The ‘Origin’ of Sybil Attacks
In 1973, The book “Sybil” was written by Flora Rheta Schreiber, recounting the true life story of a woman named Shirley Ardell Mason, who suffered from Dissociative Identity Disorder (DID), which is also known as Multiple Personality Disorder.
What Happened to Shirley?
Shirley was sexually abused by her mother (who people believed was suffering from schizophrenia) as a child. She grew up to having blackouts and emotional breakdowns due to her traumatic childhood. Shirley sought therapy. She met a psychoanalyst named Dr. Wilbur.
Shirley was under Dr. Wilbur’s care for about 11 years, while her condition went on to become a thing of debate among physicians and scientists.
Dr. Wilbur’s diagnosis had shown that Shirley had 16 different personalities, since she was suffering from Dissociative Identity Disorder.
Shirley, together with her therapist — Dr. Wilbur, and a writer — Flora Rheta Schreiber, collaborated to write the book — “Sybil” in 1973.
Sybil Attack
Just like Shirley had 16 different personalities, a Sybil attacker creates as many fake identities as they need to take over networks of computers. The more reason why this kind of attack is named after Sybil Dorsett — Shirley’s character in the book 'Sybil’.
Considering cyber security, Sybil attack occurs when an attacker creates multiple fake identities, with the aim of exploiting vulnerabilities in a system.
This is synonymous to someone creating multiple social media accounts, with the sole purpose of exploiting other social media users.
Sybil attack is a kind that hackers use to gain large control and influence over networks of computers. For instance, in a Bitcoin network, miners and other people who maintain network nodes, vote to make a decision. This voting process decides whatever the situation is. A Sybil attacker can create multiple identities on the network and vote for as many identities under their control.
Sybil attack became more prevalent since the existence of blockchain technology. It can disrupt the functionality of a network completely.
Attacking the Blockchain
In the blockchain network, voting is done to agree on various transaction validity without compromising the integrity of the ledger. A sybil attacker will create multiple fake identities and distribute them across the network. They will go ahead to control their various fake identities, leading to manipulated, unauthorized modifications of transactions and the blockchain history, in general.
A Sybil attack can also interrupt the normal operations of a blockchain network, by overwhelming the network with different transactions and requests, hereby slowing down network’s performance on the blockchain. This is basically a form of DoS (denial of service) attack, preventing legitimate users from carrying out transactions on the blockchain.
Detecting Sybil Attacks
Here are some signs that a network is under the threat of a Sybil attack.
- Abnormal Network Behavior: A sudden increase of nodes within a blockchain network may be a sign of Sybil attack. It may indicate an attempt to overwhelm the system’s network.
- Irrational Role distribution: There are blockchain systems where identities and nodes have specific roles, a Sybil attack may result in an uneven distribution of these roles.
- Absence of Resource Proof: Some networks require proof-of-work, or proof-of-stake, the absence of an authentic resource proofs from a more than normal number of nodes should become immediately suspicious. It is indicating the presence of fake identities, it could be a Sybil attack.
There are 2 major types of Sybil attacks
Indirect Attacks
An indirect Sybil attack is one that uses fake nodes/identities to interact with authentic nodes using an intermediary known as proxy nodes.
The goal of an indirect attack is to manipulate the original nodes to taking actions that align with an attacker’s interest. The communication between fake nodes and the original nodes is done through proxy/intermediary nodes. These proxy nodes mask the intentions of a fake node, thereby making it hard to detect.
Direct Attacks
In a direct attack, the fake nodes interact one-on-one with the original nodes. This attack is very straightforward, the fake nodes mimics the identity of the original nodes, making it difficult for the original node to detect the illegitimacy of the fake nodes.
Since the original nodes will not realize the Sybil nodes are fake, they interact and become influenced by the fake nodes.
Preventing Sybil Attacks
When a Sybil attack has been successfully carried out, they take control of the entire network and can block or reverse transactions on the network. They basically alter the way a network is being run by disrupting the operational processes of the network.
Here are some ways to prevent Sybil attacks on the blockchain.
- Proof-of-Work Validation Model: Implementing authentication processes, like the proof-of-work (PoW) or the proof-of-stake (PoS) will make it easy to detect a fake identity on the network.
Proof-of-Work requires each user to present an evidence that they used their own computational efforts to solve cryptographic problems. They earn rewards in the form of cryptocurrencies for the problems solved.
- Network Monitoring: Checking through the blockchain network for suspicious activities, like unusually high number and frequencies of transactions form specific nodes, will make it easy to detect when fake identities try to gain access into the network.
- Trust Graphs: This is achieved by monitoring the relationships and interactions between different nodes. By monitoring these relationships, it becomes easy to limit the extent of damage done by the Sybil nodes when they interact with the other original nodes.
- Software Defenses: There are now different defense protocols built specifically against Sybil attacks. Protocols like — Kademlia and Imperva are fighters against Sybil attacks.
Sybil attack is a leading cyber threat in blockchain technology. As much as preventive measures are in place, it doesn’t totally erase the probability of a network being attacked.