User:Seh925/sandbox

Sybil Attack is an attack occurring in peer-to-peer networks where the network operates multiple identities at the same time and undermines the authority/power in reputation systems. The objective of the attack is to gain the majority of influence in the network to carry out illegal actions in the system. A computer has the capability to create and operate multiple identities. To outsiders, these fake identities seem to be real.

The name sybil comes from a book by the same name. Written by Flora Rheta Schreiber in 1973, the novel explores the treatment of Sybil Dorsett, a women diagnosed with dissociative identity disorder. The name was suggested by John R. Douceur, a Microsoft researcher, in 2002.

Description
Peer-to-Peer systems function on the existence of multiple, independent entities to diminish the threat of hostile peers. Systems replicate storage tasks among several sites in order to protect against data loss. Other systems will fragment tasks to avoid data leakage. In each case, creating pseudonymous identities requires the ability to determine whether two different entities are actually different. If the local entity (site) does not have direct knowledge of its remote entities (accounts,) it perceives each as seperate identities. The system then looks to ensure that each entity belongs to a specific identity. When this does not happen, the local entity (site) selects a group of identities to perform a remote operation over and over again. This allows the system to be tricked into selecting a remote entity (account) multiple times. Hackers use the sybil attack method to rig elections, leak personal information and comprise the integrity of entities like BitCoin, among other things.

Sybil attacks are carried out through Tor networks. Tor networks allow users to be concealed from location trackers and are used in order for the attacker to remain completely anonymous.

Types of sybil attacks include direct and indirect. Direct sybil attacks include honest entities being directly affected by pseudonymous entities. Indirect sybil attacks occur when honest entities are attacked by entities that have been in direct contact with pseudonymous entities. The middle entity is compromised because of the pseudonymous accounts malicious influence.

Example
Most sybil attacks are carried out through entities such as BitCoin, but can happen anywhere. Recently, a sybil attack occurred in Russian interference in United States’ elections. During this sybil attack, multiple fake Facebook accounts were made. Because Facebook was used and was not created specifically for this sybil attack, the attack was referred to as a pseudo-sybil attack. Sybil attacks are easy to conceal, making it difficult to tell when a single entity has control over several accounts. Facebook did not realize the extent of fake accounts on their platform until internal investigations after much of the damage was already done.

Amazon sellers also partake in forms of Sybil Attack. These seller purchase fake reviews from accounts around the world in order to trick users into thinking their product is reliable even though the product might not be good quality.

Fake Reddit accounts are also made in order to upvote posts made by various companies or causes.

A successful Sybil attack against a blockchain or file transfer network would allow attackers control over the network. If these fake identities are recognized by the network, they might be able to vote on behalf of various proposals or interrupt the flow of information across the network.

Sybil attacks might also influence the type of information reaching each user, influencing databases through censorship.

Prevention
The are multiple ways peer networks can avoid sybil attacks. Cost to create an identity, chain of trust and unequal reputation are some of the most common ways to prevent sybil attack.

One of the most effective ways of preventing sybil attack is raising the cost to create an identity. Because identities can map to entities on a several to one ratio, it needs to be more difficult to create an identity. Raising the cost of creating even just one identity will make it less likely for hackers to create several.

Trust systems are another way to avoid sybil attack. Some entities may only allow users to create accounts after longtime, trusted users have sent them an invitation. Probationary systems where accounts can only be confirmed if they have been active for a period of time are also ways to prevent attacks. Tow-factor questions and identity verification may also be used in trust systems.

The last way to avoid sybil attack is to weight the power a user has based on their reputation. By implementing this practice, new users would not be allowed to gain much access of the system because they would not be granted enough power.

These methods are most powerful when used together. The more precautionary protection a system has, the better the system will stand against a sybil attack.