Sybil Attacks: Nodes and Attack Edges

attack edges

The system is constructed with the formalization of honest and malicious users, which are specifically exemplified in Sybil Guard as nodes. The way to recognize potential attackers is by identifying how many identities one user occupies. For example, honest users have only one identity while the attacker has many identities, which the protocol detects.

As Yu and his contributing experts assert, ‘all honest nodes and sybil nodes in the system form a social network’ (Yu et al., 2008), which is precisely demonstrated in the given figure.

Subsequently, if two users are linked without corruptive intent and form an honest relationship, we call that connection an edge. In contrast, any honest user or node that connects with an attacker forms an attack edge. In the process of regulating potential attackers, this graph proves to be effective. Not only does it limit ‘the number of attack edges’ (Yu et al., 2008), it also concludes with the proposition that reliable users don’t need to form any bonds because they already have established friends, whereas, the intention of sybil attackers is to add friends which inevitably dispatches several attack edges. This model allows Sybil Guard to defend social networks against sybil intruders by obstructing and restricting the number of ‘false’ relationships one attacker creates.

 

References:

Yu, H., Kaminsky, M., Gibbons, P. B., & Flaxman A.D. (2008). SybilGuard: Defending against sybil attacks via social networks. IEEE/ACM Transactions on Networking, 16(3), 576-589.

 

 

Advertisements

Sybil Attacks: Sybil Guard or puzzles?

untitled

Sybil Guard is a decentralized system that ‘limits the corruptive influence of Sybil attacks’ (Yu et al., 2008) and determines potential attackers by using a graph system. This innovative system will ensure the verification of Sybil attacks by differentiating links in the graph, between Sybil nodes and human established connections known as honest nodes. In the world of social networking, Sybil Guard works efficiently. Subsequently, this mechanism is comprised with characteristics that will maintain security and trust in online social networking sites by identifying honest and malicious activity among users and networks. These characteristics will include the dissemination of attack edges that are vital to interpret malicious behaviour.

Another algorithm that is proposed is the conception of installing ‘computational puzzles to be solved prior to granting new identities’ (Cordeiro, Santos, Mauch, Barcelos, & Gaspary, 2012). Even though this approach will minimize attackers and the stealth of identities, there is a crucial disadvantage to this protocol. By assigning these puzzles that are targeted to confront sybil activity, honest users are coupled with this intractable task. In defense to this slight flaw, experts recommend higher, more complex puzzles to attackers while genuine users will be conformed to easier puzzles. As a result, by establishing these puzzles, the number of sybil attacks is brought to a minimum without ‘compromising the intrinsic characteristics of P2P networks’ (Cordeiro et al., 2012). In contrast to previous undertaken experiments, this mechanism will possess an ‘adaptive’ puzzle mechanism for identity administration and legitimization. Part 3: Nodes & Attack Edges.

References:

Yu, H., Kaminsky, M., Gibbons, P. B., & Flaxman A.D. (2008). SybilGuard: Defending against sybil attacks via social networks. IEEE/ACM Transactions on Networking, 16(3), 576-589.

Cordeiro, W. L. D., Santos, F. R., Mauch, G. H., Barcelos, M. P., & Gaspary, L. P. (2012). Identity management based on adaptive puzzles to protect P2P systems. Computer Networks, 56(11), 2569-2589.

Sybil Attacks

Social networks take over the world

Recent statistics reveal that over ‘1 billion users are connected through online social networks’ (Chbeir, 2013, n. p.), which is indeed, a staggering figure that calls for our attention. Social networks are exceeding our expectations in the ways we connect, communicate and understand the computerized world of today. However, as the numbers get higher, so should our awareness and understanding increase for the vulnerabilities and threats such networks pose given our excessive interchange of data and identities.

Sybil Attacks                ‘A hidden connection is stronger than an obvious one.’ – Heraclitus

All distributional systems, including social networks, are sensitive to Sybil attacks, which are otherwise known as clone attacks in computer science. The most evident intrusion of counterfeit profiles is seen in social networking sites, where users unintentionally consign their data and ‘identities’ to unknown systems or to possible ‘attackers’ in this case. A Sybil attack is the corruptive act of stealing and manipulating identities in the spheres of networking systems. The attack is established when a ‘malicious user takes on multiple identities and pretends to be multiple, distinct nodes in the system’ (Yu, Kaminsky, Gibbons, & Flaxman, 2008).

Source: Social Media apps [Digital Image], 2013.

Source: Social Media apps [Digital Image], 2013.

There are two main types of systems that are targeted: systems with a trusted authority, which are more reliable, and decentralized systems that are more vulnerable to Sybil attacks. The attackers are less likely to enter trusted systems given the requirement of various security codes and in advance payments. However, there is a certain drawback with the user’s probable refusal to provide the system with confidential and private information. On the other hand, experts are more focused on identifying specific approaches and strategies to accommodate users and prevent Sybil attacks in decentralized systems. As a result, experts and researchers have proposed the inauguration of IP addresses and their close link to an identity. Nonetheless, this strategy proves to be short-term and an ineffective solution given that ‘malicious users can easily harvest IP addresses’ (Yu et al., 2008). As an alternative to these two major systems, experts introduce Sybil Guard, a new defence scheme. In addition, another solution is seen in the problem-solving stratagem to protect identities and systems which will nevertheless prove challenging, both to users and experts alike. Part 2: Sybil Guard or Puzzles?

References:

Yu, H., Kaminsky, M., Gibbons, P. B., & Flaxman A.D. (2008). SybilGuard: Defending against sybil attacks via social networks. IEEE/ACM Transactions on Networking, 16(3), 576-589.

Chbeir, R. (2013). Security and privacy preserving in social networks. Dordrecht, Netherlands: Springer.

A1) Examples – Presumed/Reputed/Surface/Earned Credibility

PRESUMED CREDIBILITY

Sites appertaining to this category usually represent non-profit organisations and their URL end with “.org.”. My example provides alternative links that are highly trustworthy and specialised in the field of nature conservancy and preservation. On the home-page it clearly states that it is a nonprofit, tax-exempt charitable organisation which considerably boosts the site’s credibility and trustworthiness.

Figure 10: Source: The Nature Conservancy homepage [Screenshot], 2014. http://www.nature.org

Figure 10: Source: The Nature Conservancy homepage [Screenshot], 2014. http://www.nature.org

REPUTED CREDIBILITY 

This type of credibility on the web establishes trust and believability by displaying seals of approval such as awards and relies on third-party recommendations. A popular Spanish airline website, Vueling, has gained respect and credibility internationally having won an award for an outstanding website in 2013 by the WMA (Web Marketing Association). In addition, it has obtained an endorsement from IOSA, the most prestigious certification in the airline industry.

 

Figure 9: Source: Vueling homepage [Screenshot], 2014. http://www.vueling.com/en

Figure 9: Source: Vueling homepage [Screenshot], 2014. http://www.vueling.com/en

SURFACE CREDIBILITY 

Surface credibility displays a unified visual design and interface with up-to-date and current information. BBC is deemed highly credible given its professional appearance and current distribution of news. Having too many ads in surface credibility can be disadvantageous to the site’s credibility. In this case, BBC successfully incorporates this tool of commercialisation by including only one compelling advertisement that does not backfire negatively to users.

 

Figure 8: Source: BBC homepage [Screenshot], 2014. http://www.bbc.co.uk

Figure 8: Source: BBC homepage [Screenshot], 2014. http://www.bbc.co.uk

EARNED CREDIBILITY 

The ECU website has recently enhanced their site to a more accessible and easy to navigate concept of design. Being a student at this university, I can say that I am satisfied with the overall receptiveness and convenience of its services. Earned credibility is exemplified in the site’s professional outlook and academic integrity.

Figure 7: Source: ECU homepage [Screenshot], 2014. http://www.ecu.edu.au

Figure 7: Source: ECU homepage [Screenshot], 2014. http://www.ecu.edu.au

Q3) Future Credibility

Cultural changes in society and the communications will greatly impact the user’s understanding and preference of websites in future credibility. Some of the issues that may affect web credibility are:

  • Given the fast-paced computing environment, users will expect a visually captivating and credible informative website at first glance without having to search for external links to clarify the content’s reliability;
  • As technology advances so do the resources for creating a professional website. It will be hard to distinguish whether an expert or amateur is behind the site;
  • Pop-up ads can have a negative impact on the user because it automatically instigates suspicion of malicious and false-leading links that could be detrimental both for the system and the user’s privacy;
  • User’s will expect up-to-date and current information which will showcase the website’s professionalism and commitment;
  • Having to pay or sign-up to gain access to a site will affect the user’s perception negatively;
  • Providing email confirmations after transactions and responsive services will become irrelevant as web designers become more acquainted with this factor of persuasion;
  • Typographical errors will become something that websites looking for reputation will need to pay attention to as users become more effective in identifying what is good with both the visuals and text.

Q2) Wikipedia

Wikipedia ‘enables anyone, anywhere to collaborate, share, post, and edit knowledge content’ (Eijkman, 2010, p. 175.). This source of information resembles an online encyclopaedia that is nevertheless engaging. However, academics state that there are numerous drawbacks which categorise Wiki as not credible and trustworthy. For example, before submitting an assignment, I am always advised by my tutors and lecturers not to use Wikipedia as a reference. The disadvantages of Wikipedia include the following:

  • We are never sure if the information is true or false because of the ‘open’ process of adding and updating information;
  • The validity and expertise of its contributors is not known or acknowledged;
  • Coverage of historical events are inadequately represented while current news is given more attention;
  • Many articles do not include any independent sources which makes it difficult to check the credibility of its outside references (Denning, Horning, Parnas & Weinstein, 2005, p. 152).

The unregulated procedure of adding content without expert scrutiny and peer reviews deems Wikipedia ineligible for educational purposes, especially at university level. In addition, the growing ratification of universal collaboration of Wikipedia coincides with the mindset of Web 2.0 (Eijkman, 2010). It encourages participation and is dependent of its users. On the contrary, prior to the Web 2.0 sensation, scholars and experts were the representatives of trustworthy sources of information. No matter how convincing and enthralling Wikipedia might seem, educators will always advise us to use academic and peer-reviewed sources which guarantees us reliable, relevant and dependable information.

References:

Denning, P., Horning, J., Parnas, D., & Weinstein, L. (2005). Wikipedia risks. Communications of the ACM, 48(12), p. 152.

Eijkman, H. (2010). Academics and Wikipedia: Reframing Web 2.0 as a disruptor of traditional academic power-knowledge arrangements. Campus-Wide Information Systems, 27(3), 173-185.

Q1) Website Credibility

Website credibility is an essential criterion when we are looking for online resources that can provide us with credible and trustworthy information. A significant advantage of credible websites is that they persuade us and manifest a long-term relationship with users while altogether boosting their reputation considerably by using acclaimed, dependable sources and highly accredited operators.

The basis of website credibility lies in its ability to convey information efficiently and make sure that the user’s ‘first impression made within a few seconds’ (Lowry, Wilson & Haig, 2014, p. 63) is instantaneously favourable. The site’s content must comply with the user’s expectations of finding credible information fast and positively.

Being a student at university, I believe the importance of website credibility is crucial for academic success. For example, the requirement of references in our assignments instructs us to use credible sources that incorporate aspects of trustworthiness and expertise equally. In addition, when browsing the net for online sites for relevant information, we must refer to ‘reliability, accuracy, authority and quality’ (Salvendy & Smith, 2009, p. 26) to ensure that we recognise the difference between the respected and the bad in website design and content. Consequently, the student is likely to experience dissatisfaction if it is found that they have relied on deceptive and unreliable sources, such as Wikipedia, to complete an assessment.

To conclude, as Fogg clearly underlines, a balance must be found between the two key components of trustworthiness and expertise to render websites credible and believable (2003, p. 123). This hugely impacts our perception and approval of particular websites in the future.

References:

Fogg, B. J. (2003). Persuasive technology: Using computers to change what we think and do. Amsterdam, Netherlands: Morgan Kaufmann Publishers.

Lowry, P.B., Wilson, D.W., & Haig, W.L. (2014). A picture is worth a thousand words: Source credibility theory applied to logo and website design for heightened credibility and consumer trust. International Journal of Human-Computer Interaction, 30(1), 63-93.

Salvendy, G., & Smith, M.J. (2009). Human interface and the management of information: Symposium on human interface.Düsseldorf, Germany: Springer-Verlag.