Persea : A Sybil-Resistant Social DHT

ABSTRACT

P2P systems are inherently vulnerable to Sybil attacks, in which an attacker can have a large number of identities and use them to control a substantial fraction of the system. We propose Persea, a novel P2P system that is more robust against Sybil attacks than prior approaches. Persea derives its Sybil resistance by assigning IDs through a bootstrap tree, the graph of how nodes have joined the system through invitations. We argue that this is a more realistic way of incorporating social network information into a P2P system than assuming, as most related work does, that the P2P system has access to social network connections. More specifically, a node joins Persea when it gets an invitation from an existing node in the system. The inviting node assigns a node ID to the joining node and gives it a chunk of node IDs for further distribution. For each chunk of ID space, the attacker needs to socially engineer a connection to another node already in the system. This hierarchical distribution of node IDs confines a large attacker botnet to a considerably smaller region of the ID space than in a normal P2P system. We then build upon this hierarchical ID space to make a distributed hash table (DHT); our DHT is based on the Kad network. The Persea DHT uses a replication mechanism in which each (key,value) pair is stored in nodes that are evenly spaced over the network. Thus, even if a given region is occupied by attackers, the desired (key,value) pair can be retrieved from other regions. We evaluate Persea in simulations with the wiki-Vote (7115 honest nodes) and soc-Epinions1 (75879 honest nodes) social network datasets. We compare our results with Kad, Whanau, and X-Vine and show that Persea is a better solution against Sybil attacks. We also study an advanced attack model to explore the robustness of Persea and show that more sophisticated attack strategies do not significantly reduce Persea’s lookup success rate.

Award ID: 0954133