Make it green and useful: Reshaping puzzles for identity management in large-scale distributed systems

A vast number of large-scale distributed systems offer a lightweight process for creating new accounts, so that users can easily join them. Although convenient, such lightweight process fosters the spread of fake accounts (Sybil attack). Existing identity management schemes lack mechanisms to make identity creation easier for honest users and at the same time increasingly harder for an attacker. In this paper, we focus on identity lifecycle management as an (alternative) approach in order to augment the cost of possessing several identities, and thus reduce the volume of counterfeit ones. We build on adaptive puzzles and combine them with waiting time to introduce a green design for lightweight, long-term identity management; it minimally penalizes honest users (by assigning easier-to-solve puzzles to them), and reduces the energy consumption caused by puzzle-solving (by adopting passive wait to reduce their average complexity). We also take advantage of lessons learned from massive distributed computing to come up with a design that makes puzzle-processing useful. We evaluate our proposal via simulation and experimentation using PlanetLab. In summary, we show that an attacker must dedicate a large amount of resources to control a given fraction of identities. We also provide evidence that the overhead imposed to honest users is kept to a minimum.