Biblio

Wireless networking opens up many opportunities to facilitate miniaturized robots in collaborative tasks, while the openness of wireless medium exposes robots to the threats of Sybil attackers, who can break the fundamental trust assumption in robotic collaboration by forging a large number of fictitious robots. Recent advances advocate the adoption of bulky multi-antenna systems to passively obtain fine-grained physical layer signatures, rendering them unaffordable to miniaturized robots. To overcome this conundrum, this paper presents ScatterID, a lightweight system that attaches featherlight and batteryless backscatter tags to single-antenna robots to defend against Sybil attacks. Instead of passively "observing" signatures, ScatterID actively "manipulates" multipath propagation by using backscatter tags to intentionally create rich multipath features obtainable to a single-antenna robot. These features are used to construct a distinct profile to detect the real signal source, even when the attacker is mobile and power-scaling. We implement ScatterID on the iRobot Create platform and evaluate it in typical indoor and outdoor environments. The experimental results show that our system achieves a high AUROC of 0.988 and an overall accuracy of 96.4% for identity verification.

Tor anonymous communication system's resource publishing is vulnerable to enumeration attacks. Zhao determines users who requested resources are unavailable as suspicious malicious users, and gradually reduce the scope of suspicious users through several stages to reduce the false positive rate. However, it takes several stages to distinguish users. Although this method successfully detects the malicious user, the malicious user has acquired many resources in the previous stages, which reduce the availability of the anonymous communication system. This paper proposes a detection method based on Integer Linear Program to detect malicious users who perform enumeration attacks on resources in the process of resource distribution. First, we need construct a bipartite graph between the unavailable resources and the users who requested for these resources in the anonymous communication system; next we use Integer Linear Program to find the minimum malicious user set. We simulate the resource distribution process through computer program, we perform an experimental analysis of the method in this paper is carried out. Experimental results show that the accuracy of the method in this paper is above 80%, when the unavailable resources in the system account for no more than 50%. It is about 10% higher than Zhao's method.

Vehicular Ad Hoc Network (VANET) is a promising technology for autonomous driving as it provides many benefits and user conveniences to improve road safety and driving comfort. Sybil attack is one of the most serious threats in vehicular communications because attackers can generate multiple forged identities to disseminate false messages to disrupt safety-related services or misuse the systems. To address this issue, we propose a Sybil attack detection scheme using ADAS (Advanced Driving Assistant System) sensors installed on modern passenger vehicles, without the assistance of trusted third party authorities or infrastructure. Also, a deep learning based object detection technique is used to accurately identify nearby objects for Sybil attack detection and the multi-step verification process minimizes the false positive of the detection.

Vehicular Ad Hoc Networks (VANETs) have a strategic goal to achieve service delivery in roads and smart cities, considering the integration and communication between vehicles, sensors and fixed road-side components (routers, gateways and services). VANETs have singular characteristics such as fast mobile nodes, self-organization, distributed network and frequently changing topology. Despite the recent evolution of VANETs, security, data integrity and users privacy information are major concerns, since attacks prevention is still open issue. One of the most dangerous attacks in VANETs is the Sybil, which forges false identities in the network to disrupt compromise the communication between the network nodes. Sybil attacks affect the service delivery related to road safety, traffic congestion, multimedia entertainment and others. Thus, VANETs claim for security mechanism to prevent Sybil attacks. Within this context, this paper proposes a mechanism, called SyDVELM, to detect Sybil attacks in VANETs based on artificial intelligence techniques. The SyDVELM mechanism uses Extreme Learning Machine (ELM) with occasional features of vehicular nodes, minimizing the identification time, maximizing the detection accuracy and improving the scalability. The results suggest that the suitability of SyDVELM mechanism to mitigate Sybil attacks and to maintain the service delivery in VANETs.

Wireless sensor network (WSN) is a wireless self-organizing multi-hop network that can sense and collect the information of the monitored environment through a certain number of sensor nodes which deployed in a certain area and transmit the collected information to the client. Due to the limited power and data capacity stored by the micro sensor, it is weak in communication with other nodes, data storage and calculation, and is very vulnerable to attack and harm to the entire network. The Sybil attack is a classic example. Sybil attack refers to the attack in which malicious nodes forge multiple node identities to participate in network operation. Malicious attackers can forge multiple node identities to participate in data forwarding. So that the data obtained by the end user without any use value. In this paper, we propose a three-tier detection scheme for the Sybil node in the severe environment. Every sensor node will determine whether they are Sybil nodes through the first-level and second-level high-energy node detection. Finally, the base station determines whether the Sybil node detected by the first two stages is true Sybil node. The simulation results show that our proposed scheme significantly improves network lifetime, and effectively improves the accuracy of Sybil node detection.

Internet of Things (IoT), commonly referred to a physical object connected to network, refers to a paradigm in information technology integrating the advances in terms of sensing, computation and communication to improve the service in daily life. This physical object consists of sensors and actuators that are capable of changing the data to offer the improvement of service quality in daily life. When a data exchange occurs, the exchanged data become sensitive; making them vulnerable to any security attacks, one of which, for example, is Sybil attack. This paper aimed to propose a method of trustworthiness management based upon the authentication and trust value. Once performing the test on three scenarios, the system was found to be capable of detecting the Sybil attack rapidly and accurately. The average of time to detect the Sybil attacks was 9.3287 seconds and the average of time required to detect the intruder object in the system was 18.1029 seconds. The accuracy resulted in each scenario was found 100% indicating that the detection by the system to Sybil attack was 100% accurate.

Securing multi-robot teams against malicious activity is crucial as these systems accelerate towards widespread societal integration. This emerging class of ``physical networks'' requires research into new methods of security that exploit their physical nature. This paper derives a theoretical framework for securing multi-agent consensus against the Sybil attack by using the physical properties of wireless transmissions. Our frame-work uses information extracted from the wireless channels to design a switching signal that stochastically excludes potentially untrustworthy transmissions from the consensus. Intuitively, this amounts to selectively ignoring incoming communications from untrustworthy agents, allowing for consensus to the true average to be recovered with high probability if initiated after a certain observation time T0 that we derive. This work is different from previous work in that it allows for arbitrary malicious node values and is insensitive to the initial topology of the network so long as a connected topology over legitimate nodes in the network is feasible. We show that our algorithm will recover consensus and the true graph over the system of legitimate agents with an error rate that vanishes exponentially with time.

Blockchain technology is useful with the record keeping of digital transactions, IoT, supply chain management etc. However, we have observed that the traditional attacks are possible on blockchain due to lack of robust identity management. We found that Sybil attack can cause severe impact in public/permissionless blockchain, in which an attacker can subvert the blockchain by creating a large number of pseudonymous identities (i.e. Fake user accounts) and push legitimate entities in the minority. Such virtual nodes can act like genuine nodes to create disproportionately large influence on the network. This may lead to several other attacks like DoS, DDoS etc. In this paper, a Sybil attack is demonstrated on a blockchain test bed with its impact on the throughput of the system. We propose a solution directive, in which each node monitors the behavior of other nodes and checks for the nodes which are forwarding the blocks of only particular user. Such nodes are quickly identified, blacklisted and notified to other nodes, and thus the Sybil attack can be restricted. We analyze experimental results of the proposed solution.

In VANET, Sybil nodes generated by attackers cause serious damages to network protocols, resource allocation mechanisms, and reputation models. Other types of attacks can also be launched on the basis of Sybil attack, which bring more threats to VANET. To solve this problem, this paper proposes a Sybil nodes detection method based on RSSI sequence and vehicle driving matrix - RSDM. RSDM evaluates the difference between the RSSI sequence and the driving matrix by dynamic distance matching to detect Sybil nodes. Moreover, RSDM does not rely on VANET infrastructure, neighbor nodes or specific hardware. The experimental results show that RSDM performs well with a higher detection rate and a lower error rate.

The pace of technological development in automotive and transportation has been accelerating rapidly in recent years. Automation of driver assistance systems, autonomous driving, increasing vehicle connectivity and emerging inter-vehicular communication (V2V) are among the most disruptive innovations, the latter of which also raises numerous unprecedented security concerns. This paper is focused on the security of V2V communication in vehicle ad-hoc networks (VANET) with the main goal of identifying realistic attack scenarios and evaluating their impact, as well as possible security countermeasures to thwart the attacks. The evaluation has been done in OMNeT++ simulation environment and the results indicate that common attacks, such as replay attack or message falsification, can be eliminated by utilizing digital signatures and message validation. However, detection and mitigation of advanced attacks such as Sybil attack requires more complex approach. The paper also presents a simple detection method of Sybil nodes based on measuring the signal strength of received messages and maintaining reputation of sending nodes. The evaluation results suggest that the presented method is able to detect Sybil nodes in VANET and contributes to the improvement of traffic flow.

Vehicular networks are susceptible to variety of attacks such as denial of service (DoS) attack, sybil attack and false alert generation attack. Different cryptographic methods have been proposed to protect vehicular networks from these kind of attacks. However, cryptographic methods have been found to be less effective to protect from insider attacks which are generated within the vehicular network system. Misbehavior detection system is found to be more effective to detect and prevent insider attacks. In this paper, we propose a machine learning based misbehavior detection system which is trained using datasets generated through extensive simulation based on realistic vehicular network environment. The simulation results demonstrate that our proposed scheme outperforms previous methods in terms of accurately identifying various misbehavior.

A common tool to defend against Sybil attacks is proof-of-work, whereby computational puzzles are used to limit the number of Sybil participants. Unfortunately, current Sybil defenses require significant computational effort to offset an attack. In particular, good participants must spend computationally at a rate that is proportional to the spending rate of an attacker. In this paper, we present the first Sybil defense algorithm which is asymmetric in the sense that good participants spend at a rate that is asymptotically less than an attacker. In particular, if T is the rate of the attacker's spending, and J is the rate of joining good participants, then our algorithm spends at a rate f O($\surd$(TJ) + J). We provide empirical evidence that our algorithm can be significantly more efficient than previous defenses under various attack scenarios. Additionally, we prove a lower bound showing that our algorithm's spending rate is asymptotically optimal among a large family of algorithms.

A frequent problem of Internet services are Sybil attacks, i.e., malicious users create numerous fake identities for themselves. To avoid this, many services employ obstacles like Captchas to force (potentially malicious) users to invest human attention in creating new identities for the service. However, this only makes it more difficult but not impossible to create fake identities. Sybil attacks are especially encountered as a problem in decentralized systems since no single trust anchor is available to judge new users as honest or malicious. The avoidance of a single centralized trust-anchor, however, is desirable in many cases. As a consequence, various decentralized Sybil detection approaches have been proposed. The most promising ones are based on leveraging the trust relationships embedded within social graphs. While most of these approaches are focusing on detecting large existing groups of Sybil identities, our approach Detasyr instead restricts the creation of numerous Sybil identities. For that, tickets are distributed through the social graph and have to be collected, allowing for decentralized and privacy preserving authorization. Additionally, it offers a proof of authorization to users that are considered to be honest, allowing them to display their authorization towards others.

Cooperative Intelligent Transport Systems (C-ITS) are expected to play an important role in our lives. They will improve the traffic safety and bring about a revolution on the driving experience. However, these benefits are counterbalanced by possible attacks that threaten not only the vehicle's security, but also passengers' lives. One of the most common attacks is the Sybil attack, which is even more dangerous than others because it could be the starting point of many other attacks in C-ITS. This paper proposes a distributed approach allowing the detection of Sybil attacks by using the traffic flow theory. The key idea here is that each vehicle will monitor its neighbourhood in order to detect an eventual Sybil attack. This is achieved by a comparison between the real accurate speed of the vehicle and the one estimated using the V2V communications with vehicles in the vicinity. The estimated speed is derived by using the traffic flow fundamental diagram of the road's portion where the vehicles are moving. This detection algorithm is validated through some extensive simulations conducted using the well-known NS3 network simulator with SUMO traffic simulator.

Sybil attacks, wherein a network is subverted by forging node identities, remains an open issue in wireless sensor networks (WSNs). This paper proposes a scheme, called Location and Communication ID (LCID) based detection, which employs residual energy, communication ID and location information of sensor nodes for Sybil attacks prevention. Moreover, LCID takes into account the resource constrained nature of WSNs and enhances energy conservation through hierarchical routing. Sybil nodes are purged before clusters formation to ensure that only legitimate nodes participate in clustering and data communication. CH selection is based on the average energy of the entire network to load-balance energy consumption. LCID selects a CH if its residual energy is greater than the average network energy. Furthermore, the workload of CHs is equally distributed among sensor nodes. A CH once selected cannot be selected again for 1/p rounds, where p is the CH selection probability. Simulation results demonstrate that, as compared to an eminent scheme, LCID has a higher Sybil attacks detection ratio, higher network lifetime, higher packet reception rate at the BS, lower energy consumption, and lower packet loss ratio.

The Internet of Things (IoT) is an emerging technology that plays a vital role in interconnecting various objects into a network to provide desired services within its resource constrained characteristics. In IoT, the Routing Protocol for Low power and Lossy network (RPL) is the standardized proactive routing protocol that achieves satisfying resource consumption, but it does not consider the node's routing behavior for forwarding data packets. The malicious intruders exploit these loopholes for launching various forms of routing attacks. Different security mechanisms have been introduced for detecting these attacks singly. However, the launch of multiple attacks such as Rank attack and Sybil attacks simultaneously in the IoT network is one of the devastating and destructive situations. This problem can be solved by establishing secure routing with trustworthy nodes. The trustworthiness of the nodes is determined using trust evaluation methods, where the parameters considered are based on the factors that influence in detecting the attacks. In this work, Providing Routing Security using the Technique of Collective Trust (PROTECT) mechanism is introduced, and it aims to provide a secure RPL routing by simultaneously detecting both Rank and Sybil attacks in the network. The advantage of the proposed scheme is highlighted by comparing its performance with the performance of the Sec-Trust protocol in terms of detection accuracy, energy consumption, and throughput.

Detecting fake accounts (sybils) in online social networks (OSNs) is vital to protect OSN operators and their users from various malicious activities. Typical graph-based sybil detection (a mainstream methodology) assumes that sybils can make friends with only a limited (or small) number of honest users. However, recent evidences showed that this assumption does not hold in real-world OSNs, leading to low detection accuracy. To address this challenge, we explore users' activities to assist sybil detection. The intuition is that honest users are much more selective in choosing who to interact with than to befriend with. We first develop the social and activity network (SAN), a two-layer hyper-graph that unifies users' friendships and their activities, to fully utilize users' activities. We also propose a more practical sybil attack model, where sybils can launch both friendship attacks and activity attacks. We then design Sybil SAN to detect sybils via coupling three random walk-based algorithms on the SAN, and prove the convergence of Sybil SAN. We develop an efficient iterative algorithm to compute the detection metric for Sybil SAN, and derive the number of rounds needed to guarantee the convergence. We use "matrix perturbation theory" to bound the detection error when sybils launch many friendship attacks and activity attacks. Extensive experiments on both synthetic and real-world datasets show that Sybil SAN is highly robust against sybil attacks, and can detect sybils accurately under practical scenarios, where current state-of-art sybil defenses have low accuracy.

For location-aware applications in wireless sensor networks (WSNs), it is important to ensure that sensor nodes can get correct locations in a hostile WSNs. Sybil attacks, which are vital threats in WSNs, especially in the distributed WSNs. They can forge one or multiple identities to decrease the localization accuracy, or sometimes to collapse the whole localization systems. In this paper, a novel lightweight sybilfree (SF)-APIT algorithm is presented to solve the problem of sybil attacks in APIT localization scheme, which is a popular range-free method and performs at individual node in a purely distributed fashion. The proposed SF-APIT scheme requires minimal overhead for wireless devices and works well based on the received signal strength. Simulations demonstrate that SF-APIT is an effective scheme in detecting and defending against sybil attacks with a high detection rate in distributed wireless localization schemes.

The importance of peer-to-peer (P2P) network overlays produced enormous interest in the research community due to their robustness, scalability, and increase of data availability. P2P networks are overlays of logically connected hosts and other nodes including servers. P2P networks allow users to share their files without the need for any centralized servers. Since P2P networks are largely constructed of end-hosts, they are susceptible to abuse and malicious activity, such as sybil attacks. Impostors perform sybil attacks by assigning nodes multiple addresses, as opposed to a single address, with the goal of degrading network quality. Sybil nodes will spread malicious data and provide bogus responses to requests. To prevent sybil attacks from occurring, a novel defense mechanism is proposed. In the proposed scheme, the DHT key-space is divided and treated in a similar manner to radio frequency allocation incensing. An overlay of trusted nodes is used to detect and handle sybil nodes with the aid of source-destination pairs reporting on each other. The simulation results show that the proposed scheme detects sybil nodes in large sized networks with thousands of interactions.

Sybil security threat in vehicular ad hoc networks (VANETs) has attracted much attention in recent times. The attacker introduces malicious nodes with multiple identities. As the roadside unit fails to synchronize its clock with legitimate vehicles, unintended vehicles are identified, and therefore erroneous messages will be sent to them. This paper proposes a novel biologically inspired spider-monkey time synchronization technique for large-scale VANETs to boost packet delivery time synchronization at minimized energy consumption. The proposed technique is based on the metaheuristic stimulated framework approach by the natural spider-monkey behavior. An artificial spider-monkey technique is used to examine the Sybil attacking strategies on VANETs to predict the number of vehicular collisions in a densely deployed challenge zone. Furthermore, this paper proposes the pseudocode algorithm randomly distributed for energy-efficient time synchronization in two-way packet delivery scenarios to evaluate the clock offset and the propagation delay in transmitting the packet beacon message to destination vehicles correctly. The performances of the proposed technique are compared with existing protocols. It performs better over long transmission distances for the detection of Sybil in dynamic VANETs' system in terms of measurement precision, intrusion detection rate, and energy efficiency.

Real-time crowdsourced maps, such as Waze provide timely updates on traffic, congestion, accidents, and points of interest. In this paper, we demonstrate how lack of strong location authentication allows creation of software-based Sybil devices that expose crowdsourced map systems to a variety of security and privacy attacks. Our experiments show that a single Sybil device with limited resources can cause havoc on Waze, reporting false congestion and accidents and automatically rerouting user traffic. More importantly, we describe techniques to generate Sybil devices at scale, creating armies of virtual vehicles capable of remotely tracking precise movements for large user populations while avoiding detection. To defend against Sybil devices, we propose a new approach based on co-location edges, authenticated records that attest to the one-time physical co-location of a pair of devices. Over time, co-location edges combine to form large proximity graphs that attest to physical interactions between devices, allowing scalable detection of virtual vehicles. We demonstrate the efficacy of this approach using large-scale simulations, and how they can be used to dramatically reduce the impact of the attacks. We have informed Waze/Google team of our research findings. Currently, we are in active collaboration with Waze team to improve the security and privacy of their system.

A wireless sensor network consists of many important elements like Sensors, Bass station and User. A Sensor can measure many non electrical quantities like pressure, temperature, sound, etc and transmit this information to the base station by using internal transreceiver. A security of this transmitted data is very important as the data may contain important information. As wireless sensor network have many application in the military and civil domains so security of wireless sensor network become a critical concern. A Sybil attack is one of critical attack which can affect the routing protocols, fair resourse allocation, data aggregation and misbehavior detection parameters of network. A number of detection techniques to detect Sybil nodes have already designed to overcome the Sybil attack. Out of all the techniques few techniques which can improve the true detection rate and reduce false detection rate are discussed in this paper.

This paper evaluates two algorithms, BLIP and JLT, for creating differentially private data sketches of user profiles, in terms of their ability to protect a kNN collaborative filtering algorithm from an inference attack by third-parties. The transformed user profiles are employed in a user-based top-N collaborative filtering system. For the first time, a theoretical analysis of the BLIP is carried out, to derive expressions that relate its parameters to its performance. This allows the two techniques to be fairly compared. The impact of deploying these approaches on the utility of the system—its ability to make good recommendations, and on its privacy level—the ability of third-parties to make inferences about the underlying user preferences, is examined. An active inference attack is evaluated, that consists of the injection of a number of tailored sybil profiles into the system database. User profile data of targeted users is then inferred from the recommendations made to the sybils. Although the differentially private sketches are designed to allow the transformed user profiles to be published without compromising privacy, the attack we examine does not use such information and depends only on some pre-existing knowledge of some user preferences as well as the neighbourhood size of the kNN algorithm. Our analysis therefore assesses in practical terms a relatively weak privacy attack, which is extremely simple to apply in systems that allow low-cost generation of sybils. We find that, for a given differential privacy level, the BLIP injects less noise into the system, but for a given level of noise, the JLT offers a more compact representation.

Proof-of-work (PoW) is an algorithmic tool used to secure networks by imposing a computational cost on participating devices. Unfortunately, traditional PoW schemes require that correct devices perform computational work perpetually, even when the system is not under attack. We address this issue by designing a general PoW protocol that ensures two properties. First, the network stays secure. In particular, the fraction of identities in the system that are controlled by an attacker is always less than 1/2. Second, our protocol's computational cost is commensurate with the cost of an attacker. That is, the total computational cost of correct devices is a linear function of the attacker's computational cost plus the number of correct devices that have joined the system. Consequently, if the network is attacked, we ensure security, with cost that grows linearly with the attacker's cost; and, in the absence of attack, our computational cost is small. We prove similar guarantees for bandwidth cost. Our results hold in a dynamic, decentralized system where participants join and depart over time, and where the total computational power of the attacker is up to a constant fraction of the total computational power of correct devices. We show how to leverage our results to address important security problems in distributed computing including: Sybil attacks, Byzantine Consensus, and Committee Election.

The persistence of search rank fraud in online, peer-opinion systems, made possible by crowdsourcing sites and specialized fraud workers, shows that the current approach of detecting and filtering fraud is inefficient. We introduce a fraud de-anonymization approach to disincentivize search rank fraud: attribute user accounts flagged by fraud detection algorithms in online peer-opinion systems, to the human workers in crowdsourcing sites, who control them. We model fraud de-anonymization as a maximum likelihood estimation problem, and introduce UODA, an unconstrained optimization solution. We develop a graph based deep learning approach to predict ownership of account pairs by the same fraudster and use it to build discriminative fraud de-anonymization (DDA) and pseudonymous fraudster discovery algorithms (PFD). To address the lack of ground truth fraud data and its pernicious impacts on online systems that employ fraud detection, we propose the first cheating-resistant fraud de-anonymization validation protocol, that transforms human fraud workers into ground truth, performance evaluation oracles. In a user study with 16 human fraud workers, UODA achieved a precision of 91%. On ground truth data that we collected starting from other 23 fraud workers, our co-ownership predictor significantly outperformed a state-of-the-art competitor, and enabled DDA and PFD to discover tens of new fraud workers, and attribute thousands of suspicious user accounts to existing and newly discovered fraudsters.