Blacklisting Misbehaving Users for Enhancing Security in Anonymizing Networks

Anonymizing networks such as Tor allow users to access Internet services privately by using a series of routers to hide the client's IP address from the server. The success of such networks, however, has been limited by users employing this anonymity for abusive purposes such as defacing popular Web sites. Web site administrators routinely rely on IP-address blocking for disabling access to misbehaving users, but blocking IP addresses is not practical if the abuser routes through an anonymizing network. As a result, administrators block all known exit nodes of anonymizing networks, denying anonymous access to misbehaving and behaving users alike. To address this problem, we present Nymble, a system in which servers can "blacklist" misbehaving users, thereby blocking users without compromising their anonymity. Our system is thus agnostic to different servers' definitions of misbehavior—servers can blacklist users for whatever reason, and the privacy of blacklisted users is maintained. Nymble is a system in which servers can "blacklist" misbehaving users, thereby blocking users without compromising their anonymity and the privacy of blacklisted users is maintained. Web site administrators routinely rely on IP-address blocking for disabling access to misbehaving users, but blocking IP addresses is not practical if the abuser routes through an anonymizing network. As a result, administrators block all known exit nodes of anonymizing networks, denying anonymous access to misbehaving and behaving users alike.

[1]  J. Holt,et al.  Nym: Practical Pseudonymity for Anonymous Networks , 2006 .

[2]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[3]  Nobuo Funabiki,et al.  Verifier-Local Revocation Group Signature Schemes with Backward Unlinkability from Bilinear Maps , 2005, ASIACRYPT.

[4]  Sean W. Smith,et al.  Nymble: Blocking Misbehaving Users in Anonymizing Networks , 2011, IEEE Transactions on Dependable and Secure Computing.

[5]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[6]  Sean W. Smith,et al.  Nymble: Anonymous IP-Address Blocking , 2007, Privacy Enhancing Technologies.

[7]  Brian Neil Levine,et al.  A Survey of Solutions to the Sybil Attack , 2006 .

[8]  Amit Sahai,et al.  Pseudonym Systems , 1999, Selected Areas in Cryptography.

[9]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[10]  Hovav Shacham,et al.  Group signatures with verifier-local revocation , 2004, CCS '04.