Wireless sensor network nodes (WSN nodes) have limited computing power, storage ca-pacity, conmmunication capabilities and energy and WSN nodes are easy to be paralyzed by Sybil at- tack. In order to prevent Sybil a...Wireless sensor network nodes (WSN nodes) have limited computing power, storage ca-pacity, conmmunication capabilities and energy and WSN nodes are easy to be paralyzed by Sybil at- tack. In order to prevent Sybil attacks, a new key distribution scheme for wireless sensor networks is presented. In this scheme, the key inforrmtion and node ID are associated, and then the attacker is dif-ficult to forge identity ID and the key inforrmtion corresponding to ID can not be forged. This scheme can use low-power to resist the Syhil attack and give full play to the resource advantages of the cluster head. The computing, storage and corrn^ni- cation is rminly undertaken by the cluster head o- verhead to achieve the lowest energy consumption and resist against nodes capture attack. Theoretical analysis and experimental results show that com- pared with the traditional scheme presented in Ref. [14], the capture rate of general nodes of cluster re-duces 40%, and the capture rate of cluster heads reduces 50%. So the scheme presented in this pa-per can improve resilience against nodes capture at- tack and reduce node power consumption.展开更多
Mobile Ad hoc Networks(MANETs)have always been vulnerable to Sybil attacks in which users create fake nodes to trick the system into thinking they’re authentic.These fake nodes need to be detected and deactivated for...Mobile Ad hoc Networks(MANETs)have always been vulnerable to Sybil attacks in which users create fake nodes to trick the system into thinking they’re authentic.These fake nodes need to be detected and deactivated for security reasons,to avoid harming the data collected by various applications.The MANET is an emerging field that promotes trust management among devices.Transparency is becoming more essential in the communication process,which is why clear and honest communication strategies are needed.Trust Management allows for MANET devices with different security protocols to connect.If a device finds difficulty in sending a message to the destination,the purpose of the communication process won’t be achieved and this would disappoint both that device and all of your devices in general.This paper presents,the Two-Tier Multi-Trust based Algorithm for Preventing Sybil Attacks in MANETs(TMTACS).The TMTACS provides a two-tier security mechanism that can grant or revoke trust in the Nodes of the MANET.It’s a smart way to identify Sybil nodes in the system.A proficient cluster head selection algorithm is also defined,which selects cluster head efficiently and does load balancing to avoid resource consumption from a single node only.Also,for routing efficient path is selected to deteriorate energy consumption and maximize throughput.The recent technique is compared with Secured QoS aware Energy Efficient Routing(SQEER),Adaptive Trust-Based Routing Protocol(ATRP),and Secure Trust-Aware Energy-Efficient Adaptive Routing(STEAR)in terms of Packet Delivery Ratio(PDR),consumption of energy etc.The simulation was performed on MATrix LABoratory(MATLAB)and the results achieved by the present scheme are better than existing techniques.展开更多
The Internet of Things(IoT)comprises numerous resource-constrained devices that generate large volumes of data.The inherent vulnerabilities in IoT infrastructure,such as easily spoofed IP and MAC addresses,pose signif...The Internet of Things(IoT)comprises numerous resource-constrained devices that generate large volumes of data.The inherent vulnerabilities in IoT infrastructure,such as easily spoofed IP and MAC addresses,pose significant security challenges.Traditional routing protocols designed for wired or wireless networks may not be suitable for IoT networks due to their limitations.Therefore,the Routing Protocol for Low-Power and Lossy Networks(RPL)is widely used in IoT systems.However,the built-in security mechanism of RPL is inadequate in defending against sophisticated routing attacks,including Sybil attacks.To address these issues,this paper proposes a centralized and collaborative approach for securing RPL-based IoT against Sybil attacks.The proposed approach consists of detection and prevention algorithms based on the Random Password Generation and comparison methodology(RPG).The detection algorithm verifies the passwords of communicating nodes before comparing their keys and constant IDs,while the prevention algorithm utilizes a delivery delay ratio to restrict the participation of sensor nodes in communication.Through simulations,it is demonstrated that the proposed approach achieves better results compared to distributed defense mechanisms in terms of throughput,average delivery delay and detection rate.Moreover,the proposed countermeasure effectively mitigates brute-force and side-channel attacks in addition to Sybil attacks.The findings suggest that implementing the RPG-based detection and prevention algorithms can provide robust security for RPL-based IoT networks.展开更多
As wireless sensor networks (WSN) are deployed in fire monitoring, object tracking applications, security emerges as a central requirement. A case that Sybil node illegitimately reports messages to the master node w...As wireless sensor networks (WSN) are deployed in fire monitoring, object tracking applications, security emerges as a central requirement. A case that Sybil node illegitimately reports messages to the master node with multiple non-existent identities (ID) will cause harmful effects on decision-making or resource allocation in these applications. In this paper, we present an efficient and lightweight solution for Sybil attack detection based on the time difference of arrival (TDOA) between the source node and beacon nodes. This solution can detect the existence of Sybil attacks, and locate the Sybil nodes. We demonstrate efficiency of the solution through experiments. The experiments show that this solution can detect all Sybil attack cases without missing.展开更多
Sybil attacks are one of the most prominent security problems of trust mechanisms in a distributed network with a large number of highly dynamic and heterogeneous devices,which expose serious threat to edge computing ...Sybil attacks are one of the most prominent security problems of trust mechanisms in a distributed network with a large number of highly dynamic and heterogeneous devices,which expose serious threat to edge computing based distributed systems.Graphbased Sybil detection approaches extract social structures from target distributed systems,refine the graph via preprocessing methods and capture Sybil nodes based on the specific properties of the refined graph structure.Graph preprocessing is a critical component in such Sybil detection methods,and intuitively,the processing methods will affect the detection performance.Thoroughly understanding the dependency on the graph-processing methods is very important to develop and deploy Sybil detection approaches.In this paper,we design experiments and conduct systematic analysis on graph-based Sybil detection with respect to different graph preprocessing methods on selected network environments.The experiment results disclose the sensitivity caused by different graph transformations on accuracy and robustness of Sybil detection methods.展开更多
The locator/ID separation paradigm has been widely discussed to resolve the serious scalability issue that today's Internet is facing. Many researches have been carried on with this issue to alleviate the routing ...The locator/ID separation paradigm has been widely discussed to resolve the serious scalability issue that today's Internet is facing. Many researches have been carried on with this issue to alleviate the routing burden of the Default Free Zone (DFZ), improve the traffic engineering capabilities and support efficient mobility and multi-homing. However, in the locator/ID split networks, a third party is needed to store the identifier-to-locator pairs. How to map identifiers onto locators in a scalable and secure way is a really critical challenge. In this paper, we propose SS-MAP, a scalable and secure locator/ID mapping scheme for future Internet. First, SS-MAP uses a near-optimal DHT to map identifiers onto locators, which is able to achieve the maximal performance of the system with reasonable maintenance overhead relatively. Second, SS-MAP uses a decentralized admission control system to protect the DHT-based identifier-to-locator mapping from Sybil attacks, where a malicious mapping server creates numerous fake identities (called Sybil identifiers) to control a large fraction of the mapping system. This is the first work to discuss the Sybil attack problem in identifier-to-locator mapping mechanisms with the best knowledge of the authors. We evaluate the performance of the proposed approach in terms of scalability and security. The analysis and simulation results show that the scheme is scalable for large size networks and can resistant to Sybil attacks.展开更多
Sybil attacks are one kind of well-known and powerful attacks against online social networks (OSNs). In a sybil attack, a malicious attacker generates a sybil group consisting of multiple sybil users, and controls t...Sybil attacks are one kind of well-known and powerful attacks against online social networks (OSNs). In a sybil attack, a malicious attacker generates a sybil group consisting of multiple sybil users, and controls them to attack the system. However, data confidentiality policies of major social network providers have severely limited researchers' access to large-scale datasets of sybil groups. A deep understanding of sybil groups can provide important insights into the characteristics of malicious behavior, as well as numerous practical implications on the design of security mechanisms. In this paper, we present an initial study to measure sybil groups in a large-scale OSN, Renren. We analyze sybil groups at different levels, including individual information, social relationships, and malicious activities. Our main observations are: 1) user information in sybil groups is usually incomplete and in poor quality; 2) sybil groups have special evolution patterns in connectivity structure, including bursty actions to add nodes, and a monotonous merging pattern that lacks non-singleton mergings; 3) several sybil groups have strong relationships with each other and compose sybil communities, and these communities cover a large number of users and pose great potential threats; 4) some sybil users are not banned until a long time after registration in some sybil groups. The characteristics of sybil groups can be leveraged to improve the security mechanisms in OSNs to defend against sybil attacks. Specifically, we suggest that OSNs should 1) check information completeness and quality, 2) learn from dynamics of community connectivity structure to detect sybil groups, 3) monitor sybil communities and inspect them carefully to prevent collusion, and 4) inspect sybil groups that behave normally even for a long time to prevent potential malicious behaviors.展开更多
This paper presents 3RVAV(Three-Round Voting with Advanced Validation),a novel Byzantine Fault Tolerant consensus protocol combining Proof-of-Stake with a multi-phase voting mechanism.The protocol introduces three lay...This paper presents 3RVAV(Three-Round Voting with Advanced Validation),a novel Byzantine Fault Tolerant consensus protocol combining Proof-of-Stake with a multi-phase voting mechanism.The protocol introduces three layers of randomized committee voting with distinct participant roles(Validators,Delegators,and Users),achieving(4/5)-threshold approval per round through a verifiable random function(VRF)-based selection process.Our security analysis demonstrates 3RVAV provides 1−(1−s/n)^(3k) resistance to Sybil attacks with n participants and stake s,while maintaining O(kn log n)communication complexity.Experimental simulations show 3247 TPS throughput with 4-s finality,representing a 5.8×improvement over Algorand’s committee-based approach.The proposed protocol achieves approximately 4.2-s finality,demonstrating low latency while maintaining strong consistency and resilience.The protocol introduces a novel punishment matrix incorporating both stake slashing and probabilistic blacklisting,proving a Nash equilibrium for honest participation under rational actor assumptions.展开更多
基金This paper was supported by the National Science Foundation for Young Scholars of China under Crant No.61001091 .
文摘Wireless sensor network nodes (WSN nodes) have limited computing power, storage ca-pacity, conmmunication capabilities and energy and WSN nodes are easy to be paralyzed by Sybil at- tack. In order to prevent Sybil attacks, a new key distribution scheme for wireless sensor networks is presented. In this scheme, the key inforrmtion and node ID are associated, and then the attacker is dif-ficult to forge identity ID and the key inforrmtion corresponding to ID can not be forged. This scheme can use low-power to resist the Syhil attack and give full play to the resource advantages of the cluster head. The computing, storage and corrn^ni- cation is rminly undertaken by the cluster head o- verhead to achieve the lowest energy consumption and resist against nodes capture attack. Theoretical analysis and experimental results show that com- pared with the traditional scheme presented in Ref. [14], the capture rate of general nodes of cluster re-duces 40%, and the capture rate of cluster heads reduces 50%. So the scheme presented in this pa-per can improve resilience against nodes capture at- tack and reduce node power consumption.
文摘Mobile Ad hoc Networks(MANETs)have always been vulnerable to Sybil attacks in which users create fake nodes to trick the system into thinking they’re authentic.These fake nodes need to be detected and deactivated for security reasons,to avoid harming the data collected by various applications.The MANET is an emerging field that promotes trust management among devices.Transparency is becoming more essential in the communication process,which is why clear and honest communication strategies are needed.Trust Management allows for MANET devices with different security protocols to connect.If a device finds difficulty in sending a message to the destination,the purpose of the communication process won’t be achieved and this would disappoint both that device and all of your devices in general.This paper presents,the Two-Tier Multi-Trust based Algorithm for Preventing Sybil Attacks in MANETs(TMTACS).The TMTACS provides a two-tier security mechanism that can grant or revoke trust in the Nodes of the MANET.It’s a smart way to identify Sybil nodes in the system.A proficient cluster head selection algorithm is also defined,which selects cluster head efficiently and does load balancing to avoid resource consumption from a single node only.Also,for routing efficient path is selected to deteriorate energy consumption and maximize throughput.The recent technique is compared with Secured QoS aware Energy Efficient Routing(SQEER),Adaptive Trust-Based Routing Protocol(ATRP),and Secure Trust-Aware Energy-Efficient Adaptive Routing(STEAR)in terms of Packet Delivery Ratio(PDR),consumption of energy etc.The simulation was performed on MATrix LABoratory(MATLAB)and the results achieved by the present scheme are better than existing techniques.
基金funded by Ajman University,UAE under the Project Grant ID:2022-IRG-ENIT-4,received by R.N.B.R.,https://www.ajman.ac.ae/.
文摘The Internet of Things(IoT)comprises numerous resource-constrained devices that generate large volumes of data.The inherent vulnerabilities in IoT infrastructure,such as easily spoofed IP and MAC addresses,pose significant security challenges.Traditional routing protocols designed for wired or wireless networks may not be suitable for IoT networks due to their limitations.Therefore,the Routing Protocol for Low-Power and Lossy Networks(RPL)is widely used in IoT systems.However,the built-in security mechanism of RPL is inadequate in defending against sophisticated routing attacks,including Sybil attacks.To address these issues,this paper proposes a centralized and collaborative approach for securing RPL-based IoT against Sybil attacks.The proposed approach consists of detection and prevention algorithms based on the Random Password Generation and comparison methodology(RPG).The detection algorithm verifies the passwords of communicating nodes before comparing their keys and constant IDs,while the prevention algorithm utilizes a delivery delay ratio to restrict the participation of sensor nodes in communication.Through simulations,it is demonstrated that the proposed approach achieves better results compared to distributed defense mechanisms in terms of throughput,average delivery delay and detection rate.Moreover,the proposed countermeasure effectively mitigates brute-force and side-channel attacks in addition to Sybil attacks.The findings suggest that implementing the RPG-based detection and prevention algorithms can provide robust security for RPL-based IoT networks.
基金the Specialized Research Foundation for the Doctoral Program of Higher Education(Grant No.20050248043)
文摘As wireless sensor networks (WSN) are deployed in fire monitoring, object tracking applications, security emerges as a central requirement. A case that Sybil node illegitimately reports messages to the master node with multiple non-existent identities (ID) will cause harmful effects on decision-making or resource allocation in these applications. In this paper, we present an efficient and lightweight solution for Sybil attack detection based on the time difference of arrival (TDOA) between the source node and beacon nodes. This solution can detect the existence of Sybil attacks, and locate the Sybil nodes. We demonstrate efficiency of the solution through experiments. The experiments show that this solution can detect all Sybil attack cases without missing.
基金the National Key R&D Program of China(No.2017YFB0802403)the Beijing Natural Science Foundation(No.4202036)+1 种基金the National Natural Science Foundation of China(No.U1733115,No.61871023)the Opening Project of Shanghai Key Laboratory of Inte grated Administration Technologies for Information Security(No.AGK2019001).
文摘Sybil attacks are one of the most prominent security problems of trust mechanisms in a distributed network with a large number of highly dynamic and heterogeneous devices,which expose serious threat to edge computing based distributed systems.Graphbased Sybil detection approaches extract social structures from target distributed systems,refine the graph via preprocessing methods and capture Sybil nodes based on the specific properties of the refined graph structure.Graph preprocessing is a critical component in such Sybil detection methods,and intuitively,the processing methods will affect the detection performance.Thoroughly understanding the dependency on the graph-processing methods is very important to develop and deploy Sybil detection approaches.In this paper,we design experiments and conduct systematic analysis on graph-based Sybil detection with respect to different graph preprocessing methods on selected network environments.The experiment results disclose the sensitivity caused by different graph transformations on accuracy and robustness of Sybil detection methods.
基金supported in part by National Key Basic Research Program of China (973 program) under Grant No.2007CB307101,2007CB307106National Key Technology R&D Program under Grant No.2008BAH37B03+2 种基金Program of Introducing Talents of Discipline to Universities (111 Project) under Grant No. B08002National Natural Science Foundation of China under Grant No.60833002China Fundamental Research Funds for the Central Universities under Grant No.2009YJS016
文摘The locator/ID separation paradigm has been widely discussed to resolve the serious scalability issue that today's Internet is facing. Many researches have been carried on with this issue to alleviate the routing burden of the Default Free Zone (DFZ), improve the traffic engineering capabilities and support efficient mobility and multi-homing. However, in the locator/ID split networks, a third party is needed to store the identifier-to-locator pairs. How to map identifiers onto locators in a scalable and secure way is a really critical challenge. In this paper, we propose SS-MAP, a scalable and secure locator/ID mapping scheme for future Internet. First, SS-MAP uses a near-optimal DHT to map identifiers onto locators, which is able to achieve the maximal performance of the system with reasonable maintenance overhead relatively. Second, SS-MAP uses a decentralized admission control system to protect the DHT-based identifier-to-locator mapping from Sybil attacks, where a malicious mapping server creates numerous fake identities (called Sybil identifiers) to control a large fraction of the mapping system. This is the first work to discuss the Sybil attack problem in identifier-to-locator mapping mechanisms with the best knowledge of the authors. We evaluate the performance of the proposed approach in terms of scalability and security. The analysis and simulation results show that the scheme is scalable for large size networks and can resistant to Sybil attacks.
文摘Sybil attacks are one kind of well-known and powerful attacks against online social networks (OSNs). In a sybil attack, a malicious attacker generates a sybil group consisting of multiple sybil users, and controls them to attack the system. However, data confidentiality policies of major social network providers have severely limited researchers' access to large-scale datasets of sybil groups. A deep understanding of sybil groups can provide important insights into the characteristics of malicious behavior, as well as numerous practical implications on the design of security mechanisms. In this paper, we present an initial study to measure sybil groups in a large-scale OSN, Renren. We analyze sybil groups at different levels, including individual information, social relationships, and malicious activities. Our main observations are: 1) user information in sybil groups is usually incomplete and in poor quality; 2) sybil groups have special evolution patterns in connectivity structure, including bursty actions to add nodes, and a monotonous merging pattern that lacks non-singleton mergings; 3) several sybil groups have strong relationships with each other and compose sybil communities, and these communities cover a large number of users and pose great potential threats; 4) some sybil users are not banned until a long time after registration in some sybil groups. The characteristics of sybil groups can be leveraged to improve the security mechanisms in OSNs to defend against sybil attacks. Specifically, we suggest that OSNs should 1) check information completeness and quality, 2) learn from dynamics of community connectivity structure to detect sybil groups, 3) monitor sybil communities and inspect them carefully to prevent collusion, and 4) inspect sybil groups that behave normally even for a long time to prevent potential malicious behaviors.
文摘This paper presents 3RVAV(Three-Round Voting with Advanced Validation),a novel Byzantine Fault Tolerant consensus protocol combining Proof-of-Stake with a multi-phase voting mechanism.The protocol introduces three layers of randomized committee voting with distinct participant roles(Validators,Delegators,and Users),achieving(4/5)-threshold approval per round through a verifiable random function(VRF)-based selection process.Our security analysis demonstrates 3RVAV provides 1−(1−s/n)^(3k) resistance to Sybil attacks with n participants and stake s,while maintaining O(kn log n)communication complexity.Experimental simulations show 3247 TPS throughput with 4-s finality,representing a 5.8×improvement over Algorand’s committee-based approach.The proposed protocol achieves approximately 4.2-s finality,demonstrating low latency while maintaining strong consistency and resilience.The protocol introduces a novel punishment matrix incorporating both stake slashing and probabilistic blacklisting,proving a Nash equilibrium for honest participation under rational actor assumptions.
