observable non-sybil quorums construction in one-hop wireless ad hoc networks
DESCRIPTION
DSN 2010 Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc NetworksTRANSCRIPT
![Page 1: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/1.jpg)
Observable Non-Sybil Quorums
Construction in One-Hop
Wireless Ad Hoc Networks
D. Mónica, J. Leitão, C. Ribeiro, L. RodriguesINESC-ID / IST
![Page 2: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/2.jpg)
The Sybil Attack
![Page 3: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/3.jpg)
The Sybil Attack
The Sybil Attack happens when a malicious node participates with multiple identities in a system
![Page 4: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/4.jpg)
The Sybil Attack
The Sybil Attack happens when a malicious node participates with multiple identities in a system
![Page 5: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/5.jpg)
The Sybil Attack
The Sybil Attack happens when a malicious node participates with multiple identities in a system
![Page 6: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/6.jpg)
The Sybil Attack
The Sybil Attack happens when a malicious node participates with multiple identities in a system
![Page 7: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/7.jpg)
Doomsday
![Page 8: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/8.jpg)
Existing Techniques
Trusted Certification
Social Graphs
Resource Testing
Radio resource tests (RRT)
Computational resource tests (CRT)
Domain Specific
Mobility patterns detection
![Page 9: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/9.jpg)
Objectives
Efficient techniques to mitigate the Sybil attack in Wireless Ad Hoc Networks:
Ensuring:
No node pre-configuration
Byzantine-node tolerance
Scalability
![Page 10: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/10.jpg)
Our Solution
Create a quorum of identities, not affected by the Sybil attack, in which all other correct nodes trust.
![Page 11: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/11.jpg)
Problem Statement
![Page 12: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/12.jpg)
Non-Sybil Quorum
Construction Provides each correct node i with a quorum
NSQi with the following properties: Q-Size. Each delivered quorum has size q. Probabilistic Sybil-free. With a probability
arbitrarily close to 1, in any quorum NSQi the number of identities that have been proposed by the f malicious nodes is no larger than f.
Probabilistic Partial Consistency. With a probability arbitrarily close to 1, the intersection of the quorums delivered to all correct nodes has, at least, q-f identities from correct nodes .
![Page 13: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/13.jpg)
Nodes VS Identities
One correct node proposes to the system one identity.
To an identity proposed by a correct node, we call correct identity.
![Page 14: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/14.jpg)
Nodes VS Identities
One malicious node may propose to the system multiple identities.
Malicious nodes may collude to defend their malicious identities.
![Page 15: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/15.jpg)
Non-Sybil Quorum Construction -
Example
In this network, f = 1, and q = 3f + 1 .
![Page 16: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/16.jpg)
Non-Sybil Quorum Construction -
Example
In this network, f = 1, and q = 3f + 1 .
![Page 17: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/17.jpg)
Non-Sybil Quorum Construction -
Example
Node
Quorum
![Page 18: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/18.jpg)
Non-Sybil Quorum Construction -
Example
Node
Quorum
![Page 19: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/19.jpg)
Non-Sybil Quorum Construction -
Example
Node
Quorum
![Page 20: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/20.jpg)
Node
Quorum
Non-Sybil Quorum Construction -
Example
![Page 21: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/21.jpg)
Node
Quorum
Non-Sybil Quorum Construction -
Example
![Page 22: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/22.jpg)
All Quorums have size q.
NSQ Guarantees
Non-Sybil Quorum Construction -
Example
Node
Quorum
![Page 23: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/23.jpg)
All Quorums have size q.
NSQ Guarantees
Non-Sybil Quorum Construction -
Example
Node
Quorum
![Page 24: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/24.jpg)
All Quorums have size q.
No malicious node was able to propose more than one identity in any correct node’s quorum.
Malicious nodes can propose different identities to different correct node’s quorum.
NSQ Guarantees
Non-Sybil Quorum Construction -
Example
Node
Quorum
![Page 25: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/25.jpg)
All Quorums have size q.
No malicious node was able to propose more than one identity in any correct node’s quorum.
Malicious nodes can propose different identities to different correct node’s quorum.
NSQ Guarantees
Non-Sybil Quorum Construction -
Example
Node
Quorum
![Page 26: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/26.jpg)
All Quorums have size q.
No malicious node was able to propose more than one identity in any correct node’s quorum.
Malicious nodes can propose different identities to different correct node’s quorum.
At the end of the algorithm, there is a majority of q-f correct identities, in every node’s quorum.
NSQ Guarantees
Non-Sybil Quorum Construction -
Example
Node
Quorum
![Page 27: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/27.jpg)
All Quorums have size q.
No malicious node was able to propose more than one identity in any correct node’s quorum.
Malicious nodes can propose different identities to different correct node’s quorum.
At the end of the algorithm, there is a majority of q-f correct nodes, in every node’s quorum.
NSQ Guarantees
Non-Sybil Quorum Construction -
Example
Node
Quorum
![Page 28: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/28.jpg)
All Quorums have size q.
No malicious node was able to propose more than one identity in any correct node’s quorum.
Malicious nodes can propose different identities to different correct node’s quorum.
At the end of the algorithm, there is a majority of q-f correct nodes, in every node’s quorum.
NSQ Guarantees
Non-Sybil Quorum Construction -
Example
Node
Quorum
![Page 29: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/29.jpg)
Solution
![Page 30: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/30.jpg)
Model
One-hop radio neighborhood.
Reliable communication channels (no omissions).
Synchronous communication.
Limit to the maximum number of transmissions a node is able to do, in a given time-period.
Collision detection mechanism.
![Page 31: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/31.jpg)
Approach
Verify if a group of identities possesses the expected aggregated amount of resources that they would, if they belonged to different nodes.
Radio Resource Tests (RRT)
Computational Resource Tests (CRT)
…
Resource Tests:
![Page 32: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/32.jpg)
Solution Overview
![Page 33: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/33.jpg)
Solution Overview
![Page 34: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/34.jpg)
Cooperative Nonce Generation
We propose a new algorithm for cooperative nonce generation.
A nonce has the following properties: Randomness Freshness
Every node should agree on the same nonce, one that malicious nodes cannot deterministically influence.
Correct Nonce
![Page 35: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/35.jpg)
Nonce generation
STEP - 0
![Page 36: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/36.jpg)
Nonce generation
STEP - 1
![Page 37: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/37.jpg)
Nonce generation
STEP - 2
![Page 38: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/38.jpg)
Nonce generation
STEP - 3
![Page 39: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/39.jpg)
Nonce generation
STEP - 3
Collision
![Page 40: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/40.jpg)
Nonce generation
STEP - 3
NULL
![Page 41: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/41.jpg)
Nonce generation
STEP - 4
NULL
![Page 42: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/42.jpg)
Nonce generation
STEP - 5
NULL
![Page 43: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/43.jpg)
Nonce generation
STEP - 6
NULL
![Page 44: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/44.jpg)
Nonce generation
NONCE = HASH ( )
One contribution from a correct node is enough to guarantee the correctness of the nonce.
NULL
![Page 45: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/45.jpg)
Solution Overview
![Page 46: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/46.jpg)
Solution Overview
![Page 47: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/47.jpg)
Computational Resource Test
Use the computational constraints of the nodes, to hinder the proposal of more than one malicious identity (using crypto-puzzles).
Intuition:
We developed a modified version of Hashcash (Back 2004), the Trusted Hashcash.
Premise:
Each node has a limited computational resources
![Page 48: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/48.jpg)
Trusted Hashcash
It is based on the assumption that exists a fresh and random nonce.
Answer
![Page 49: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/49.jpg)
Computational Resource Tests
Tests with a probabilistic resolution time are unable to eliminate every additional malicious identity.
![Page 50: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/50.jpg)
Solution Overview
![Page 51: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/51.jpg)
Solution Overview
![Page 52: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/52.jpg)
Radio Resource Tests
Premise: Each node possesses a single radio device.
Nodes with more than one radio device, are treated as multiple colluding nodes.
Use the limitations of radio devices to assess if distinct identities belong to different radio devices (nodes).
Intuition:
![Page 53: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/53.jpg)
Sender Test (SST)
It is based on the assumption that radio devices are unable to transmit in more than one channel simultaneously.
![Page 54: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/54.jpg)
Sender Test (SST)
It is based on the assumption that radio devices are unable to transmit in more than one channel simultaneously.
![Page 55: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/55.jpg)
Sender Test (SST)
The challenger nodes is unable to listen simultaneously on more than one channel:
The test is repeated r times.
![Page 56: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/56.jpg)
Radio Resource Tests
Weak scalability, but able to detect additional malicious identities w.h.p.
![Page 57: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/57.jpg)
Summary
![Page 58: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/58.jpg)
Non-Sybil Quorum
Observations:
Radio Resource Tests are able to eliminate additional malicious identities. However, they do not scale with the increase in the number of identities.
Computational Resource Tests, while scalable, are not capable of eliminating every additional malicious identity.
Use the advantages of each of the resource tests, to create a quorum without additional malicious identities, in an efficient and scalable fashion.
Intuition:
![Page 59: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/59.jpg)
Non-Sybil Quorum
Nonce Generation
![Page 60: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/60.jpg)
Non-Sybil Quorum
CRT
Nonce Generation
![Page 61: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/61.jpg)
Non-Sybil Quorum
Nonce Generation
RRT
CRT
![Page 62: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/62.jpg)
Non-Sybil Quorum
RRT
CRT
Nonce Generation
![Page 63: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/63.jpg)
Non-Sybil Quorum
![Page 64: Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks](https://reader035.vdocument.in/reader035/viewer/2022070303/5495436ab479598d538b47fb/html5/thumbnails/64.jpg)
Final Remarks
We proposed an algorithm that allows the creation of a Non-Sybil quorum in an one-hop wireless network.
The algorithm is based on two distinct resource tests, in order to be scalable.
In the paper we also present: Proof sketches of all the quorum properties. Details on how we handle colluding malicious
nodes.
As future work, we plan on extending the NSQ algorithm to multi-hop wireless networks