Table of Contents
Fetching ...

Active Sybil Attack and Efficient Defense Strategy in IPFS DHT

V. H. M. Netto, T. Cholez, C. L. Ignat

TL;DR

This work reframes IPFS DHT security by introducing an active Sybil attack that uses premature termination to eclipse content, achieving up to around 80–82% eclipse rate against recent defenses. It proposes SR-DHT-Store, a Sybil-resistant publication strategy that uses XOR-distance zone delimitation to publish provider records to a carefully chosen set of resolvers, reducing overhead and avoiding sole reliance on anomaly detection. The authors further strengthen defense by combining SR-DHT-Store with PR limitations and disjoint lookup paths, demonstrating near-perfect or perfect retrieval resilience under both passive and active attacks, albeit with overhead tradeoffs. The findings advance practical, incremental defenses for IPFS and similar DHT-based systems, highlighting the importance of robust publication and lookup strategies to curb content eclipse and Sybil-driven disruption in decentralized networks.

Abstract

The InterPlanetary File System (IPFS) is a decentralized peer-to-peer (P2P) storage that relies on Kademlia, a Distributed Hash Table (DHT) structure commonly used in P2P systems for its proved scalability. However, DHTs are known to be vulnerable to Sybil attacks, in which a single entity controls multiple malicious nodes. Recent studies have shown that IPFS is affected by a passive content eclipse attack, leveraging Sybils, in which adversarial nodes hide received indexed information from other peers, making the content appear unavailable. Fortunately, the latest mitigation strategy coupling an attack detection based on statistical tests and a wider publication strategy upon detection was able to circumvent it. In this work, we present a new active attack, with malicious nodes responding with semantically correct but intentionally false data, exploiting both an optimized placement of Sybils to stay below the detection threshold and an early trigger of the content discovery termination in Kubo, the main IPFS implementation. Our attack achieves to completely eclipse content on the latest Kubo release. When evaluated against the most recent known mitigation, it successfully denies access to the target content in approximately 80\% of lookup attempts. To address this vulnerability, we propose a new mitigation called SR-DHT-Store, which enables efficient, Sybil-resistant content publication without relying on attack detection but instead on a systematic and precise use of region-based queries, defined by a dynamically computed XOR distance to the target ID. SR-DHT-Store can be combined with other defense mechanisms resulting in a defense strategy that completely mitigates both passive and active Sybil attacks at a lower overhead, while allowing an incremental deployment.

Active Sybil Attack and Efficient Defense Strategy in IPFS DHT

TL;DR

This work reframes IPFS DHT security by introducing an active Sybil attack that uses premature termination to eclipse content, achieving up to around 80–82% eclipse rate against recent defenses. It proposes SR-DHT-Store, a Sybil-resistant publication strategy that uses XOR-distance zone delimitation to publish provider records to a carefully chosen set of resolvers, reducing overhead and avoiding sole reliance on anomaly detection. The authors further strengthen defense by combining SR-DHT-Store with PR limitations and disjoint lookup paths, demonstrating near-perfect or perfect retrieval resilience under both passive and active attacks, albeit with overhead tradeoffs. The findings advance practical, incremental defenses for IPFS and similar DHT-based systems, highlighting the importance of robust publication and lookup strategies to curb content eclipse and Sybil-driven disruption in decentralized networks.

Abstract

The InterPlanetary File System (IPFS) is a decentralized peer-to-peer (P2P) storage that relies on Kademlia, a Distributed Hash Table (DHT) structure commonly used in P2P systems for its proved scalability. However, DHTs are known to be vulnerable to Sybil attacks, in which a single entity controls multiple malicious nodes. Recent studies have shown that IPFS is affected by a passive content eclipse attack, leveraging Sybils, in which adversarial nodes hide received indexed information from other peers, making the content appear unavailable. Fortunately, the latest mitigation strategy coupling an attack detection based on statistical tests and a wider publication strategy upon detection was able to circumvent it. In this work, we present a new active attack, with malicious nodes responding with semantically correct but intentionally false data, exploiting both an optimized placement of Sybils to stay below the detection threshold and an early trigger of the content discovery termination in Kubo, the main IPFS implementation. Our attack achieves to completely eclipse content on the latest Kubo release. When evaluated against the most recent known mitigation, it successfully denies access to the target content in approximately 80\% of lookup attempts. To address this vulnerability, we propose a new mitigation called SR-DHT-Store, which enables efficient, Sybil-resistant content publication without relying on attack detection but instead on a systematic and precise use of region-based queries, defined by a dynamically computed XOR distance to the target ID. SR-DHT-Store can be combined with other defense mechanisms resulting in a defense strategy that completely mitigates both passive and active Sybil attacks at a lower overhead, while allowing an incremental deployment.
Paper Structure (26 sections, 4 equations, 12 figures, 2 tables, 1 algorithm)

This paper contains 26 sections, 4 equations, 12 figures, 2 tables, 1 algorithm.

Figures (12)

  • Figure 1: Content provide/retrieval in IPFS DHT. This example assumes $k = 6$.
  • Figure 2: Content eclipse attack in IPFS DHT. This example assumes $k = 6$.
  • Figure 3: Region-based query mitigation strategy. This example assumes $k = 6$.
  • Figure 4: Active attack against the proposed mitigation. This example assumes $k = 6$.
  • Figure 5: $D_{KL}$ Distribution over 100 Random DHT Requests.
  • ...and 7 more figures