The increasing ubiquity of communication-capable devices such as smartphones and smart vehicles has paved the way for a plethora of useful Participatory Cyber-Physical Systems (CPSs) in the defense, medical, and commercial sectors. Such systems promise to collect and analyze vast amounts of timestamped, location-contextualized user data, allowing various agencies to act on the results. However, given that the utility of these systems depends absolutely on the number of willing participants and the quality of their data, CPSs must be accessible to attract as large a user base as possible, while also possessing countermeasures against adversarial data intended to mislead the decision-making of the systems.
We begin by defining the structure of these CPS systems and the capabilities of the adversary, showing the particular danger of fake, software-simulated Sybil nodes that provide the adversary immense deceptive power at no meaningful cost or risk. We claim that no currently existing Sybil countermeasure successfully addresses both the requirements posed by CPS systems and the deceptive techniques available to the adversary---namely the introduction of a small number of physical malicious nodes who would help disguise the Sybils---and argue that a new approach is needed.
To address the Sybil threat, we develop a holistic 3-stage Sybil detection framework that may be employed on-demand to detect Sybil nodes around a target location. The first stage comprises of an inter-node communication scheme that uses local radio broadcasts as proof-of-physical-presence, and is designed specifically to address the CPS requirements and the adversarial deception techniques. The second stage consists of a detection layer that examines each node's observed pairwise RSSI readings, searching for those inconsistent with their expected distributions given their claimed locations. Due to the time-constrained nature of the communication scheme however, many pairwise connections randomly fail and therefore do not have any RSSI readings attached to them. This binary connection success/failure information is utilized by the third stage, wherein we develop a probabilistic framework to assess the likelihood of a node's observed combination of connection outcomes.
To evaluate our approach, we have built an extensive simulation environment that allows for complex adversarial obfuscation strategies. Using this environment, we demonstrate both the efficacy and robustness of our detection methodology.