FREE ELECTRONIC LIBRARY - Dissertations, online materials

Pages:   || 2 | 3 |

«NYMBLE BLOCKING SYSTEM Anand Joshi1, Arshiya Shaikh2, Aruna Kadam3, Vasudha Sahu4 Department of Computer Engineering, MAE Alandi (D), Pune ...»

-- [ Page 1 ] --

International Journal of Computer Science & Engineering Survey (IJCSES) Vol.3, No.2, April 2012


Anand Joshi1, Arshiya Shaikh2, Aruna Kadam3, Vasudha Sahu4

Department of Computer Engineering, MAE Alandi (D), Pune






In order to allow users to access Internet services privately, anonymizing networks like Tor uses a series of routers to hide the client’s IP address from the server. These networks, however, have been marred by users employing this anonymity for abusive purposes such as defacing popular web sites. Usually, web site administrators rely on IP-address blocking in order to disable access to misbehaving users, but it is impractical if the abuser routes through an anonymizing network. In order to avoid this, administrators bar all known exit nodes of the anonymizing network, thereby denying anonymous access to all the users (whether misbehaving or not). To solve this issue, we introduce Nymble, a system where servers blacklist misbehaving users, thereby blocking users without affecting their anonymity. Nymble is thus agnostic to varied definitions of misbehavior. Servers can block users for any reason, and the privacy of blacklisted users is not affected in any case.

Keywords :

Anonymous blacklisting; Privacy; Revocation

1.INTRODUCTION IN order to hide a client’s IP address anonymizing networks like Tor route traffic through independent nodes in separate administrative domains. Some users, however, have misused such networks—under the cover of anonymity, they have repeatedly defaced popular Web sites such as Wikipedia. As administrators cannot block individual users’ IP addresses, they resort to blacklisting the entire anonymizing network. However, such methods though eliminate malicious activity through anonymizing networks but they also deny anonymous access to behaving users. (A case repeatedly observed with Tor.1). In a pseudonymous credential system, users log into Web sites using pseudonyms, which can be blocked if in case a user misbehaves.

However, this method may results in pseudonymity for all users, thereby dampening the anonymity provided by the anonymizing network. Anonymous credential systems employ group signatures. On the other hand, basic group signatures allow servers to annul a misbehaving user’s anonymity by complaining about it to a group manager. Servers must contact the group manager for every authentication, and thus, this method lacks scalability. Traceable signatures help the group manager, which then release a trapdoor allowing all signatures generated by a particular user to be traced. Even though, using such an approach does not provide the necessary backward unlinkability that we desire, a user’s accesses before the complaint always remain anonymous. Backward unlinkability allows for immanent blacklisting, in which servers can blacklist users for whatever reason as the privacy of the blacklisted user is not at risk. In contrast, approaches without backward unlinkability need to pay careful attention to when and DOI : 10.5121/ijcses.2012.3207 57 International Journal of Computer Science & Engineering Survey (IJCSES) Vol.3, No.2, April 2012 why a user must have all their connections linked, and users must worry about whether their behaviors will be judged fairly. Subjective blacklisting is more suited to Wikipedia like servers, where misbehaviors such as erronous edits to a Webpage, are tough to specify in exact mathematical terms. In some systems, misbehavior can indeed be defined precisely.

These methods hold true for only a few definitions of misbehavior — it is quite arduous to map more complex definitions of misbehavior with related approaches. With dynamic accumulators, a cancelling operation might result in a new accumulator and public parameters for the group, and making it mandatory to update all other existing users’ credentials, thus making it impractical. Verifier-local revocation (VLR) overcomes this by requiring the server (“verifier”) to perform only local updates during revocation. But VLR calls for heavy computation at the server side that is linear in the size of the blacklist. In contrast, our scheme takes the server about one millisecond per authentication, which is way faster than VLR. These low overheads help servers to use a solution when compared against the potential benefits of anonymous publishing

1.1 Nymble To solve the given problem, we introduce a system called Nymble, which possesses the following properties: anonymous authentication, backward unlinkability, subjective blacklisting, fast authentication speeds, rate-limited anonymous connections, revocation auditability (where users can verify whether they have been blacklisted), and it also deals with the Sybil attack so as to make its implementation practical. In Nymble, users acquire a set of nymbles, a unique type of pseudonym, in order to connect to Web Servers. Lacking any other information, these nymbles are logically hard to link, and hence, using the collection of nymbles simulates unidentified access to services. Web sites, nevertheless, can block users by obtaining a seed for a specific nymble, and thus allowing them to establish a connection with future nymbles from the user — and those prior to the complaint remain unlinkable and untraceable.

Servers can thus block anonymous users without gaining access to their IP addresses while allowing legitimate users to connect anonymously. Our system let the users know about their blacklisted status before they are introduced to a nymble, and are disconnected immediately in case they are blacklisted. A large number of anonymizing networks can rely on the same Nymble system, and blacklisting anonymous users regardless of their anonymizing network.

Fig 1. The Nymble system architecture showing the various modes of interaction. Note that users interact with the NM and servers through the anonymizing network.

–  –  –


We now introduce a high-level overview of the Nymble architecture, and divide the entire protocol description and security analysis to the respective sub-sections.

2.1 Resource-based blocking To keep a tab on the total number of identities that a user can obtain (popularly known as the Sybil attack ), the Nymble system attaches nymbles to resources which are difficult enough to obtain in great numbers. For example, here we have used IP addresses as the resource, but our scheme generalizes to other resources as well such as email addresses or identity certificates.

The issues related with resource-based blocking is discussed further in Section 8, where we have suggested other alternatives for resources. The Sybil attack problem is faced by any credential system and we suggest some promising approaches based on resource-based blocking since we aim to create a real-world deployment.

2.2 The Pseudonym manager

The user initially must connect to Pseudonym Manager (PM) and establish control over a resource; so as to block the IP-address, the user ought to connect to the Pseudonym Manager directly, as shown in Fig. 1. We presume that PM has knowledge of Tor routers and can ensure that users are communicating with it directly. Pseudonyms are chosen based on the controlled resource, making sure that the very pseudonym is always issued for the same resource. The user does not disclose what server he wants to connect to, and the PM’s duties are restricted to mapping IP addresses (or other resources) to pseudonyms. The user connects to the PM only once per linkability window (e.g., once a day).

2.3 The Nymble Manager

Post gaining a pseudonym from the PM, the user connects to the Nymble Manager via the anonymizing network, and then request for nymbles to obtain access to a particular server. A user’s requests to the NM are therefore pseudonymous, and nymbles are generated using the user’s pseudonym and the server’s identity. Nymbles are thus specific to a particular user-server pair. As long as the PM and the NM do not collude, the NM knows only the pseudonym-server pair, and the PM knows only the user identity-pseudonym pair. In order to provide the required cryptographic protection and security properties, nymbles are encapsulated within nymble tickets. Servers pack seeds into linking tokens, and therefore, we will speak of linking tokens being used to link future nymble tickets.

2.4 Time

Nymble tickets are linked with specific time periods. Time is divided into linkability windows of duration W, each of which is split into L time periods of duration T (i.e., W ¼L _ T ) as shown in Fig.2. Time periods and linkability windows are chronologically referred to as t1; t2;.

.. ; tL and w1; w2;..., respectively. While a single user’s access within a time period is allotted a single nymble ticket, different nymble tickets across time periods provides the user with anonymity between different time periods. Smaller time periods provide users with higher rates of anonymous authentication, while longer time periods allow servers to rate-limit the number of misbehaviors from a particular user before he is blocked. The linkability window allows for dynamism since resources such as IP addresses can get reassigned and it is not desirable to blacklist such resources indefinitely, and it ensures forgiving a misbehaving user 59 International Journal of Computer Science & Engineering Survey (IJCSES) Vol.3, No.2, April 2012 after a certain window linkability period. All entities are time synchronized, and we can thus calculate the current linkability window and time period.

2.5 Blacklisting a user In case of a misbehavior, the server may link any future connection from this user within the same linkability window. Consider Fig. 2: A user misbehaves at a server during time period t_ within linkability window w_. The server then finds this misbehavior and reports it to the NM in time period tc (t_ tc _ tL) of the same linkability window. In the complaint, the server presents the nymble ticket of the misbehaving user and obtains the corresponding seed from the NM. The server is then able to link future connections by the user in time periods tc; tc þ 1;... ; tL of the same linkability window w_ to the complaint. Therefore, once the server has complained about a user, that user is blacklisted for that particular linkability window. Even though misbehaving users can be blocked for the future too, the past connections anyhow remain unlinkable, providing subjective blacklisting and backward unlinkability.

2.6 Notifying the user of blacklist status

Users using anonymizing networks want their connections to be anonymous. When a server obtains a seed for that user, it can still link the user’s subsequent connections. It is very important that users be notified of being blacklisted before presenting a nymble ticket to a server. The user can thus download the server’s blacklist and verify its status. When blacklisted, the user immediately gets discontinued.

As the blacklist is cryptographically signed by the NM, the blacklist’s credibility is easily verified as to if the blacklist was updated in the same time period. Otherwise, the NM provides servers with “daisies” every time period so that users are able to verify the freshness of the blacklist. As discussed further, these daisies are elements of a hash chain, providing a lightweight alternative to digital signatures. Thus, we ensure that race conditions are not possible in verifying a blacklist’s novelty. A user is guaranteed that he or she will not be linked if the user verifies the integrity and freshness of the blacklist before sending his or her nymble ticket.

3 SECURITY MODEL Nymble aims for four security goals. We provide informaldefinitions here; a detailed formalism can be found in our technical report, which explains how these goals must also resist coalition attacks.

3.1 Goals and threats An entity can be termed as honest when its operations abide by the system’s specification. An honest entity attempts to infer knowledge from its own information (e.g., its secrets, state, and protocol communications). An honest entity becomes corrupt when it is compromised by an attacker, and hence, reveals its information at the time of compromise.

Blacklistability assures that any legitimate server can surely block misbehaving users. Also, if an honest server complains about a misbehaving user in the present linkability window, it will be successful and the user will not be able to connect.

Rate-limiting assures that any legitimate server that no user can connect to it more than once within any single time period.

Nonframeability guarantees that any legitimate user can connect through nymble to that server.

This keeps an attacker from framing a legitimate user, e.g., by getting the user blocked for someone else’s misbehavior. Here we assume each user has a single unique identity. When IP 60 International Journal of Computer Science & Engineering Survey (IJCSES) Vol.3, No.2, April 2012 addresses are used, a user can be “framed” as an honest user who later obtains the same IP address. Nonframeability holds true only against attackers with different IP addresses. A user is considered legitimate by a server only if he has not been blacklisted, and has not exceeded the rate limit. Honest servers are able to distingish between honest and dishonest users.

Fig 2. The life cycle of a misbehaving user. If the server complains in time period tc about a user’s connection in t*.the user becomes linkable starting in tc. The complain in tc. can include nimble tickets from onlu tc-1 and earlier Anonymity protects the anonymity of honest users, regardless of their legitimacy according to the (possibly corrupt) server; the server cannot learn any more information beyond whether the user behind (an attempt to make) a nymble connection is legitimate or illegitimate.


4.1 Notation The notation a€ R S represents an element drawn uniformly at random from a nonempty set S.№ is the set of nonnegative integers, and N is the set №\{0}. S[i] is the ith element of list s||t is the concatenation of (the unambiguous encoding of) List s and t.

The empty list is denoted by Ø. Lists of tuples are sometimes counted as dictionaries.

Pages:   || 2 | 3 |

Similar works:

«On MicroSD Problems The microSD ware for January 2010 was not an incidental post. It is actually snapshot of a much longer forensic investigation to find the ground truth behind some irregular Kingston memory cards. It all started back in December of 2009, when chumby was in the midst of production for the chumby One. A call came in from the floor noting that...»

«Biochemic Tissue Remedies Copyright: Shalini Kagal, Ohm Communications Website: http://ohmtalk.com Email: shalini.kagal@gmail.com Biochemic Tissue Remedies Table of Contents Biochemic Or Tissue Remedies: Balance In The Body The Twelve Tissue Remedies Calc Fluor Calc Phos Calc Sulph Ferr Phos Kali Mur Kali Phos Kali Sulph Mag Phos Nat Mur Nat Phos Nat Sulph Silicea Biochemic Salts And Dosages Biochemic Remedies And Their Strengths Or Potencies Biochemic Salts And The Sun Signs Copyright: Shalini...»

«      Education in American Prisons: A Review of the Literature Ryan McNamara LS 400 California State University Monterey Bay Dr. Linda Bynoe May 20, 2010 Education in American Prisons                                            1  Table of Contents Content Page Number Acknowledgements 2 Capstone Proposal 3 CSUMB Reflection 6 Capstone Cover Page 13 Abstract 14 Introduction 15 Methodology 17 History 18 Theory 24 Current Research 27 Findings 35...»

«1 Pitfalls and procedures in the histopathological diagnosis of oral and oropharyngeal squamous cell carcinoma and a review of the role of pathology in prognosis Julia Anne Woolgar, Asterios Triantafyllou Oral Pathology, School of Dental Sciences and Dental Hospital, University of Liverpool, Pembroke Place, Liverpool L3 5PS, United Kingdom Tel.: +44 151 706 5245 (JAW), +44 151 706 5243 (AT); fax: +44 151 706 5240 E-mail address: jaw@liverpool.ac.uk, A.Triantafyllou@liverpool.ac.uk 2 Summary...»

«CHOCOLATE PANNING INTRODUCTION There are a number of papers on chocolate panning in the literature. The following two are recommended reading for a chocolate panning operation and the problems associated with a panning operation. Thomas Copping’s article on the “Basics of Chocolate Panning” is recommended reading for chocolate panning. John Kitt’s article on Panning Problems is worthwhile reading for any type of panning operation. These two articles will certainly get you started on a...»

«Jellinek anti-hagiográfiája Jellinek's anti-hagiography MÁRK MÓNIKA – BRETTNER ZSUZSANNA „A tapasztalt utas mögött nem marad nyom.” (Lao-ce) Összefoglalás A korszerű addiktológia alapelvei döntően az alkoholizmussal kapcsolatban alakultak ki. Modern addiktológiai tudás pedig aligha képzelhető el az alkohológiát önálló tudományág rangjára emelő E. M. Jellinek és a nevéhez fűződő betegségkoncepció ismerete nélkül. A jelen tanulmány az alkohológia...»


«IMF STAFF POSITION NOTE May 18, 2010 SPN/10/08 The Making of Good Supervision: Learning to Say “No” Jose Viñals and Jonathan Fiechter with Aditya Narain, Jennifer Elliott, Ian Tower, Pierluigi Bologna, and Michael Hsu INTERNATIONAL MONETARY FUND INTERNATIONAL MONETARY FUND Monetary and Capital Markets Department The Making of Good Supervision: Learning to Say “No” Prepared by Jose Viñals and Jonathan Fiechter* with Aditya Narain, Jennifer Elliott, Ian Tower, Pierluigi Bologna, and...»

«PUBLISHED BY THE ASSOCIATION FOR WOMEN GEOSCIENTISTS As a global community, AWG will provide leadership, inspiration, and encouragment to recognize and support females in the geosciences. www.awg.org SPRING QUARTERLY | 2013 Vol. XXXIV No. 7 High Topography in Continental Interiors: An Adventure in Mongolia Stephanie Souza, Lehigh University, Bethlehem, PA USA 2012 AWG Brunton Award Winner Plate tectonics explains many observations about Earth, such as the global distribution of earthquakes,...»

«Module 1 Introduction to Dog Grooming, Dog Anatomy and Breed Identification ©Creedons College 2014 Module 1 Hello and Welcome Hello and welcome to Professional Dog Grooming Assistant certificate. This course has been designed for those who would like to assist a professional dog groomer or for those who wish to carry on and study on our Professional Dog Grooming Stylist Advanced certificate. This course does not include a ‘hands on’ component and for that reason it is not suitable for you...»

«DIVIDED LOYALTIES: THE CHALLENGE OF STEPFAMILY LIFE William J. Doherty Family Therapy Networker, May/June, 1999, pp. 32-38, 54 Roy was still smarting from the divorce his wife had insisted on, but he was settling into a pattern of regular contact with his two boys, ages 7 and 5. During his first therapy session, Roy told me how afraid he was of losing his sons, now that his ex-wife had remarried and there was a new father figure living with them. I tried to be reassuring about his irreplaceable...»

«NEDERLANDS MATHEMATISCH CONGRES 2011 onder auspiciën van het Koninklijk Wiskundig Genootschap 14 en 15 april 2011 Universiteit Twente Enschede Organisatie Onno Bokhove Gjerrit Meinsma Richard Boucherie (voorzitter) Julia Mikhal Sijmen de Bruijn Jan Willem Polderman Diana Dalenoord Steffen Posthuma Stephan van Gils Anton Stoorvogel Marloes van Grinsven Marc Uetz Ruben Hoeksma Martin Wevers Gerard Jeurnink Linda Wychgel Thyra Kamphuis Comité van aanbeveling P. E. J. den Oudsten (Burgemeester...»

<<  HOME   |    CONTACTS
2016 www.dissertation.xlibx.info - Dissertations, online materials

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.