Sidelining Sybil Attacks

Photo by Philipp Katzenberger on Unsplash

One of the key problems with decentralised system is their vulnerability to attacks. There is no central authority to regulate truth nor deny entry to potential bad actors.

Although there are many malicious behaviours that could harm the Network, Sybil attacks may be one of the most pressing so we wanted to address it and help the community understand not only what it is, but also why the team have spent so much time creating defences.

So What are Sybil Attacks?

Seems odd to name a form of malicious networking behaviour with a woman’s name, but there is method in the madness as it is named after the famous 1970’s book: Sybil and subsequent film following the story of a young woman with a multiple personality disorder. This type of network attack is based on a single attacker creating multiple identities with which to flood the network in order to use these numbers to gain a disproportionately large amount of control and power.

If it helps to think of it in the context of the current Internet, think of a reviews site. A bad actor sets up multiple accounts to write fake accounts for a product luring others to buy a poor quality product. In the SAFE Network this bad actor may be seeking disproportionate influence within a Section to control the consensus mechanism or attempting to double-spend Safecoin.

Stop Sybil in her Tracks

OK so Sybil attacks sound like they could cause a lot of problems for a peer-to-peer network. So what is the best way to mitigate them? That’s the million dollar question and each decentralised system has its own solution. Many rely on consensus mechanisms such as the blockchain, which might use the Proof of Work mechanism to reduce the ability of bad actors to take control.

The main reason behind Sybil Resilience is to make it disproportionately expensive to conduct attacks in order to reduce the incentive and dilute influence throughout the system.

SAFE Network vs Sybil

There are three main ways in which the SAFE Network is designed to combat Sybil attacks. Firstly the Network will only accept new nodes when they are needed rather than blindly adding anyone who fancies it. This means a malicious actor cannot create 1 million nodes and simultaneously add them to the Network in order to take control.

Second, any node that joins the Network is subject to Balanced Relocation. This means that the node is not allowed to pick its own location but is instead allocated one by other nodes. This means that a bad actor cannot cluster their malicious nodes in one area to gain influence in that Section.

Thirdly, the SAFE Network also has a mechanism called Node Ageing which is similar to a reputation system. The level of influence that a node has is directly correlated to the amount of work and positive behaviours that it has performed. A malicious node would have to spend excessively large amounts of time and resources to gain the power to influence any network event — and that power would be revoked as soon as negative behaviour was detected. Thus making it too disproportionately expensive to attempt an attack.

The SAFE Network has security at its core and every design decision has been made to ensure that protection of users’ data and their privacy is paramount. This was only a very brief overview of Sybil resilience. If you would like to know more head to our Forum.