Securing P2P systems from Sybil attacks through adaptive identity management

An effective approach to tackle Sybil attacks consists in establishing computational puzzles to be solved prior to granting new identities. Solutions based on this approach, despite their potential, do not distinguish between identity requests originated from correct users and attackers, requiring both to pay the same cost for an identity requested. Assuming computational puzzles of similar complexity, attackers having access to high performance computing hardware might be able to solve them orders of magnitude faster than legitimate users. Consequently, attackers may obtain a larger number of identities. However, simply increasing the complexity of puzzles would hamper the admission of legitimate peers to the network. To address this problem, we propose the use of adaptive computational puzzles as an approach to limit the spread of Sybils. The key idea is to estimate a trust score of the source from which identity requests depart, calculated as a proportion to the recurrence rate of identity requests originated from other sources. The higher the frequency (the) user(s) associated to a source perform(s) identity requests, the lower the trust score of that source and, consequently, the higher the complexity of the puzzle to be solved. Results achieved by means of an experimental evaluation show the effectiveness of our solution. While comparatively more complex puzzles are assigned to potential attackers, legitimate users are minimally penalized with easier-to-solve puzzles.