research-article

FAUST: efficient, TTP-free abuse prevention by anonymous whitelisting

Authors:

Nicholas HopperAuthors Info & Claims

WPES '11: Proceedings of the 10th annual ACM workshop on Privacy in the electronic society

Pages 125 - 130

https://doi.org/10.1145/2046556.2046572

Published: 17 October 2011 Publication History

Abstract

We introduce Faust, a solution to the "anonymous blacklisting problem:" allow an anonymous user to prove that she is authorized to access an online service such that if the user misbehaves, she retains her anonymity but will be unable to authenticate in future sessions. Faust uses no trusted third parties and is one to two orders of magnitude more efficient than previous schemes without trusted third parties. The key idea behind Faust is to eliminate the explicit blacklist used in all previous approaches, and rely instead on an implicit whitelist, based on blinded authentication tokens.

References

[1]

M. H. Au, P. P. Tsang, and A. Kapadia. PEREA: Practical TTP-free revocation of repeatedly misbehaving anonymous users. Technical Report TR688, Indiana University, 2011.

Digital Library

[2]

M. Bellare, C. Namprempre, D. Pointcheval, and M. Semanko. The One-more-RSA-inversion problems and the security of Chaum's blind signature scheme. J. Cryptology, 16(3):185--215, 2003.

[3]

S. Brands, L. Demuynck, and B. D. Decker. A practical system for globally revoking the unlinkable pseudonyms of unknown users. In J. Pieprzyk, H. Ghodosi, and E. Dawson, editors, ACISP, volume 4586 of Lecture Notes in Computer Science, pages 400--415. Springer, 2007.

Digital Library

[4]

E. Brickell and J. Li. Enhanced Privacy ID: a Direct Anonymous Attestation Scheme with Enhanced Revocation Capabilities. In WPES '07: Proceedings of the 2007 ACM workshop on Privacy in electronic society, pages 21--30, New York, NY, USA, 2007. ACM.

Digital Library

[5]

D. Chaum. Security without identification: transaction systems to make Big Brother obsolete. Commun. ACM, 28(10):1030--1044, 1985.

Digital Library

[6]

U. I. Corp. Ultrasurf: Privacy. security. freedom. http://www.ultrareach.com/, July 2011.

[7]

R. Dingledine, N. Mathewson, and P. Syverson. Tor: the second-generation onion router. In SSYM'04: Proceedings of the 13th conference on USENIX Security Symposium, pages 21--21, Berkeley, CA, USA, 2004. USENIX Association.

Digital Library

[8]

J. GmbH. JonDoNym: Private and secure web surfing. http://anonymous-proxy-servers.net/, September 2010.

[9]

R. Henry and I. Goldberg. Extending Nymble-like systems. In Proc. 32nd IEEE Symposium on Security & Privacy, 2011.

Digital Library

[10]

R. Henry and I. Goldberg. Formalizing anonymous blacklisting systems. In Proc. 32nd IEEE Symposium on Security & Privacy, 2011.

Digital Library

[11]

R. Henry, K. Henry, and I. Goldberg. Making a nymbler Nymble using VERBS. Technical report, University of Waterloo Technical Report CACR 2010-05, 2010. Extends {12}.

[12]

R. Henry, K. Henry, and I. Goldberg. Making a nymbler Nymble using VERBS. In PETS: Proceedings of the 10th Privacy Enhancing Technologies Symposium. Springer, 2010.

Digital Library

[13]

J. Holt and K. Seamons. Nym: Practical pseudonymity for anonymous networks. BYU Internet Security Research Lab Technical Report, 4, 2006.

[14]

P. C. Johnson, A. Kapadia, P. P. Tsang, and S. W. Smith. Nymble: Anonymous IP-address blocking. In Proceedings of The Seventh International Symposium on Privacy Enhancing Technologies (PET), Ottawa, Canada, volume 4776 of LNCS, pages 113--133. Springer-Verlag, June 2007.

Digital Library

[15]

Z. Lin and N. Hopper. Jack: Scalable accumulator-based Nymble system. In WPES2010: Proceedings of the 9th ACM Workshop on Privacy in the Electronic Society. ACM, 2010.

Digital Library

[16]

P. Lofgren and N. Hopper. BNymble (a short paper): More anonymous blacklisting at almost no cost. In Fifteenth International Conference on Financial Cryptography and Data Security. Springer, 2011.

Digital Library

[17]

F. Olumofin and I. Goldberg. Revisiting the computational practicality of Private Information Retrieval. In Fifteenth International Conference on Financial Cryptography and Data Security. Springer, 2011.

Digital Library

[18]

R. Priedhorsky, J. Chen, S. Lam, K. Panciera, L. Terveen, and J. Riedl. Creating, destroying, and restoring value in Wikipedia. In Proceedings of the 2007 international ACM conference on Supporting group work, pages 259--268. ACM, 2007.

Digital Library

[19]

S. Stubblebine, P. Syverson, and D. Goldschlag. Unlinkable serial transactions: protocols and applications. ACM Transactions on Information and System Security (TISSEC), 2(4):354--389, 1999.

Digital Library

[20]

J. T. Trostle and A. Parrish. Efficient computationally private information retrieval from anonymity or trapdoor groups. In M. Burmester, G. Tsudik, S. S. Magliveras, and I. Ilic, editors, ISC10: Proceedings of the Information Security Conference, volume 6531 of Lecture Notes in Computer Science, pages 114--128. Springer, 2010.

Digital Library

[21]

P. P. Tsang, M. H. Au, A. Kapadia, and S. W. Smith. Blacklistable Anonymous Credentials: blocking misbehaving users without TTPs. In CCS '07: Proceedings of the 14th ACM conference on Computer and communications security, pages 72--81, New York, NY, USA, 2007. ACM.

Digital Library

[22]

P. P. Tsang, M. H. Au, A. Kapadia, and S. W. Smith. PEREA: Towards practical TTP-free revocation in anonymous authentication. In CCS '08: Proceedings of the 14th ACM conference on Computer and communications security, pages 333--344. ACM, 2008.

Digital Library

[23]

P. P. Tsang, M. H. Au, A. Kapadia, and S. W. Smith. BLAC: Revoking repeatedly misbehaving anonymous users without relying on TTPs. ACM Trans. Inf. Syst. Secur., 13:39:1--39:33, December 2010.

Digital Library

[24]

P. P. Tsang, A. Kapadia, C. Cornelius, and S. W. Smith. Nymble: Blocking Misbehaving Users in Anonymizing Networks. IEEE Transactions on Dependable and Secure Computing (TDSC), Sept. 2009

Digital Library

Cited By

Scheffler SMayer J(2024)Group Moderation Under End-to-End EncryptionProceedings of the Symposium on Computer Science and Law10.1145/3614407.3643704(36-47)Online publication date: 12-Mar-2024
https://dl.acm.org/doi/10.1145/3614407.3643704
Chow SMa JYuen T(2023)Scored Anonymous CredentialsApplied Cryptography and Network Security10.1007/978-3-031-33491-7_18(484-515)Online publication date: 19-Jun-2023
https://dl.acm.org/doi/10.1007/978-3-031-33491-7_18
Dopmann CFranck VTschorsch F(2021)Onion Pass: Token-Based Denial-of-Service Protection for Tor Onion Services2021 IFIP Networking Conference (IFIP Networking)10.23919/IFIPNetworking52078.2021.9472207(1-9)Online publication date: 21-Jun-2021
https://doi.org/10.23919/IFIPNetworking52078.2021.9472207
Show More Cited By

Index Terms

FAUST: efficient, TTP-free abuse prevention by anonymous whitelisting
1. Security and privacy

Recommendations

PEREA: towards practical TTP-free revocation in anonymous authentication
CCS '08: Proceedings of the 15th ACM conference on Computer and communications security

Several anonymous authentication schemes allow servers to revoke a misbehaving user's ability to make future accesses. Traditionally, these schemes have relied on powerful TTPs capable of deanonymizing (or linking) users' connections. Recent schemes ...
BLAC: Revoking Repeatedly Misbehaving Anonymous Users without Relying on TTPs

Several credential systems have been proposed in which users can authenticate to service providers anonymously. Since anonymity can give users the license to misbehave, some variants allow the selective deanonymization (or linking) of misbehaving users ...
Blacklistable anonymous credentials: blocking misbehaving users without ttps
CCS '07: Proceedings of the 14th ACM conference on Computer and communications security

Several credential systems have been proposed in which users can authenticate to services anonymously. Since anonymity can give users the license to misbehave, some variants allow the selective deanonymization (or linking) of misbehaving users upon a ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

WPES '11: Proceedings of the 10th annual ACM workshop on Privacy in the electronic society

October 2011

192 pages

ISBN:9781450310024

DOI:10.1145/2046556

General Chair:
Yan Chen
Northwestern University, USA
,
Program Chair:
Jaideep Vaidya
Rutgers University, USA

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 October 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'11

Sponsor:

SIGSAC

CCS'11: the ACM Conference on Computer and Communications Security

October 17, 2011

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 106 of 355 submissions, 30%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
142
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 19 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Scheffler SMayer J(2024)Group Moderation Under End-to-End EncryptionProceedings of the Symposium on Computer Science and Law10.1145/3614407.3643704(36-47)Online publication date: 12-Mar-2024
https://dl.acm.org/doi/10.1145/3614407.3643704
Chow SMa JYuen T(2023)Scored Anonymous CredentialsApplied Cryptography and Network Security10.1007/978-3-031-33491-7_18(484-515)Online publication date: 19-Jun-2023
https://dl.acm.org/doi/10.1007/978-3-031-33491-7_18
Dopmann CFranck VTschorsch F(2021)Onion Pass: Token-Based Denial-of-Service Protection for Tor Onion Services2021 IFIP Networking Conference (IFIP Networking)10.23919/IFIPNetworking52078.2021.9472207(1-9)Online publication date: 21-Jun-2021
https://doi.org/10.23919/IFIPNetworking52078.2021.9472207
Gaiduk PRanjan KBasmer TTschorsch F(2020)Privacy-Preserving Public Key Infrastructure for Vehicular Networks2020 IEEE 45th Conference on Local Computer Networks (LCN)10.1109/LCN48667.2020.9314787(154-163)Online publication date: 16-Nov-2020
https://doi.org/10.1109/LCN48667.2020.9314787
Yang RAu MXu QYu Z(2018)Decentralized Blacklistable Anonymous Credentials with ReputationInformation Security and Privacy10.1007/978-3-319-93638-3_41(720-738)Online publication date: 13-Jun-2018
https://doi.org/10.1007/978-3-319-93638-3_41
Cai QLutes JLin JLuo B(2018)A-Tor: Accountable Anonymity in TorSecurity and Privacy in Communication Networks10.1007/978-3-319-78813-5_46(838-851)Online publication date: 11-Apr-2018
https://doi.org/10.1007/978-3-319-78813-5_46
Xi LFeng DAhn GDatta A(2014)FARBProceedings of the 13th Workshop on Privacy in the Electronic Society10.1145/2665943.2665947(139-148)Online publication date: 3-Nov-2014
https://dl.acm.org/doi/10.1145/2665943.2665947
Xi LShao JYang KFeng D(2014)ARBRA: Anonymous Reputation-Based Revocation with Efficient AuthenticationInformation Security10.1007/978-3-319-13257-0_3(33-53)Online publication date: 2014
https://doi.org/10.1007/978-3-319-13257-0_3
Wang WFeng DQin YShao JXi LChu X(2014)ExBLACR: Extending BLACR SystemInformation Security and Privacy10.1007/978-3-319-08344-5_26(397-412)Online publication date: 2014
https://doi.org/10.1007/978-3-319-08344-5_26
Au MKapadia AYu TDanezis GGligor V(2012)PERMProceedings of the 2012 ACM conference on Computer and communications security10.1145/2382196.2382294(929-940)Online publication date: 16-Oct-2012
https://dl.acm.org/doi/10.1145/2382196.2382294
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents