ABSTRACT
Anonymous blacklisting schemes that do not rely on trusted third parties (TTPs) are desirable as they can block misbehaving users while protecting user privacy. Recent TTP-free schemes such as BLACR and PERM present reputation-based blacklisting, for which the service provider (SP) can assign positive or negative scores to anonymous sessions and block users whose reputations are not high enough. Though being the state of the art in anonymous blacklisting, these schemes are heavyweight and only able to support tens of authentications per minute in practical settings. We present FARB, the first reputation-based blacklisting scheme which has constant computational complexity both on the SP and user side. FARB thus supports a reputation list with billions of entries and is efficient enough for heavy-loaded SPs with thousands of authentications per minute. On the user side, FARB is fast enough even for mobile devices and supports flexible rate-limiting. We also present a novel fine-grained weighted extension which allows the SP to ramp up penalties for repeated misbehaviors according to the severity of the misbehaving user's past sessions.
- M. H. Au and A. Kapadia. PERM: Practical reputation-based blacklisting without TTPs. In Proceedings of ACM CCS 2012, pages 929--940. ACM, 2012. Google ScholarDigital Library
- M. H. Au, A. Kapadia, and W. Susilo. BLACR: TTP-free blacklistable anonymous credentials with reputation. In Proceedings of NDSS 2012, San Diego, CA, USA,.Google Scholar
- M. H. Au, W. Susilo, and Y. Mu. Constant-size dynamic k-TAA. In Security and Cryptography for Networks, pages 111--125. Springer, 2006. Google ScholarDigital Library
- D. Boneh, X. Boyen, and H. Shacham. Short group signatures. In CRYPTO 2004, pages 41--55. Springer, 2004.Google ScholarCross Ref
- E. Brickell and J. Li. Enhanced privacy ID: A direct anonymous attestation scheme with enhanced revocation capabilities. In Proceedings of WPES 2007, pages 21--30. ACM, 2007. Google ScholarDigital Library
- J. Camenisch, R. Chaabouni, et al. Efficient protocols for set membership and range proofs. In ASIACRYPT 2008, pages 234--252. Springer, 2008. Google ScholarDigital Library
- J. Camenisch, S. Hohenberger, M. Kohlweiss, A. Lysyanskaya, and M. Meyerovich. How to win the clonewars: efficient periodic n-times anonymous authentication. In Proceedings of ACM CCS 2006, pages 201--210. ACM, 2006. Google ScholarDigital Library
- J. Camenisch and A. Lysyanskaya. Signature schemes and anonymous credentials from bilinear maps. In CRYPTO'04, volume 3152 of LNCS, pages 56--72. Springer, 2004.Google Scholar
- J. Camenisch and M. Stadler. Efficient group signature schemes for large groups. In CRYPTO'97, pages 410--424. Springer, 1997. Google ScholarDigital Library
- I. Damgard. On σ-protocols. Lecture notes for CPT, 2002.Google Scholar
- R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. Technical report, DTIC Document, 2004.Google Scholar
- R. Henry and I. Goldberg. Thinking inside the BLAC box: smarter protocols for faster anonymous blacklisting. In Proceedings of WPES 2013, pages 71--82. ACM, 2013. Google ScholarDigital Library
- R. Henry, K. Henry, and I. Goldberg. Making a Nymbler Nymble using VERBS. In Privacy Enhancing Technologies, pages 111--129. Springer, 2010. Google ScholarDigital Library
- R. Kohavi and R. Longbotham. Online experiments: Lessons learned. Computer, 40(9):103--105, 2007. Google ScholarDigital Library
- Z. Lin and N. Hopper. Jack: Scalable accumulator-based nymble system. In Proceedings of WPES 2010, pages 53--62. ACM, 2010. Google ScholarDigital Library
- P. Lofgren and N. Hopper. FAUST: efficient, TTP-free abuse prevention by anonymous whitelisting. In Proceedings of WPES 2011, pages 125--130. ACM, 2011. Google ScholarDigital Library
- T. P. Pedersen. Non-interactive and information-theoretic secure verifiable secret sharing. In CRYPTO'91, pages 129--140. Springer, 1992. Google ScholarDigital Library
- P. P. Tsang, M. H. Au, A. Kapadia, and S. W. Smith. PEREA: Towards practical TTP-free revocation in anonymous authentication. In Proceedings of ACM CCS 2008, pages 333--344. ACM, 2008. Google ScholarDigital Library
- P. P. Tsang, M. H. Au, A. Kapadia, and S. W. Smith. BLAC: Revoking repeatedly misbehaving anonymous users without relying on TTPs. ACM Transactions on Information and System Security (TISSEC), 13(4):39, 2010. Google ScholarDigital Library
- P. P. Tsang, A. Kapadia, C. Cornelius, and S. W. Smith. Nymble: Blocking misbehaving users in anonymizing networks. IEEE Transactions on Dependable and Secure Computing, 8(2):256--269, 2011. Google ScholarDigital Library
- K. Y. Yu, T. H. Yuen, S. S. Chow, S. M. Yiu, and L. C. Hui. PE(AR)2: Privacy-enhanced anonymous authentication with reputation and revocation. In Proceedings of ESORICS 2012, pages 679--696. Springer, 2012.Google ScholarCross Ref
Index Terms
- FARB: Fast Anonymous Reputation-Based Blacklisting without TTPs
Recommendations
BLAC: Revoking Repeatedly Misbehaving Anonymous Users without Relying on TTPs
Several credential systems have been proposed in which users can authenticate to service providers anonymously. Since anonymity can give users the license to misbehave, some variants allow the selective deanonymization (or linking) of misbehaving users ...
Blacklistable anonymous credentials: blocking misbehaving users without ttps
CCS '07: Proceedings of the 14th ACM conference on Computer and communications securitySeveral credential systems have been proposed in which users can authenticate to services anonymously. Since anonymity can give users the license to misbehave, some variants allow the selective deanonymization (or linking) of misbehaving users upon a ...
PERM: practical reputation-based blacklisting without TTPS
CCS '12: Proceedings of the 2012 ACM conference on Computer and communications securitySome users may misbehave under the cover of anonymity by, e.g., defacing webpages on Wikipedia or posting vulgar comments on YouTube. To prevent such abuse, a few anonymous credential schemes have been proposed that revoke access for misbehaving users ...
Comments