THE EVOLVING STATE OF BLOCKCHAIN: AN EFFICIENCY ANALYSIS OF THE ETHEREUM NETWORK

Colquhoun, Jack Claude

01 December 2021

This thesis seeks to shed further light on how blockchain technology has fostered increases in efficiency at an overall level looking specifically at the Ethereum network, and a continued analysis of its evolving state. A network at the forefront of blockchain technology and smart contract utilization. Firstly, we introduce blockchain technology itself and the various facets of the technology, including consensus protocols, smart contracts and smart contract applications. Subsequently, we further analyse and showcase how blockchain technology has developed in efficiency over its maturation recently. Through the employment of various econometric models and strong discussion promotes insights to the key metrics of the Ethereum network. Finally, we explore whether we are able to note these changes over time and look to the future of blockchain technology. Not only to shed light on how this evolving state will continue to cultivate but also detail the other necessary advances needed to continue this growth.

Average Block Time

Blockchain

Efficiency

Ethereum

Proof Of Work

Smart Contract

Energy Consumption and Security in Blockchain

Borzi, Eleonora, Salim, Djiar

January 2020

Blockchain is a Distributed Ledger Technology that was popularized after the release of Bitcoin in 2009 as it was the first popular blockchain application. It is a technology for maintaining a digital and public ledger that is decentralized, which means that no single authority controls nor owns the public ledger. The ledger is formed by a chain of data structures, called blocks, that contain information. This ledger is shared publicly in a computer network where each node is called a peer. The problem that arises is how to make sure that every peer has the same ledger. This is solved with consensus mechanisms which are a set of rules that every peer must follow. Consensus mechanisms secure the ledger by ensuring that the majority of peers can reach agreement on the same ledger and that the malicious minority of peers cannot influence the majority agreement. There are many different consensus mechanisms. A problem with consensus mechanisms is that they have to make a trade-off between low energy consumption and high security. The purpose of this report is to explore and investigate the relationship between energy consumption and security in consensus mechanisms. The goal is to perform a comparative study of consensus mechanisms from an energy consumption and security perspective. The consensus mechanisms that are compared are Proof of Work, Proof of Stake and Delegated Proof of Stake. The methodology used is literature study and comparative study by using existing work and data from applications based on those consensus mechanisms. The results conclude that Proof of Work balances the trade-off by having high energy-consumption and high security, meanwhile Proof of Stake and Delegated Proof of Stake balance it by having low energy consumption but lower security level. In the analysis, a new factor arose, decentralization. The new insight in consensus mechanisms is that decentralization and security is threatened by an inevitable centralization where the ledger is controlled by few peers. / Blockchain är en så kallad distribuerad huvudbok teknologi som fick ett stort genombrott med den populära blockchain applikationen Bitcoin i 2009. Teknologin möjliggör upprätthållandet av en digital och offentlig huvudbok som är decentraliserad, vilket betyder att ingen ensam person eller organisation äger och kontrollerar den offentliga huvudboken. Huvudboken i blockchain är uppbyggt som en kedja av block, dessa block är datastrukturer som innehåller information. Huvudboken distribueras i ett nätverk av datorer som kallas för noder, dessa noder ägs av en eller flera personer. Problemet är att alla noderna i nätverket måste ha identiska huvudbok. Detta problem löses med en uppsättning av regler som noderna måste följa, denna uppsättning kallas för konsensus mekanism. Konsensus mekanismer säkrar huvudboken genom att möjliggöra en överenskommelse bland majoriteten av noderna om huvudbokens innehåll, och ser till att oärliga noder inte kan påverka majoritetens överenskommelse. Det finns flera olika konsensus mekanismer. Ett problem med konsensus mekanismer är att de är tvungna att göra en avvägning mellan låg energianvändning och hög säkerhet. Syftet med denna rapport är att undersöka och utreda relationen mellan energianvändning och säkerhet i konsensus mekanismer. Målet är att utföra en komparativ analys av konsensus mekanismer utifrån energianvändning och säkerhet. Konsensus mekanismerna som jämförs är Proof of Work, Proof of Stake och Delegated Proof of Stake. Metodologin som används är litteraturstudier och komparativ analys med hjälp av existerande metoder och data från applikationer som använder konsensus mekanismerna. Resultatet visar att Proof of Work väljer hög säkerhet på bekostnad av hög energianvändning, medan Proof of Stake och Delegated Proof of Stake väljer låg energianvändning men på bekostnad av lägre säkerhet. Analysen ger en ny inblick som visar att centralisering är en oundviklig faktor som hotar säkerheten.

Blockchain

consensus mechanism

sustainability

security

decentralization

Proof of Work

Blockkedja

konsensus mekanism

hållbarhet

säkerhet

decentralisering

Proof of Work

Computer and Information Sciences

Data- och informationsvetenskap

Cryptocurrencies future carbon footprint : An exploratory scenario analysis of cryptocurrencies' future energy consumption and carbon emission. / Kryptovalutors framtida koldioxidavtryck

Tunberg, Jacob

January 2022

Since the creation of Bitcoin, the virtual currency has attracted the attention of many people and is now a household name synonymous with cryptocurrencies. Today, many thousands of different variants of cryptocurrencies exist, and more are being launched each day. The increase in popularity over the recent years has made them grow exponentially in value but at the same time also created a significant increase in energy consumption. Many of the cryptocurrencies we know today are based on Proof of Work, which is very energy intensive. There are also new and upcoming currencies based on alternative algorithms, such as Proof of Stake, which can considerably reduce the energy consumption of cryptocurrencies. However, Proof of Stake has not been proven to be as resilient and secure as Proof of Work. This study explores the future energy consumption and carbon emission of cryptocurrencies and reflects on their sustainability via exploratory scenario analysis. It includes three scenarios. Scenario 1 – Business as usual is the reference scenario. Scenario 2 – Change in the market, is based on the possibility of the market naturally switching over to PoS. Scenario 3 – under regulation is based on the possibility of a ban of PoW within the EU.  The results of this study indicate that the current emissions might be much lower than previously considered and that they might only be 30 percent of what had previously been reported. The fact that the emission is lower today does not mean that they will be sustainable in the future. Suppose Bitcoin and Ethereum energy consumption continues to grow as it has been doing for the last two years. In that case, the combined electricity consumption of the two currencies will have the possibility to surpass 650 TWh, which is an increase of over 300 percent from today's estimates. Banning Proof of Work within the EU would not yield the desired outcome of reducing carbon emissions but would instead increase carbon emissions. A continually growing Proof of Work based network, as it is used today, cannot be seen as sustainable. The recommendations to both industry and policymakers are to find and facilitate areas where Proof of Work would have the possibility to provide added value to society. / Sedan Bitcoin först lanserades har den virtuella valutan väckt mycket intresse. Många känner till Bitcoin men det finns flera tusen olika kryptovalutor och flera skapas varje dag. Det växande intresset har fått flertalet kryptovalutor att öka enormt i värde, men också i dess energiåtgång. Många av dagens kryptovalutor drivs av en algoritm som kallas Proof of Work, vilket är väldigt energikrävande. Det finns även nya och växande kryptovalutor baserade på alternativa algoritmer så som Proof of Stake, vilket har stora möjligheter att minska energiåtgången avsevärt. Dock har inte Proof of Stake bevisats vara lika motståndskraftigt vid attacker så som Proof of Work.  Denna studie utforskar den framtida energikonsumtionen och koldioxidutsläppen från kryptovalutor och har som avsikt att reflektera på hållbarheten via en utforskande scenarioanalys. Där tre scenarios utforskats. Scenario 1 – Business as usual är referensscenariot. Scenario 2 – Change in the market, är baserat på att marknaden själv glider över till PoS och Scenario 3 – under regulation vilket är baserat på ett förbud av PoW inom EU. Resultatet från studien visar att de nuvarande utsläppen kanske är mycket lägre än vad som tidigare trotts och kanske bara är 30 procent av det som tidigare rapporterats. Faktumet att kryptovalutor kanske släpper ut mindre koldioxid idag betyder inte att de kan anses hållbara i framtiden. Anta att Bicoin och Ethereum fortsätter växa som de har gjort de senaste två åren, då kommer de två valutorna ha en möjlighet att förbruka mer än 650 TWh per år vid 2025. Detta är en ökning med mer än 300 procent från dagens energikonsumtion. Att införa ett förbud på Ptoof of Work inom EU kommer dock inte ge de önskade förhoppningarna om att minska koldioxidutsläppen, utan skulle snarare kunna öka dem. Med det sagt så kan ett ständigt växande Proof of Work nätverk inte anses vara hållbart. Därför är rekommendationerna till industrin och beslutsfattarna att identifiera och främja områden där Proof of Work kan implementeras för att skapa ett mervärde till samhället.

Cryptocurrencies

sustainability

energy consumption

carbon emission

Proof of Work

& Proof of Stake.

Kryptovalutor

Hållbarhet

Elkonsumtion

Koldioxidutsläpp

Proof of Work & Proof of Stake.

Engineering and Technology

Teknik och teknologier

Security and Performance Testbed for Simulation of Proof-of-Stake Protocols / Security and Performance Testbed for Simulation of Proof-of-Stake Protocols

Kotráš, Jan

January 2020

Tato diplomová práce se zabývá technologii blockchain se zaměřením na konsenzus protokoly, zvláště protokoly typu proof-of-stake. V této práci naleznete popis těchto protokolů následovaný popisem konsenzu v technologii blockchain. Prvotní kapitoly detailněji popisují a porovnávají jednotlivé proof-of-stake protokoly na základě teoretických znalostí. Druhá část práce se zaobírá návrhem a implementací testbedu, který je následně použitý pro praktické porovnání proof-of-stake protokolů. V závěrečné částí práce je diskutováno nad zjištěnými výsledky pozorováním testbedu a zjištěnými vlatnostmi protokolů. Na tomto základě práce ve svém konci naznačuje další směřování consesus protokolů, ba jejich případné zlepšení, a zvláště proof-of-stake typu protokolů.

Comparison between consensus algorithms in an IIoT network : Analysis of Proof of Work, Proof of Stake and Proof of Authentication / Jämförande mellan konsensus algoritmer i ett IIoT-nätverk : Analys av Proof of Work, Proof of Stake och Proof of Authentication

Polat, Baran, Göcmenoglu, Ilyas

January 2022

The Industrial Internet of Things (IIoT) is growing day by day and is implemented in many industries. The centralized architecture of an IIoT system is composed of several devices that communicate with a special device only via one link, in an instance where this one link is attacked, major problems could occur for the whole system. The solution is to decentralize the entire architecture, a feature that the implementation of blockchain technology provides. Blockchain technology uses numerous consensus algorithms and some of the consensus algorithms require a large amount of computational power , such as the proof of work consensus algorithm. The problem is that IIoT devices have limited processor performance therefore it is important to find consensus algorithms that are suitable for an IIoT system in terms of time efficiency and electricity consumption. The question then becomes, which of the following different consensus algorithms; proof of work, proof of stake and proof of authentication performs best in an IIoT environment in terms of time efficiency and electricity consumption?  This question can be answered by implementing blockchain technology using the three aforementioned consensus algorithms in an IIoT environment to see which consensus algorithm is the most time efficient and uses the smallest amount of electricity. The results showed that proof of stake was the best consensus algorithm both in terms of time efficiency and electricity consumption. / Sakernas internet inom industrin (IIoT) växer dag för dag och används i flertalet industrier. Den centraliserade arkitekturen av ett IIoT-system består av flera enheter som kommunicerar med en speciell enhet endast via en länk och detta kan skapa stora problem för hela systemet om endast denna länk attackeras. Lösningen är att decentralisera hela arkitekturen, en funktion som implementeringen av blockkedjeteknologi förser. Inom blockkedjeknologi används flertalet algoritmer och bland algoritmerna finns det flera som kräver hög processorprestanda, som t.ex proof of work algoritmen. Problemet är att IIoT-enheter har begränsad processorprestanda, och ett viktigt skäl är att hitta algoritmer som är anpassade för ett IIoT-system beträffande tidseffektivitet samt elkonsumtion. Frågan blir då, vilken av de olika konsensus algoritmerna; proof of work, proof of stake och proof of authentication presterar bäst i en IIoT-miljö sett ur tidseffektivitet och elkonsumtion?  Denna fråga kan besvaras genom att implementera blockkedjeteknologi med de tre ovannämnda algoritmer i en IIoT-miljö för att se vilken algoritm är den mest tidseffektiva och har lägst elkonsumtion. Resultatet visade att proof of stake var den bästa konsensus algoritmen både tidsmässigt och elkonsumtion mässigt.

Proof of work

Proof of stake

IIoT

Proof of authentication

Blockchain

CloudRail

electricity consumption

time effectiveness

security

Proof of work

Proof of stake

IIoT

Proof of authentication

Blockkedja

CloudRail

elkonsumtion

tidseffektivitet

säkerhet

Software Engineering

Programvaruteknik

Consensus Algorithms in Blockchain : A survey to create decision trees for blockchain applications / Konsensusalgoritmer i Blockchain : En undersökning för att skapa beslutsträd för blockchain-applikationer

Zhu, Xinlin

January 2023

Blockchain is a decentralized database that is distributed among a computer network. To enable a smooth decision making process without any authority, different blockchain applications use their own consensus algorithms. The problem is that for a new blockchain application, there is limited aid in deciding which algorithm it should implement. Selecting consensus algorithms is crucial because reaching consensus is the fundamental issue of a decentralized system. Different algorithms are designed with their own advantages and limitations, making it complex to navigate one’s way through a list of consensus algorithms. This thesis attempts to contribute to solving this problem by surveying 15 existing cryptocurrencies’ consensus algorithms used in their blockchain application and then producing a decision tree as the aid for algorithm selection. The top 5 algorithms from each category in Proof of Work (PoW), Proof of Stake (PoS), and Hybrid Proof of Work + Proof of Stake (PoW + PoS) are selected. The research method is qualitative. The study shows that different consensus algorithms often share some properties, but they are usually built to solve the issues of another algorithm, which means they also have their own distinctive advantages. Therefore, the decision tree reveals how these algorithms are logically connected and the key properties blockchain consensus algorithms possess. Based on the result of this thesis, further research can be conducted to include more algorithms in order to make the decision tree more comprehensive. Implementations of these algorithms in similar network setup can also be done to experiment with their claimed properties. The decision tree can be sent to industry for further feedback. / Blockchain är en decentraliserad databas som distribueras i ett datornätverk. För att möjliggöra en smidig beslutsprocess utan någon auktoritet använder olika blockkedjeapplikationer sina egna konsensusalgoritmer. Problemet är att för en ny blockchain-applikation finns det begränsad hjälp för att bestämma vilken algoritm den ska implementera. Att välja konsensusalgoritmer är avgörande eftersom att nå konsensus är den grundläggande frågan för ett decentraliserat system. Olika algoritmer är designade med sina egna fördelar och begränsningar, vilket gör det komplicerat att navigera sig igenom en lista med konsensusalgoritmer. Forskningsmetoden är kvalitativ. Det här dokumentet försöker bidra till att lösa detta problem genom att kartlägga 15 befintliga kryptovalutors konsensusalgoritmer som används i deras blockkedjeapplikation och sedan ta fram ett beslutsträd som hjälp för val av algoritmer. De 5 bästa algoritmerna från varje kategori i Proof of Work (PoW), Proof of Stake (PoS) och Hybrid Proof of Work + Proof of Stake (PoW + PoS) väljs. Studien visar att olika konsensusalgoritmer ofta delar vissa egenskaper, men de är vanligtvis byggda för att lösa problem med en annan algoritm, vilket innebär att de också har sina egna distinkta fördelar. Därför avslöjar beslutsträdet hur dessa algoritmer är logiskt kopplade och de nyckelegenskaper som blockchain konsensusalgoritmer besitter. Baserat på resultatet av denna artikel kan ytterligare forskning utföras för att inkludera fler algoritmer för att göra beslutsträdet mer heltäckande. Implementeringar av dessa algoritmer i liknande nätverksuppsättningar kan också göras för att experimentera med deras påstådda egenskaper. Beslutsträdet kan skickas till industrin för vidare feedback.

Blockchain

Cryptocurrency

Consensus Algorithms

Proof of Work

Proof of Stake

Hybrid Consensus

Decision Tree

Blockchain

Kryptovaluta

Consensus Algoritms

Proof of Work

Proof of Stake

Hybrid Consensus

Decision Tree

Computer and Information Sciences

Data- och informationsvetenskap

Limiting fake accounts in large-scale distributed systems through adaptive identity management / Gerenciamento adaptativo de identidades em sistemas distribuídos de larga escala

Cordeiro, Weverton Luis da Costa

January 2014

Sistemas online como Facebook, Twitter, Digg, e comunidades BitTorrent (entre vários outros) oferecem um processo leve para a obtenção de identidades (por exemplo, confirmar um endereço de e-mail válido; os requisitos podem variar dependendo do sistema), de modo que os usuários possam cadastrar-se facilmente nos mesmos. Tal conveniência vem com um preço, no entanto: com um pequeno esforço, um atacante pode obter uma grande quantidade de contas falsas (ataque Sybil), e utilizá-las para executar atividades maliciosas (que possam prejudicar os usuários legítimos) ou obter vantagens indevidas. É extremamente desafiador (senão impossível) desenvolver uma única solução de gerenciamento de identidades que seja ao mesmo tempo capaz de oferecer suporte a uma variedade de usuários usando dispositivos heterogêneos e adequada para uma diversidade de ambientes (por exemplo, sistemas distribuídos de larga escala, Internet das Coisas, e Internet do Futuro). Como consequência, a comunidade de pesquisa tem focado no projeto de soluções de gerenciamento de identidades customizadas, em cenários com um conjunto bem definido de propósitos, requisitos e limitações. Nesta tese, abordamos o problema de contas falsas em sistemas distribuídos de larga escala. Mais especificamente, nos concentramos em sistemas baseados no paradigma para- par e que podem acomodar esquemas de gerenciamento de identidades leves e de longo prazo (ex., sistemas de compartilhamento de arquivos e de live streaming, sistemas de detecção de intrusão colaborativos, entre outros); leves porque os usuários devem obter identidades sem precisar fornecer “provas de identidade” (ex., passaporte) e/ou pagar taxas; e longo prazo porque os usuários devem ser capazes de manter suas identidades (ex., através de renovação) por um período indefinido. Nosso principal objetivo é propor um arcabouço para precificar adaptativamente as solicitações de identidades como uma abordagem para conter ataques Sybil. A ideia chave é estimar um grau de confiança para as solicitações de identidades, calculada como função do número de identidades já concedidas em um dado período, considerando a origem dessas solicitações. Nossa abordagem baseia-se em prova de trabalho e usa desafios criptográficos como um recurso para conter atacantes. Nesta tese, nós também concentramos esforços na reformulação dos desafios tradicionais, de modo a torná-los “verdes” e “´uteis”. Os resultados obtidos via simulação e experimentação mostraram a viabilidade técnica de usar desafios verdes e ´uteis para o gerenciamento de identidades. Mais importante, eles mostraram que caracterizar as solicitações de identidades com base na origem das mesmas constitui uma abordagem promissora para lidar com a redução substancial da disseminação de contas falsas. / Online systems such as Facebook, Twitter, Digg, and BitTorrent communities (among various others) offer a lightweight process for obtaining identities (e.g., confirming a valid e-mail address; the actual requirements may vary depending on the system), so that users can easily join them. Such convenience comes with a price, however: with minimum effort, an attacker can obtain a horde of fake accounts (Sybil attack), and use them to either perform malicious activities (that might harm legitimate users) or obtain unfair benefits. It is extremely challenging (if not impossible) to devise a single identity management solution at the same time able to support a variety of end-users using heterogeneous devices, and suitable for a multitude of environments (e.g., large-scale distributed systems, Internet-of-Things, and Future Internet). As a consequence, the research community has focused on the design of system-specific identity management solutions, in scenarios having a well-defined set of purposes, requirements, and constraints. In this thesis, we approach the issue of fake accounts in large-scale, distributed systems. More specifically, we target systems based on the peer-to-peer paradigm and that can accommodate lightweight, long-term identity management schemes (e.g., file sharing and live streaming networks, collaborative intrusion detection systems, among others); lightweight because users should obtain identities without being required to provide “proof of identity” (e.g., passport) and/or pay taxes; and long-term because users should be able to maintain their identities (e.g., through renewal) for an indefinite period. Our main objective is to propose a framework for adaptively pricing identity requests as an approach to limit Sybil attacks. The key idea is to estimate a trust score for identity requests, calculated as a as function of the number of identities already granted in a given period, and considering their source of origin. Our approach relies on proof of work, and uses cryptographic puzzles as a resource to restrain attackers. In this thesis, we also concentrate on reshaping traditional puzzles, in order to make them “green” and “useful”. The results obtained through simulation and experimentation have shown the feasibility of using green and useful puzzles for identity management. More importantly, they have shown that profiling identity requests based on their source of origin constitutes a promising approach to tackle the dissemination of fake accounts.

Redes : Computadores

Tolerancia : Falhas

Redes P2P

Identity management

Peer-to-peer systems

Sybil attack

Fake accounts

Collusion attacks

Proof of work

Blockchain consensus mechanisms : the case of natural disasters

Arabaci, Okan

January 2018

Blockchain is described as a trustworthy distributed service for parties that do not fully trust each other. It enables business transactions to be handled without a third party or central governance. For this distributed and concurrent communication to work, a consensus mechanism needs to be implemented into the blockchain protocol. This mechanism will dictate how and when new blocks can be added and in some cases, by whom. The medical industry suffers from many informational inefficiencies. Data is scattered across many different databases and the lack of coordination often results in mishandling of the data. This is especially clear when a natural disaster hits and time is of the essence. The purpose of this thesis is to assess how much a blockchain solution and its consensus mechanism can resist unusual behavior before they behave erratically. This involves analyzing design parameters and translating parameters from a disaster into a simulation to run tests. Overall, this thesis will explore if blockchain is a compatible solution to the difficulties in natural disaster response. This was obtained by conducting a qualitative study and developing a prototype and simulating disaster parameters in the prototype blockchain network. A set of test cases was created. The results show that the resilience differs significantly depending on consensus mechanism. Key parameters include consensus finality, scalability, byzantine tolerance, performance and blockchain type. Blockchain is well suited to handle typical challenges in natural disaster response: it results in faster allocation of medical care and more accurate information collection, as well as in a system which allows seamlessly for the integration of external organizations in the blockchain network.

Blockchain

consensus

proof of work

medical industry

natural disaster

resilience

Information Systems, Social aspects

Limiting fake accounts in large-scale distributed systems through adaptive identity management / Gerenciamento adaptativo de identidades em sistemas distribuídos de larga escala

Cordeiro, Weverton Luis da Costa

January 2014

Sistemas online como Facebook, Twitter, Digg, e comunidades BitTorrent (entre vários outros) oferecem um processo leve para a obtenção de identidades (por exemplo, confirmar um endereço de e-mail válido; os requisitos podem variar dependendo do sistema), de modo que os usuários possam cadastrar-se facilmente nos mesmos. Tal conveniência vem com um preço, no entanto: com um pequeno esforço, um atacante pode obter uma grande quantidade de contas falsas (ataque Sybil), e utilizá-las para executar atividades maliciosas (que possam prejudicar os usuários legítimos) ou obter vantagens indevidas. É extremamente desafiador (senão impossível) desenvolver uma única solução de gerenciamento de identidades que seja ao mesmo tempo capaz de oferecer suporte a uma variedade de usuários usando dispositivos heterogêneos e adequada para uma diversidade de ambientes (por exemplo, sistemas distribuídos de larga escala, Internet das Coisas, e Internet do Futuro). Como consequência, a comunidade de pesquisa tem focado no projeto de soluções de gerenciamento de identidades customizadas, em cenários com um conjunto bem definido de propósitos, requisitos e limitações. Nesta tese, abordamos o problema de contas falsas em sistemas distribuídos de larga escala. Mais especificamente, nos concentramos em sistemas baseados no paradigma para- par e que podem acomodar esquemas de gerenciamento de identidades leves e de longo prazo (ex., sistemas de compartilhamento de arquivos e de live streaming, sistemas de detecção de intrusão colaborativos, entre outros); leves porque os usuários devem obter identidades sem precisar fornecer “provas de identidade” (ex., passaporte) e/ou pagar taxas; e longo prazo porque os usuários devem ser capazes de manter suas identidades (ex., através de renovação) por um período indefinido. Nosso principal objetivo é propor um arcabouço para precificar adaptativamente as solicitações de identidades como uma abordagem para conter ataques Sybil. A ideia chave é estimar um grau de confiança para as solicitações de identidades, calculada como função do número de identidades já concedidas em um dado período, considerando a origem dessas solicitações. Nossa abordagem baseia-se em prova de trabalho e usa desafios criptográficos como um recurso para conter atacantes. Nesta tese, nós também concentramos esforços na reformulação dos desafios tradicionais, de modo a torná-los “verdes” e “´uteis”. Os resultados obtidos via simulação e experimentação mostraram a viabilidade técnica de usar desafios verdes e ´uteis para o gerenciamento de identidades. Mais importante, eles mostraram que caracterizar as solicitações de identidades com base na origem das mesmas constitui uma abordagem promissora para lidar com a redução substancial da disseminação de contas falsas. / Online systems such as Facebook, Twitter, Digg, and BitTorrent communities (among various others) offer a lightweight process for obtaining identities (e.g., confirming a valid e-mail address; the actual requirements may vary depending on the system), so that users can easily join them. Such convenience comes with a price, however: with minimum effort, an attacker can obtain a horde of fake accounts (Sybil attack), and use them to either perform malicious activities (that might harm legitimate users) or obtain unfair benefits. It is extremely challenging (if not impossible) to devise a single identity management solution at the same time able to support a variety of end-users using heterogeneous devices, and suitable for a multitude of environments (e.g., large-scale distributed systems, Internet-of-Things, and Future Internet). As a consequence, the research community has focused on the design of system-specific identity management solutions, in scenarios having a well-defined set of purposes, requirements, and constraints. In this thesis, we approach the issue of fake accounts in large-scale, distributed systems. More specifically, we target systems based on the peer-to-peer paradigm and that can accommodate lightweight, long-term identity management schemes (e.g., file sharing and live streaming networks, collaborative intrusion detection systems, among others); lightweight because users should obtain identities without being required to provide “proof of identity” (e.g., passport) and/or pay taxes; and long-term because users should be able to maintain their identities (e.g., through renewal) for an indefinite period. Our main objective is to propose a framework for adaptively pricing identity requests as an approach to limit Sybil attacks. The key idea is to estimate a trust score for identity requests, calculated as a as function of the number of identities already granted in a given period, and considering their source of origin. Our approach relies on proof of work, and uses cryptographic puzzles as a resource to restrain attackers. In this thesis, we also concentrate on reshaping traditional puzzles, in order to make them “green” and “useful”. The results obtained through simulation and experimentation have shown the feasibility of using green and useful puzzles for identity management. More importantly, they have shown that profiling identity requests based on their source of origin constitutes a promising approach to tackle the dissemination of fake accounts.

Redes : Computadores

Tolerancia : Falhas

Redes P2P

Identity management

Peer-to-peer systems

Sybil attack

Fake accounts

Collusion attacks

Proof of work

Limiting fake accounts in large-scale distributed systems through adaptive identity management / Gerenciamento adaptativo de identidades em sistemas distribuídos de larga escala

Cordeiro, Weverton Luis da Costa

January 2014

Sistemas online como Facebook, Twitter, Digg, e comunidades BitTorrent (entre vários outros) oferecem um processo leve para a obtenção de identidades (por exemplo, confirmar um endereço de e-mail válido; os requisitos podem variar dependendo do sistema), de modo que os usuários possam cadastrar-se facilmente nos mesmos. Tal conveniência vem com um preço, no entanto: com um pequeno esforço, um atacante pode obter uma grande quantidade de contas falsas (ataque Sybil), e utilizá-las para executar atividades maliciosas (que possam prejudicar os usuários legítimos) ou obter vantagens indevidas. É extremamente desafiador (senão impossível) desenvolver uma única solução de gerenciamento de identidades que seja ao mesmo tempo capaz de oferecer suporte a uma variedade de usuários usando dispositivos heterogêneos e adequada para uma diversidade de ambientes (por exemplo, sistemas distribuídos de larga escala, Internet das Coisas, e Internet do Futuro). Como consequência, a comunidade de pesquisa tem focado no projeto de soluções de gerenciamento de identidades customizadas, em cenários com um conjunto bem definido de propósitos, requisitos e limitações. Nesta tese, abordamos o problema de contas falsas em sistemas distribuídos de larga escala. Mais especificamente, nos concentramos em sistemas baseados no paradigma para- par e que podem acomodar esquemas de gerenciamento de identidades leves e de longo prazo (ex., sistemas de compartilhamento de arquivos e de live streaming, sistemas de detecção de intrusão colaborativos, entre outros); leves porque os usuários devem obter identidades sem precisar fornecer “provas de identidade” (ex., passaporte) e/ou pagar taxas; e longo prazo porque os usuários devem ser capazes de manter suas identidades (ex., através de renovação) por um período indefinido. Nosso principal objetivo é propor um arcabouço para precificar adaptativamente as solicitações de identidades como uma abordagem para conter ataques Sybil. A ideia chave é estimar um grau de confiança para as solicitações de identidades, calculada como função do número de identidades já concedidas em um dado período, considerando a origem dessas solicitações. Nossa abordagem baseia-se em prova de trabalho e usa desafios criptográficos como um recurso para conter atacantes. Nesta tese, nós também concentramos esforços na reformulação dos desafios tradicionais, de modo a torná-los “verdes” e “´uteis”. Os resultados obtidos via simulação e experimentação mostraram a viabilidade técnica de usar desafios verdes e ´uteis para o gerenciamento de identidades. Mais importante, eles mostraram que caracterizar as solicitações de identidades com base na origem das mesmas constitui uma abordagem promissora para lidar com a redução substancial da disseminação de contas falsas. / Online systems such as Facebook, Twitter, Digg, and BitTorrent communities (among various others) offer a lightweight process for obtaining identities (e.g., confirming a valid e-mail address; the actual requirements may vary depending on the system), so that users can easily join them. Such convenience comes with a price, however: with minimum effort, an attacker can obtain a horde of fake accounts (Sybil attack), and use them to either perform malicious activities (that might harm legitimate users) or obtain unfair benefits. It is extremely challenging (if not impossible) to devise a single identity management solution at the same time able to support a variety of end-users using heterogeneous devices, and suitable for a multitude of environments (e.g., large-scale distributed systems, Internet-of-Things, and Future Internet). As a consequence, the research community has focused on the design of system-specific identity management solutions, in scenarios having a well-defined set of purposes, requirements, and constraints. In this thesis, we approach the issue of fake accounts in large-scale, distributed systems. More specifically, we target systems based on the peer-to-peer paradigm and that can accommodate lightweight, long-term identity management schemes (e.g., file sharing and live streaming networks, collaborative intrusion detection systems, among others); lightweight because users should obtain identities without being required to provide “proof of identity” (e.g., passport) and/or pay taxes; and long-term because users should be able to maintain their identities (e.g., through renewal) for an indefinite period. Our main objective is to propose a framework for adaptively pricing identity requests as an approach to limit Sybil attacks. The key idea is to estimate a trust score for identity requests, calculated as a as function of the number of identities already granted in a given period, and considering their source of origin. Our approach relies on proof of work, and uses cryptographic puzzles as a resource to restrain attackers. In this thesis, we also concentrate on reshaping traditional puzzles, in order to make them “green” and “useful”. The results obtained through simulation and experimentation have shown the feasibility of using green and useful puzzles for identity management. More importantly, they have shown that profiling identity requests based on their source of origin constitutes a promising approach to tackle the dissemination of fake accounts.

Redes : Computadores

Tolerancia : Falhas

Redes P2P

Identity management

Peer-to-peer systems

Sybil attack

Fake accounts

Collusion attacks

Proof of work