Using Spammers' Computing Resources for Volunteer Computing

Spammers are continually looking to circumvent counter-measures seeking to slow them down. An immense amount of time and money is currently devoted to hiding spam, but not enough is devoted to effectively preventing it. One approach for preventing spam is to force the spammer’s machine to solve a computational problem of varying difficulty before granting access. The idea is that suspicious or problematic requests are given difficult problems to solve while legitimate requests are allowed through with minimal computation. Unfortunately, most systems that employ this model waste the computing resources being used, as they are directed towards solving cryptographic problems that provide no societal benefit. While systems such as reCAPTCHA and FoldIt have allowed users to contribute solutions to useful problems interactively, an analogous solution for non-interactive proofof-work does not exist. Towards this end, this paper describes MetaCAPTCHA and reBOINC, an infrastructure for supporting useful proof-of-work that is integrated into a web spam throttling service. The infrastructure dynamically issues CAPTCHAs and proof-of-work puzzles while ensuring that malicious users solve challenging puzzles. Additionally, it provides a framework that enables the computational resources of spammers to be redirected towards meaningful research. To validate the efficacy of our approach, prototype implementations based on OpenCV and BOINC are described that demonstrate the ability to harvest spammer’s resources for beneficial purposes.

[1]  Michael K. Reiter,et al.  Byzantine quorum systems , 1997, STOC '97.

[2]  Hideki Imai,et al.  A generic construction of useful client puzzles , 2009, ASIACCS '09.

[3]  Luciano Paschoal Gaspary,et al.  Make it green and useful: Reshaping puzzles for identity management in large-scale distributed systems , 2013, 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013).

[4]  Adrian Perrig,et al.  Bootstrapping Trust in Modern Computers , 2011, Springer Briefs in Computer Science.

[5]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[6]  John C. Mitchell,et al.  Text-based CAPTCHA strengths and weaknesses , 2011, CCS '11.

[7]  Elaine Shi,et al.  Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems , 2005, SOSP '05.

[8]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[9]  James Ze Wang,et al.  IMAGINATION: a robust image-based CAPTCHA generation system , 2005, ACM Multimedia.

[10]  Joshua Goodman,et al.  Stopping outgoing spam , 2004, EC '04.

[11]  Stefan Savage,et al.  Dirty Jobs: The Role of Freelance Labor in Web Service Abuse , 2011, USENIX Security Symposium.

[12]  Akshay Dua,et al.  MetaCAPTCHA: A Metamorphic Throttling Service for the Web , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[13]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.

[14]  Markus Jakobsson,et al.  Proofs of Work and Bread Pudding Protocols , 1999, Communications and Multimedia Security.

[15]  Chris Kanich,et al.  Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context , 2010, USENIX Security Symposium.

[16]  Michael K. Reiter,et al.  Defending against denial-of-service attacks with puzzle auctions , 2003, 2003 Symposium on Security and Privacy, 2003..

[17]  Wu-chang Feng,et al.  Helping TicketMaster: Changing the Economics of Ticket Robots with Geographic Proof-of-Work , 2010, 2010 INFOCOM IEEE Conference on Computer Communications Workshops.

[18]  Fabian Monrose,et al.  Distributed Execution with Remote Audit , 1999, NDSS.

[19]  Ted Wobber,et al.  Moderately hard, memory-bound functions , 2005, TOIT.

[20]  Henry S. Baird,et al.  BaffleText: a Human Interactive Proof , 2003, IS&T/SPIE Electronic Imaging.

[21]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[22]  Ghassan O. Karame,et al.  Pay as you browse: microcomputations as micropayments in web-based services , 2011, WWW.

[23]  Moni Naor,et al.  On Memory-Bound Functions for Fighting Spam , 2003, CRYPTO.

[24]  W. S. Yerazunis The Spam-Filtering Accuracy Plateau at 99.9 percent Accuracy and How to Get Past It , 2004 .

[25]  Paul A. Viola,et al.  Rapid object detection using a boosted cascade of simple features , 2001, Proceedings of the 2001 IEEE Computer Society Conference on Computer Vision and Pattern Recognition. CVPR 2001.

[26]  Manuel Blum,et al.  reCAPTCHA: Human-Based Character Recognition via Web Security Measures , 2008, Science.

[27]  David P. Anderson,et al.  SETI@home: an experiment in public-resource computing , 2002, CACM.

[28]  John Langford,et al.  Telling humans and computers apart automatically , 2004, CACM.

[29]  Fabian Monrose,et al.  Efficient Memory Bound Puzzles Using Pattern Databases , 2006, ACNS.

[30]  Sanjeev Arora,et al.  Probabilistic checking of proofs: a new characterization of NP , 1998, JACM.

[31]  Wu-chang Feng,et al.  mod kaPoW: Protecting the web with transparent proof-of-work , 2008, IEEE INFOCOM Workshops 2008.

[32]  Carsten Lund,et al.  Proof verification and the hardness of approximation problems , 1998, JACM.

[33]  J. Doug Tygar,et al.  Image Recognition CAPTCHAs , 2004, ISC.

[34]  Vern Paxson,et al.  @spam: the underground on 140 characters or less , 2010, CCS '10.

[35]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[36]  Ben Laurie,et al.  \Proof-of-Work" Proves Not to Work , 2004 .

[37]  Benjamin Braun,et al.  Resolving the conflict between generality and plausibility in verified computation , 2013, EuroSys '13.

[38]  M. Tariq Banday,et al.  Image flip CAPTCHA , 2009, ISC Int. J. Inf. Secur..

[39]  Andreas Haeberlen,et al.  PeerReview: practical accountability for distributed systems , 2007, SOSP.

[40]  Adam Stubblefield,et al.  Using Client Puzzles to Protect TLS , 2001, USENIX Security Symposium.

[41]  Kun Huang,et al.  Throttling Outgoing SPAM for Webmail Services , 2005, CEAS.

[42]  Jens Groth,et al.  Short Pairing-Based Non-interactive Zero-Knowledge Arguments , 2010, ASIACRYPT.

[43]  B. Clifford Neuman,et al.  Kerberos: An Authentication Service for Open Network Systems , 1988, USENIX Winter.

[44]  Venu Govindaraju,et al.  Handwritten CAPTCHA: using the difference in the abilities of humans and machines in reading handwritten words , 2004, Ninth International Workshop on Frontiers in Handwriting Recognition.

[45]  Ahmad-Reza Sadeghi,et al.  Token-Based Cloud Computing , 2010, TRUST.

[46]  Wu-chi Feng,et al.  Design and implementation of network puzzles , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[47]  Angelos D. Keromytis,et al.  The dual receiver cryptosystem and its applications , 2004, CCS '04.

[48]  Tsz-Yan Chan,et al.  Using a test-to-speech synthesizer to generate a reverse Turing test , 2003, Proceedings. 15th IEEE International Conference on Tools with Artificial Intelligence.

[49]  Rich Gossweiler,et al.  WWW 2009 MADRID! Track: User Interfaces and Mobile Web / Session: User Interfaces What’s Up CAPTCHA? A CAPTCHA Based on Image Orientation , 2022 .

[50]  Wu-chang Feng,et al.  kaPoW Webmail: Effective Disincentives Against Spam , 2010 .

[51]  Neha Narula,et al.  Native Client: A Sandbox for Portable, Untrusted x86 Native Code , 2009, IEEE Symposium on Security and Privacy.

[52]  Ivan Damgård,et al.  Linear zero-knowledge—a note on efficient zero-knowledge proofs and arguments , 1997, STOC '97.

[53]  Kris Gaj,et al.  Face Recognition CAPTCHAs , 2006, Advanced Int'l Conference on Telecommunications and Int'l Conference on Internet and Web Applications and Services (AICT-ICIW'06).

[54]  David P. Anderson,et al.  BOINC: a system for public-resource computing and storage , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.

[55]  Rida A. Bazzi,et al.  A Captcha Based on the Human Visual Systems Masking Characteristics , 2006, 2006 IEEE International Conference on Multimedia and Expo.

[56]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[57]  Josef Kittler,et al.  Pattern recognition : a statistical approach , 1982 .

[58]  Michael K. Reiter,et al.  Mitigating bandwidth-exhaustion attacks using congestion puzzles , 2004, CCS '04.

[59]  Eran Tromer,et al.  Proof-Carrying Data and Hearsay Arguments from Signature Cards , 2010, ICS.

[60]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .

[61]  E. Kaiser,et al.  The Case for Public Work , 2007, 2007 IEEE Global Internet Symposium.

[62]  Markus Jakobsson,et al.  Making CAPTCHAs clickable , 2008, HotMobile '08.

[63]  Georgia Koutrika,et al.  Fighting Spam on Social Web Sites: A Survey of Approaches and Future Challenges , 2007, IEEE Internet Computing.

[64]  Ari Juels,et al.  $evwu Dfw , 1998 .

[65]  Brent Waters,et al.  New client puzzle outsourcing techniques for DoS resistance , 2004, CCS '04.

[66]  Fabien Coelho,et al.  Exponential Memory-Bound Functions for Proof of Work Protocols , 2005, IACR Cryptol. ePrint Arch..

[67]  Dimitris Gritzalis,et al.  Audio CAPTCHA: Existing solutions assessment and a new implementation for VoIP telephony , 2010, Comput. Secur..

[68]  Chris Kanich,et al.  Spamalytics: an empirical analysis of spam marketing conversion , 2008, CCS.

[69]  L. Jean Camp,et al.  Proof of Work can Work , 2006, WEIS.

[70]  Robert Grimm,et al.  Ensuring Content Integrity for Untrusted Peer-to-Peer Content Distribution Networks , 2007, NSDI.

[71]  Jeff Yan,et al.  Usability of CAPTCHAs or usability issues in CAPTCHA design , 2008, SOUPS '08.