Sybil attack
Sybil attacks occur within a peer-to-peer network by utilizing a single node to control many artificially-created Sybil identities simultaneously. The goal of this attack is to take control over an existing centralized or decentralized group that already owns most of the network by using those created Sybil identities.
If the attack succeeds, the attacker would be able to perform unauthorized actions within the system, through tricking the system and users to perceive all actions made by the attacker to be legitimate. Due to the nature of peer-to-peer networks that is built upon consensus, as long as majority agrees, any operation including fraudulent ones are considered legitimate to the network.
Sybil attacks are generally classified to be high severity as it could have a damaging impact to the blockchain as a whole. The attack depends on multiple potential weaknesses of the setup on the target blockchain is, like how exploitable the node creation process is, the effectiveness of the node validation system and incentive for exploitation.
Overview
Sybil attacks can be split into 2 types, direct and indirect. Both achieve the same result but have different methods to go about achieving it.
Direct Sybil Attack
Direct sybil attack happens when an attacker node directly tries to affect other authentic nodes within the network, gaining control over them to take actions.
This attack avoids detection as authentic nodes that perform said detection will be unable to know that the fake nodes are not legitimate.
Indirect Sybil Attack
Unlike direct sybil attacks, indirect sybil attacks occurs when falsified nodes interact with one or more nodes connected to the authentic nodes.
For this variation, the attackers use proxies to position themselves between the Sybil nodes and the authentic nodes, representing a single or few points of failure. Therefore making the exploitation possible through intermediary nodes, making it less detectable compared to direct sybil attacks.
Impact
Breach of Privacy
Since blockchain technologies emphasize on security and privacy through multiple nodes, a malicious node ran by an attacker can collect sensitive information that circulates in the nodes itself, like IP addresses or credentials.
51% Attack
Sybil attacks could lead to a 51% attack, where a single entity controls most of the blockchain. In such cases, most of the chain's authority goes to the specified single entity and from there gives them the ability to outvote and hijack the whole chain.
Block Withholding Attack
Similar to the 51% attack, Sybil attacks can lead to the blockchain being prone to block withholding attacks. This attack halts the process of adding new blocks to the chain through manipulating votes from validators.
This makes the blockchain useless as it cannot add and process new blocks, becoming stagnant.
Real-life examples
One of the earliest Sybil attacks was the Tor Attack in 2014. Tor is a peer-to-peer network which provides utmost privacy for users.
This attack managed to reveal the locations and identities of some Tor users through the attacker controlling around 115 relays from a single IP address. Through these 115 relays, the attacker had influence over the network and accessed the leaked information
Tor in 2020 also suffered another attack, where the attackers targeted Bitcoin holders by controlling malicious Tor relays to intercept network movements from Bitcoin holders and steal their funds in between.
On 2019 Litecoin's PoS system fell victim to a 51% attack from a Sybil attack as well but fortunately with minimal damages.
Mitigation
All blockchains are technically vulnerable to Sybil attacks by nature of their design. However most of them have setup security measures to prevent Sybil attacks from happening even during the early stages of developing their respective blockchains.
Following known mitigation methods include:
Economic Costs
Bitcoin and pre-merge Ethereum uses this method, as a Sybil attack on a blockchain this scale would be highly costly and require a lot of resources to attack effectively.
Early Detection
Sybil attacks can be detected through social trust graphs and identity validation models.
Identity validation models
There are 2 main ways to validate a user's identify.
Direct authentication/validation
Direct authentication/validation includes a central entity that checks and verifies each new validator that applies to join the network as a peer. It requires KYC usually, along with other details like IP address etc depending on how the implementation works.
Indirect authentication/validation
Indirect authentication/validation is commonly done through pre-existing verified users and nodes referring another new validator, only referring required so no personal information needed.
Social trust graphs
This method includes adding metrics to account for each validator trustworthiness and model them to a graph. Through this main operators of the blockchain can easily identify and remove low trust validators to avoid potential threats.
Higher barrier of entry
Having a higher barrier of entry, like Ethereum's Proof of Stake system where a validator has to stake a minimum of 32 ETH to be a validator. This makes attacks cost a lot of resources and would not be profitable for an attacker.
Personhood Validation
Similar to direct authentication, this limits each node to an actual person. This is usually done through official documents pertaining as evidence to the user's existence, but can also be done through permissionless methods.
References
- https://www.imperva.com/learn/application-security/sybil-attack/
- https://hacken.io/insights/sybil-attacks/
- https://arstechnica.com/information-technology/2014/07/active-attack-on-tor-network-tried-to-decloak-users-for-five-months/
- https://cyberscoop.com/tor-security-exit-relays-attack-bitcoin/#:~:text=%E2%80%9CSo%20far%2C%202020%20is%20probably,such%20large%2Dscale%20attacks.%E2%80%9D