Sybilguard Defending against sybil attacks via social networks
SybilGuard:Defending Against Sybil Attacks
via Social Networks
Haifeng Yu Michael Kaminsky Phillip B.Gibbons Abraham Flaxman Intel Research Pittsburgh Carnegie Mellon University {haifeng.yu,michael.e.kaminsky,phillip.b.gibbons}@https://www.wendangku.net/doc/da7727714.html, abie@https://www.wendangku.net/doc/da7727714.html,
ABSTRACT
Peer-to-peer and other decentralized,distributed systems are known to be particularly vulnerable to sybil attacks.In a sybil attack,a malicious user obtains multiple fake identities and pretends to be multiple,distinct nodes in the system.By controlling a large fraction of the nodes in the system,the malicious user is able to“out vote”the honest users in collaborative tasks such as Byzantine failure defenses.This paper presents SybilGuard,a novel protocol for limiting the corruptive in?uences of sybil attacks.Our protocol is based on the“social network”among user identities,where an edge between two identities indicates a human-established trust relationship.Malicious users can create many identities but few trust relationships.Thus,there is a disproportionately-small“cut”in the graph between the sybil nodes and the honest nodes.SybilGuard exploits this property to bound the number of identities a malicious user can create.We show the effectiveness of SybilGuard both analytically and experimentally.
Categories and Subject Descriptors
C.2.4[Computer-Communication Networks]:Distributed Sys-tems—Distributed applications;C.2.0[Computer-Communica-tion Networks]:General—Security and protection(e.g.,?rewalls)
General Terms
Security,Design,Algorithms,Experimentation
Keywords
Sybil attack,sybil identity,SybilGuard,social networks
1.INTRODUCTION
As the scale of a decentralized distributed system increases,the pres-ence of malicious behavior(e.g.,Byzantine failures)becomes the norm rather than the exception.Most designs against such malicious behavior rely on the assumption that a certain fraction of the nodes in the system are honest.For example,virtually all protocols for tol-erating Byzantine failures assume that at least2/3of the nodes are honest.This makes these protocols vulnerable to sybil attacks[9],
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for pro?t or commercial advantage and that copies bear this notice and the full citation on the?rst page.To copy otherwise,to republish,to post on servers or to redistribute to lists,requires prior speci?c permission and/or a fee.
SIGCOMM’06,September11–15,2006,Pisa,Italy.
Copyright2006ACM1-59593-308-5/06/0009...$5.00.in which a malicious user takes on multiple identities and pretends to be multiple,distinct nodes(called sybil nodes or sybil identities) in the system.With sybil nodes comprising a large fraction(e.g., more than1/3)of the nodes in the system,the malicious user is able to“out vote”the honest users,effectively breaking previous defenses against malicious behaviors.Thus,an effective defense against sybil attacks would remove a primary practical obstacle to collaborative tasks on peer-to-peer(p2p)and other decentralized systems.Such tasks include not only Byzantine failure defenses,but also voting schemes in?le sharing,DHT routing,and identifying worm signatures or spam.
Problems with using a central authority.A trusted central author-ity that issues and veri?es credentials unique to an actual human being can control sybil attacks easily.For example,if the system requires users to register with government-issued social security numbers or driver’s license numbers,then the barrier for launching a sybil attack becomes much higher.The central authority may also instead require a payment for each identity.Unfortunately,there are many scenarios where such designs are not desirable.For example, it may be dif?cult to select/establish a single entity that every user worldwide is willing to trust.Furthermore,the central authority can easily be a single point of failure,a single target for denial-of-service attacks,and also a bottleneck for performance,unless its functionality is itself widely distributed.Finally,requiring sensitive information or payment in order to use a system may scare away many potential users.
Challenges in decentralized approaches.Defending against sybil attacks without a trusted central authority is much harder.Many de-centralized systems today try to combat sybil attacks by binding an identity to an IP address.However,malicious users can readily har-vest(steal)IP addresses.Note that these IP addresses may have little similarity to each other,thereby thwarting attempts to?lter based on simple characterizations such as common IP pre?x.Spammers,for example,are known to harvest a wide variety of IP addresses to hide the source of their messages,by advertising BGP routes for unused blocks of IP addresses[19].Beyond just IP harvesting,a malicious user can co-opt a large number of end-user machines,creating a botnet of thousands of compromised machines spread throughout the Internet.Botnets are particularly hard to defend against because nodes in botnets are indeed distributed end users’computers.
The?rst investigation into sybil attacks[9]proved a series of negative results,showing that they cannot be prevented unless spe-cial assumptions are made.The dif?culty stems from the fact that resource-challenge approaches,such as computation puzzles,re-quire the challenges to be posed/validated simultaneously.More-over,the adversary can potentially have signi?cantly more resources than a typical user.Even puzzles that require human efforts,such as CAPTCHAs[23],can be reposted on the adversary’s web site to be solved by other users seeking access to the site.Furthermore,
Figure1:The social network with honest nodes and sybil nodes.Note that regardless of which nodes in the social net-work are sybil nodes,we can always“pull”these nodes to the right side to form the logical network in the?gure.
these challenges must be performed directly instead of trusting someone else’s challenge results,because sybil nodes can vouch for each other.A more recent proposal[4]suggests the use of network coordinates[17]to determine whether multiple identities belong to the same user(i.e.,have similar network coordinates). Despite its elegance,a malicious user controlling just a moderate number of network positions(e.g.,tens in practice)can fabricate network coordinates and thus break the defense.Finally,reputation systems based on historical behaviors of nodes are not suf?cient either,because the sybil nodes can behave nicely initially,and later launch an attack.Typically,the damage from such an attack can be much larger than the initial contribution(e.g.,the damage caused by throwing away another user’s backup data is much larger than the contribution of storing the data).In summary,there has been only limited progress on how to defend against sybil attacks without a trusted central authority,and the problem is widely considered to be quite challenging.
SybilGuard:A new defense against sybil attacks.This paper presents SybilGuard,a novel decentralized protocol that limits the corruptive in?uence of sybil attacks,including sybil attacks exploit-ing IP harvesting and even some sybil attacks launched from botnets outside the system.Our design is based on a unique insight regard-ing social networks(Figure1),where identities are nodes in the graph and(undirected)edges are human-established trust relations (e.g.,friend relations).The edges connecting the honest region(i.e., the region containing all the honest nodes)and the sybil region(i.e., the region containing all the sybil identities created by malicious users)are called attack edges.Our protocol ensures that the number of attack edges is independent of the number of sybil identities,and is limited by the number of trust relation pairs between malicious users and honest users.
The basic insight is that if malicious users create too many sybil identities,the graph becomes“strange”in the sense that it has a small quotient cut—i.e.,a small set of edges(the attack edges) whose removal disconnects a large number of nodes(all the sybil identities)from the rest of the graph.On the other hand,we will show that social networks do not tend to have such cuts.Directly searching for such cuts is not practical,because we would need to obtain the global topology and verify each edge with its two endpoints.Even if we did know the global topology,the problem of ?nding cuts with the smallest quotient(the Minimum Quotient Cut problem)is known to be NP-hard.
Instead,SybilGuard relies on a special kind of veri?able random walk in the graph and intersections between such walks.These walks are designed so that the small quotient cut between the sybil region and the honest region can be used against the malicious users, to bound the number of sybil identities that they can create.We will show the effectiveness of SybilGuard both analytically and experimentally.
The next section more precisely de?nes our system model and the sybil attack.Section3provides an overview of SybilGuard.Sections 4and5elaborate on SybilGuard in depth.The effectiveness of SybilGuard is shown experimentally in Section6.Finally,Section7 discusses related work and Section8draws conclusions.
2.MODEL&PROBLEM FORMULATION This section formalizes the desirable properties and functions of a defense system against sybil attacks.We begin by de?ning our system model.The system has n honest human beings as honest users,and one or more malicious human beings as malicious users. By de?nition,a user is distinct.Each honest user has a single(hon-est)identity,while each malicious user has one or more(malicious) identities.To unify terminology,we simply refer to all the identities created by the malicious users as sybil identities.Identities are also called nodes,and we will from now on use“identity”and“node”interchangeably.All malicious users may collude,and we say that they are all under the control of an adversary.
Nodes participate in the system to receive and provide service (e.g.,?le backup service)as peers.Because the nodes in the system may be honest or sybil,a defense system against sybil attacks aims to provide a mechanism for a node V to decide whether or not to accept or reject another node S.Accepting S means that V is willing to receive service from and provide service to S.Ideally,the defense system should guarantee that V accepts only honest nodes. Because such an idealized guarantee is challenging to achieve,we aim at providing the following guarantees that,while weaker,are still suf?ciently strong to be useful.
Bounding the number of sybil groups.The?rst guarantee is based on de?ning an equivalence relation among accepted nodes.The equivalence relation partitions all accepted nodes into equivalence classes,called equivalence groups.Notice that nodes that are re-jected do not belong to any equivalence groups.An equivalence group that includes one or more sybil nodes is called a sybil group. The defense system provides a guaranteed bound on the number of sybil groups,without necessarily knowing which groups are sybil. Such notion of equivalence groups was also implicitly used by Bazzi and Konjevod[4],where they de?ne(implicit)equivalence classes according to network coordinates.In their scheme,all nodes are accepted,and those nodes with similar network coordinates(e.g., nodes within the same university campus)are considered equivalent. Thus,the number of sybil groups is simply the number of distinct network locations that the adversary controls.
To understand why bounding the number of sybil groups is suf?-cient in some scenarios,imagine that we are maintaining replicas of a?le that has been digitally signed for authenticity.Our goal is to ensure that not all replicas are placed on sybil nodes.If the defense system guarantees that the number of sybil groups is at most some value g,then placing the?le on nodes from g+1different equiva-lence groups will ensure at least one good copy of the?le.Another example is replicating a?le that is not signed.As long as we obtain the?le from2g+1nodes from2g+1different equivalence groups, the majority is guaranteed to have the correct?le.
Bounding the size of sybil groups.In some other scenarios,only bounding the number of sybil groups is not effective.Unavoidably, the bound on the number of sybil groups depends on how“powerful”the adversary is.For example,the adversary can always“bribe”or even threaten honest users to act maliciously and thus force the defense system to accept more sybil groups.As a result,one may want a pessimistic estimation of the number of sybil groups g.On
the other hand,even when g is only moderately large(e.g.,100), maintaining g+1replicas is wasteful.
To be more effective,a defense system may further bound the number of nodes accepted into each of the g sybil groups.If the number of nodes in each sybil group(or the size of the sybil group) is at most w,then a node will accept at most g·w sybil nodes.To see the bene?ts of bounding both the number and size of the sybil groups,consider our running example of replicating unsigned and signed?les.Suppose we use a simple assignment that maps replicas to random nodes.If g·w is smaller than the number of honest nodes n,then from Chernoff bounds[14],the probability of having a majority of the replicas on honest nodes(as required for unsigned ?les)approaches1.0exponentially fast with the number of replicas. Similarly,as long as g·w is not much larger than n,the probability of having at least one replica on an honest node(as required for signed?les)also approaches1.0exponentially fast.
Choosing roughly uniformly random nodes as replicas is not dif?cult in most decentralized distributed systems.For example, DHT-based systems(such as those based on Chord[22])typically place replicas on a random set of nodes.It may appear that instead of choosing uniformly random nodes,we could avoid the need for bounding sybil group sizes by instead choosing uniformly random equivalence groups(and then picking a random node from each chosen group).However,such a design would cause severe load imbalance under heterogeneous group sizes,which is the case,for example,in the network coordinates approach.Moreover,for DHT-based systems,the design would completely disrupt DHT routing. Side-effects on honest nodes.As side-effects of bounding the number and size of sybil groups,the defense system may both (mistakenly)reject some honest nodes and(mistakenly)consider two or more distinct honest nodes as equivalent.For example,as noted above,all honest nodes in the same university campus may be considered equivalent in the network coordinates approach. Summary of SybilGuard functionalities.SybilGuard is com-pletely decentralized and all functionalities are with respect to a given node.SybilGuard guarantees that an honest node accepts,and also is accepted by,most other honest nodes(except a few percent in our later simulation)with high probability.Thus,an honest node can successfully obtain service from,and provide service to,most other honest nodes.SybilGuard also guarantees that with high probabil-ity,an honest node only accepts a bounded number of sybil nodes. Notice that since SybilGuard is decentralized,the set of accepted nodes by node V1can be different from those accepted by node V2. However,the difference should be small since both V1and V2should accept most honest nodes with high probability.
SybilGuard further enables a node V to partition the accepted nodes(by V)into equivalence groups such that only a certain num-ber of those groups contain sybil nodes.Notice that if the application only wants to bound the number of sybil nodes accepted,the notion of equivalence groups does not need to be visible to the applica-tion.It is possible for two distinct honest users to be mistakenly considered by SybilGuard to belong to the same equivalence group. This does not affect their ability to receive service.As for providing service,the application may prevent them from,for example,both storing replicas of the same?le.As argued in[4],as long as there are a suf?ciently large number of equivalence groups,this will not likely result in wasted resource capacity.
3.SYBILGUARD OVERVIEW
Social network and attack edges.SybilGuard leverages the ex-isting human-established trust relationships among users to bound both the number and size of sybil groups.All honest nodes
and Figure2:Veri?er accepts the suspect because their random routes intersect.SybilGuard leverages the facts that(1)the av-erage honest node’s random route is highly likely to stay within the honest region and(2)two random routes from honest nodes are highly likely to intersect within w steps.
sybil nodes in the system form a social network(see Figure1).An undirected edge exists between two nodes if the two corresponding users have strong social connections(e.g.,colleagues or relatives) and trust each other not to launch a sybil attack.If two nodes are connected by an edge,we say the two users are friends.Notice that here the edge indicates strong trust,and the notion of friends is quite different from friends in other systems such as online chat rooms. An edge may exist between a sybil node and an honest node if a malicious user(Malory)successfully fools an honest user(Alice) into trusting her.Such an edge is called an attack edge and we use g to denote the total number of attack edges.The authentication mechanism in SybilGuard ensures that regardless of the number of sybil nodes Malory creates,Alice will share an edge with at most one of them(as in the real social network).Thus,the number of attack edges is limited by the number of trust relation pairs that the adversary can establish between honest users and malicious users.While the adversary has only limited in?uence over the social network,we do assume it may have full knowledge of the social network.
The degree of the nodes in the social network tends to be much smaller than n,so the system would be of little practical use if nodes only accepted their friends.Instead,SybilGuard bootstraps from the given social network a protocol that enables honest nodes to accept a large fraction of the other honest nodes.It is important to note that SybilGuard does not increase or decrease the number of edges in the social network as a result of its execution.
Random routes and route intersection.SybilGuard uses a special kind of random walks,called random routes,in the social network. In a standard random walk,at each hop,the current node?ips a coin on the?y and selects a(uniformly)random edge to direct the walk.In random routes,each node uses a pre-computed random permutation as a one-to-one mapping from incoming edges to out-going edges.As a result,two random routes entering an honest node along the same edge will always exit along the same edge (called the convergence property).Furthermore,the outgoing edge uniquely determines the incoming edge as well;thus the random routes can be back-traced(called the back-traceable property).Of course,these properties can be guaranteed only for the portions of a route that do not contain sybil nodes.Sybil nodes may deviate from any aspect of the protocol.
In the simplest form of SybilGuard,each node performs a random route(starting from itself)1of a certain length w(e.g.,w is roughly 2000for the one-million node topology in our later experiments). These random routes form the basis of SybilGuard whereby an honest node(called the veri?er)decides whether or not to accept 1In the full protocol,each node performs multiple random routes.
Figure3:All random routes traversing the same edge merge. another node(called the suspect).In particular,the veri?er only accepts a suspect whose random route intersects with the veri?er’s random route(see Figure2).Because of the limited number of attack edges,with appropriate w,the veri?er’s route will remain entirely within the honest region with high probability.(An exception is a veri?er with a nearby attack edge;our redundancy techniques discussed in Section4.4will address such nodes.)
Bounding the number and size of sybil groups.To intersect with the veri?er’s random route,a sybil node’s random route must tra-verse one of the attack edges(whether or not the sybil nodes follow the protocol).Suppose there were only a single attack edge(as in Figure3).Based on the convergence property,the random routes from sybil nodes must merge completely once they traverse the attack edge.Thus,all of these routes will have the same intersection node with the veri?er’s route;furthermore,they enter the intersec-tion node along the same edge(edge e1in the?gure).The veri?er thus considers all of these nodes to be in the same equivalence group, and hence there is only a single sybil group.In the more general case of g attack edges,the number of sybil groups is bounded by g. SybilGuard further bounds the size of equivalence groups(and hence of sybil groups)within the length of the random routes w. From the back-traceable property,we know there can be at most w distinct routes that(i)intersect with the veri?er’s random route at a given node,and(ii)enter the intersection node along a given edge (e.g.,along edge e1in Figure3).Speci?cally,the i th such route, i=1,...,w,traverses the given edge in its i th hop.Thus,the veri?er accepts exactly one node for each of the w hop numbers at a given intersection point and a given edge adjacent to the intersection point. In summary,there are many equivalence groups,but only g are sybil and each has at most w nodes.
Guarantees on honest nodes.For honest nodes,we will show that with appropriate w,(i)an honest node’s random route intersects with the veri?er’s route with high probability,and(ii)such an honest node will never compete for the same hop number with any other node(including sybil nodes).Thus,the average honest node will be accepted with high probability.
SybilGuard partitions the honest nodes in the system into at most z different equivalence groups,where z is the sum of the degrees of the w nodes on the veri?er’s route.While z can still be far from n, note that z can easily be much larger than the number of different equivalence groups needed in practice(e.g.,when choosing g+1 different equivalence groups for placing replicas).
Our SybilGuard design leverages the following three important facts to bound the number of sybil nodes:(i)social networks tend to be fast mixing(de?ned in the next section),which necessarily means that subsets of honest nodes have good connectivity to the rest of the social network,(ii)too many sybil nodes(compared to the number of attack edges)disrupts the fast mixing property,and (iii)the veri?er is itself an honest node,which breaks symmetry.We will elaborate on these aspects later.4.SYBILGUARD DESIGN
With the preceding high-level sketch in mind,this section provides the detailed design of SybilGuard,explains the insights,and also formally argues about its properties.
4.1Social Network
Consider the social network de?ned in the previous section.Each pair of friends shares a unique symmetric secret key(e.g.,a shared password)called the edge key.The edge key is used to authenticate messages between the two friends(e.g.,with a Message Authenti-cation Code).Because only the two friends need to know the edge key,key distribution is easily done out-of-band(e.g.,via phone calls).A node can also revoke an edge key unilaterally simply by discontinuing use of the key and discarding it.
Because of the nature of the social network and the strong trust associated with the notion of friends in SybilGuard,we expect node degrees to be relatively small and will tend not to increase signi?cantly as n grows.As a result,a user only needs to invoke out-of-band communication a small number of times.In order to prevent the adversary from increasing the number of attack edges (g)dramatically by compromising high-degree honest nodes,each honest node(before compromised)voluntarily constrains its degree within some constant(e.g.,30).Doing so will not affect the guaran-tees of SybilGuard as long as the social network remains fast mixing. On the other hand,researchers have shown that even with rather small constant node degrees,social networks(or more precisely, small-world topologies)are fast mixing[6,11].
A node informs its friends of its IP address whenever its IP address changes,to allow continued communication via the network.This IP address is used only as a hint.It does not result in a vulnerability even if the IP address is wrong,because authentication based on the edge key will always be performed.If DNS and DNS names are available,nodes may also provide DNS names and only update the DNS record when the IP address changes.
4.2Limiting the Number of Attack Edges The effectiveness of SybilGuard relies on there being a limited number of attack edges(g).There are several ways the adversary might attempt to increase g:
?The malicious users establish social trust and convince more
honest users in the system to“be their friends”in real life.
But this is quite dif?cult to do on a large scale.
?A malicious user(Malory)who managed to convince an hon-est user(Alice)to be her friend creates many sybil nodes,and
then tries to convince Alice to also be friends with these sybil
nodes.But Alice only has a single edge key corresponding to
the edge between Alice and Malory.As a result,all messages
authenticated using that edge key will be considered by Alice
to come from the same edge.Thus the number of attack edges
remains unchanged.
?The adversary compromises a single honest node with de-gree d.Because d was already constrained(before the node
is compromised)within some constant by the user,g can be
increased by at most some constant.On the other hand,the ad-versary will not be able to create further attack edges from the
node because adding an edge to another honest user requires
out-of-band veri?cation by that user.When a user drops and
then makes new friends,it is possible for the adversary with
access to the old edge keys to“resurrect”dropped edges and
hence further increase g.However,we expect such effect to
be negligible in practice and if necessary,can be prevented by
requiring out-of-band con?rmation when deleting edges.
Figure4:Two routes of length3.Sharing an edge necessarily means that one route starts after the other.
?The adversary compromises a small fraction of the nodes in
the system.This will not likely increase g excessively due to
the reasons above.
?The adversary compromises a large fraction of the nodes in
the system.Here the system has already been subverted,and
the adversary does not even need to launch a sybil attack.
SybilGuard will not help here.
?The adversary compromises a large number of computers(i.e., creates a botnet),only some of which belong to the system.
The increase in g is upper bounded by some constant times
the number of compromised computers which already belong
to the system.The increase is not affected by the total size
of the botnet.Although acquiring a botnet with many nodes
may be relatively easy(e.g.,in the black market),acquiring a
botnet containing many nodes that are already in the system
is more challenging.
In summary,SybilGuard is quite effective in limiting the number of attack edges,as long as not too many honest users are compromised. Relatively speaking,SybilGuard is more effective defending against malicious users than defending against compromised honest users that belong to the system.This is because a malicious user must make real friends in order to increase the number of attack edges, while compromised honest users already have friends.
4.3Random Routes
Starting from here,the rest of Section4assumes a static social network where all nodes are online—we will discuss user and node dynamics in Section5.SybilGuard relies on the convergence and back-traceable properties in random routes to bound the number and size of sybil groups.Here,we elaborate on how to achieve these properties and their implications.
For random routes,each node uses a randomized routing table to choose the next hop.A node A with d neighbors uniformly randomly chooses a permutation“x1,x2,...,x d”among all permutations of 1,2,...,d.If a random route comes from the i th edge,A uses edge x i as the next hop.It is possible that i=x i for some i.The routing table of A,once chosen,will never change(unless A’s degree changes—see Section5).Using such a randomized routing table introduces some correlation in the random choices if a random route visits the same node multiple times.It is possible that random routes become repeated loops due to this;however,later we will explain intuitively and also demonstrate experimentally why this is unlikely.
For random routes in the honest region,these routing tables give us the following properties.First,once two routes traverse the same edge along the same direction,they will merge and stay merged (i.e.,the convergence property).Using a permutation as the routing table further guarantees that the random routes are back-traceable. In other words,it is impossible for two routes to enter the same node along different edges but exit along the same direction.With the above properties,if we know that a random route of a certain length w traverses a certain edge e along a certain direction in its i th hop,the entire route is uniquely determined.In other words,there can be only one route with length w that traverses e along the given direction at its i th hop.In addition,if two random routes ever share an edge in the same direction,then one of them must start in the middle of the other(Figure
4).
starting
impossible
to form loop
at non?
node
Figure5:A loop can form only at the starting point of a route.
4.4Problematic Routes and Redundancy
A random route is problematic if either(i)it traverses some edge in the same direction more than once(i.e.,a loop),or(ii)it enters the sybil region.Note that a route traversing the same node more than once may or may not be a loop.Because of the use of routing tables, loops will repeatedly visit many nodes,reducing the“effective”length of the route and the probability of route intersection.On the other hand,random routes that go into the sybil region fall under the control of the adversary.If a veri?er uses such a route,it may accept an unbounded number of sybil nodes.
Because the routing table is a permutation,if a random route ever traverses the same edge twice in the same direction,the?rst edge in the route must be the?rst edge that is traversed twice.In other words,loops can only form at the starting node(Figure5).If a loop is formed,the random route must have come back to the starting point,and the starting point must have decided to forward the route along the?rst edge.Also notice that the smallest loop has three hops, otherwise it is impossible for the route to traverse the same edge(via the same direction)twice.More concretely,consider a simpli?ed scenario where all nodes have the same degree d.At the second hop,the route will return to the starting point with probability1/d. At the third hop,if a loop is formed,the starting point must have decided to forward the route along the same edge as the?rst hop. Thus,a loop is formed at the third hop with probability1/d2.As the route proceeds,the chance of repeating the?rst hop edge will usually become smaller and smaller.In fact,in a fast mixing graph, after a small number of hops a random walk is equally likely to be traversing any edge in a given hop.This provides an intuition as to why loops are unlikely.As for the probability of a random route extending to the sybil region,we will later formally argue (Theorem1)why this probability is also likely to be small.Finally, Section6will provide concrete experimental results demonstrating that problematic random routes are relatively rare.
An effective way to further avoid problematic random routes is to use redundancy.In SybilGuard,a node with degree d performs d random routes,one along each of its edges.Now imagine that a veri?er V tries to decide whether to accept a suspect S.Those routes that are loops can still be used,because they do not compromise security—they are simply less“effective.”We can also safely use all routes from S regardless of whether they extend to the sybil region: If S is an honest node,then using all routes simply increases the probability of some route intersecting with V’s routes.On the other hand,if S is a sybil node,then all of S’s routes still need to cross the attack edges before intersecting with V’s routes that are in the honest region.Because of the convergence property,we can easily see that this will not compromise SybilGuard’s guarantees(Section3). On the other hand,if a route from V extends to the sybil region, V will not be able to bound the number of sybil nodes using that route.V uses the following technique to mask the misleading effects of routes extending to the sybil region.For each of V’s routes,as long as at least one route from S intersects that route from V,that route from V accepts S.If at least a threshold t of V’s routes accept S,V accepts S.The parameter t involves the following tradeoff:if t is too small,then V may have a large probability of having more than t routes enter the sybil region;if t is too large,then V may have
e3 => e4e5 => e4e1 => e2e2 => e3e2 => e1
e3 => e2
e4 => e3
e4 => e5
1 ... 1 C 1 A 1 B
2 ...
2 ...
2 A
2 B
1 ...1 B 1 C 1 D
2 ... 2 ...
2 C 2 D Node A Node B Node C Node D edge e2edge e4edge edge e5e1edge e3routing table
registry table for e1
registry table for e2
table for e3
registry table for e2
registry registry table for e5
table for e4
registry routing table
routing table
routing table
registry table for e3
registry table for e4
Figure 6:Maintaining the registry tables.In order to simplify this example,w =2,each node has exactly two edges,and the routing tables are carefully chosen.The node names in the reg-istry tables stand for the nodes’public keys.
trouble accepting other honest nodes if more than (d ?t )routes from V enter the sybil region and if the sybil nodes prevent intersection from happening.A simpli?ed analysis [27]shows that t =d /2tends to provide a good tradeoff,and this effectively becomes majority voting.
4.5Secure and Decentralized Design for Ran-dom Routes and Their Veri?cation
The previous sections explained the basics of random routes.In the actual SybilGuard protocol,these routes are performed in a completely decentralized way.The two local data structures (registry tables and witness tables)described in this section are the only data structures that each node needs to maintain.Also,propagating these tables to direct neighbors is the only action each node needs to take in order to perform random routes.
Registration.In SybilGuard,each node S with degree d must perform d random routes of w hops each and remember these routes.To prevent S from “lying”about its routes,SybilGuard requires S to register with all w nodes along each of its routes.A node Q along the route permits S to register only if S is one of the nodes that are within w hops “upstream”.When the veri?er V wants to verify S ,V will ask the intersection point (between S ’s route and V ’s route)whether S is indeed registered.
In this registration process,each node needs to use a “token”that cannot be easily forged by other nodes.Note that the availability of such tokens does not solve the sybil attack problem by itself,because a malicious user may have many such tokens.A node will be accepted based on its token.The token must be unforgeable to prevent the adversary from stealing the token of an honest node (unless the node is compromised).Our initial design of SybilGuard used a node’s IP address as its token and the node simply registered its IP address.This design assumed no IP spoo?ng,and was mainly suited for users with static or slowly changing IP addresses.
Our current design of SybilGuard uses public key cryptography for the tokens.This improved design does not rely on the stability of IP addresses,and is secure even under IP spoo?ng.Each honest node has a locally generated public/private key pair.Notice that these public and private keys have no connection with the edge keys (which are secret symmetric keys).Malicious nodes may create
as many public/private key pairs as they wish.We use the private key of each node as the unforgeable token,while the public key is registered along the random routes as a proof of owning the token.Note that we do not intend or need to solve the public key distribution problem,because we are not concerned with associating public keys to,for example,human beings or computers.The only property SybilGuard relies on is that the private key is unforgeable and its possession can be veri?ed.To perform the registration in a secure and completely decentralized manner,SybilGuard uses registry tables and witness tables,as described next.
Registry tables.Each node I maintains a registry table for each of its edges (Figure 6).The i th entry in the registry table for edge e lists the public key of the node whose random route enters I along e at its i th hop.For example,consider the registry table on C for edge e 3in Figure 6.Here,one of B ’s random routes is B →(via edge e 3)C →(via edge e 4)D .In other words,in the ?rst hop of this random route,B enters C via edge e 3.Thus the ?rst entry in the registry table is B ’s public key.Similarly,the second entry is A ’s public key.As a result,the registry table has w entries that are the public keys of the w “upstream”nodes along the direction of edge e 3from C .
Suppose that according to C ’s routing table,e 4is the outgoing direction corresponding to e 3(as in Figure 6).C will forward its registry table for e 3to its neighbor D along e 4,via a secure channel established using the edge key for e 4.D then populates its registry table for e 4by shifting the registry table from C downward by one entry and adding C ’s public key as the new ?rst entry.
As shown in Figure 6,this simple design will ultimately register each node’s public key with all nodes on its d random routes.The protocol does not have to proceed in synchronous rounds,and nodes in the system may start with empty registry tables.The overhead of the protocol is small as well.Even with one million nodes,if we were to use w =2000(already pessimistic given our simulation results),then a registry table is roughly 256KB when using 1024-bit public keys.For a node with 10neighbors,the total data sent is 2.56MB.A further optimization is to store cryptographically secure hashes of the public keys in the registry table instead of the actual public keys.With each hashed key being 160-bit,the total data sent by each node would be roughly 400KB.Finally,it is important to notice that registry table updates are needed only when social trust relationships change (Section 5).Thus,we expect the bandwidth consumption to be quite acceptable.
Witness tables.Registry tables ensure that each node registers with the nodes on its random routes.Each node,on the other hand,also needs to know the set of nodes that are on its random routes.This is achieved by each node maintaining a witness table for each of its edges.The i th entry in the table contains the public key (or its hash,if we use the above optimization)and the IP address of the node encountered at the i th hop of the random route along the edge.The public key will later be used for intersection and authentication purposes,while the IP address will be used as a hint to ?nd the node.If the IP address is stale or wrong,it will have the same effect as the intersection node being of?ine.(Of?ine nodes are addressed in Section 5.1.)
The witness table is propagated and updated in a similar fashion as the registry table,except that it propagates “backward”(using the reverse of the routing table).In this way,a node will know the w “downstream”nodes along the direction of each of its edges,which is exactly the set of nodes that are on its random routes.Different from registry tables,witness tables should be updated when a node’s IP address changes (even with a static social network).But this updating can be done lazily,given the optimizations described below in the veri?cation process.
Veri?cation process.For a node V to verify a node S ,V needs to perform an intersection between each of its random routes and all of S ’s random routes.To do this,S sends all of its witness tables to V ,together with S ’s public key.The communication overhead in this step can be reduced using standard optimizations such as Bloom Filters [14]to summarize the nodes in witness tables.
For each of V ’s witness tables,V performs an intersection with all of S ’s tables,and determines the (hashed)public key of the ?rst intersection point X (if any)on V ’s route.V then contacts X using the recorded IP address in the witness table as a hint.V authenticates X by requiring X to sign each message sent,using its private key.If hashed keys are used,X also sends its public key,which V hashes and compares with the stored hash,before authenticating X .If X cannot be found using the recorded IP address,V will try to obtain X ’s IP address from nearby nodes in the witness table.They will likely have X ’s more up-to-date IP address because they are near X .Because V will always authenticate X based on X ’s public key,this does not introduce a vulnerability.
V then checks with X whether S ’s public key is indeed present in one of X ’s registry tables.The entry number is not relevant.If it is present,then that route from V accepts S .If at least half of V ’s routes accept S ,V accepts S (i.e.,S ’s public key).Finally,when interacting with S ,V always authenticates S by requiring S to sign every message sent,using its private key.
Key revocation.A node can easily revoke its old public/private key pair by unilaterally switching to a new public/private key pair,and then using the new public key in its registry table and witness table propagation.The old public key in registry and witness tables will be overwritten by the new public key.
Sybil nodes.We described the protocol for the case where all nodes behave honestly.A sybil node may not follow the protocol and may arbitrarily manipulate the registry tables and witness tables.SybilGuard is still secure against such attacks.To understand why and obtain intuition,it helps to consider the set of all registry table entries on all honest nodes in the system.For simplicity,assume that all honest nodes have the same degree d .Thus there are altogether,n ·d ·w registry table entries in the system.
Consider a malicious node M and a single attack edge connecting an honest node A with M .Clearly,M can propagate to A an arbi-trary registry table,thus polluting the w entries in A ’s registry table.Suppose A next forwards the registry table to B ,who shifts the table downward and adds A as the ?rst entry.Thus w ?1entries in B ’s registry table are polluted.Continuing this argument,we see that a single attack edge enables M to control w +(w ?1)+...+1≈w 2/2entries system-wide.With g attack edges and even when gw ap-proaches n ,the total number of polluted entries (gw 2/2)is still less than half of the total number of entries (n ·d ·w ).This provides some intuition why the number of accepted sybil nodes is properly bounded even though the adversary may not follow the SybilGuard protocol.
4.6Designing the Length of Random Routes
A critical design choice in SybilGuard is w ,the length of the random routes.The value of w must be suf?ciently small to ensure that (i)a veri?er’s random route remains entirely within the honest region with high probability;and (ii)the size of sybil groups is not excessively large.On the other hand,w must be suf?ciently large to ensure that routes will intersect with high probability.In the following,we provide some analytical assurance that hav-ing w =Θ(√
n log n )will likely satisfy the above requirements si-multaneously.Our results are for random walks instead of the random routes used in SybilGuard—considering random walks al-lows us to leverage the well-established theory on such walks.Our
full paper [27]explains how these results likely apply to random routes,which will be further con?rmed in our later experiments.We ?rst study the probability that a random walk starting from a random honest node enters the sybil region of the topology.T HEOREM 1.For any connected and non-bipartite social net-work,the probability that a length-w random walk starting from a uniformly random honest node will ever traverse any of the g attack edges is upper bounded
by gw /n .In particular,when w =Θ(√n log n )and g =o (√n /log n ),this probability is o (1).We leave the proof to our full paper [27].The condition of “con-nected and non-bipartite”on the social network serves to exclude theoretical corner cases.As long as the network has any cycle with an odd number of edges,the network is non-bipartite.The actual likelihood,as shown in our later experiments,is much better than the above pessimistic theoretical bound of gw /n .
We should point out that the above theorem provides only an “average”guarantee for all honest nodes.Those honest nodes that are closer to attack edges are likely to have a larger probability of walking into the sybil region.Our later simulation results,however,will show that using the redundancy techniques from Section 4.4will give most nodes a high probability of success.The next property we would like to show is that w =Θ(√
n log n )is likely to be suf?ciently large for routes from an honest veri?er and an honest suspect to intersect with high probability.Such a property for random walks has been rigorously proved [3,15]in several other contexts,and thus we only give a high-level review.First,we need to provide some informal background.With a length-w random walk,clearly the distribution of the ending point of the walk depends on the starting point.However,for connected and non-bipartite graphs,the ending point distribution becomes independent of the starting point when w →∞.This distribution is called the stationary distribution of the graph.The mixing time T of a graph quanti?es how fast the ending point of a random walk approach the stationary distribution.In other words,after Θ(T )steps,the node on the random walk becomes roughly independent of the starting point.If T =Θ(log n ),the graph is called fast mixing .
Many randomly-grown topologies are fast mixing,including so-cial networks (or more speci?cally,small-world topologies)
[6,11].Thus,a walk of Θ(√n log n )steps contains Θ(√n )independent samples drawn roughly from the stationary distribution.When the veri?er’s and the suspect’s walks remain in the honest region,both walks draw Θ(√n )independent samples from roughly the same dis-tribution.It follows from the generalized Birthday Paradox [3,15]that they intersect with probability 1?o (1).
4.7
Locally Determining the Appropriate Length of Random Routes
Because SybilGuard is decentralized,each node needs to locally determine w .Directly setting w =Θ(√n log n )requires the knowl-edge of n .This is challenging because we must exclude sybil nodes when estimating n ,which requires running SybilGuard with an appropriate w .
Instead,to locally determine w ,a node A ?rst performs a short random walk (e.g.,10hops),ending at some node B .Because the random walk is short,with high probability,it stays in the honest region and B is an honest node.Next A and B conceptually both perform random routes to determine how long the two routes need to be to intersect.In practice,A and B should have already performed random routes along all directions,thus B simply needs to hand over one of its witness tables to A .It is important here to use a standard random walk (instead of a random route)to choose B ,otherwise A ’s random route will always intersect with B within a small number of
hops.Also,our later simulation will show that even a walk as short as 3hops suf?ces to obtain good estimations on w in a million-node social network.
The intuition behind the above design is that in fast mixing graphs,a random walk of short length is suf?cient to approach the stationary distribution.Thus,B is just a random node drawn from the station-ary distribution,and the procedure yields a random sampling of w .The sampling,however,is biased because the stationary distribution is not necessarily a uniform distribution and B is more likely to be a higher-degree node than a lower-degree node.On the other hand,notice that if we start a random walk from a uniformly random node C ,then after Θ(T )steps (T being the mixing time),the walk will be at a node roughly drawn from the stationary distribution.Thus the needed route length for two routes (starting from A and C ,respec-tively)to intersect is at most Θ(T )+w .Since w =Θ(√n log n )and T =Θ(log n ),we can safely ignore the term of Θ(T ),which will be further con?rmed in our later experiments.
Finally,node A obtains multiple such samples using the above procedure,and calculates the median m of the samples (see Section 6for the number of samples needed).It then sets w =2.1m ,where the constant 2.1is derived from our analysis of Birthday Paradox distributions [27].The analysis proves that multiplying the median by 2.1is suf?cient to ensure a collision probability of 95%,regard-less of n .Note that when B is itself a sybil node or the random route from either A or B enters the sybil region,the adversary controls that particular sample.Thus,using the median sample to estimate w is much more robust than directly using the 95th percentile.
5.SYBILGUARD UNDER DYNAMICS
Our protocol so far assumes that the social network is static.In decentralized distributed systems,a typical user ?rst downloads and installs the software (i.e.,the user is created ).The node cor-responding to the user may then freely join or leave the system (i.e.,become online and of?ine )many times.Finally,the user may decide to uninstall the software and never use it again (i.e.,the user is deleted ).Node join/leave tends to be much more frequent than user creation/deletion.For example,dealing with frequent node join/leave (or “churn”)is often a critical problem faced by DHTs.SybilGuard is designed such that it needs to respond only to user creation/deletion,and not to node churn.The social network in this paper always includes all users/nodes that have been created and not yet deleted.In other words,many of the nodes in the graph can be of?ine at any given time.
5.1Dealing with Of?ine Nodes
In SybilGuard,a node communicates with other nodes only when (i)it tries to verify another node,and hence needs to contact the intersection nodes of the random routes,and (ii)it propagates its registry and witness tables to its neighbors.
For the ?rst scenario,because both the veri?er V and the suspect S perform multiple random routes (Section 4.4),there will likely be multiple intersections.In fact,even a single route from V and a single route from S may still have multiple intersections.The veri?cation can be done as long as a majority of V ’s routes have at least one intersection point online.
For propagating registry and witness tables,note that this occurs when a random route changes,due to user creation/deletion or edge creation/deletion in the social network.Witness table propagation may also be needed when IP addresses change,but such updating can be performed lazily (Section 4.5).Previous studies [5]on p2p sys-tems show that despite high node churn rate,user creation/deletion occurs only infrequently and the average user lifetime is roughly
a
Figure 7:Incremental maintenance of routing tables.The ex-ample assumes that d =3and k =2.Note that after edge e 4is added,only routes entering via edge e 2need to be redirected.year.Similarly,people make and lose social trust relations in real life over months-long time horizons.Thus,the system can afford to take days to completely propagate a new registry or witness table,waiting for nodes to come online.In the case of a new user,prior to becoming a full participant,she can always use the system via a friend as a proxy.As an optimization,a simple lookahead routing table design [27]may further help to bypass some of?ine nodes.For a given node and a given edge adjacent to the node,the lookahead routing table (established in a secure way)records which nodes the route should traverse on the next k hops.
In the process of propagating/updating registry and witness tables,the social network may change again.Thus,it is helpful to consider it as a decentralized,background stabilization process.This means that if the topology were to stop changing,then the registry and witness tables would eventually stabilize to a consistent state for this (now static)topology.
5.2Incremental Routing Table Maintenance
When users and edges are added or deleted in the social network,the routing tables must be updated as well.Adding a new node can be considered as ?rst adding a node with no edges and then successively adding its edges one by one.Deleting a node can be considered similarly.Thus we only need to discuss edge creation and deletion.
We ?rst explain how A updates its routing table when a new edge is added between A and B .Suppose A ’s original degree is d and its original routing table is the permutation “x 1,x 2,...,x d ”.A trivial way to update A ’s routing table would be to pick a new random permutation of “1,2,...,d ,d +1”that is unrelated to “x 1,x 2,...,x d ”.Doing so,however,would affect/redirect many routes,and incur unnecessary overhead in updating registry and witness tables.
Instead,SybilGuard uses an incremental maintenance algorithm where only routes entering A along a speci?c edge may be affected (Figure 7).This reduces the expected overhead on the network by a factor of almost d .In this algorithm,when a new edge is added to A ,A chooses a uniformly random integer k between 1and d +1,inclusive.If k =d +1,then A ’s new routing table will be “x 1,x 2,...,x d ,d +1”.If 1≤k ≤d ,A ’s new routing table will be “x 1,x 2,...,x k ?1,d +1,x k +1,...,x d ,x k ”.In other words,we replace x k (if exists)with d +1,and then append x k to the end of the permuta-tion.Similarly,for edge deletion,suppose A ’s original routing table is “x 1,x 2,...,x d ,x d +1”.Without loss of generality,assume that we are deleting edge d +1,and let k be such that x k =d +1.If k =d +1,then A ’s new routing table is trivially “x 1,x 2,...,x d ”.Otherwise the new routing table will be “x 1,x 2,...,x k ?1,x d +1,x k +1,...,x d ”.In other words,we simply substitute x k with x d +1.For both insertion and deletion,only routes entering A via edge k are affected,and one
Figure8:A potential attack by M during node dynamics. can prove[27]that the resulting routing table is indeed a uniformly random permutation.
5.3Attacks Exploiting Node Dynamics
This section shows that performing random routes along all direc-tions(Section4.4)actually is necessary for security and provides a defense against potential attacks under node dynamics.We?rst explain the potential attack scenario.Suppose each node were to perform only a single random route,and consider the example in Figure8,where w=3.Here M is malicious and the other nodes are honest.M’s random route is M→A→B→C.Thus A,B,and C record M’s public key key1in their registry tables.Now another hon-est node D joins,and establishes edges with A and E.A updates its routing table,and suppose that routes from M now go to D instead of B.Being malicious,M launches the attack by changing its public key to key2.Now A,D,and E will record key2in their registry tables.At this point,key1is registered on w?1nodes,while key2 is registered on w nodes.Both of them are likely to be successfully veri?ed with good probability.
The source of the above vulnerability is that when the routing table on A changes,the system needs to“revoke”the stale entry of key1from the registry tables on B and C,because M’s random route no longer passes through these nodes.Explicitly revoking stale entries would introduce considerable complexity because B and C may be of?ine.An alternative design would be to associate TTLs with table entries,which unavoidably introduces a trade-off between security and overheads to refresh expired entries. SybilGuard prevents the above attack by having all nodes perform random routes along all directions.In particular,if D(with key3)has a random route of D→A→B→C,then key3will overwrite M’s key1.It is also possible that D’s route may not be D→A→B→C. However,it is easy to show that the stale entries will always be overwritten by some node.To understand why,suppose that an entry in B’s registry table indicates that B is the i th hop in the random route of M.If this entry is stale,it means that B is no longer the i th hop in M’s route.From the back-traceable property of random routes,there must exist another node F somewhere,such that one of F’s routes visits B at the i th hop.Thus F’s public key will overwrite the stale entry on B.In other words,the back-traceable property ensures that for any registry table entry,there is one and exactly one“owner”. Under node dynamics,ownership may change and there may be temporary periods where a malicious user“owns”more entries than it should.However,after the system stabilizes,all entries will be “owned”by the right owner.Based on such observations,we can easily see that other similar attacks under node dynamics will be prevented by SybilGuard as well.
6.EV ALUATION
This section uses simulation to evaluate the guarantees of Sybil-Guard.We choose to use simulation because it enables us to study large-scale systems.Because social networks tend to contain private information,there are only a limited number of publicly available
0.2
0.4
0.6
0.8
1
0 500 1000 1500 2000 2500
P
r
o
b
[
h
a
v
e
g
i
v
e
n
#
o
f
i
n
t
e
r
s
e
c
t
]
Length of random routes
with redundancy (>= 10)
no redundancy (>= 1)
no redundancy (>= 10)
Figure9:Probability of intersection.The legend“with redun-dancy”means that each node performs random routes along all directions,while“no redundancy”means performing a single random route.The legend“(>=x)”means that we are consid-ering the probability of having at least x distinct intersections. SybilGuard corresponds to“with redundancy(>=10)”.
social network datasets.Those that are publicly available[2,1]are quite small,which prevents a thorough evaluation of probabilistic guarantees.Thus we use the widely accepted Kleinberg’s synthetic social network model[12]in our evaluation,which generalizes from the Watts-Strogatz model[25].We use the model to instantiate three different graphs:a million-node graph with average node degree of 24,a10000-node graph with average degree of24,and a100-node graph with average degree of12.For space limitations,we leave to[27]a review of the model and the detailed parameters.We also focus on the million-node graph,and present only summary results for the other two graphs.All results below are for the million-node graph unless otherwise mentioned.
6.1Results with No Malicious Users
We start by studying the basic behavior of SybilGuard when there are no malicious users.Without malicious users,the only property we are concerned with is whether an honest veri?er accepts an honest suspect.This is affected by:(i)whether the random routes from the two nodes intersect;(ii)whether the random routes from the two nodes are loops(which will decrease the chance of intersection); (iii)whether there is at least one intersection node online;and(iv) whether the needed length of random routes is properly estimated. Probability of random routes being loops.As discussed in Sec-tion4.4,if a random route becomes a loop,then its effective length is reduced.Our simulation shows that99.3%of the routes do not form loops in their?rst2500hops(while later we will show that the needed length of the routes is below2000).Furthermore,with the redundancy technique in Section4.4,all the nodes in our simulation have at least one route that is not a loop within their?rst2500hops. For the10000-node topology,99.7%of the routes do not form loops in their?rst200hops,which is above the needed route length.For the100-node topology,90%of the routes do not form loops in the ?rst50hops,which is again above the needed route length.
As the results show that loops are quite rare,and also because they only impact effectiveness rather than security,we will not investigate them further.In all our results below,we do not distinguish loops from non-loops,and thus all the results will already capture the impact of random routes being loops.
Probability of an honest node being successfully accepted.We move on to study the probability of the veri?er V accepting the suspect S.For V to accept S,their routes must intersect and at least one intersection must be online.We do not directly model nodes
0.005
0.01 0.015 0.02 0.0253000
20001000F r a c t i o n
Number of hops before first intersection uniformly random
0.005
0.01 0.015 0.02 0.0253000
20001000F r a c t i o n
Number of hops before first intersection
3-hops away
Figure 10:Probability distribution histogram for the number of hops needed before the ?rst intersection.
being online or of?ine.Rather,we assume that as long as there are at least 10intersections,the veri?cation succeeds.Note that even when nodes are online only 20%of the time,the probability that at least one out of 10intersections is online is already roughly 90%.Figure 9plots the probability of V successfully accepting S ,as a function of w (length of the random routes).For better under-standing,we also include in Figure 9two other curves for the cases where each node performs a single random route,and seeks either at least 1or 10intersections.The results show that in a million-node social network,even having a w as small as 300yields a 99.96%probability of having at least 10intersections.On the other hand,if we do not exploit redundancy,the needed length will be much larger.For our 10000-node topology,w =30yields a 99.29%probability of having at least 10intersections.For the 100-node topology,w =15gives us a probability of 99.97%.
Estimating the needed length of the routes w .In SybilGuard,each node infers the needed length of the routes using the sampling technique described in Section https://www.wendangku.net/doc/da7727714.html,ing this technique,a node A ?rst performs a short random walk ending at some node B .Then A and B both perform random routes to determine how long the routes need to be in order to intersect.Such estimation would be entirely accurate if (i)B were chosen uniformly randomly from all nodes in the system;and (ii)the number of samples were in?nite.In practice,however,neither condition holds.
To gain insight into the impact of B not actually being a uniformly random node,Figure 10depicts the distribution of the number of hops before intersection,comparing the case when B is chosen uniformly at random to the case when B is chosen using a 3-hop random walk from A .As the ?gure shows,the two distributions are quite similar.This will help to explain later the small impact of B not being uniformly random.Based on the distribution when B is chosen uniformly at random,we obtain an accurate w of 1906needed for 95%of the pairs to intersect.This value of 1906will be used as a comparison with SybilGuard’s estimated w .
To understand the error introduced by having only a ?nite number of samples,we study how the estimated w ?uctuates and approaches 1906as a node takes more and more samples.This experiment is repeated from multiple different nodes.In all cases,we observe that the estimated w always falls within 1906±300after 30samples.While after 100samples,the estimated w always falls within 1906±150.These results show that the estimated w is accurate enough even after a small number of samples.Even with only 30samples and a worst case estimated w of 1606,Figure 9still shows a close-to-100%intersection probability when using redundancy.On the other hand,because taking each sample only involves a 3-hop random walk and the transfer of a witness table,the overhead is quite small.Finally,since the number of users n changes slowly and w changes roughly proportionally to √n log n ,we do not expect w to change rapidly.Thus a node needs only to re-estimate w ,for example,on
a daily basis.For our 10000-node topology,the accurate w is 197,and the estimated w falls within 197±30after 35samples.For the 100-node topology,the accurate w is 24,and the estimated w falls within 24±7after 40samples.
6.2Results with Sybil Attackers
Next we study the behavior of SybilGuard when there are malicious users.In most security research,the term “malicious user”typically refer to a single malicious user who does not assume additional identities.In this paper,however,malicious users refer to powerful attackers who have the sophistication and computation power to launch sybil attacks.For clarity,we use “sybil attackers”to refer to these users in our evaluation.Each of these sybil attackers can potentially create an unlimited number of “malicious users”.
Sybil attackers in?uence the system by creating attack edges.There are clearly many possibilities regarding where the attack edges are in the graph,and we consider two extremes in our experiments.In random ,we repeatedly pick uniformly random nodes in the graph as sybil attackers,until the total number of attack edges reaches a certain value.In cluster ,we start from a “seed”node and perform a breadth-?rst search from the seed.Nodes encountered are marked as sybil attackers,until the total number of attack edges reaches a certain value.All our results below are based on random placement,unless explicitly mentioned.We have obtained all corresponding results for cluster as well,which are always slightly better but the difference is usually negligible.The reason for better results under cluster is that the random routes are more likely to cross attack edges under random .
For our experiments based on the million-node graph,we vary the number of attack edges g from 0to 2500.When g =2500,there are roughly 100nodes marked as sybil attackers.It is crucial to understand that just having 100sybil attackers in the system will not necessarily result in 2500attack edges—on average,each attacker must be able to convince 25real human beings to be his friend.The hardness of creating these social links is what SybilGuard relies on.In the presence of sybil attackers,we are concerned with several measures of “goodness”:(i)the probability that an honest node accepts more than g ·w sybil nodes;(ii)the probability that an honest node accepts another honest node;and (iii)the impact of sybil nodes on estimating w .
Probability of an honest node accepting more than g ·w sybil nodes.Routes from an honest veri?er V may enter the sybil region,and the adversary can then direct the routes to intersect with the routes of all sybil nodes.As explained in Section 4.4,SybilGuard uses redundant routes and majority voting to limit the in?uence of such problematic routes.The curve labeled “majority routes”in Figure 11shows the probability that the majority of an honest node’s routes remain entirely in the honest region.Here we use w =1906as obtained before (the same is true for all the following
0.2 0.4 0.6 0.8 1 0
500 1000 1500 2000 2500P r o b a b i l i t y
Number of attack edges
majority routes single route
Figure 11:Probability of routes remaining entirely within the honest region.
experiments).If a majority of the routes are in the honest region,then the remaining routes will not constitute a majority,and the adversary will not be able to fool the node into accepting more than g ·w sybil nodes.As we can see from the ?gure,the probability is always almost 100%before g =2000,and only drops to 99.8%when g =2500.This means that even with 2500attack edges,only 0.2%of the nodes are not protected by SybilGuard.These are mostly nodes adjacent to multiple attack edges.In some sense,these nodes are “paying the price”for being friends of sybil attackers.For the 10000-node topology and the 100-node topology,g =204and g =11will result in 0.4%and 5.1%nodes unprotected,respectively.For better understanding,Figure 11also includes a second curve showing the probability of a single route remaining entirely in the honest region.
Probability of an honest node being successfully accepted.In the presence of sybil nodes,the probability that an honest veri?er V accepts another honest suspect S decreases.First,the routes from S may enter the sybil region,and the adversary can prevent these routes from intersecting with V ’s routes.The same is true for V ’s routes.Second,the presence of sybil nodes necessitates the technique of majority voting as in Section 4.4.This means that among the d routes from V ,at least d /2routes need to successfully accept S before V can accept S .
To capture the worst case scenario,here we will assume that after a route (from V or S )enters the sybil region,the rest of the route can no longer be used for veri?cation/intersection.In some sense,the presence of sybil nodes “prunes”the routes.As in Sec-tion 6.1,we assume that a “pruned”route from V accepts S if it has at least 10distinct intersections with S ’s “pruned”routes.Finally,V successfully accepts S if a majority of V ’s routes accept S .
Figure 12presents the probability of V accepting S ,as a function of the number of attack edges g .This probability is still 99.8%with 2500attack edges,which is quite satisfactory.The case without using redundancy is much worse (even if we seek only a single intersection),demonstrating that exploiting redundancy is necessary.For our 10000-node topology and 100-node topology,g =204and g =11give probabilities of 99.6%and 87.7%,respectively.Notice that a 87.7%probability does not mean that 12.3%of the nodes will not be accepted by the system.It only means that given a veri?er,12.3%of the nodes will not be accepted by that veri?er.Each honest node,on average,should still be accepted by 87.7%of the honest nodes (veri?ers).
Estimating the needed length of the routes w .The ?nal set of experiments seeks to quantify the impact of sybil nodes on the estimated w .Recall that to estimate w ,a node A performs a short (3-hop in our experiments)random walk ending at some node B .A and B then both perform random routes to determine when the two routes intersect,which is used as a sample.The sample taken is bad (i.e.,potentially in?uenced by the adversary)if any of the
0.2 0.4 0.6 0.8 1 0
500 1000 1500 2000 2500P r o b a b i l i t y
Number of attack edges
with redundancy (>= 10)no redundancy (>= 1)Figure 12:Probability of an honest node accepting another honest node (i.e.,having at least a target number of intersec-tions).The legends are the same as in Figure 9,and SybilGuard corresponds to “with redundancy (>=10)”.
two routes or the short random walk enters the sybil region.Our simulation shows that the probability of obtaining bad samples roughly increases linearly with the number of attack edges g .Even when g reaches 2500,the fraction of bad samples is still below 20%.Since our estimation uses the median of the samples,these 20%bad samples will have only limited in?uence on the estimate for w .For our 10000-node topology and 100-node topology,the fraction of bad samples is always below 20%when g ≤204and g ≤11,respectively.
7.RELATED WORK
The sybil attack [9]is a powerful threat faced by any decentralized distributed system (such as a p2p system)that has no central,trusted authority to vouch for a one-to-one correspondence between users and identities.As mentioned in Section 1,the ?rst investigation [9]into sybil attacks already proved a series of negative results.
Bazzi and Konjevod [4]proposed using network coordinates [17]to foil sybil attacks,and a similar idea has also been explored for sensor networks [21].The scheme relies on the assumption that a malicious user can have only one network position,de?ned in terms of its minimum latency to a set of beacons.However,with network coordinates in a d -dimensional space,an adversary controlling more that d malicious nodes at d different network positions can fabricate an arbitrary number of network coordinates,and thus break the defense in [4].This is problematic because d is usually a small number (e.g.,<10)in practice.Moreover,a solution based on network coordinates fundamentally can only bound the number of sybil groups and not the size of the sybil groups.
Danezis et al.[8]proposed a scheme for making DHT lookups more resilient to sybil attacks.The scheme leverages the bootstrap tree of the DHT,where two nodes share an edge if one node intro-duced the other into the DHT.The insight is that sybil nodes will attach to the rest of the tree only at a limited number of nodes (or attack edges in our terminology).One can imagine de?ning a similar notion of equivalence groups here,which correspond to subtrees.The scheme can then properly bound the number of sybil groups.In comparison,SybilGuard exploits the graph property in social networks instead of the bootstrap tree,which helps to achieve much stronger properties.First,SybilGuard is able to further bound the size of sybil groups,which is not possible based on bootstrap trees.As a result,even with a single attack edge,the results in [8]deterio-rate as the adversary creates more and more sybil nodes.Second,SybilGuard guarantees roughly √n equivalence groups to ensure suf?cient diversity.A bootstrap tree can be in any shape and thus the number of equivalence groups can be rather small.Third,the sizes of different equivalence groups in SybilGuard are roughly the same.In the bootstrap tree approach the sizes can be quite different,which
can lead to signi?cant load imbalance.Finally,compromising even a single node in the bootstrap tree will disconnect the tree,breaking the assumption of the scheme.
Sybil attacks in sensor networks.Sybil attacks have also been studied for sensor networks[16].The solutions there,such as radio resource testing and random key predistribution,unfortunately do not apply to distributed systems in the wide-area.A sybil-related attack in sensor networks is the node replication attack[18],where a single compromised sensor is replicated inde?nitely,by loading the node’s cryptographic information into multiple generic sensor nodes. All these replicated nodes have the same ID(e.g.,they all have to use the same secret key issued to the compromised sensor).The solution[18],which is based on simple random walk intersection, does not extend to sybil attacks because the sybil nodes do not necessarily share a single,veri?able ID.
Sybil attacks in reputation systems.In a reputation system,each user has a rating describing how well the user behaves.For example, eBay ratings are based on users’previous transactions with other users.Sybil attacks can create a large number of sybil nodes that collude to arti?cially increase a user’s rating.Known defenses [7,10,20]against such attacks aim at preventing the sybil nodes from boosting a malicious user’s rating(and attracting buyers,in the case of eBay).They cannot and do not aim to control the number or size of sybil groups.All the sybil nodes are able to obtain the same rating/reputation as the malicious user.Thus the sybil attack problem in reputation systems is fundamentally different from the one solved by SybilGuard.
In some other reputation systems such as Credence[24],users cast votes regarding the validity of shared?les.The votes are then combined using a weighted average based on the ratings of the user. Sybil nodes are able to dramatically in?uence the average(even when applying the techniques from[7]),and thus Credence relies on a central authority to limit sybil nodes[24].
Trust networks and random walks.The social network in Sybil-Guard is one kind of trust network.Many previous works[7,10,24] use trust networks that are based on past successful transactions or demonstrated shared interest between users.The trust associated with our social network is much stronger,which is essential to the effectiveness of SybilGuard.Such a strong-trust social network is also leveraged by LOCKSS[13],where the veri?er accepts all its direct social friends,as well as a proportional number of other nodes. The total number of nodes accepted(proportional to the degree of the veri?er)can be orders of magnitude smaller than the system size.Because a node can only accept and thus use a limited number of other nodes in the system,LOCKSS is more suited for speci?c application scenarios such as digital library maintenance.
Trust propagation or transitive trust is a technique that researchers often use on trust networks[7,10,20,24].SybilGuard is more related to exploiting graph properties rather than trust propagation. Random walks have also been used to infer worm origin[26]by identifying nodes with a small number of incoming messages but with a large number of outgoing?ows.Such techniques are not, however,applicable or related to sybil attacks.
8.CONCLUSION
This paper presented SybilGuard,a novel decentralized protocol for limiting the corruptive in?uences of sybil attacks,by bounding both the number and size of sybil groups.SybilGuard relies on properties of the users’underlying social network,namely that(i) the honest region of the network is fast mixing,and(ii)malicious users may create many nodes but relatively few attack edges.In all our simulation experiments with one million nodes,SybilGuard ensured that(i)the number and size of sybil groups are properly bounded for99.8%of the honest users,and(ii)an honest node can accept,and be accepted by,99.8%of all other honest nodes. Currently we are working on obtaining real social network data to further validate SybilGuard.
9.ACKNOWLEDGMENTS
We thank David Andersen,Michael Freedman,Petros Maniatis, Adrian Perrig,Srinivasan Seshan,and the anonymous reviewers for many helpful comments on the paper.
10.REFERENCES
[1]Center for Computational Analysis of Social and Organizational Systems
(CASOS),2006.
https://www.wendangku.net/doc/da7727714.html,/computational tools/data.php. [2]International Network for Social Network Analysis,2006.
https://www.wendangku.net/doc/da7727714.html,/INSNA/data inf.htm.
[3]I.Abraham and D.Malkhi.Probabilistic quorums for dynamic systems.In
DISC,2003.
[4]R.Bazzi and G.Konjevod.On the establishment of distinct identities in overlay
networks.In ACM PODC,2005.
[5]W.J.Bolosky,J.R.Douceur,D.Ely,and M.Theimer.Feasibility of a serverless
distributed?le system deployed on an existing set of desktop PCs.In ACM
SIGMETRICS,2000.
[6]S.Boyd,A.Ghosh,B.Prabhakar,and D.Shah.Gossip algorithms:Design,
analysis and applications.In IEEE INFOCOM,2005.
[7] A.Cheng and E.Friedman.Sybilproof reputation mechanisms.In ACM
SIGCOMM Workshop on Economics of Peer-to-Peer Systems,2005.
[8]G.Danezis,C.Lesniewski-Laas,M.F.Kaashoek,and R.Anderson.
Sybil-resistant DHT routing.In European Symposium On Research In
Computer Security,2005.
[9]J.Douceur.The Sybil attack.In IPTPS,2002.
[10]M.Feldman,https://www.wendangku.net/doc/da7727714.html,i,I.Stoica,and J.Chuang.Robust incentive techniques for
peer-to-peer networks.In ACM Electronic Commerce,2004.
[11] A.D.Flaxman.Expansion and lack thereof in randomly perturbed graphs.
Manuscript under submission,2006.
[12]J.Kleinberg.The small-world phenomenon:An algorithm perspective.In
STOC,2000.
[13]P.Maniatis,M.Roussopoulos,T.Giuli,D.S.H.Rosenthal,and M.Baker.The
LOCKSS peer-to-peer digital preservation system.ACM TOCS,23(1),2005. [14]M.Mitzenmacher and E.Upfal.Probability and Computing.Cambridge
University Press,2005.
[15]R.Morselli,B.Bhattacharjee,A.Srinivasan,and M.Marsh.Ef?cient lookup on
unstructured topologies.In ACM PODC,2005.
[16]J.Newsome,E.Shi,D.Song,and A.Perrig.The Sybil attack in sensor
networks:Analysis&defenses.In ACM/IEEE IPSN,2004.
[17]T.S.E.Ng and H.Zhang.Predicting internet network distance with
coordinates-based approaches.In IEEE INFOCOM,2002.
[18] B.Parno,A.Perrig,and V.Gligor.Distributed detection of node replication
attacks in sensor networks.In IEEE Symposium on Security and Privacy,2005.
[19] A.Ramachandran and N.Feamster.Understanding the network-level behavior
of spammers.In ACM SIGCOMM,2006.
[20]M.Richardson,R.Agrawal,and P.Domingos.Trust management for the
semantic web.In International Semantic Web Conference,2003.
[21]N.Sastry,U.Shankar,and D.Wagner.Secure veri?cation of location claims.In
ACM Workshop on Wireless Security,2003.
[22]I.Stoica,R.Morris,D.Karger,F.Kaashoek,and H.Balakrishnan.Chord:A
scalable peer-to-peer lookup service for internet applications.In ACM
SIGCOMM,2001.
[23]L.von Ahn,M.Blum,N.J.Hopper,and https://www.wendangku.net/doc/da7727714.html,ngford.CAPTCHA:Telling
humans and computers apart.In Eurocrypt,2003.
[24]K.Walsh and E.G.Sirer.Experience with an object reputation system for
peer-to-peer?lesharing.In USENIX NSDI,2006.
[25] D.J.Watts and S.H.Strogatz.Collective dynamics of‘small-world’networks.
Nature,393(6684),1998.
[26]Y.Xie,V.Sekar,D.Maltz,M.Reiter,and H.Zhang.Worm origin identi?cation
using random moonwalks.In IEEE Symposium on Security and Privacy,2005.
[27]H.Yu,M.Kaminsky,P.B.Gibbons,and A.Flaxman.SybilGuard:Defending
against sybil attacks via social networks.Technical Report IRP-TR-06-01,Intel Research Pittsburgh,June2006.Also available at
https://www.wendangku.net/doc/da7727714.html,/~yhf/sybilguard-tr.pdf.
struggle的用法和短语例句
struggle的用法和短语例句 【篇一】struggle的用法 struggle的用法1:struggle的基本意思是“奋斗”,即为实现某一目的而尽力做某事。常指遇到有力的反抗而在逆境中拼搏或努力从 束缚中解脱出来。有时含有“挣扎”的意味。 struggle的用法2:struggle也可表示“(与某人)争斗,搏斗,打斗”,还可表示“艰难地(朝某方向)行进”。 struggle的用法3:struggle是不及物动词,与介词against连用,表示“同与之对立或对抗的人或物实行斗争”; 与介词for连用,表示“为…而斗争”。 struggle的用法4:struggle可接动词不定式作目的状语。 struggle的用法5:struggle的基本意思是“斗争”,表示抽象的行为,用作不可数名词; 表示具体的“打斗,搏斗,战斗,斗争”时,可用作可数名词。 struggle的用法6:struggle作“努力,奋斗”解时,一般用单数形式。 【篇二】struggle的常用短语 struggle against (v.+prep.) struggle along1 (v.+adv.) struggle along2 (v.+prep.) struggle for (v.+prep.) struggle in (v.+prep.) struggle on (v.+adv.)
struggle out (v.+adv.) struggle with (v.+prep.) 【篇三】struggle的用法例句 1. It's a constant struggle to try to keep them up to par. 要让他们达标,需要持续努力。 2. Curiously, the struggle to survive has greatly improved her health. 奇怪的是,她拼命求生的抗争使得她的健康状况大有好转。 3. He grandly declared that "international politics is a struggle for power". 他一本正经地宣称“国际政治是一场权力之争”。 4. This age-old struggle for control had led to untold bloody wars. 这场由来已久的对控制权的争夺已经引发了无数流血的战争。 5. It is only a hobby, not a life or death struggle. 这仅仅一项爱好,不需要拼死拼活地努力。 6. There is a ceaseless struggle from noon to night. 从中午到夜晚,争斗没有停歇。 7. He is currently locked in a power struggle with his Prime Minister. 他当前陷入了一场同的权力之争当中。 8. He praised her role in the struggle against apartheid.
品牌文化与企业文化的异同
品牌文化与企业文化的 异同 集团标准化工作小组 [Q8QX9QT-X8QQB8Q8-NQ8QJ8-M8QMN]
品牌文化与企业文化的异同管理的概念可以说是层出不穷,是最近业界谈的比较多的一个概念。和都有“文化”,但是不是说他们两者就是相同的这个问题值得我们深入地探讨。 文化是一个社会和群体形成的共同的信念、和行为方式,具有三个要素:精神、载体和群体。世界有三大文化圈,文化圈、基督教文化圈和伊斯兰教文化圈。这三大文化圈的历史都很悠久,人口都在10亿以上,影响非常深远。基督教文化强调“赎罪”,要拼命工作才能减轻罪过,所以为什么西方(美国、德国、以色列)这些国家的法律很规范、职业道德水平高、比较敬业,跟传统文化是分不开的。伊斯兰的意思是“和平、顺从”,只有按照真主的意愿去生活和工作,才能升入天国,所以这些国家的人都非常的虔诚,宗教色彩浓厚,这也导致了这些国家大都在经济上比较落后,思想上较为保守。文化圈包括中国、日本、韩国、东南亚国家,其精神内涵是道德、和谐、和睦、亲情,这些深刻地影响着我们每一个中国人。 另外,文化都需要载体,比如春节、端午节等很多节日都是亲情和家族文化的代表,中国人的婚丧嫁娶、衣食住行等很多风俗、仪式也都体现着文化的精神内涵,另外,很多故事、典故、寓言和英雄也都从不同层面反映和传承着文化,岳飞代表精忠报国,关羽代表忠义。文化的第三个要素是群体,没有群体也自然无法形成文化,而且,这个群体可以按民族(汉、回、满等)形成独特的民族文化,还可以按地区(南方、北方、西
北)形成地域文化,这些都是中华文化下面的亚文化。这些精神、风俗、仪式和群体结合在一起,就构成了从深层到表层的中华文化。 与都脱离不了文化,他们的形式和内容与文化都密切相关,细想一下,的塑造是不是也分成三个层次,核心理念(精神)、制度与行为(载体)、文化群体(不同职能部门)是不是也包括品牌精神、品牌传播(载体)、目标(群体)三个方面 笔者认为,与都是文化的一种表现形式,都是一种亚文化现象。我们可以从相同和不同两个方面来进行深入阐释。 首先,与有相通的地方。 一个企业的文化,是这个企业的、信念和行为方式的体现,打个形象的比喻,如果我们把企业当作一个人,当你第一次见到这个人,那么他的衣着打扮会给你第一印象,这就是公司的VI(视觉识别),包括公司的建筑、办公环境、办公器具、LOGO等表面的直观的有形实体;通过他的言行举止你又能了解到他的做事风格,这是的具体表现,但是究竟是什么决定了这个人的言行举止这就取决于他内心深处的和信念了,同样的,对于企业来说,是文化决定了这个企业的制度和行为,这个文化的核心,就是我们常说的和企业核心。那么什么是我们说日久见人心,你跟一个人经过长久交往,你发现了他可能是一个诚实、活泼、开朗的人,你对他的个性有一个认知,你觉得喜欢跟他交往,也许会成为知己。如果对于企业来说,这个企业给的心理感受和心理认同,就是或者叫品牌内涵,他是联系心理需求与企业的平台,是的最高阶段,目的是使在消费公司的产品和服务时,能够产生一种心理和情感上的归属感,并形成。比如,当我们提到,
品牌文化概述
品牌文化概述 品牌力要依托于品牌的文化内涵。 品牌文化是指通过赋予品牌深刻而丰富的文化内涵,建立鲜明的品牌定位,并充分利用各种强有效的内外部传播途径形成消费者对品牌在精神上的高度认同,创造品牌信仰,最终形成强烈的品牌忠诚。拥有品牌忠诚就可以赢得顾客忠诚,赢得稳定的市场,大大増强企业的竞争能力,为品牌战略的成功实施提供强有力的保障。是品牌在经营中逐步形成的文化积淀,代表了企业和消费者的利益认知、情感归属,是品牌与传统文化以及企业个性形象的总和。与企业文化的内部凝聚作用不同,品牌文化突出了企业外在的宣传、整合优势,将企业品牌理念有效地传递给消费者,进而占领消费者的心智。品牌文化是凝结在品牌上的企业精华。 品牌文化的核心是文化内涵,具体而言是其蕴涵的深刻的价值内涵和情感内涵,也就是品牌所凝炼的价值观念、生活态度、审美情趣、个性修养、时尚品位、情感诉求等精神象征。品牌文化的塑造通过创造产品的物质效用与品牌精神高度统一的完美境界,能超越时空的限制带给消费者更多的高层次的满足、心灵的慰籍和精神的寄托,在消费者心灵深处形成潜在的文化认同和情感眷恋。在消费者心目中,他们所钟情的品牌作为一种商品的标志,除了代表商品的质量、性能及独特的市场定位以外,更代表他们自己的价值观、个性、品位、格调、生活方式和消费模式;他们所购买的产品也不只是一个简单的物品,而是一种与众不同的体验和特定的表现自我、实现自我价值的道具;他们认牌购买某种商品也不是单纯的购买行为,而是对品牌所能够带来的文化价值的心理利益的追逐和个人情感的释放。因此,他们对自己喜爱的品牌形成强烈的信赖感和依赖感,融合许多美好联想和隽永记忆,他们对品牌的选择和忠诚不是建立在直接的产品利益上,而是建立在品牌深刻的文化内涵和精神内涵上,维系他们与品牌长期联系的是独特的品牌形象和情感因素。这样的顾客很难发生“品牌转换”,毫无疑问是企业高质量、高创利的忠诚顾客,是企业财富的不竭源泉。可见,品牌就像一面高高飘扬的旗帜,品牌文化代表着一种价值观、一种品位、一种格调、一种时尚,一种生活方式,它的独特魅力就在于它不仅仅提供给顾客某种效用,而且帮助顾客去寻找心灵的归属,放飞人生的梦想,实现他们的追求。 优秀的品牌文化是民族文化精神的高度提炼和人类美好价值观念的共同升华,凝结着时代文明发展的精髓,渗透着对亲情、友情、爱情和真情的深情赞颂,倡导健康向上、奋发有为的人生信条。优秀的品牌文化可以生生不息,经久不衰,引领时代的消费潮流,改变亿万人的生活方式,甚至塑造几代人的价值观。优秀的品牌文化可以以其独特的个性和风采,超越民族,超越国界,超越意识,使品牌深入人心,吸引全世界人民共同向往、共同消费。优秀的品牌文化可以赋予品牌强大的生命力和非凡的扩张能力,充分利用品牌的美誉度和知名度进行品牌延伸,进一步提高品牌的号召力和竞争力。最为重要的是,优秀的品牌文化还可以使消费者对其产品的消费成为一种文化的自觉,成为生活中不可或缺的内容。如美国人到异国他乡,一看到麦当劳就会不由自主地想去饮用,最主要的原因并不是麦当劳的巨无霸特别适合他们的口味,而是内心潜在的一种文化认同的外在流露,认为麦当劳是美国文化的象征,使他们看到麦当劳就倍感亲切,从而潜意识地产生消费欲望。正如劳伦斯·维森特在阐述传奇品牌的成功经验时指出的,这些品牌“蕴含的社会、文化价值和存在的价值构成了消费者纽带的基础”。
bring的详细用法
1. Bring 带来;拿来;领来?Did you bring an umb rella? 你带伞了吗? bring sb/sth to sb/sth ?Is it OK if I bring some friends to the party? 我带几个朋友来参加聚会行吗? bring sb/sth with you ?For some reason, Jesse had brought a tape recorder with him. 不知为什么,杰西带了一台盒式录音机来。 bring sb sth ?Can you bring me another beer? 你再给我拿一杯啤酒好吗? bring sb/sth to sb/sth ?He expects me to bring everything to him. 他指望我什么东西都给他带去。 2.引起〔某种情况或情感〕,造成,导致?efforts to bring peace to the region 给这个地区带来和平的种种努力?The strikes are expected to bring chaos. 预计罢工会造成混乱。 使处于某种状况?It was the war that first brought him to power (= make him have power over a country ) . 是战争首次将他推上权力宝座。 ?Bring the sauce to the boil (= heat it until it boils ) . 把调味汁煮沸。 bring sth to an end/a close/a halt/a conclusion 使某事结束?The trial was swiftly brought to an end. 庭审匆匆就结束了。 3.使朝某个方向移动bring sth up/down/round etc ?Bring your arm up slowly until it’s level with your shoulder. 慢慢举起手臂到齐肩的高度。?The storm brought the old oak tree crashing down. 暴风雨把这棵老橡树刮倒了。 4.促使某人去…what brings you here? (=used to ask why someone is in a particular place)什么风把你给吹来了? 5.带来〔可供人们使用、拥有或享受的东西〕;使得到;创造 ?The expansion of state education brought new and wider opportunities for working class children. 公立教育的普及为工人阶层出身的儿童带来了更多新的机会。 bring sth to sb/sth?The government is launching a new initiative to bring jobs to deprived areas. 政府正在出台一个新的方案,为贫困地区创造就业机会。 bring sb sth?It’s a good sign –let’s hope it will bring us some luck. 这是一个好征兆——但愿会给我们带来好运。 6.〔某段时间〕带来;使发生 ?Who knows what the future will bring? 谁知道未来会发生什么?
品牌文化vs企业文化(1)
品牌文化vs企业文化 管理的概念可以说是层出不穷,品牌文化是最近业界谈的比较多的一个概念。品牌文化和企业文化都有“文化”,但是不是说他们两者就是相同的?这个问题值得我们深入地探讨。 文化是一个社会和群体形成的共同的信念、价值观和行为方式,具有三个要素:精神、载体和群体。世界有三大文化圈,儒家文化圈、基督教文化圈和伊斯兰教文化圈。这三大文化圈的历史都很悠久,人口都在10亿以上,影响非常深远。基督教文化强调“赎罪”,要拼命工作才能减轻罪过,所以为什么西方(美国、德国、以色列)这些国家的法律很规X、职业道德水平高、比较敬业,跟传统文化是分不开的。伊斯兰的意思是“和平、顺从”,只有按照真主的意愿去生活和工作,才能升入天国,所以这些国家的人都非常的虔诚,XX色彩浓厚,这也导致了这些国家大都在经济上比较落后,思想上较为保守。儒家文化圈包括中国、日本、韩国、东南亚国家,其精神内涵是道德、和谐、和睦、亲情,这些价值观深刻地影响着我们每一个中国人。
另外,文化都需要载体,比如春节、端午节等很多节日都是儒家亲情和家族文化的代表,中国人的婚丧嫁娶、衣食住行等很多风俗、仪式也都体现着文化的精神内涵,另外,很多故事、典故、寓言和英雄也都从不同层面反映和传承着文化,岳飞代表精忠报国,关羽代表忠义。文化的第三个要素是群体,没有群体也自然无法形成文化,而且,这个群体可以按民族(汉、回、满等)形成独特的民族文化,还可以按地区(南方、北方、西北)形成地域文化,这些都是中华文化下面的亚文化。这些精神、风俗、仪式和群体结合在一起,就构成了从深层到表层的中华文化。 企业文化与品牌文化都脱离不了文化,他们的形式和内容与文化都密切相关,细想一下,企业文化的塑造是不是也分成三个层次,核心理念(精神)、制度与行为(载体)、文化群体(不同职能部门)?品牌文化是不是也包括品牌精神、品牌传播(载体)、目标消费者(群体)三个方面? 笔者认为,品牌文化与企业文化都是文化的一种表现形式,都是一种亚文化现象。我们可以从相同和不同两个方面来进行深入阐释。 首先,企业文化与品牌文化有相通的地方 一个企业的文化,是这个企业的价值观、信念和行为方式的体现,打个形象的比喻,如果我们把企业当作一个人,当你第一次见到这个人,那么他的衣着打扮会给你第一印象,这就是公司的VI(视觉识
2020年考研英语词汇:against和but的含义与用法
2020年考研英语词汇:against和but的含义与用法 在考研英语考卷中,against的意项比较丰富,与其他词语的搭配比较灵活。 1. 表对比 One is the weakness of the euro, which has lost 15% against the Chinese yuan, 19% against the Japanese yen and 9% against the dollar since the start of 2020. 一方面,2020年伊始欧元持续走低,兑人民币、日元、美元分别 贬值15%、19%和9%。 2. 表示与某个方向或过程相反 Try not to row against the current. 尽量不要逆水行舟。 3. 表示轻轻地接触或是依靠 She leans herself against the jade door. 她斜靠在翡翠门上。 4. 表示猛烈的碰撞 During the storm, waves dash against the boat. 暴风雨中, 破浪猛烈地拍打着小船。 5. 表示反抗或者抗争 fight against AIDS 6. 表示为……而作准备 He is preparing money against the school. 他一直在咱学费。 7. 表示兑换、提取
Mike will draw a check against his bank balance. 迈克准备开支票支取自己的结余。 接下来,小编再带领大家探讨一下but的特殊用法,but在考研英语中是一个很重要的单词,在它的附近往往设置有重要的题设。准确理解but的含义,对于在考研英语中获取高分相当重要。 1. 用作副词,表示"仅仅,只有" The takeover is but a step towards the long-forecast consolidation of a crowded industry. 视频行业混乱无序,本次收购不过是向并购整合的行业趋势靠近了一步而已。 I don't like it. Still, I can but try. 我不喜欢这事儿。但是,也不妨试试。 2. 用作连词,在非正式用语中表示"比起来",类似于"than" We had no sooner arrived but we turned around and left. 我们离开后不久就到达了目的地。 We had no sooner arrived than we turned around and left. 我们离开后不久就到达了目的地。 3. 用作介词,表示"除了" This problem is anything but difficult. 这个问题一点儿也不难。 Who but you can show me the love? 除了你,谁还能爱我? 4. 作名词,表示"借口",常常用复数形式 No buts! We must win. 没有借口。我们必须成功。
品牌精神文化的内涵与特征
乔春洋:品牌精神文化的内涵与特征 乔春洋:品牌精神文化的内涵与特征 品牌精神文化是在长期的品牌经营过程中,因受社会经济和意识形态影响而形成的文化观念和精神成果。和物质文化相比,它是一种更深层次的文化,是品牌文化的核心,也是品牌的灵魂。 品牌精神文化源于品牌创建活动。随着经营的深入和扩大,品牌逐渐升华出带有经典意义的价值观念,成为品牌经营者倡导和强化的主导意识——最终由精神力量转化为文化优势。它对内有调节和指导品牌运作、优化资源配置、促使品牌健康发展的驱动力,对外有丰富品牌联想、增强品牌辐射、激发消费者购买欲望的扩X力。 品牌精神文化是由品牌经营者共同创造、消费者普遍接受的文化理念,它规定了品牌的态度、情感、责任、义务、行为特点和存在方式,因而它是品牌经营状况的客观反映。任何缺乏精神文化的组织或系统,既不能称之为品牌,也没有市场前途。在市场竞争日趋激烈的今天,赋予各类组织、系统或产品以精神内涵,使之实现差异化、个性化,是提升其竞争力的根本保障。 有人将品牌精神文化分为科学和艺术两大类别。科学类别包括科学技术的研发、应用,各类规章制度的设计,战略、战术的制定,决定、推广的思维部分,各类目标的设定与策略的形成以及经营技巧等。艺术类别包括美术、语言、影视创意、制作、音乐、舞蹈的各个相关方面。其中美术展开在品牌中,还可以分为平面设计、三维设计、雕塑设计、建筑设计等;语言则包括静态文字和动态语言的使用两个方面,它向品牌提供所有语言文字上的支持;影视创意、制作则包括有关品牌、产品的形象传播与广告片的拍摄;音乐是指以乐曲、歌曲的形式为品牌进行相关创作;舞蹈作为一门独立艺术,同影视、音乐进行合作或以静态的形式通过平面设计成为印刷品等。精神文化中的艺术部分集中了品牌所需的视觉、听觉等方面的审美要素。精神文化系统是科学与艺术的统一,二者的完美结合构成了品牌的精神文化系统。 也有人将品牌精神文化分为利益认知、情感属性、文化传统、个性形象等四个方面。品牌的利益认知是指消费者认识到品牌产品的功能特征所带来的利益。消费者在对品牌的认知过程中,会将品牌的利益认知转化为一定的情感上的利益。消费者在购买产品功能利益的同时,也在购买产品带来的情感属性。情感属性总与一定的品牌联想相联系。品牌也代表着一种文化传统,例如奔驰代表着德国文化——高效率的组织和高品质,本田代表着日本文化——精益求精、高效率和团队精神。文化传统有时会成为品牌的强大力量源泉,使品牌有更持久的生命力和竞争力。品牌有一定的个性形象,这是品牌文化的核心内涵之所
advise用法
advise的常用句式1. advise doing sth 建议做某事。如:He advised leaving early. 他建议早点动身。I advise waiting till proper time. 我建议等到适当时机。注:不能直接后跟不定式作宾语。所以不能说:* He advised to leave early. 2. advise sb to do sth 建议某人做某事。如:He advised me to buy a computer. 他建议我买台电脑。The doctor advised me to take a complete rest. 医生建议我完全休息。注:以上意思也可用后接从句的形式表达(注意从句用should+v. 这样的虚拟语气)。如上面第一句也可说成:He advised that I (should) buy a computer. 3. advise sb against doing sth 劝告某人不要做某事。如:He advised her against going out at night. 他劝她晚上不要出去。Her father advised her against marrying the worker. 她父亲劝告她不要嫁给这个工人。她父亲劝告她不要嫁给这个工人。注:该句型有时可与advise sb not to do sth 替换。如上面第一句也可说成:He advised her not to go out at night. 4. advise sb of sth 通知或告知某人有某情况。如: Please advise us of the arrival of the goods. 货物到达时请通知我们 advise 是个常用动词,意为“劝告”,“忠告”;“建议”。由于它的用法比较复杂,有些同学在使用时经常出错。为了帮助大家正确理解和使用advise ,现将它的几种常见用法归纳如下。 1. advise + 名词 / 代词例如: Li Ming advised a swim after school. 李明建议放学以后去游泳。 She will advise you about the right thing to do. 她会帮你出主意该怎么办。 What would you advise ? 你有什么建议? 2. advise + sb. + 不定式短语 在这个句式中,不定式短语作 advise 的宾语补足语。例如: He often advised people to use their brains . 他常常劝人多用脑子。 His wife advised him to give up smoking , but he wouldn't. 他妻子劝他把烟戒了,但他不肯。 We strongly advised him not to do such a thing . 我们竭力劝他不要这样做。 3. advise + sb. + 特殊疑问词 + 不定式短语 在这个句式中,“特殊疑问词 + 不定式短语”作 advise 的宾语补足语。例如:
汽车公司品牌文化的内涵及其意义
汽车公司品牌文化的内涵及其意义 进入二十一世纪,随着生活节奏的日益加快,汽车在人们心中也占据着越来越重要的位置。汽车,以其快捷的速度,舒适的环境,让千万人为之痴迷。汽车本来是个钢铁的物件,是人给它赋予了一种影响生活方式的生命内涵。反过来这种内涵又作用于人类,拉近了人 与车之间的距离,形成消费理念、生活情趣以及审美趋向等文化范畴,亦即汽车文化。而 包含在汽车文化中的汽车品牌是汽车形式结构中最能体现汽车价值的部分所谓汽车品牌, 是指用来标志并识别某一或某些车型的符号系统。汽车品牌文化的产生与发展,并不是突 然地。因为正是有了这种品牌文化的存在,汽车才得以成为一种文化。 汽车品牌是汽车形式结构中最能体现汽车价值的部分所谓汽车品牌,是指用来标志并识别某一或某些车型的符号系统。品牌经过注册即为商标。 别克——平民化的贵族车别克是个世界级的品牌,自1998年进入中国市场以来别克一直是高贵、气派及身份的代名词。它给车主带来了一种前所未有的享受和世界级的服务理念。 菲亚特——亚平宁的文化使者 菲亚特派力奥是继马可?波罗之后又一位来自亚平宁半岛的文化使者,她带来了浓厚的意 大利汽车文化。菲亚特的形象代言人舒马赫与法拉利赛车同台为派力奥做电视广告,引起 了巨大的轰动,这意味着菲亚特将派力奥和法拉利两款同出名门的汽车放在同一尊贵地位,她们有着同样尊贵的传统,派力奥的用户同样可以享受到像法拉利那样高档次的服务。 雪铁龙——欧陆风情的演绎者 东风雪铁龙车型源于纯正的欧陆血统,它与生俱来就处处散发着浓浓的法兰西气息。充满 浪漫的艺术造型加之过硬的先进技术以及完善的配置无不使东风雪铁龙成为汽车中的精品。东风雪铁龙车型目前已经覆盖了整个家用轿车市场:十万元以下的家庭经济型轿车(新自 由人)、公私兼用的实用型轿车(爱丽舍)以及二十万元左右张扬自我个性的智能型轿车(毕加索),这一丰富的系列组合既满足了不同层次的消费群体,更表明了神龙公司为打 造“中国家用轿车第一品牌”的决心与实力。 切诺基——动感勇猛的行者 切诺基以美国田纳西州的一个印第安部落酋长的名字命名,寓意着吉普车勇猛的特性。大 切诺基推出8年来在世界上声名显赫,至今已产销300万辆,足迹遍布100多个国家和地区。北京吉普汽车有限公司引进投产的大切诺基是戴姆勒—克莱斯勒公司进行改进更新后 的Limited与Laredo款。 以前,吉普给人的印象是桀骜不羁,是狂野,是威风,而今吉普已成为都市个性化、运 动型车的新选择。随着自驾车旅游的日渐火爆,作为山地、沙漠、戈壁、草原地区的主流
against的用法
against的用法 against的用法 1. 注意以下两个基本用法,许多其他用法和搭配均可从这两种基础引申出来: (1) 表示“反对”“对着”“违反”“不利于”等。如: We are all against his idea. 我们都反对他的想法。 He was married against his will. 他结婚是有违本意的。 He spoke against the new law. 他发言抨击新法律。There were 20 votes for him and 12 against him. 有20票赞成他,12票反对他。 (2) 表示“靠着”“顶着”“迎着”“衬着”等。如: He stood with his back against the door. 他背靠门站着。He hit his head against the window. 他的头撞到了窗户上。It is difficult to see anything against this bright light. 对着这种强光很难看到任何东西。 Bright red flags flow in the wind against the blue sky. 鲜艳的红旗映着蓝天迎风飘扬。 2. 注意against 是介词,不是动词。如: 他靠在树上。 正:He leaned against the tree.
误:He against the tree. 这个计划你是赞成还是反对呢? 正:Are you for or against the plan? 误:Do you support or against the plan? 3. 正因为against是介词,所以后接动词时要用动名词。如:我反对在警察到达之前采取任何行动。 正:I’m against doing anything till the police arrive. 误:I’m against to do anything till the police arrive.
不可小看的against用法总结
在考研英语的文章中,会出现一些至关重要的小词,比如but作为连词并转折,作为 介词表“除了......”,for作为介词是“对于.......”“为了......”,而作为连词表原因; 因此积累并掌握这些重要的小词在文章中的用法,对于解题是非常关键的。 由于against这个词会频繁出现在考研的文章中,而其跟在不同的动词后含义大相径庭,那么下面老师就against这个小词的含义用法做一个详细总结。 (一)表示“不利,不顺”,常见搭配如下: turn against (对...不利), run against (对...不利); (二)表示“防备、预防”,常见搭配如下: prepare against(防备),provide against(准备),guard against(防备),warn against(谨防),lay up against(贮存以备),take precaution against fire(采取防火措施),guard against error(谨防错误); (三)表示“诉讼、控告”,常见搭配如下: charge against(控告),inform against(告发) (四)表示“反抗、对抗”,常见搭配如下: rise against(起而反抗),stand against(反抗),protest against(抗议),set against(对抗),rebel against(反叛、不服从); (五)作“抵抗、阻止、斗争”解,常见搭配如下: fight against(与...斗争),stand up against(抵抗),hold out against(斗争),defend against(抵抗),strive against(与...斗争),come against(攻击),protect one against(防御),strike against(攻击),march against(攻击),contend against(抵御),pit against(与...竞争),run against(向...撞击)。
品牌力要依托于品牌的文化内涵。
品牌力要依托于品牌的文化内涵。 品牌文化(Brand Culture),指通过赋予品牌深刻而丰富的文化内涵,建立鲜明的品牌定位,并充分利用各种强有效的内外部传播途径形成消费者对品牌在精神上的高度认同,创造品牌信仰,最终形成强烈的品牌忠诚。拥有品牌忠诚就可以赢得顾客忠诚,赢得稳定的市场,大大増强企业的竞争能力,为品牌战略的成功实施提供强有力的保障。是品牌在经营中逐步形成的文化积淀,代表了企业和消费者的利益认知、情感归属,是品牌与传统文化以及企业个性形象的总和。与企业文化的内部凝聚作用不同,品牌文化突出了企业外在的宣传、整合优势,将企业品牌理念有效地传递给消费者,进而占领消费者的心智。品牌文化是凝结在品牌上的企业精华。 品牌文化的核心是文化内涵,具体而言是其蕴涵的深刻的价值内涵和情感内涵,也就是品牌所凝炼的价值观念、生活态度、审美情趣、个性修养、时尚品位、情感诉求等精神象征。品牌文化的塑造通过创造产品的物质效用与品牌精神高度统一的完美境界,能超越时空的限制带给消费者更多的高层次的满足、心灵的慰籍和精神的寄托,在消费者心灵深处形成潜在的文化认同和情感眷恋。在消费者心目中,他们所钟情的品牌作为一种商品的标志,除了代表商品的质量、性能及独特的市场定位以外,更代表他们自己的价值观、个性、品位、格调、生活方式和消费模式;他们所购买的产品也不只是一个简单的物品,而是一种与众不同的体验和特定的表现自我、实现自我价值的道具;他们认牌购买某种商品也不是单纯的购买行为,而是对品牌所能够带来的文化价值的心理利益的追逐和个人情感的释放。因此,他们对自己喜爱的品牌形成强烈的信赖感和依赖感,融合许多美好联想和隽永记忆,他们对品牌的选择和忠诚不是建立在直接的产品利益上,而是建立在品牌深刻的文化内涵和精神内涵上,维系他们与品牌长期联系的是独特的品牌形象和情感因素。这样的顾客很难发生“品牌转换”,毫无疑问是企业高质量、高创利的忠诚顾客,是企业财富的不竭源泉。可见,品牌就像一面高高飘扬的旗帜,品牌文化代表着一种价值观、一种品位、一种格调、一种时尚,一种生活方式,它的独特魅力就在于它不仅仅提供给顾客某种效用,而且帮助顾客去寻找心灵的归属,放飞人生的梦想,实现他们的追求。 优秀的品牌文化是民族文化精神的高度提炼和人类美好价值观念的共同升华,凝结着时代文明发展的精髓,渗透着对亲情、友情、爱情和真情的深情赞颂,倡导健康向上、奋发有为的人生信条。优秀的品牌文化可以生生不息,经久不衰,引领时代的消费潮流,改变亿万人的生活方式,甚至塑造几代人的价值观。优秀的品牌文化可以以其独特的个性和风采,超越民族,超越国界,超越意识,使品牌深入人心,吸引全世界人民共同向往、共同消费。优秀的品牌文化可以赋予品牌强大的生命力和非凡的扩张能力,充分利用品牌的美誉度和知名度进行品牌延伸,进一步提高品牌的号召力和竞争力。最为重要的是,优秀的品牌文化还可以使消费者对其产品的消费成为一种文化的自觉,成为生活中不可或缺的内容。如美国人到异国他乡,一看到麦当劳就会不由自主地想去饮用,最主要的原因并不是麦当劳的巨无霸特别适合他们的口味,而是内心潜在的一种文化认同的外在流露,认为麦当劳是美国文化的象征,使他们看到麦当劳就倍感亲切,从而潜意识地产生消费欲望。正如劳伦斯·维森特在阐述传奇品牌的成功经验时指出的,这些品牌“蕴含的社会、文化价值和存在的价值构成了消费者纽带的基础”。 [编辑]
常用介词及副词的搭配用法归纳
常用介词及副词的搭配用法归纳 (-)about about既可以用作介词也可以用作副词,它常和下列名词,动词,形容词搭配使用。 名词+about talk about 关于???谈话;information about/on 关于???知识,消息 动词+about think about sth. 考虑某事look about 环顾;考虑 bring about 带来,造成,引起leave about 乱放 come about 发生go about 四处走动 get about 走动,传开,着手干set about 开始,着手 hang about 逗留,徘徊put about 传播谣言 turn about 回首,转身,轮流tell sb.about sth. 告诉某人某事 grief about sth. 对…伤心confuse sb.about sth 使某人对某事感到混乱bother sb.about sth 为某事打扰某人gossip about sb.or sth.谈论、闲聊某人或事某形容词+about hopeful about/of 希望,期待particular about 对…讲究,特别 enthusiastic about 对…热心crazy about ab./sth. 对…欣喜 sure about/of 对..确定知道,对…有把握 anxious about 对…担忧,焦虑anxious for 渴望 careful about/of 注意,保护,保重careful with 对…注意,照顾 careless about 对…不留心feel nervous about/at sth. 对…感到不安 doubtful about/of 对…感到好奇optimistic about 对…感到乐观 happy about/at sth. 因某事而感到高兴 (二)across across 既可以用作介词也可以用作副词,它常与下列动词搭配使用。 come across 横越…,偶尔碰见run across 跑着穿过;偶尔碰见 cut across 抄近路穿过get across 惹(某人)不高兴;通过 get sth. across 领会put across 哄骗put sth. across 使人听懂 (三)against against 只用作介词,常与下列名词或动词搭配使用。 1)名词+against grudge against 对…怨恨declaration against 反对…声明或宣言 hostility against 对…敌意battle against 反对…的斗争 2)动词+against swim against the current/tide 逆流而泳run against the wind 逆风而跑 work against 反对,抢时间defend against 团结起来反对… side against 与别人站在一方反对…人rebel against 反,反抗… stand against 反对…prejudice against 对…有偏见 rise against 起来反对…argue against 抗议,反对… …反抗strike against 抗议,反对protest against
中国最具文化内涵品牌
中国最具文化内涵品牌 一、活动背景 中共中央政治局常委、国务院总理温家宝:“企业要在激烈的市场竞争中立于不败之地,就必须创造名牌产品”。名牌就是质量,就是效益,就是竞争力,就是生命力。追求名牌就是追求卓越。拥有名牌的多少,还是一个国家经济实力的象征,是一个民族整体素质的体现。名牌不仅是一个企业、一个地区的财富,而且是整个国家和整个民族的财富,世界未来的竞争就是知识产权的竞争,集中表现在一流的技术、一流的产品。一个企业拥有名牌产品,就等于拥有了聚集财富的聚宝盆。希望全国有更多的名牌走向世界。我国要从实现国家繁荣昌盛和民族伟大复兴的战略高度出发,加快培育更多世界级企业和世界级品牌。引导和鼓励海尔等优秀大企业向更高水平发展,争创世界顶级品牌。 二、活动概述 (一)主题词:彰显文化力量提升品牌价值 主题词解析:文化是品牌的灵魂。德国奔驰、美国IBM、可口可乐、中国的茅台、全聚德、王老吉等品牌不但屹立百年不倒,而且在在激烈的市场竞争中越战越勇,铁打的市场流水的品牌,支持这些品牌之树长青的秘诀,无疑都是其独特深厚的文化。中国经济总量虽高居世界第二,但这具高大的身体中,却缺乏强有力的筋骨的支撑,这些筋骨,就是充满竞争力的企业和深厚文化底蕴的品牌。 (二)本次活动评选“中国最具文化内涵品牌”,旨在通过广大网民的广泛参与,宣传民族品牌,树立中国品牌发展的标杆,探寻文化在企业品牌建设中的路径,为更多中国企业创建品牌提供借鉴经验。 活动以《新华月报》为平台,联合权威媒体、行业协会、学术机构、企业家组织十多家机构共同打造。活动起点高、持续时间长、传播力度大、覆盖范围广。 三、活动地点及时间 (一)地点:广州 (二)时间:2012年1月6日——2012年9月6日 四、奖项设置 “东方飞龙-中国最具文化内涵品牌奖”。 五、参评对象 参选品牌应具有深厚独特的文化内涵,在网民中拥有较高的关注度、美誉度和公信力。
常用英语介词用法小结
常用英语介词用法小结 逆着 We sailed against the wind. 我们逆风行船。 Drug taking is against the law. 吸毒是违法的。 反对 We won our match against that team. 我们在比赛中赢了那个队。 No one is against this proposal. 没有人反对这个提议。 靠着,依着 to lean against the wall 靠着墙 与…成对照 The picture looks better against the light wall. 这幅画挂在浅色的墙上显得更美。防备;防御 against a rainy day 防备雨天 We are all taking medicine against the flu. 我们都在服药预防流感。 以…相抵 income against expenditure 以收抵支 与…相反 against my better judgment 与我的判断相反 在…里,在…附近 at the market 在市场 at our destination 在我们的目的地 出现在…一面;在或接近某一位置 always at my side 总是站在我一边 at the center of the page 在页码中央 向,朝向 Questions came at us from all sides. 从四面八方向我们涌来的问题 出席 at the dance 出席舞会 在…期间 at the dinner hour吃饭时间 at a glance转瞬间 在某一状态或状况下 at peace with one's conscience. 心安理得 在某一活动或某一领域内 skilled at playing chess精于棋艺 good at math擅长数学. 在某一点到达或运用比率、限度、或数量 at high speed以高速 It flies at about 900 kilometers an hour. 它以每小时900公里的速度飞行。 at 20 paces 在二十步处 at 350F 在华氏三百五十度时
浅谈文化内涵对品牌的影响力
浅谈文化内涵对品牌的影响力 ——中国珠宝业发展的现状与展望 随着我国现代化进程的日新月异,国民生活水平逐渐提高,大众对于珠宝的需求与日俱增,这推动了珠宝行业的蓬勃发展;然而,大多民族珠宝品牌缺乏文化内涵的弊端日益显现。国际珠宝大品牌拥有他们所特有的文化内涵,成就了他们的高溢价能力;最终,民族珠宝品牌只能处于价值链的不利位置,大多只能在中低端市场游走,并通过压缩利润空间来谋求市场中的一席之地。 珠宝品牌的文化内涵,是品牌的个性或价值观,它能让人联想到该品牌有别于其他品牌的某种属性,或质量,或技术、设计等;它所传输的价值观,能使消费者形成心理认同。比如说一提及钻石就容易联想到“钻石恒久远,一颗永流传”,这正是国际珠宝大品牌De Beers所独有的品牌文化内涵。在这一方面,周生生、通灵珠宝以及百年宝诚等民族珠宝品牌紧随国际品牌的步伐,淬炼其品牌文化内涵魅力,在艰难的竞争环境中得以发展得欣欣向荣,这种对品牌文化内涵的重视值得后来者借鉴。 周生生,名称的由来并不只单单为了突出其品牌创始人的姓氏,它还是品牌slogan“周而复始,生生不息”的核心凝练。它向其受众人群传达了一种不断开拓创新的品牌精神,一种奢华中透着质朴的恒久之美。同时这也是周生生塑造自身产品的特点,品质优雅,经得住时间的打磨,历久弥新。这与受众人群追求永恒之美的心理诉求不谋而合,更能激发受众情感共鸣,从而加深受众对品牌的忠诚度。 通灵,一提及这一品牌就容易联想到它所传输的“为下一代珍藏”理念,呈现着非常强的情感诉求。通灵将这一理念融入品牌文化之中,将它形成一种定向的传播,一种价值观的输出,为的是让客户形成一种心理认同,形成一种通灵珠宝所特有的商品属性。 百年宝诚,以“唯信任,难辜负”为品牌理念,践形“言行必果”,用行动传承博大精深的中国传统美学,将信誉烙印在品牌文化的内涵之中,将信誉錾刻在客户的心里,得以收获客户回馈的信任,周而复始,方得长久兴旺。 综上所述,品牌的文化内涵应有利于品牌价值观的输出,有利于品牌个性的