Tese de Doutorado em Redes de Computadores

UNIVERSIDADE FEDERAL DO RIO GRANDE DO SUL
INSTITUTO DE INFORMÁTICA
PROGRAMA DE PÓS-GRADUAÇÃO EM COMPUTAÇÃO
———————————————-

DEFESA DE TESE DE DOUTORADO

Aluno: Weverton Luis da Costa Cordeiro

Orientador: Prof. Dr. Luciano Paschoal Gaspary

Título: Adaptive Identity Management in Large-Scale Distributed Systems

Linha de Pesquisa: Redes de Computadores

Data: 09/01/2014

Horário: 10h

Local: Prédio 43412 – Sala 215 (Vídeo Conferência), Instituto de Informática

Banca Examinadora:

Prof. Dr. Burkhard Stiller (U.Zurich)

Prof. Dr. Francisco Vilar Brasileiro (UFCG)

Prof. Dr. Lisandro Zambenedetti Granville (UFRGS)

Prof. Dr. Antônio Jorge Gomes Abelém (UFPA)

Presidente da Banca: Prof. Dr. Luciano Paschoal Gaspary

Resumo:

Online systems such as Facebook, Twitter, Digg, and BitTorrent communities (among various others) offer a lightweight process for obtaining identities (e.g., confirming a valid e-mail address; the actual requirements may vary depending on the system), so that users can easily join them. Such convenience comes with a price, however: with minimum effort, an attacker can obtain a horde of fake accounts (Sybil attack), and use them to either perform malicious activities (that might harm honest users) or obtain unfair benefits. It is extremely challenging (if not impossible) to devise a single identity management solution at the same time able to support a variety of end-users using heterogeneous devices, and suitable for a multitude of environments (e.g., large-scale distributed systems, Internet-of-Things, and Future Internet). As a consequence, the research community has focused on the design of system-specific identity management solutions, in scenarios having a well-defined set of purposes, requirements, and constraints. In this thesis, we approach the issue of fake accounts in large-scale, distributed systems. More specifically, we target systems based on the peer-to-peer paradigm and that can accommodate lightweight, long-term identity management schemes (e.g., file sharing and live streaming networks, collaborative intrusion detection systems, among others); lightweight because users should obtain identities without being required to provide “proof of identity” (e.g., passport) and/or pay taxes; and long-term because users should be able to maintain their identities (e.g., through renewal) for an indefinite period. Our main objective is to propose a framework for adaptively pricing identity requests as an approach to stop Sybil attacks. The key idea is to estimate a trust score for identity requests, calculated as a as function of the number of identities already granted in a given period, and considering their source of origin. Our approach relies on proof of work, and uses cryptographic puzzles as a resource to stop attackers. In this thesis, we also concentrate on reshaping traditional puzzles, in order to make them “green” and “useful”. The results obtained through simulation and experimentation have shown the feasibility of using green and useful puzzles for identity management. More importantly, they have shown that profiling identity requests based on their source of origin constitutes a promising approach to tackle the dissemination of fake accounts.

Palavras-chave: Identity management, peer-to-peer systems, sybil attack, fake accounts, collusion attacks, proof of work.