This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
In order to allow users to access Internet services privately, anonymizing networks like Tor uses a series of routers to hide the clients IP address from the server. These networks, however, have been marred by users employing this anonymity for abusive purposes such as defacing popular web sites. Usually, web site administrators rely on IP-address blocking in order to disable access to misbehaving users, but it is impractical if the abuser routes through an anonymizing network. In order to avoid this, administrators bar all known exit nodes of the anonymizing network, thereby denying anonymous access to all the users (whether misbehaving or not). To solve this issue, we introduce Nymble, a system where servers blacklist misbehaving users, thereby blocking users without affecting their anonymity. Nymble is thus agnostic to varied definitions of misbehavior. Servers can block users for any reason, and the privacy of blacklisted users is not affected in any case.
Under Guidance of:
Ms. A. Anto viji
Asst.Professor in Dept of Computer Science and Engineering
C.S.I Institute of Technology
In order to hide a client's IP address anonymizing networks like Tor route traffic through independent nodes in separate administrative domains. As administrators cannot block individual users' IP addresses, they resort to blacklisting the entire anonymizing network. However, such methods though eliminate malicious activity through anonymizing networks but they also deny anonymous access to behaving users. In a pseudonymous credential system, users log into Web sites using pseudonyms, which can be blocked if in case a user misbehaves. However, this method may results in pseudonymity for all users, thereby dampening the anonymity provided by the anonymizing network. Anonymous credential systems employ group signatures. On the other hand, basic group signatures allow servers to annul a misbehaving user's anonymity by complaining about it to a group manager. Servers must contact the group manager for every authentication, and thus, this method lacks scalability. Traceable signatures help the group manager, which then release a trapdoor allowing all signatures generated by a particular user to be traced. Even though, using such an approach does not provide the necessary backward unlinkability that this paper desire, a user's accesses before the complaint always remain anonymous. Backward unlinkability allows for immanent blacklisting, in which servers can blacklist users for whatever reason as the privacy of the blacklisted user is not at risk.
To solve the given problem, a Nymble system is introduced, which possesses the following properties: anonymous authentication, backward unlinkability, subjective blacklisting, fast authentication speeds, rate-limited anonymous connections, revocation auditability (where users can verify whether they have been blacklisted), and it also deals with the Sybil attack so as to make its implementation practical. In Nymble, users acquire a set of nymbles, a unique type of pseudonym, in order to connect to Web Servers. Lacking any other information, these nymbles are logically hard to link, and hence, using the collection of nymbles simulates unidentified access to services. Web sites, nevertheless, can block users by obtaining a seed for a specific nymble, and thus allowing them to establish a connection with future nymbles from the user and those prior to the complaint remain unlinkable and untraceable.
Servers can thus block anonymous users without gaining access to their IP addresses while allowing legitimate users to connect anonymously. This system let the users know about their blacklisted status before they are introduced to a nymble, and are disconnected immediately in case they are blacklisted. A large number of anonymizing networks can rely on the same Nymble system, and blacklisting anonymous users regardless of their anonymizing network.
Fig 1. The Nymble system architecture showing the various modes of interaction. Note that users interact with the NM and servers through the anonymizing network.
To keep a tab on the total number of identities that a user can obtain (popularly known as the Sybil attack), the Nymble system attaches nymbles to resources which are difficult enough to obtain in great numbers. For example, here this paper have used IP addresses as the resource, but this scheme generalizes to other resources as well such as email addresses or identity certificates.
The Pseudonym manager
The user initially must connect to Pseudonym Manager (PM) and establish control over a resource so as to block the IP-address, the user ought to connect to the Pseudonym Manager directly, as shown in Figure1. It is presumed that PM has knowledge of Tor routers and can ensure
that users are communicating with it directly. Pseudonyms are chosen based on the controlled resource, making sure that the very pseudonym is always issued for the same resource. The user does not disclose what server he wants to connect to, and the PM's duties are restricted to
mapping IP addresses to pseudonyms. The user connects to the PM only once per linkability window (e.g., once a day).
The Nymble Manager
Post gaining a pseudonym from the PM, the user connects to the Nymble Manager via the anonymizing network, and then request for nymbles to obtain access to a particular server. A user's requests to the NM are therefore pseudonymous, and nymbles are generated using the user's pseudonym and the server's identity. Nymbles are thus specific to a particular user-server pair. As long as the PM and the NM do not collude, the NM knows only the pseudonym-server
pair, and the PM knows only the user identity-pseudonym pair. In order to provide the required cryptographic protection and security properties, nymbles are encapsulated within nymble tickets. Servers pack seeds into linking tokens, and therefore, this paper will speak of linking tokens
being used to link future nymble tickets.
after a certain window linkability period. All entities are time synchronized, and this paper can thus calculate the current linkability window and time period.
Blacklisting a user
In case of a misbehavior, the server may link any future connection from this user within the same linkability window. Consider Fig. 2: A user misbehaves at a server during time period t, within linkability window w_. The server then finds this misbehavior and reports it to the NM in time period tc (t_ < tc _ tL) of the same linkability window. In the complaint, the server presents the nymble ticket of the misbehaving user and obtains the corresponding seed from the NM. The server is then able to link future connections by the user in time periods tc; tc þ 1; . . . ; tL of the same linkability window w_ to the complaint. Therefore, once the server has complained about a user, that user is blacklisted for that particular linkability window.
Notifying the user of blacklist status
Users using anonymizing networks want their connections to be anonymous. When a server obtains a seed for that user, it can still link the user's subsequent connections. It is very important that users be notified of being blacklisted before presenting a nymble ticket to a server. The user can thus download the server's blacklist and verify its status. When blacklisted, the user immediately gets discontinued. As the blacklist is cryptographically signed by the NM, the blacklist's credibility is easily verified as to if the blacklist was updated in the same time period.
Blacklistability assures that any legitimate server can surely block misbehaving users.
Rate-limiting assures that any legitimate server that no user can connect to it more than once within any single time period. Nonframeability guarantees that any legitimate user can connect through nymble to that server. Honest servers are able to distinguish between honest and dishonest users.
Fig 2. The life cycle of a misbehaving user. If the server complains in time period tc about a user's connection in t*.the user becomes linkable starting in tc. The complain in tc. can include nimble tickets from onlu tc-1 and earlier.
Anonymity protects the anonymity of honest users, regardless of their legitimacy according to the (possibly corrupt) server.
Data structures and Modules
Nymble uses several important data structures, and this paper divide them into the following 4 modules:
Module 1: Generation of pseudonym
The PM issues pseudonyms to users. A pseudonym pnym has two components nym and mac: nym is a pseudorandom Fig 4. Evolution of seeds and nymbles. Given seedsi,.,it is easy to Compute nymblei, nymblei+1â€¦.nymbleL, but not nymble*, nymblei., nymblei-1. mapping of the user's identity (e.g., IP address), the linkability window w for which the pseudonym is valid, and the PM's secret key nymKeyP ; mac is a MAC that the NM uses to verify the integrity of the pseudonym. Algorithms describe the procedures of creating and verifying pseudonyms.
Fig 4. Evolution of seeds and nymbles. Given seeds i, it is easy to Compute nymblei, nimble i+1â€¦nymbleL, but not nymble*, nymbleiâ€¦â€¦., nymblei-1.
Module 2: Generation of nymble
Nymble, a pseudorandom number, plays the role of an identifier for a particular time period. Nymbles (presented by a user) across periods are unlinkable unless a server has blacklisted that user. Nymbles are presented as part of a nymble ticket, as described next. As shown in Fig. 4,seeds evolve throughout a linkability window using a seed-evolution function f; the seed for the next time period (seednext) is computed from the seed for the current time period (seedcur) as seednext ¼ f(seedcur): The nymble (nimble_t) for a time period t is evaluated by applying the nymble evaluation function g to its corresponding seed (seedt), i.e., nymblet ¼ g(seedt): The NM sets seed0 to a pseudorandom mapping of the user's pseudonym pnym, the (encoded) identity sid of the server (e.g., domain name), the linkability window w for which the seed is valid, and the NM's secret key seedKeyN. User-server-window combinations are therefore specifically linked to seeds. As a consequence, a seed is useful only for a particular server to link a particular user during a particular linkability window. In this Nymble construction, f and g are two distinct cryptographic hash functions. Hence, it is easy to compute future nymbles starting from a particular seed by applying f and g appropriately, but infeasible to compute nymbles otherwise. Without a seed, the sequence of nymbles appears unlinkable, and honest users can enjoy anonymity. Even when a seed for a particular time period is obtained, all the nymbles prior to that time period remain unlinkable. A credential contains all the nymble tickets for a particular linkability window that a user can present to a particular server. Algorithm 4 has a procedure that generates a credential when requested: A ticket contains a server specific nymble, linkability window and time period. ctxt is scrambled data that NM uses during a nymble ticket complaint. In particular, ctxt contains the first nymble (nymble) in the user's sequence of nymbles, and the seed used to generate that nymble. Upon a complaint, the NM extracts the user's seed and issues it to the server by evolving the seed.
Connection to website using nymble and seed
Here in this module, the algorithm performs the task of checking if the linkability of the ticket. If the nymble is linked to the server then this paper can conclude that the user has misbehaved and thus the status of the user is updated.
Blacklisting Misbehaved User
A server's blacklist is a list of nymble s corresponding to all the nymbles that the
server has complained about. Users can quickly check their blacklisting status at a
server by checking to see whether their nymble appears in the server's blacklist.
The existing sytem, however efficient as it may appear, largely depends on human users to classify a post into an act of misbehavior. The misbehaving post, even when flagged as abusive, is usually not immediately removed from the website. Anonymizing networks as Tor, thus far, has been completely blocked by several web services because of users who abuse their anonymity. Thereby in this paper titled "Nymble Blocking System", algorithmically flags a post as an act of misbehavior, and thereby eradicating the necessity to depend on the existing users for the same. This system allows websites to selectively block users of anonymizing networks. Using it, websites can blacklist users without hindering their anonymity.