基于社交关系的DHT网络Sybil攻击防御

删除或更新信息，请邮件至freekaoyan#163.com(#换成@)

清华大学辅仁网/2017-07-07

韩心慧(

),肖祥全,张建宇,刘丙双,张缘

Sybil defenses in DHT networks based on social relationships

Xinhui HAN(

),Xianquan XIAO,Jianyu ZHANG,Bingshuang LIU,Yuan ZHANG

Institute of Computer Science and Technology, Peking University, Beijing 100871, China

摘要:

HTML
输出: BibTeX | EndNote (RIS) 背景资料

文章导读

摘要Sybil攻击通过恶意伪造大量虚假身份,破坏对等网络(P2P)网络中正常节点的寻路过程,是分布式Hash表网络(distributed Hash table, DHT)中主要的安全威胁。该文利用社交网络中社交关系的高可信度以及伪造难度大等特点,设计了Social-DHT方法以缓解DHT网络中Sybil攻击的影响。该方法采用基于社交关系的随机游走策略以构建相对可信的路由表,继而可以有效抵御Sybil恶意节点的影响,实现安全、高效的寻路过程。此外对该方法建立模型,对路由表的可信性和寻路阶段的成功概率进行了理论分析。仿真实验表明: 在有10 000条攻击边的情况下节点路由表中Sybil节点比例不超过3%, 搜索成功率则能够达到99%, 并且在搜索速度和带宽开销等方面优于已有的算法。

关键词 ：对等网络(P2P),分布式Hash表(DHT),Sybil攻击,社交网络

Abstract：The Sybil attack, which creates a large amount of fake node identities to break the normal routing process in the peer-to-peer (P2P) networks, is the main threat faced by distributed networks. A Social-DHT protocol was developed using the properties of social relationships to mitigate Sybil attacks in distributed Hash table (DHT) networks using random walks over the social relationships. In addition, a model is given using a formalized definition to analyze the successful probability of searches. Simulations show that the Social-DHT routing table includes less than 3% of the Sybil nodes when there are 10000 attack edges and the successful search ratio reaches 99%, which is better than existing methods.

Key words：peer-to-peer (P2P)distributed Hash table (DHT)Sybil attack social networks

收稿日期: 2013-12-01 出版日期: 2015-04-16

ZTFLH:

基金资助:

引用本文:

韩心慧, 肖祥全, 张建宇, 刘丙双, 张缘. 基于社交关系的DHT网络Sybil攻击防御[J]. 清华大学学报（自然科学版）, 2014, 54(1): 1-7.
Xinhui HAN, Xianquan XIAO, Jianyu ZHANG, Bingshuang LIU, Yuan ZHANG. Sybil defenses in DHT networks based on social relationships. Journal of Tsinghua University(Science and Technology), 2014, 54(1): 1-7.

链接本文:

http://jst.tsinghuajournals.com/CN/或 http://jst.tsinghuajournals.com/CN/Y2014/V54/I1/1

图表:

社交网络与DHT网络的映射关系示意图

Social-DHT节点行为流程图

在社交关系网络图中的一次随机游走示意图

不同步长的随机游走终点概率累积分布图

7比特等分后各ID子空间buddy节点数量分布图

一轮更新后获得buddy节点数量统计图

一轮更新后获得sibling节点数量统计图

Sybil攻击下目标搜索成功率累积分布图

实验方法	随机游走步长ω	路由表参数	查询轮次	询问节点
Whanau	5	r_f=100 r_d=100 r_s=100	20	20
Social-DHT	5	r_b=128 r_s=25	5	8

Social-DHT与Whanau对比实验参数

Social-DHT与Whanau路由表恶意节点比例对比

Social-DHT与Whanau建立路由表带宽开销对比

Social-DHT与Whanau获得数据所需消息量对比

参考文献:

[1]	Steinmetz R. Peer-to-Peer Systems and Applications [M]. Berlin, Germany:Springer, 2005.
[2]	Ratnasamy S, Francis P, Handley M, et al.A Scalable Content-Addressable Network [M]. Danvers, USA:Association for Computing Machinery, 2001.
[3]	Rowstron A, Druschel P. Pastry: Scalable, decentralized object location, and routing for large-scale peer-to-peer systems [C]// Middleware 2001. Berlin, Germany:Springer, 2001: 329-350.
[4]	Stoica I, Morris R, Karger D, et al.Chord: A scalable peer-to-peer lookup service for internet applications [J]. ACM SIGCOMM Computer Communication Review, 2001, 31(4): 149-160.
[5]	Maymounkov P, Mazieres D. Kademlia: A peer-to-peer information system based on the xor metric [C]// Peer-to-Peer Systems. Berlin, Germany: Springer, 2002: 53-65.
[6]	Douceur J R. TheSybil attack [C]// Peer-to-Peer Systems. Berlin, Germany: Springer, 2002: 251-260.
[7]	Castro M, Druschel P, Ganesh A, et al.Secure routing for structured peer-to-peer overlay networks[J]. ACM SIGOPS Operating Systems Review, 2002, 36(SI): 299-314.
[8]	WANG Honghao, ZHU Yingwu, HU Yiming. An efficient and secure peer-to-peer overlay network [C]// The IEEE Conference on Local Computer Networks 30th Anniversary. Washington DC, USA: IEEE Press, 2005: 764-771.
[9]	Bazzi R A, Konjevod G. On the establishment of distinct identities in overlay networks[J]. Distributed Computing, 2007, 19(4): 267-287.
[10]	ZHANG Ren, ZHANG Jianyu, CHEN Yu, et al.Making eclipse attacks computationally infeasible in large-scale DHTs [C]// Performance Computing and Communications Conference (IPCCC), 2011 IEEE 30th International. Washington DC, USA: IEEE Press, 2011: 1-8.
[11]	Rowaihy H, Enck W, McDaniel P, et al. Limiting sybil attacks in structured peer-to-peer networks [C]// IEEE Infocom Mini-Symposium. Washington DC, USA: IEEE Press, 2005.
[12]	Mittal P, Caesar M, Borisov N. X-Vine: Secure and pseudonymous routing using social networks [Z/OL]. (2013-10-13), http://arxiv.org/pdf/1109.0971.pdf.
[13]	Lesniewski-Lass C, Kaashoek M F. Whanau: Sybil-Proof Routing with Social Networks, Technical Report MIT-CSAIL-TR-2009-045 [R]. Cambridge, USA: Massachusetts Institute of Technology, 2009.
[14]	Lesniewski-Lass C, Kaashoek M F. Whanau: A sybil-proof distributed hash table [C]// 7th USENIX Symposium on Network Design and Implementation. Boston, USA: ACM SIGCOMM Computer Communication Review, 2010: 3-17.
[15]	Marti S, Ganesan P, Garcia-Molina H. SPROUT: P2P routing with social networks [C]// Current Trends in Database Technology-EDBT 2004 Workshops. Berlin, Germany: Springer, 2005: 425-435.
[16]	Hardt D. The OAuth 2.0 Authorization Framework [Z/OL]. (2013-10-13), http://tools.ietf.org/html/rfc6749.
[17]	Sina Corp. Sina Weibo Oauth API [Z/OL]. (2013-10-13), http://open.weibo.com/wiki/Oauth.
[18]	Renren Corp. Renren Oauth Wiki [Z/OL]. (2013-10-13), http://wiki.dev.renren.com/wiki/Authentication.
[19]	Tencent Corp. Tencent Weibo Oauth Wiki [Z/OL]. (2013-10-13), http://wiki.open.t.qq.com/index.php/OAuth授权说明.
[20]	Mitzenmacher M, Upfal E. Probability and computing: Randomized algorithms and probabilistic analysis [M]. Cambridge, UK: Cambridge University Press, 2005.
[21]	Viswanath B, Mislove A, Cha M, et al.On the evolution of user interaction in facebook [C]// Proceedings of the 2nd ACM Workshop on Online Social Networks. Danvers, USA: Association for Computing Machinery, 2009: 37-42.

[1]	朱涵钰,吴联仁,吕廷杰. 社交网络用户隐私量化研究: 建模与实证分析[J]. 清华大学学报（自然科学版）, 2014, 54(3): 402-406.