least 50SP undelegated on your account.

Well done! Thanks for the post.. I am really begining to learn more in this new tech called blockchain. As usual I am resteeming this article as well as upvote.

thank you ..