Appendix Paper Published

7/29/2019 Appendix Paper Published

http://slidepdf.com/reader/full/appendix-paper-published 1/12

Research Article ISSN 2277–9140

ReceivedonMay2012,PublishedonJuly2012 294

INTERNATIONAL JOURNAL OF ADVANCES IN

COMPUTING AND INFORMATION

TECHNOLOGY An International online open access peer reviewed journal

BlockingofMischievoususersinAnonymizingNetworksusingNymbleSystem

MohammadZainuddin1,D.Baswaraj21M.TechStudent,

2AssociateProfessorinCMRInstituteofTechnology,JNTUH

[email protected] doi:10.6088/ijacit.12.13009

ABSTRACT

Therearesomenetworkscalled“Anonymizingnetworks”whichallowuserstogainaccesstointernetservices

without revealing their identity (IP-addresses) to the servers. Networks such as “Tor (The Onion

Router)”,”Crowds” and “I2P” gained popularity in the years 2002-2007, but the success of such networks

however has been limited by users employing this anonymity for abusive purposes such asdefacingpopular

websitessuchas “Wikipedia”.WebsiteAdministratorsblocksentirenetworkwhichisconnectedtotheabusive

systemtogetridoftheabuser.Hence,well-behavedusersalsogetblockedduetothisaction.Toaddressthis

problem,wepresentaNymblesysteminwhichserverscan“blacklist”mischievoususerswithoutaffectinggood

usersandalsomaintaininganonymityacrossthenetwork.

Keywords:Anonymous,privacy,revocation,pseudonym.

1. Introduction

Networkswhich provide anonymity to users such asCrowds andTor [1], [2], will route the traffic through

independentnodesinseparateadministrativedomainstohidetheuser’sIPaddress.Tornetworkroutesthrough

severalseriesofrouterstodecreasetheprobabilityofpredictingtheIPaddressoftheuserbytheserverandhence

increasestheanonymity.Butunfortunatelysomeusershavemisusedsuchnetworksbytakingtheadvantageof

theiranonymity todefacepopularwebsites.Sincewebsiteadministratorscannotblacklistindividualmalicioususers’ IP addresses, they blacklist the entire anonymizing network. Such measures will definitely eliminate

maliciousactivitythroughanonymizingnetworks,butatthesametimeitresultsindenialofservicetobehaving

usersaswell.Inotherwords,apoisonousfishcankillallotherfishesunderthatsamearea.(Thishashappened

repeatedlywithTor).

There are several solutions proposed to this problem so far, each providing some sort of accountability.

“Pseudonymouscredentialsystems”[4]wasthefirststeptowardsthecontrolofmisbehavingusersinanonymousnetworks. It was introduced by “Chaum” in 1985, as a way of allowing a user to work effectively and

anonymouslywithmultipleorganizations.Hesuggestedthateachorganizationmayknowauserbyadifferent

pseudonymorsimplya“nym”.Inpseudonymouscredentialsystems,userslogintowebsitesusingpseudonyms,whichisaddedtotheblacklistifausermisbehaves.Unfortunately,thismethodresultsinpseudonymityforall

usersandweakenstheanonymityprovidedbytheanonymizingnetworks.“AnonymousCredentialsystem”[5],

[6]wasintroducedbyChaumandmanyanonymouscredentialsystemshavebeenproposedsincethen.Basically,

thissystememploysgroupsignatures[7],[8]whichallowserverstorevokeamisbehavinguser’sanonymityby




MohammadZainuddin,D.Baswaraj 295

InternationalJournalofAdvancesinComputingandInformationTechnology

complainingtoagroupmanager.Serversneedstoquerythegroupmanagerforeveryauthenticationandhence

lacksscalability.Duetothisreason,theanonymouscredentialssystemsareleastusednow-a-days.

“Verifier-localrevocation”[9]isanotherapproachforourprobleminwhich“Groupsignatures”areused.Inthis

scheme, theserver (“verifier”) is required toperformonly localupdatesduring revocation.Butunfortunately,VLRrequiresheavycomputationattheserverthatislinearinthesizeoftheblacklist.

1.1OursolutionWepresentasecuresystemcalled“Nymble”whichprovidesthepropertiessuchas:

•Anonymousauthentication•Backwardunlinkability•Subjectiveblacklisting•Fastauthenticationspeeds•Rate-limitedanonymousconnections•Revocationauditability•Anti-Sybilattack

InNymble system [3], [11]usersacquire a collectionofnymbles,a specialtypeof pseudonym toconnectto

websites.Websitescanblacklistusersbyobtainingaseedforaparticularnymble,allowingthemtolinkfuture

nymblesfromthesameuserbymakingthenymbleswhichwereusedbeforecomplaintsremainunlinkable.

Hence,serverscanblacklisttheanonymoususerswithoutknowledgeoftheirIPaddresseswhileallowingwell-

behavinguserstoconnectanonymously.Inthissystem,usersshouldbeawareoftheirblackliststatusbeforethey

enteranymblesystemanddisconnectimmediatelyiftheyareblacklisted.

AboveistheNymblesystemarchitecturewhichhasvariousmodesofinteractioninthenetworkofanonymity.

This system has overcomemany drawbacks which arise from the previouslyproposed systems including thespeed,computationwork,securityetc.






2. DevelopmenttowardstheappropriatesolutionThemajorneedforcreationofanonymizingnetworksisinthefieldof“DepartmentofDefence(DoD)”inorder

toconnecttoserverprivatelywithoutrevealingtheuser’sidentity.ThefirstanonymousnetworkwasdevelopedbyRogerDingledine,NickMathewsonandPaulSyversoninSeptember2002anditwasnamedas“Tor(TheonionRouter)”.Torisasystemintendedtoenableonlineanonymity.UsingTormakesitdifficulttotraceinternet

activity,“includingvisitstowebsites,onlineposts,instantmessagesandothercommunicationforms”,anditis

intendedtoprotectusers’personalfreedom,privacyandabilitytoconductconfidentialbusinessbykeepingtheir

internetactivitiesfrombeingmonitored.

AboveistheworkingofTornetworkandencryptednodesinthatnetwork.ApartfromTortherearemanyother

anonymizingnetworks.Suchas:

• Crowds

• I2P[12]

• Freenet

• Phantom

2.1PseudonymousCredentialSystems

Pseudonymitytechnologyistechnologythatallowsindividualstorevealorproveinformationaboutthemselvesto others, without revealing their full identity. A credential system is a system in which users can obtain

credentials from organizations and demonstrate possession of these credentials. The idea of Pseudonymous

credentialsystemswasfirstputforwardedby“AnnaLysyanskaya”,“R.L.Rivest”and“A.Sahai”in1999evenbeforeanonymousnetwoksweredeveloped.Inpseudonymouscredentialsystems,userslogintowebsitesusing

pseudonyms[10].Pseudonymsarethefalsenamesusedtohideusers’actualidentitiesandmaintainsanonymity.

PseudonymsaregeneratedbyTorclientprogramitselfandtheyareusedtologintowebsites.Servermaintains

theblacklistofmischievoususersbyusingpseudonymsprovidedbytheusers.






Advantages:

• Simpletoimplement

• Lesscomputational

Drawbacks:

• Itresultsinpseudonymityforallusers

• Weakenstheanonymity

2.2AnonymousCredentialSystems

An anonymous credential system consists of users and organizations.Organizations know the users only by

pseudonyms.Thebasicsystemcomprisesprotocolsforausertojointhesystem,registerwithanorganization,

obtainmulti-showcredentials,andshowsuchcredentials.Anonymouscredentialsystemwastheinnovationof

“J.Camenisch”and“AnnaLysyanskaya”intheyear2001.Theyusedtheconceptof“Groupsignatures”tomake

thesystemmoreefficientandanonymous.Anonymouscredentialsystemconsistsofthreepartiesi.e.users,an

authority, andverifiers.Thesesystemsemploy group signatureswhich allow servers torevoke amisbehaving

user’sanonymitybycomplainingtoagroupmanager.

Serversmustquerythegroupmanagerforeveryauthenticationandhencethissystemlacksscalability.






Advantages

• Digitalsignaturesensurethesecurityofsystemtosomeextent.

Drawbacks• Lacksscalability

• Backwardunlinkabilityisnotpossible

• Serverscanfindusers’IPaddressesbyusingtraceablesignatures

3. Verifier-localrevocation(VLR)InordertoovercometheproblemoflackofbackwardunlinkabilityVLRisproposedin2004by“DanBoneh”

and“HovavShacham”.Anapproachofmembershiprevocationingroupsignaturesisverifier-localrevocation.In

thisapproach,onlyverifiersareinvolvedintherevocationmechanism,whilesignershavenoinvolvement.Thus,

sincesignershave noload, this approachissuitableformobileenvironments.This scheme satisfiesbackward

unlinkabilitytosomeextent.Thebackwardunlinkabilitymeansthatevenafteramemberisrevoked,signatures

producedbythememberbeforetherevocationremainsanonymous.Verifier-localrevocationrequirestheserver(“verifier”)toperformonlylocalupdatesduringrevocation.Hence,therewillbelotofburdenontheserver.

Advantages:

• Localupdatingispossible

• Backwardunlinkability

Drawbacks:

• Heavycomputationalatserverside

• Timeconsuming

• LessSecure

Hence,duetotheunsatisfiedresultsoftheexistingsystems,weimplementedthenewNymblesystemwhichcan

giveusthefruitfulresultswhichweneed.

3.1Ourproposedsolution

PreviouslydevelopedsystemshavesomanydrawbackswhichrestrictedTorandotheranonymizingnetworks’

usageintheorganizations.Hence,Nymblesystemsareproposedinordertoovercomeallthoseweaknessesand

maketheTorasafeandefficientnetwork.InNymble,usersneedtoacquireanorderedcollectionofnymbles

whichisaspecialtypeofpseudonyminordertoconnectwithwebsites.Thereisnorestrictiononthetypeof

anonymizingnetworkusedi.e.itisnotnecessarythatonlyTorshouldbeusedhere.

3.2Overviewsystemdesign






Aswecansee,Nymblesystemhasvariousmodesofinteractiontodifferentmodules.

4. WorkingofNYMBLENymblesaregeneratedbythe“Nymblemanager”baseduponpseudonymandserverID.Websitescanblacklistusersbyobtainingaseedforaparticularnymble,allowingthemtolinkfuturenymblesfromthesameuser.One

important thingwhich can beobservedin our proposed system isthateventhough the future nymblesof the

abusiveuserarelinked,thenymblesthatareusedbeforecomplaintremainunlinkable.Hence,Nymblesystem

guaranteesbackwardunlinkability.

TherearebasicallythreemodulesinNymblesystem.Theyare:

• PseudonymManager

• NymbleManager

• Blacklistingauser

4.1PseudonymManager

Userneedtocontactthepseudonymmanageranddemonstratecontroloveraparticularresourceinordertogetits

IP-address blocked.Theuseris requiredto connect tothePMdirectly i.e. not throughaknownanonymizing

network.PseudonymManagerhastheknowledgeaboutTorroutersandhenceitwon’tacceptitifausertriesto

connectwithitwithanonymizingnetwork.ThebasicideabehindconnectingdirectlywithPseudonymManageris that, itcanidentify the IP-address of the user.Pseudonymsarechosen based upon the controlled resource

ensuringthatthesamepseudonymisalwaysissuedforthesameresource.PseudonymManageronlyknowsthe

IP address-pseudonym pair and hence it does not know the server towhich the userwants to connect.User

contactsthePseudonymmanageronlyonceperlinkabilitywindow(e.g.Onceaday).ThePseudonymManager

issuespseudonymstousers.Apseudonym“pnym”hastwocomponents“nym”and“mac”.

“nym”isapseudo-randommappingoftheuser’sidentity,thelinkabilitywindowwforwhichthepseudonymisvalidandPM’ssecretkeynymKeyp.

“mac”isaMACthattheNymbleManagerusestoverifytheintegrityofthepseudonym.

Thebelowarethealgorithmsusedincreationandverificationofpseudonyms.






Aswecanclearlysee,PseudonymsaregeneratedbaseduponuserIPaddressi.e.uid,linkabilitywindowwand

secretkey.

4.2NymbleManager

Aftergettingthepseudonymfromthepseudonymmanager,theuserconnectstotheNymblemanagerthroughanonymizingnetworkandrequestsnymblesforaccesstoaparticularserver.

Nymblesaregenerated usingthe user’spseudonymand the server’s identity.NymbleManager doesn’tknow

anything about the user’s identity. It knows only the pseudonym-server pair. Nymble Manager encapsulates

nymbleswithin“Nymbletickets”inordertoprovidecryptographicprotectionandsecurityproperties.

NymbleTicketsareboundtospecifictimeperiods.InNymblesystem,timeisdividedintolinkabilitywindowsof

durationWandeachwissplitintoLtimeperiodsofdurationTi.e.W=L*T.

Fromtheabovefig,wecanillustratethatfutureconnectionswillbecomelinkableforaparticularcurrentwindow

fromwhichthecomplaintisregisteredandafterthatwindowtheconnectionswillbeanonymousandunlinkableonceagain.Thisshowsthebackwardunlinkablenatureofoursystem.






NymbleTicketsaregeneratedbaseduponthebelowalgorithm.

A credential contains all the Nymble tickets for a particular linkability window that a user can present to a

particularserver.Aticketcontainsanymblespecifictoaserver,timeperiodandlinkabilitywindow.






5. BlacklistingauserWhenever a user misbehaves, the server can link any future connection from that user within the current

linkability window (e.g. the same day). Blacklistability assures that any honest server can indeed blockmischievous users. Specifically, if a honest server complaints about a user that misbehaved in the currentlinkabilitywindow,thecomplaintwillbesuccessfulandtheuserwillbenotabletonymble-connecttotheserver

successfullyinsubsequenttimeperiods.

Intheaboveexample,Alicetriestodefaceawebsitebyusinganonymizingnetworkandgetsblacklistedbythe

server.Blacklistingcanbeimplementedbyusingthebelowalgorithm:






5.1Notifyingusersofblackliststatus

Userswhomakeuseofanonymizingnetworksexpecttheirconnectionstobeanonymous.Ifaserverobtainsaseedforthatuser,itcanlinkthatuser’ssubsequentconnections.Usersmustbenotifiedoftheirblacklistingstatus

before theypresentanymble ticket toa server. In thissystem,theusercandownloadtheblacklistandverify

whetherhe/sheisontheblacklist.Ifhe/sheisonthelist,thenusercandisconnectimmediately.

Intheabovefig,wecanseethatuser1isontheblacklistoftheserver.Hence,wheneveruser1triestoaccesstheserver,therewillbea“DenialofService”totheuser1.

5.2UserRegistration

Usermustfirstgetregisteredwiththepseudonymmanagerwithoutusinganonymizingnetworks.

Steps:-

• PseudonymManagerchecksiftheuserisallowedtoregister.

• PseudonymmanagermakessurethattheconnectionisnotfromknownTornode.

• PseudonymManagerreadsthecurrentlinkabilitywindow.

• Pseudonymmanagerthengives“pnym”totheuser.

• PseudonymManagerterminateswithsuccess.

• Theusersetshis/herstatusonreceivingpnymandterminateswithsuccess.

5.3ServerRegistration

Steps:-

• Serverinitiatesatype-AuthchanneltotheNymbleManager.

• ServerregisterswithNymbleManager.

• NymbleManagermakessurethattheserverisnotalreadyregistered.

• Ifit’salreadyregistered,thenNymbleManagerterminateswithfailure.

• Ifit’snotregisteredthenNymbleManagerreadsthecurrenttimeperiodandlinkabilitywindow.

• ServeronreceivingitsstatebyNymbleManagerrecordsitsstateandterminateswithsuccess.






FlowofControl

5.4GoalsofNymbleSystem

Nymbleaimsforfoursecuritygoals.Theyare:

• Blacklistability

• Rate-limiting

• Anonymity

• Non-frameability

5.4.1BlacklistabilityBlacklistability assures that any honest server can indeed blockmisbehaving users. Specifically, if an honest

servercomplainsaboutauserthatmisbehavedinthecurrentlinkabilitywindow,thecomplaintwillbesuccessful

andtheuserwillnotbeableto“nymble-connect,”i.e.,establishaNymble-authenticatedconnection,totheserversuccessfullyinsubsequenttimeperiods(followingthetimeofcomplaint)ofthatlinkabilitywindow.

5.4.2Rate-limitingRate-limitingassuresanyhonestserverthatnousercansuccessfullynymble-connecttoitmorethanoncewithin

anysingletimeperiod.

5.4.3AnonymityAnonymityprotectstheanonymousnatureofhonestusers,regardlessoftheirlegitimacyaccordingtotheserver.






5.4.4Non-frameabilityItguaranteesthat anyhonestuserwhois legitimateaccording toanhonest server cannymble-connectto that

server.Thispreventsanattackerfromframingalegitimatehonestuser.

5.5Conclusion

Efficient credential system called Nymble eliminated nearly all weaknesses and drawbacks in the previously

developedsystemstoagainmakealiveanonymizingnetworkswhichwasblockedbymanyserviceproviders.

Servers canblacklistmischievous userswhilemaintaining their privacythroughout thenetwork.Eventhough

therearestillsomeissuesrelatedtobackwardunlinkability,thissystemprovidesenormoussecurityproperties.

Hopethis newsystemwill bringmovement in theanonymizingnetworks’usageandincrease themainstream

acceptance of anonymizingnetworks such asTor, Crowds, I2P, etc. whichhas been completely blocked by

severalservicesbecauseofuserswhoabusetheiranonymity.

6.References

1. R.Dingledine,N.Mathewson, and P. Syverson, “Tor:The SecondGeneration OnionRouter,” Proc.

UsenixSecuritySymp.pp.303-320,Aug.2004.

2. TorProject,availableatwww.torproject.org,accessedduringJune2012.

3. Patrick P. Tsang, Apu Kapadia, and Sean W. Smith, “Nymble: Blocking Misbehaving Users inAnonymizingNetworks”IEEEMarch-April2011.

4. A.Lysyanskaya,R.L.Rivest,A.Sahai,andS.Wolf,“PseudonymSystems,”Proc.Conf.SelectedAreasinCryptography,Springer,pp.184-199,1999.

5. J.CamenischandA.Lysyanskaya,“AnEfficientSystemforNon-TransferableAnonymousCredentialswith Optional Anonymity Revocation,” Proc. Int’l Conf. Theory and Application of Cryptographic

Techniques(EUROCRYPT),Springer,pp.93-118,2001.

6. J. Camenisch and A. Lysyanskaya, “Signature Schemes and Anonymous Credentials from BilinearMaps,”Proc.Ann.Int’lCryptologyConf.(CRYPTO),Springer,pp.56-72,2004.

7. M.Bellare,H.Shi,andC.Zhang,“FoundationsofGroupSignatures:TheCaseofDynamicGroups,”Proc.Cryptographer’sTrackatRSAConf.(CT-RSA),Springer,pp.136-153,2005.

8. D. Chaum and E. van Heyst, “Group Signatures,” Proc. Int’l Conf. Theory and Application of

CryptographicTechniques(EUROCRYPT),pp.257-265,1991.

9. D. Boneh and H. Shacham, “Group Signatures with Verifier-Local Revocation,” Proc. ACM Conf.

ComputerandComm.Security,pp.168-177,2004.

10.D.Chaum,“ShowingCredentialswithoutIdentificationTransferringSignaturesbetweenUnconditionallyUnlinkablePseudonyms,”Proc.Int’lConf.Cryptology(AUSCRYPT),Springer,pp.246-264,1990.

11.C. Cornelius, A. Kapadia, P.P. Tsang, and S.W. Smith, “Nymble: Blocking Misbehaving Users inAnonymizingNetworks,”TechnicalReportTR2008-637,DartmouthCollege,ComputerScience,Dec.

2008.

12. I2P2,availableat,www.i2p2.de,accessedduringJune2012.

Documents

Appendix Paper Published