Sybil attack

Different types of Sybil attacks:

• Whitewash attack - node with low reputation leaves the network and comes back with new id. It's a very imporant threat to Golem network. There always will be some losses done by cheating whitewashers, but they should be relatively small. One solution is to have a good identity scheme that will make impossible to create too many active new identities in the short time.

  Free-Riding and Whitewashing in Peer-to-Peer Systems

  There are two ways to counter whitewashing attacks. The first is to require the use of free but irreplaceable pseudonyms, e.g., through the assignment of strong identities by a central trusted authority. In the absence of such mechanisms, it may be necessary to impose a penalty on all newcomers, including both legitimate newcomers and whitewasher

• Spartacus attack - in this version of Sybile attack node claims to have the same id as some other existing node. If a network id is a public key from elliptic curves cryptography and messages are signed and encrypted, than it's rather impossible to imitate this attack.

• Eclipse attack - in this attack attacker controls a large number of nodes which allows him to seperate network into subnetworks or encompass a good node by controlling most of its neighbours. To avoid this attack firstly there should be a mechanism that allows to prevent Spartacus attack, secondly there should a proper network topology that assure that neighbourhood is quite random. Kademlia-based topology should be sufficient.

See authentication page for potential Sybil attack prevention methods.

Prevention described by Traupman (Resisting Sybils in Peer-to-peer Markets)

One proposed solution is to enforce a one-to-one correspondence between online pseudonyms and real people using a third party service created to guarantee the authenticity of pseudonyms

An alternative solution is to use economic effects to control the creation of sybils. If we attach a cost to creating user accounts and conducting transactions, it may be possible to render both sybil attacks and fake transactions between real users uneconomical

A related approach (...) makes users pay a computational cost or pass a CAPTCHA when creating an account in order to foil automated attempts to register hundreds of accounts.

DOS Attacks

1. Flood the network with bogus packets, preventing legitimate network traffic.
2. Flood the network in fastidious computation.

**Solution: **

Attacks on Peer-to-peer network:

A widely technique to hinder DOS attacks is "pricing" Requesting computation requires solving some puzzles or paying for request

There is also a possibility to use an Anonymous Overlay Network that is hiding nodes IP addresses. One potential implementation of such Overlay is called Tarzan and provides either servers or clients anonymity. Packets are routed through anonymity tunnel - relay. Nodes for relay are selected randomly. Packet is encrypted several times, each node on the route decrypt only one layer and transfer message further, so each realy knows only previous and next node.

Man-in-the-middle Attack

Solution encrypt and sign all communication between peers.

Literature:

• An Analysis of Social Network-Based Sybil Defenses
• SybilControl: Practical Sybil Defense with Computational Puzzles
• Hashcash
• Defending against Sybil Nodes in BitTorrent
• Computational puzzle as Sybil defense
• Peer to Peer Networking and Applications - mentions Spartacus attack
• Attacks on Peer-to-Peer Networks - mentions Eclipse attack
• Attacks Against Peer-to-Peer Netowrks and Countermeasures - mentions Eclipse attack
• Resisting Sybil in Peer-to-peer Markets