Sybil Attack (Blockchain Sybil Attack)

What is a Sybil Attack?

A Sybil attack is a type of cybersecurity threat in which an adversary creates and controls a large number of nodes (or identities) in a peer-to-peer (P2P) network in order to gain a disproportionately large influence over the network.

Advertisements

A network’s vulnerability to this type of attack depends primarily on how quickly and how cheaply new P2P nodes can be created.

Techopedia Explains

Sybil attacks are used to undermine trust and consensus in decentralized systems that rely on redundancy to verify and validate transactions or information. They are a threat to blockchains and other types of P2P networks, including vehicular ad-hoc networks (VANETs) and decentralized Internet of Things (IoT) networks.

  • In the context of blockchains, this type of attack vector is often used to carry out 51% attacks that allow a single bad actor or small group of bad actors to gain control of a blockchain.
  • In the context of VANETs, Sybil attacks have been used in insurance fraud to send fake messages between vehicles and infrastructure components, like traffic lights, in order to intentionally create traffic accidents.
  • In the context of IoT, Sybil attacks have been combined with other types of traditional network attack vectors to disrupt the way interconnected devices in critical infrastructures function.

Sybil attacks were first mentioned in 2002 in a paper by Microsoft researcher John Douceur. The name he gave to this type of pseudonymous attack was inspired by F. R. Schreiber’s book about a woman who was diagnosed with dissociative identity disorder.

The woman, whom the author called Sybil, assumed multiple identities – and this is why network nodes created for this type of attack are referred to as “Sybils.”

Blockchain and Sybil Attacks

Public blockchains like Bitcoin are vulnerable to Sybil attacks because they do not include a verification process that would prevent bogus (synthetic) nodes from joining the network. Private blockchains are generally less vulnerable to Sybil attacks because new nodes usually have to go through a verification process before they can join the network.

Sybil attacks on blockchains are often used as stepping stones to carry out 51% attacks that allow the attacker to:

  • Double-spend cryptocurrency by spending coins and then reversing the transaction;
  • Slow down processing for some types of blockchain transactions;
  • Deliberately exclude or prevent a transaction from being added to the blockchain;
  • Mine blocks faster than the rest of the network and gain a disproportionate share of the network’s mining rewards;
  • Pollute the network with corrupted or malicious data in hopes of skewing consensus algorithms to the attacker’s advantage;
  • Change the blockchain’s rules for consensus;
  • Gather IP addresses and other information about network participants and use that information for malicious purposes;
  • Dictate which changes to a blockchain network will be accepted.

Types of Attacks

Sybil attacks can be categorized as either direct or indirect.

In a direct attack, the malicious nodes interact with genuine (honest) nodes in the protocol in order to manipulate them into taking actions on behalf of the attacker.

Direct attacks can sometimes be easier to detect than indirect attacks, especially when the behavior of malicious nodes is different from that of honest nodes.

In an indirect attack, the attacker uses proxy nodes as intermediaries to mask the actions of the Sybil nodes.

Indirect attacks are more difficult to detect because it is harder to identify which nodes are being used to compromise the network.

How to Prevent Sybil Blockchain Attacks From Being Successful

To defend against Sybil attacks, mechanisms can be put in place that make it prohibitively expensive and/or too technically challenging for an attacker to spawn multiple identities.

These strategies include:

  • Raising the cost of proof-of-stake (PoS) to discourage attackers from creating multiple Sybils;
  • Using delegated proof-of-stake (DPoS) to limit the influence of an attacker’s Sybils;
  • Making proof-of-work (PoW) problems so complex that they require the attacker to purchase additional computational resources;
  • Putting mechanisms in place to detect and react to chain reorganizations;
  • Adding a reputation component that can identify and block malicious actors and limit their ability to create multiple identities;
  • Implementing a cryptographic identity verification mechanism that creates a secure and verifiable identity for each user on the network.
Advertisements

Related Terms

Margaret Rouse

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.