PERM: practical reputation-based blacklisting without TTPS

Some users may misbehave under the cover of anonymity by, e.g., defacing webpages on Wikipedia or posting vulgar comments on YouTube. To prevent such abuse, a few anonymous credential schemes have been proposed that revoke access for misbehaving users while maintaining their anonymity such that no trusted third party (TTP) is involved in the revocation process. Recently we proposed BLACR, a TTP-free scheme that supports `reputation-based blacklisting' --- the service provider can score users' anonymous sessions (e.g., good vs. inappropriate comments) and users with insufficient reputation are denied access. The major drawback of BLACR is the linear computational overhead in the size of the reputation list, which allows it to support reputation for only a few thousand user sessions in practical settings. We propose PERM, a revocation-window-based scheme (misbehaviors must be caught within a window of time), which makes computation independent of the size of the reputation list. PERM thus supports millions of user sessions and makes reputation-based blacklisting practical for large-scale deployments.

[1]  Sherman S. M. Chow Real Traceable Signatures , 2009, Selected Areas in Cryptography.

[2]  Yi Mu,et al.  Constant-Size Dynamic k-TAA , 2006, SCN.

[3]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[4]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[5]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[6]  Josh Benaloh,et al.  One-Way Accumulators: A Decentralized Alternative to Digital Sinatures (Extended Abstract) , 1994, EUROCRYPT.

[7]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[8]  Willy Susilo,et al.  BLACR: TTP-Free Blacklistable Anonymous Credentials with Reputation , 2012, NDSS.

[9]  Nicholas Hopper,et al.  Jack: scalable accumulator-based nymble system , 2010, WPES '10.

[10]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[11]  Man Ho Au,et al.  PEREA: Practical TTP-free revocation of repeatedly misbehaving anonymous users , 2011, TSEC.

[12]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[13]  Abhi Shelat,et al.  Efficient Protocols for Set Membership and Range Proofs , 2008, ASIACRYPT.

[14]  Ian Goldberg,et al.  Making a Nymbler Nymble Using VERBS , 2010, Privacy Enhancing Technologies.

[15]  Nicholas Hopper,et al.  FAUST: efficient, TTP-free abuse prevention by anonymous whitelisting , 2011, WPES.

[16]  Sean W. Smith,et al.  BLAC: Revoking Repeatedly Misbehaving Anonymous Users without Relying on TTPs , 2010, TSEC.

[17]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[18]  Sean W. Smith,et al.  Nymble: Anonymous IP-Address Blocking , 2007, Privacy Enhancing Technologies.

[19]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[20]  Sean W. Smith,et al.  Nymble: Blocking Misbehaving Users in Anonymizing Networks , 2011, IEEE Transactions on Dependable and Secure Computing.

[21]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[22]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[23]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[24]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[25]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[26]  Sean W. Smith,et al.  PEREA: towards practical TTP-free revocation in anonymous authentication , 2008, CCS.

[27]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[28]  Sean W. Smith,et al.  Blacklistable anonymous credentials: blocking misbehaving users without ttps , 2007, CCS '07.