Large scale node to node systems face security threats from malfunction or hostile remote computing elements. Node to node system commonly relies on the existence of multiple independent remote entities to mitigate the threat of hostile nodes. Sometime single faulty node can produce various identities leading to control of substantial fraction of the system. These attacks are called Sybil attac...

We introduce a new privacy issue on Facebook. We were motivated by the Facebook’s search option, which exposes a user profile with his or her phone number. Based on this search option, we developed a method to automatically collect Facebook users’ personal data (e.g., phone number, location and birthday) by enumerating the possibly almost entire phone number range for the target area. To show t...

Sybil detection is a crucial task to protect online social networks (OSNs) against intruders who try to manipulate automatic services provided by OSNs to their customers. In this paper, we first discuss the robustness of graph-based Sybil detectors SybilRank and Integro and refine theoretically their security guarantees towards more realistic assumptions. After that, we formally introduce adver...

BitTorrent continues to comprise the largest fraction of Internet traffic. While significant progress has been made in understanding the BitTorrent choking mechanism, its security vulnerabilities have not been investigated thoroughly. This paper presents an experimental analysis of bandwidth attacks against different choking algorithms in the BitTorrent seed state. We reveal a simple exploit th...

Distributed Hash Tables (DHTs) are a powerful building block for highly scalable decentralized systems. They route requests over a structured overlay network to the node responsible for a given key. DHTs are subject to the well-known Sybil attack, in which an adversary creates many false identities in order to increase its influence and deny service to honest participants. Defending against thi...

Trading privacy for trust thanks to the linkage of pseudonyms has been proposed to mitigate the inherent conflict between trust and privacy. This necessitates fusionym, that is, the calculation of a unique trust value supposed to reflect the overall trustworthiness brought by the set of linked pseudonyms. In fact, some pieces of evidence may overlap and be overcounted, leading to an incorrect t...