What is Sybil Attack in Wireless Networks

March 7, 2018 Author: munishmishra04_3od47tgp
Print Friendly, PDF & Email

Wireless networking is inherently insecure. Wireless technologies, in the simplest sense, enable one or more devices to communicate without physical connections without requiring network or peripheral cabling. Security in computer world determines the ability of the system to manage, protect and distribute sensitive information. An ever-existing concern is the lack of security due to the very fact that the technology is wireless and is vulnerable to security threats & attacks. Many security mechanisms are based on specific assumptions of identity and are vulnerable to attacks when these assumptions are violated.

Overview of Sybil Attack

The Sybil attack in computer security is an attack wherein a reputation system is subverted by forging identities in peer-to-peer networks. A Sybil attack is one in which a malicious node on a network illegitimately claims to be several different nodes simultaneously. If an entity on a network does not have physical knowledge of the other entities, it will perceive them purely as informational abstractions called identities. . By illegitimately infusing false or biased information via the pseudonymous identities, an adversary can mislead a system into making decisions benefiting herself

The term Sybil attack is to denote an attack where the attacker (Sybil node) tries to forge multiple identification in a certain region. Sybil attack is particularly easy to perform in wireless networks where the communication medium is broadcast, and same frequency is shared among all nodes. By broadcasting messages with multiple identifications, a Sybil node can rig the vote on group based decisions and also disrupt network middleware services severely.

Sybile Attack

Figure 1: Sybil Attack

Classification of Sybil Attack

To better understand the Sybil attacks, in this section, we provide a taxonomy of different types of Sybil attacks. The capability of the attacker is determined by several characteristics: (1) insider vs. outsider; (2) selfish vs. malicious; (3) directed vs. indirected communications; (4) simultaneously vs. gradually obtained Sybil identities; (5) busy vs. idle;

1. Insider vs. Outsider

The impact of the Sybil attack depends on whether the attacker is inside or outside the distributed network. If the adversary is part of the network and holds at least one real identity, then the attacker is called an Insider, otherwise he or she is an outsider. An insider may introduce many fake identities, and pretend to communicate with other nodes using his fake identities. However, for an outsider, it is difficult to introduce Sybil identities into the network, as the distributed network system generally employs some kind of authentication procedure such as passwords, secret codes or encryption processes to access the system. An insider can transmit the false information over the network cloud or receive information from other nodes as the network generally trusts all its internal nodes. However, a Sybil node can easily be detected by monitoring the claimed communication between the suspect node and other nodes.

2. Direct vs. In-Direct communication

To launch a Sybil attack in a distributed network, the attacker must consider the type of communication between honest nodes and Sybil nodes. If the communication between honest node and Sybil node is direct, i.e. if the attacker can directly communicate with the honest node using fake identities, it is a case of direct communication. However, if the attacker has to use his legitimate identity to communicate with the honest node, and then divert the Sybil data to the honest node via the legitimate node, it is the case of indirect communication. It is easier for the attackers to launch Sybil attacks in case of direct communication and it is also more difficult to detect such attacks.

3. Selfish vs. Malicious

For security-related problems, there are two different types of attackers: either selfish or malicious. Selfish attackers manipulate the false data just for their own benefit, while malicious attackers attempt to subvert a system. Whether an attacker is selfish or malicious is usually determined by the different types of targeted distributed system and final attacking effects. For example, in our critical resource accessing example, if the attacker has resource accessing rights all to herself, then she is a malicious attacker, since others cannot use the resource. However, if other users can also access the resource with less probability, then she is selfish. Since malicious attacks usually have more serious effects, it is of higher importance to defend against potentially malicious attacks than those that are potentially selfish.

4. Simultaneously vs. Gradually Obtained Sybil Identities

The attacker can obtain all of her Sybil identities simultaneously, or she can gradually generate them one-by-one. For an intelligent attacker, the more diverse features the Sybil nodes have, the harder it is to identify Sybil nodes. Gradually creating Sybil nodes may potentially differentiate the first appearing time of the Sybils. However, the process may delay the attacking time, and increases the explosion time of some Sybils: if a distribution randomly checks the authentication of some identities, previously generated identities have a higher chance of being caught.

5. Busy vs. Idle

All Sybil identities can participate in a distributed system simultaneously, or only some of them can work, while others are in an idle state. Essentially, the selection of these two schemes is determined by how cheap it is to obtain an identity. If the attacker can easily get plenty of fake identities, having some idle Sybil nodes could make them much more real, since an honest node may leave or rejoin the system multiple times. However, the power of Sybil attacks results from the quantity of the identities. If obtaining a large number of identities is very difficult, the attacker has to use all of them in order to launch a successful attack.


[1] Nitish Balachandran and Sugata Sanyal, “A Review of Techniques to Mitigate Sybil Attacks”, Int. J. Advanced Networking and Applications, 2012.

[2] Wei Chang and Jie Wu, “A Survey of Sybil Attacks in Networks”, available online at: https://pdfs.semanticscholar.org/97dd/43eabe4789e39b8290cf43daa513483aa4c7.pdf

[3] Levine, Brian Neil, Clay Shields, and N. Boris Margolin. “A survey of solutions to the sybil attack.” University of Massachusetts Amherst, Amherst, MA 7 (2006): 224.

[4] Douceur, John R. “The sybil attack.” In International workshop on peer-to-peer systems, pp. 251-260. Springer, Berlin, Heidelberg, 2002.

One Comment

  • furtdso linopv March 19, 2018 at 2:27 pm

    Heya i am for the first time here. I came across this board and I in finding It truly useful & it helped me out much. I am hoping to give one thing again and aid others like you helped me.

Leave a Reply

Your email address will not be published. Required fields are marked *

Insert math as
Additional settings
Formula color
Text color
Type math using LaTeX
Nothing to preview