Helping TicketMaster: Changing the Economics of Ticket Robots with Geographic Proof-of-Work

When tickets for popular events such as Hannah Montana concerts go on sale online, they sell out almost instantly. Unfortunately, a significant number of them are purchased by world-wide networks of ticket purchasing robots run by scalpers looking to turn a quick profit. Ticket outlets currently employ CAPTCHAs to slow down fully automated purchasing robots. Since the profit associated with scalping tickets is several orders of magnitude larger than the cost associated with paying humans to solve the CAPTCHAs, this approach has been ineffective. CAPTCHAs have a fundamental flaw when used to protect online tickets: the cost to solve them using humans is fixed and small. To address this problem, this paper explores a novel alternative based on geographically-driven proof-of-work. The crux of the approach exploits the observation that most legitimate clients are located geographically close to the event. By requiring every client to solve a cryptographic puzzle whose difficulty is based on their distance to the event, ticket purchasing robots must be placed close to each event in order to monopolize the tickets. This requirement significantly increases the cost of operating such networks. Using emulation and simulation, we demonstrate the utility of our approach in tackling the online ticketing problem.

[1]  Wu-chang Feng,et al.  mod_kaPoW: mitigating DoS with transparent proof-of-work , 2007, CoNEXT '07.

[2]  Mihir Bellare,et al.  Hash Function Balance and Its Impact on Birthday Attacks , 2004, EUROCRYPT.

[3]  Nicolas Ianelli,et al.  Botnets as a Vehicle for Online Crime , 2007 .

[4]  L. Jean Camp,et al.  Proof of Work can Work , 2006, WEIS.

[5]  John Langford,et al.  CAPTCHA: Using Hard AI Problems for Security , 2003, EUROCRYPT.

[6]  Wu-chang Feng,et al.  mod kaPoW: Protecting the web with transparent proof-of-work , 2008, IEEE INFOCOM Workshops 2008.

[7]  Zhao Jun Distributed Intrusion Detection System , 2006 .

[8]  Elaine Shi,et al.  Portcullis: protecting connection setup from denial-of-capability attacks , 2007, SIGCOMM '07.

[9]  Wu-chang Feng,et al.  The Case for Public Work , 2006, 2007 IEEE Global Internet Symposium.

[10]  Aaron Hackworth,et al.  Botnets as a Vehicle for Online Crimes , 2006 .

[11]  Michael K. Reiter,et al.  Mitigating bandwidth-exhaustion attacks using congestion puzzles , 2004, CCS '04.

[12]  Vishal Malik,et al.  Distributed intrusion detection system , 2002 .

[13]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[14]  Pekka Nikander,et al.  DOS-Resistant Authentication with Client Puzzles , 2000, Security Protocols Workshop.

[15]  Adam Stubblefield,et al.  Using Client Puzzles to Protect TLS , 2001, USENIX Security Symposium.

[16]  Ben Laurie,et al.  \Proof-of-Work" Proves Not to Work , 2004 .