Global ETD Search

1	Evaluating the Effectiveness of Sybil Attacks Against Peer-to-Peer Botnets Verigin, Adam Louis 18 December 2013 (has links) Botnets are networks of computers which have been compromised by malicious software which enables a remotely located adversary to control them and focus their collective power on specific tasks. Botnets pose a significant global threat, with tangible political, economic and military ramifications and have resultingly become a field of significant interest within the cyber-security research community. While a number of effective defence techniques have been devised for botnets utilizing centralized command and control infrastructures, few of these techniques are suitable for defending against larger-scale peer-to-peer (P2P) botnets. In contrast, the sybil attack, combined with index poisoning is an established defence technique for P2P botnets. During a sybil attack, fake bots (\ie sybils) are inserted into the botnet. These sybils distribute fake commands to bots, causing them not to carry out illicit activities. Bots also then unwittingly redistribute the fake commands to other bots in the botnet. This work uses packet-level simulation of a Kademlia-based P2P botnet to evaluate 1) the impact that the location of sybils within the underlying network topology can have on the effectiveness of sybil attacks and 2) several potential optimizations to the placement of sybils within the underlying network topology. / Graduate / 0537 / 0544 / 0984 botnet cybersecurity peer-to-peer sybil attack
2	Detecting Sybil Nodes in Static and Dynamic Networks January 2010 (has links) abstract: Peer-to-peer systems are known to be vulnerable to the Sybil attack. The lack of a central authority allows a malicious user to create many fake identities (called Sybil nodes) pretending to be independent honest nodes. The goal of the malicious user is to influence the system on his/her behalf. In order to detect the Sybil nodes and prevent the attack, a reputation system is used for the nodes, built through observing its interactions with its peers. The construction makes every node a part of a distributed authority that keeps records on the reputation and behavior of the nodes. Records of interactions between nodes are broadcast by the interacting nodes and honest reporting proves to be a Nash Equilibrium for correct (non-Sybil) nodes. In this research is argued that in realistic communication schedule scenarios, simple graph-theoretic queries such as the computation of Strongly Connected Components and Densest Subgraphs, help in exposing those nodes most likely to be Sybil, which are then proved to be Sybil or not through a direct test executed by some peers. / Dissertation/Thesis / Ph.D. Computer Science 2010 Computer Science Distributed Systems Network security Sybil attack
3	Attacks on structured P2P overlay networks : Simulating Sybil Attacks Tefera, Mismaku Hiruy January 2014 (has links) No description available. P2P DHT Chord CAN Pastry Tapestry P-Grid and MediaSense Sybil attack DDos attack OMNeT++ OverSim.
4	Identity and Anonymity in Ad Hoc Networks Martucci, Leonardo Augusto January 2009 (has links) In ad hoc networks every device is responsible for its own basic computer services, including packet routing, data forwarding, security, and privacy. Most of the protocols used in wired networks are not suitable for ad hoc networks, since they were designed for static environments with defined borders and highly specialized devices, such as routers, authentication servers, and firewalls. This dissertation concentrates on the achievement of privacy-friendly identifiersand anonymous communication in ad hoc networks. In particular, the objective is to offer means for better anonymous communication in such networks. Two research questions were formulated to address the objective: I. How to design proper and trusted privacy-friendly digital identifiers to beused in ad hoc network environments? II. How to provide anonymous communication in ad hoc networks and whatis the performance cost in relation to the obtained degree of anonymity? To address the first research question we studied and classified the security and privacy threats, enhancements, and requirements in ad hoc networks and analyzed the need for privacy and identification. The analysis led us to the relationship between security, identification, and anonymous communication that we refer to as the “identity-anonymity paradox”. We further identifiedthe requirements for privacy-friendly identifiers and proposed the self-certified Sybil-free pseudonyms to address such requirements. The second research question was addressed with the design and implementation of the Chameleon protocol, an anonymous communication mechanism for ad hoc networks. The performance of Chameleon was evaluated using a network simulator. The results were used to find out the trade-off between anonymity and performance in terms of the expected end-to-end delay. The solutions proposed in this dissertation are important steps towards the achievement of better anonymous communications in ad hoc networks andcomplement other mechanisms required to prevent leaks of personal data. privacy identity anonymity pseudonymity Sybil attack security ad hoc coputer networks Computer Science Datavetenskap (datalogi)
5	Efficient Location Verification, Neighbor Discovery and Routing in Ad Hoc Wireless Networks Vora, Adnan Zoeb 07 October 2009 (has links) No description available. Computer Science Ad Hoc Wireless Networks Location Verification Neighbor Discovery Sybil Attack Geometric Routing
6	Approche robuste pour l’évaluation de la confiance des ressources sur le Web / A robust approach for Web resources trust assessment Saoud, Zohra 14 December 2016 (has links) Cette thèse en Informatique s'inscrit dans le cadre de gestion de la confiance et plus précisément des systèmes de recommandation. Ces systèmes sont généralement basés sur les retours d'expériences des utilisateurs (i.e., qualitatifs/quantitatifs) lors de l'utilisation des ressources sur le Web (ex. films, vidéos et service Web). Les systèmes de recommandation doivent faire face à trois types d'incertitude liés aux évaluations des utilisateurs, à leur identité et à la variation des performances des ressources au fil du temps. Nous proposons une approche robuste pour évaluer la confiance en tenant compte de ces incertitudes. Le premier type d'incertitude réfère aux évaluations. Cette incertitude provient de la vulnérabilité du système en présence d'utilisateurs malveillants fournissant des évaluations biaisées. Pour pallier cette incertitude, nous proposons un modèle flou de la crédibilité des évaluateurs. Ce modèle, basé sur la technique de clustering flou, permet de distinguer les utilisateurs malveillants des utilisateurs stricts habituellement exclus dans les approches existantes. Le deuxième type d'incertitude réfère à l'identité de l'utilisateur. En effet, un utilisateur malveillant a la possibilité de créer des identités virtuelles pour fournir plusieurs fausses évaluations. Pour contrecarrer ce type d'attaque dit Sybil, nous proposons un modèle de filtrage des évaluations, basé sur la crédibilité des utilisateurs et le graphe de confiance auquel ils appartiennent. Nous proposons deux mécanismes, l'un pour distribuer des capacités aux utilisateurs et l'autre pour sélectionner les utilisateurs à retenir lors de l'évaluation de la confiance. Le premier mécanisme permet de réduire le risque de faire intervenir des utilisateurs multi-identités. Le second mécanisme choisit des chemins dans le graphe de confiance contenant des utilisateurs avec des capacités maximales. Ces deux mécanismes utilisent la crédibilité des utilisateurs comme heuristique. Afin de lever l'incertitude sur l'aptitude d'une ressource à satisfaire les demandes des utilisateurs, nous proposons deux approches d'évaluation de la confiance d'une ressource sur leWeb, une déterministe et une probabiliste. La première consolide les différentes évaluations collectées en prenant en compte la crédibilité des évaluateurs. La deuxième s'appuie sur la théorie des bases de données probabilistes et la sémantique des mondes possibles. Les bases de données probabilistes offrent alors une meilleure représentation de l'incertitude sous-jacente à la crédibilité des utilisateurs et permettent aussi à travers des requêtes un calcul incertain de la confiance d'une ressource. Finalement, nous développons le système WRTrust (Web Resource Trust) implémentant notre approche d'évaluation de la confiance. Nous avons réalisé plusieurs expérimentations afin d'évaluer la performance et la robustesse de notre système. Les expérimentations ont montré une amélioration de la qualité de la confiance et de la robustesse du système aux attaques des utilisateurs malveillants / This thesis in Computer Science is part of the trust management field and more specifically recommendation systems. These systems are usually based on users’ experiences (i.e., qualitative / quantitative) interacting with Web resources (eg. Movies, videos and Web services). Recommender systems are undermined by three types of uncertainty that raise due to users’ ratings and identities that can be questioned and also due to variations in Web resources performance at run-time. We propose a robust approach for trust assessment under these uncertainties. The first type of uncertainty refers to users’ ratings. This uncertainty stems from the vulnerability of the system in the presence of malicious users providing false ratings. To tackle this uncertainty, we propose a fuzzy model for users’ credibility. This model uses a fuzzy clustering technique to distinguish between malicious users and strict users usually excluded in existing approaches. The second type of uncertainty refers to user’s identity. Indeed, a malicious user purposely creates virtual identities to provide false ratings. To tackle this type of attack known as Sybil, we propose a ratings filtering model based on the users’ credibility and the trust graph to which they belong. We propose two mechanisms, one for assigning capacities to users and the second one is for selecting users whose ratings will be retained when evaluating trust. The first mechanism reduces the attack capacity of Sybil users. The second mechanism chose paths in the trust graph including trusted users with maximum capacities. Both mechanisms use users’ credibility as heuristic. To deal with the uncertainty over the capacity of a Web resource in satisfying users’ requests, we propose two approaches for Web resources trust assessment, one deterministic and one probabilistic. The first consolidates users’ ratings taking into account users credibility values. The second relies on probability theory coupled with possible worlds semantics. Probabilistic databases offer a better representation of the uncertainty underlying users’ credibility and also permit an uncertain assessment of resources trust. Finally, we develop the system WRTrust (Web Resource Trust) implementing our trust assessment approach. We carried out several experiments to evaluate the performance and robustness of our system. The results show that trust quality has been significantly improved, as well as the system’s robustness in presence of false ratings attacks and Sybil attacks Ressource sur le Web Confiance Crédibilité Clustering flou Attaque Sybil Web resource Trust Credibility Fuzzy clustering Sybil attack 006.7
7	Limiting fake accounts in large-scale distributed systems through adaptive identity management / Gerenciamento adaptativo de identidades em sistemas distribuídos de larga escala Cordeiro, Weverton Luis da Costa January 2014 (has links) Sistemas online como Facebook, Twitter, Digg, e comunidades BitTorrent (entre vários outros) oferecem um processo leve para a obtenção de identidades (por exemplo, confirmar um endereço de e-mail válido; os requisitos podem variar dependendo do sistema), de modo que os usuários possam cadastrar-se facilmente nos mesmos. Tal conveniência vem com um preço, no entanto: com um pequeno esforço, um atacante pode obter uma grande quantidade de contas falsas (ataque Sybil), e utilizá-las para executar atividades maliciosas (que possam prejudicar os usuários legítimos) ou obter vantagens indevidas. É extremamente desafiador (senão impossível) desenvolver uma única solução de gerenciamento de identidades que seja ao mesmo tempo capaz de oferecer suporte a uma variedade de usuários usando dispositivos heterogêneos e adequada para uma diversidade de ambientes (por exemplo, sistemas distribuídos de larga escala, Internet das Coisas, e Internet do Futuro). Como consequência, a comunidade de pesquisa tem focado no projeto de soluções de gerenciamento de identidades customizadas, em cenários com um conjunto bem definido de propósitos, requisitos e limitações. Nesta tese, abordamos o problema de contas falsas em sistemas distribuídos de larga escala. Mais especificamente, nos concentramos em sistemas baseados no paradigma para- par e que podem acomodar esquemas de gerenciamento de identidades leves e de longo prazo (ex., sistemas de compartilhamento de arquivos e de live streaming, sistemas de detecção de intrusão colaborativos, entre outros); leves porque os usuários devem obter identidades sem precisar fornecer “provas de identidade” (ex., passaporte) e/ou pagar taxas; e longo prazo porque os usuários devem ser capazes de manter suas identidades (ex., através de renovação) por um período indefinido. Nosso principal objetivo é propor um arcabouço para precificar adaptativamente as solicitações de identidades como uma abordagem para conter ataques Sybil. A ideia chave é estimar um grau de confiança para as solicitações de identidades, calculada como função do número de identidades já concedidas em um dado período, considerando a origem dessas solicitações. Nossa abordagem baseia-se em prova de trabalho e usa desafios criptográficos como um recurso para conter atacantes. Nesta tese, nós também concentramos esforços na reformulação dos desafios tradicionais, de modo a torná-los “verdes” e “´uteis”. Os resultados obtidos via simulação e experimentação mostraram a viabilidade técnica de usar desafios verdes e ´uteis para o gerenciamento de identidades. Mais importante, eles mostraram que caracterizar as solicitações de identidades com base na origem das mesmas constitui uma abordagem promissora para lidar com a redução substancial da disseminação de contas falsas. / Online systems such as Facebook, Twitter, Digg, and BitTorrent communities (among various others) offer a lightweight process for obtaining identities (e.g., confirming a valid e-mail address; the actual requirements may vary depending on the system), so that users can easily join them. Such convenience comes with a price, however: with minimum effort, an attacker can obtain a horde of fake accounts (Sybil attack), and use them to either perform malicious activities (that might harm legitimate users) or obtain unfair benefits. It is extremely challenging (if not impossible) to devise a single identity management solution at the same time able to support a variety of end-users using heterogeneous devices, and suitable for a multitude of environments (e.g., large-scale distributed systems, Internet-of-Things, and Future Internet). As a consequence, the research community has focused on the design of system-specific identity management solutions, in scenarios having a well-defined set of purposes, requirements, and constraints. In this thesis, we approach the issue of fake accounts in large-scale, distributed systems. More specifically, we target systems based on the peer-to-peer paradigm and that can accommodate lightweight, long-term identity management schemes (e.g., file sharing and live streaming networks, collaborative intrusion detection systems, among others); lightweight because users should obtain identities without being required to provide “proof of identity” (e.g., passport) and/or pay taxes; and long-term because users should be able to maintain their identities (e.g., through renewal) for an indefinite period. Our main objective is to propose a framework for adaptively pricing identity requests as an approach to limit Sybil attacks. The key idea is to estimate a trust score for identity requests, calculated as a as function of the number of identities already granted in a given period, and considering their source of origin. Our approach relies on proof of work, and uses cryptographic puzzles as a resource to restrain attackers. In this thesis, we also concentrate on reshaping traditional puzzles, in order to make them “green” and “useful”. The results obtained through simulation and experimentation have shown the feasibility of using green and useful puzzles for identity management. More importantly, they have shown that profiling identity requests based on their source of origin constitutes a promising approach to tackle the dissemination of fake accounts. Redes : Computadores Tolerancia : Falhas Redes P2P Identity management Peer-to-peer systems Sybil attack Fake accounts Collusion attacks Proof of work
8	Limiting fake accounts in large-scale distributed systems through adaptive identity management / Gerenciamento adaptativo de identidades em sistemas distribuídos de larga escala Cordeiro, Weverton Luis da Costa January 2014 (has links) Sistemas online como Facebook, Twitter, Digg, e comunidades BitTorrent (entre vários outros) oferecem um processo leve para a obtenção de identidades (por exemplo, confirmar um endereço de e-mail válido; os requisitos podem variar dependendo do sistema), de modo que os usuários possam cadastrar-se facilmente nos mesmos. Tal conveniência vem com um preço, no entanto: com um pequeno esforço, um atacante pode obter uma grande quantidade de contas falsas (ataque Sybil), e utilizá-las para executar atividades maliciosas (que possam prejudicar os usuários legítimos) ou obter vantagens indevidas. É extremamente desafiador (senão impossível) desenvolver uma única solução de gerenciamento de identidades que seja ao mesmo tempo capaz de oferecer suporte a uma variedade de usuários usando dispositivos heterogêneos e adequada para uma diversidade de ambientes (por exemplo, sistemas distribuídos de larga escala, Internet das Coisas, e Internet do Futuro). Como consequência, a comunidade de pesquisa tem focado no projeto de soluções de gerenciamento de identidades customizadas, em cenários com um conjunto bem definido de propósitos, requisitos e limitações. Nesta tese, abordamos o problema de contas falsas em sistemas distribuídos de larga escala. Mais especificamente, nos concentramos em sistemas baseados no paradigma para- par e que podem acomodar esquemas de gerenciamento de identidades leves e de longo prazo (ex., sistemas de compartilhamento de arquivos e de live streaming, sistemas de detecção de intrusão colaborativos, entre outros); leves porque os usuários devem obter identidades sem precisar fornecer “provas de identidade” (ex., passaporte) e/ou pagar taxas; e longo prazo porque os usuários devem ser capazes de manter suas identidades (ex., através de renovação) por um período indefinido. Nosso principal objetivo é propor um arcabouço para precificar adaptativamente as solicitações de identidades como uma abordagem para conter ataques Sybil. A ideia chave é estimar um grau de confiança para as solicitações de identidades, calculada como função do número de identidades já concedidas em um dado período, considerando a origem dessas solicitações. Nossa abordagem baseia-se em prova de trabalho e usa desafios criptográficos como um recurso para conter atacantes. Nesta tese, nós também concentramos esforços na reformulação dos desafios tradicionais, de modo a torná-los “verdes” e “´uteis”. Os resultados obtidos via simulação e experimentação mostraram a viabilidade técnica de usar desafios verdes e ´uteis para o gerenciamento de identidades. Mais importante, eles mostraram que caracterizar as solicitações de identidades com base na origem das mesmas constitui uma abordagem promissora para lidar com a redução substancial da disseminação de contas falsas. / Online systems such as Facebook, Twitter, Digg, and BitTorrent communities (among various others) offer a lightweight process for obtaining identities (e.g., confirming a valid e-mail address; the actual requirements may vary depending on the system), so that users can easily join them. Such convenience comes with a price, however: with minimum effort, an attacker can obtain a horde of fake accounts (Sybil attack), and use them to either perform malicious activities (that might harm legitimate users) or obtain unfair benefits. It is extremely challenging (if not impossible) to devise a single identity management solution at the same time able to support a variety of end-users using heterogeneous devices, and suitable for a multitude of environments (e.g., large-scale distributed systems, Internet-of-Things, and Future Internet). As a consequence, the research community has focused on the design of system-specific identity management solutions, in scenarios having a well-defined set of purposes, requirements, and constraints. In this thesis, we approach the issue of fake accounts in large-scale, distributed systems. More specifically, we target systems based on the peer-to-peer paradigm and that can accommodate lightweight, long-term identity management schemes (e.g., file sharing and live streaming networks, collaborative intrusion detection systems, among others); lightweight because users should obtain identities without being required to provide “proof of identity” (e.g., passport) and/or pay taxes; and long-term because users should be able to maintain their identities (e.g., through renewal) for an indefinite period. Our main objective is to propose a framework for adaptively pricing identity requests as an approach to limit Sybil attacks. The key idea is to estimate a trust score for identity requests, calculated as a as function of the number of identities already granted in a given period, and considering their source of origin. Our approach relies on proof of work, and uses cryptographic puzzles as a resource to restrain attackers. In this thesis, we also concentrate on reshaping traditional puzzles, in order to make them “green” and “useful”. The results obtained through simulation and experimentation have shown the feasibility of using green and useful puzzles for identity management. More importantly, they have shown that profiling identity requests based on their source of origin constitutes a promising approach to tackle the dissemination of fake accounts. Redes : Computadores Tolerancia : Falhas Redes P2P Identity management Peer-to-peer systems Sybil attack Fake accounts Collusion attacks Proof of work
9	Limiting fake accounts in large-scale distributed systems through adaptive identity management / Gerenciamento adaptativo de identidades em sistemas distribuídos de larga escala Cordeiro, Weverton Luis da Costa January 2014 (has links) Sistemas online como Facebook, Twitter, Digg, e comunidades BitTorrent (entre vários outros) oferecem um processo leve para a obtenção de identidades (por exemplo, confirmar um endereço de e-mail válido; os requisitos podem variar dependendo do sistema), de modo que os usuários possam cadastrar-se facilmente nos mesmos. Tal conveniência vem com um preço, no entanto: com um pequeno esforço, um atacante pode obter uma grande quantidade de contas falsas (ataque Sybil), e utilizá-las para executar atividades maliciosas (que possam prejudicar os usuários legítimos) ou obter vantagens indevidas. É extremamente desafiador (senão impossível) desenvolver uma única solução de gerenciamento de identidades que seja ao mesmo tempo capaz de oferecer suporte a uma variedade de usuários usando dispositivos heterogêneos e adequada para uma diversidade de ambientes (por exemplo, sistemas distribuídos de larga escala, Internet das Coisas, e Internet do Futuro). Como consequência, a comunidade de pesquisa tem focado no projeto de soluções de gerenciamento de identidades customizadas, em cenários com um conjunto bem definido de propósitos, requisitos e limitações. Nesta tese, abordamos o problema de contas falsas em sistemas distribuídos de larga escala. Mais especificamente, nos concentramos em sistemas baseados no paradigma para- par e que podem acomodar esquemas de gerenciamento de identidades leves e de longo prazo (ex., sistemas de compartilhamento de arquivos e de live streaming, sistemas de detecção de intrusão colaborativos, entre outros); leves porque os usuários devem obter identidades sem precisar fornecer “provas de identidade” (ex., passaporte) e/ou pagar taxas; e longo prazo porque os usuários devem ser capazes de manter suas identidades (ex., através de renovação) por um período indefinido. Nosso principal objetivo é propor um arcabouço para precificar adaptativamente as solicitações de identidades como uma abordagem para conter ataques Sybil. A ideia chave é estimar um grau de confiança para as solicitações de identidades, calculada como função do número de identidades já concedidas em um dado período, considerando a origem dessas solicitações. Nossa abordagem baseia-se em prova de trabalho e usa desafios criptográficos como um recurso para conter atacantes. Nesta tese, nós também concentramos esforços na reformulação dos desafios tradicionais, de modo a torná-los “verdes” e “´uteis”. Os resultados obtidos via simulação e experimentação mostraram a viabilidade técnica de usar desafios verdes e ´uteis para o gerenciamento de identidades. Mais importante, eles mostraram que caracterizar as solicitações de identidades com base na origem das mesmas constitui uma abordagem promissora para lidar com a redução substancial da disseminação de contas falsas. / Online systems such as Facebook, Twitter, Digg, and BitTorrent communities (among various others) offer a lightweight process for obtaining identities (e.g., confirming a valid e-mail address; the actual requirements may vary depending on the system), so that users can easily join them. Such convenience comes with a price, however: with minimum effort, an attacker can obtain a horde of fake accounts (Sybil attack), and use them to either perform malicious activities (that might harm legitimate users) or obtain unfair benefits. It is extremely challenging (if not impossible) to devise a single identity management solution at the same time able to support a variety of end-users using heterogeneous devices, and suitable for a multitude of environments (e.g., large-scale distributed systems, Internet-of-Things, and Future Internet). As a consequence, the research community has focused on the design of system-specific identity management solutions, in scenarios having a well-defined set of purposes, requirements, and constraints. In this thesis, we approach the issue of fake accounts in large-scale, distributed systems. More specifically, we target systems based on the peer-to-peer paradigm and that can accommodate lightweight, long-term identity management schemes (e.g., file sharing and live streaming networks, collaborative intrusion detection systems, among others); lightweight because users should obtain identities without being required to provide “proof of identity” (e.g., passport) and/or pay taxes; and long-term because users should be able to maintain their identities (e.g., through renewal) for an indefinite period. Our main objective is to propose a framework for adaptively pricing identity requests as an approach to limit Sybil attacks. The key idea is to estimate a trust score for identity requests, calculated as a as function of the number of identities already granted in a given period, and considering their source of origin. Our approach relies on proof of work, and uses cryptographic puzzles as a resource to restrain attackers. In this thesis, we also concentrate on reshaping traditional puzzles, in order to make them “green” and “useful”. The results obtained through simulation and experimentation have shown the feasibility of using green and useful puzzles for identity management. More importantly, they have shown that profiling identity requests based on their source of origin constitutes a promising approach to tackle the dissemination of fake accounts. Redes : Computadores Tolerancia : Falhas Redes P2P Identity management Peer-to-peer systems Sybil attack Fake accounts Collusion attacks Proof of work
10	Towards Engineering Trustworthy Distributed Reputation Systems Over The Blockchain Grankvist, Georg, Moustakas, Paul January 2022 (has links) Peer-to-peer (P2P) reputation systems, such as those used by eBay and Amazon, servean important role on the web, especially in E-commerce, as online reputation serves asa primary guiding factor for consumers in making informed decisions. The importanceof these systems, and also the increasing popularity of P2P and distributed systems, theissue of how to prevent and resist sybil and re-entry attacks becomes an important area ofresearch as they can impinge the integrity of those systems. To address this issue, in thisthesis, we propose an approach that encompasses a software architecture and processeswhich serves as a proof-of-concept of how to mitigate sybil and re-entry attacks on review based P2P distributed reputation systems. The architecture uses novel technologiessuch as blockchain, smart contracts, and non-fungible tokens (NFT) in conjunction withSwedish E-id provider BankID to build a sybil and re-entry attack resistant reputationsystem. To validate the feasibility of our approach, we developed a prototype and used itto run experiments to evaluate the functional correctness of the architecture as a mitigation solution Blockchain Ethereum Smart Contract NFT Bank-ID Software Architecture Reputation Systems Sybil Attack Re-entry Attack P2P Distributed Computer Systems Datorsystem

Search results