Deception, Identity, and Security: The Game Theory of Sybil Attacks

When the world is destroyed, it will be destroyed not by its madmen but by the sanity of its experts and the superior ignorance of its bureaucrats.
— John le Carré

Communications of the ACM, January 2019, Vol. 62 No. 1, Pages 85-93
Review articles: “Deception, Identity, and Security: The Game Theory of Sybil Attacks
By William Casey, Ansgar Kellner, Parisa Memarmoshrefi, Jose Andre Morales, Bud Mishra

Decades before the advent of the Internet, Fernando António Nogueira Pessoa assumed a variety of identities with the ease that has become common in cyber-social platforms—those where cyber technologies play a part in human activity (for example, online banking, and social networks). Pessoa, a Portuguese poet, writer, literary critic, translator, publisher, and philosopher, wrote under his own name as well as 75 imaginary identities. He would write poetry or prose using one identity, then criticize that writing using another identity, then defend the original writing using yet another identity. Described by author Carmela Ciuraru as "the loving ringmaster, director, and traffic cop of his literary crew," Pessoa is one of the foremost Portuguese poets and a contributor to the Western canon. The story of Pessoa illustrates a key insight that holds true for the cyber-social systems of today: Identity costs little in the way of minting, forming, and maintaining yet demands a high price for its timely and accurate attribution to physical agency.

Along with the low cost of minting and maintaining identities, a lack of constraints on using identities is a primary factor that facilitates adversarial innovations that rely on deception. With these factors in mind, we study the following problem: Will it be possible to engineer a decentralized system that can enforce honest usage of identity via mutual challenges and costly consequences when challenges fail? The success of such an approach will remedy currently deteriorating situations without requiring new infrastructure. For example, such a system should be able to reduce fake persons in social engineering attacks, malware that mimics the attributes of trusted software, and Sybil attacks that use fake identities to penetrate ad hoc networks.

Read the article »

A Documentary about Identity Management System. How five researchers, scientists and mathematicians studied the behavior of Ants and Game Theory to create a safer Internet. This system was created by Bud Mishra, Will Casey, Jose Morales, Parisa Moshrefi & Ansgar Kellner. Winner of the Best Paper Award at BICT 2015 Endorsed by EAI The Identity Management System will be presented at the BICT Conference. Find more info at: EAI’s Facebook ( Twitter ( YouTube ( and the conference website ( Producer: Tom Mishra Director: Tom Mishra Editor: Tom Mishra Director of Photography: Kevin Tkach Sound Mixer/Designer: Matthew Nelson This video was made for educational purposes only.