Managing Sybil identities in distributed networks

This dissertation addresses Sybil identity obfuscation attacks in two environments, namely Mobile Ad-hoc Network (MANET) and BitTorrent. We proposed a location-based Sybil detection framework for MANET. In our framework, mobile nodes voluntarily and cooperatively participate in Sybil attack detection by monitoring their neighbors' network activities. For each packet observed, a traffic observation record is created or updated and periodically shared. Our secure observation exchange protocol guarantee the tamper-proof observation. Periodically, the peers reconstruct the path that each peer has traversed. Peers with similar paths are grouped together with a simple clustering algorithm. Peers in the same cluster are considered Sybil identities owned by the same attacker. Our framework yielded above 80% accuracy (true positive rate) at about a 10% false positive rate.;We also proposed a sybilproof referral system for BitTorrent. We first introduce a simple incentive framework, based on a stochastic game model, to encourage peers to share their content. From experimental results, the incentives successfully motivate the peers to better contribute in form of the clustering of the peers according to their allocated upload rate. This incentive mechanism was a form of direct reputation which was of rather limited use for a large system like BitTorrent. A peer might not have adequate information to make a future judgment about another. We then propose a simple form of reputation sharing, namely chokelist dissemination, where the peers shared their lists of free-riders. The experimental results showed that chokelist sharing helped accelerate the process of banning free-riders. We also investigated the behavior of BitTorrent users in quasi steady state with a deterministic game. This game revealed that proper selection of Internet access fees could discourage free-riders.;Though more effective, reputation sharing (i.e. indirect reputation through referrals such as chokelist dissemination) is vulnerable to Sybil attack. A group of Sybil identities owned by the same attacker can collude to manipulate their reputation scores, and significantly affect other innocent peers, as well. To address this problem, we propose a sybilproof referral system. In this system, the total reputation score of a referral chain is the product of reputation scores of referrals in the chain beginning with "direct" reputation based on transactional experience. The Sybil attacker can only improve the direct reputation via benign contributions. Our reputation system ensure that the direct reputation of each Sybil identity is limited thus limiting the effect of false referrals by them.