Abstract
Reputation-based anonymous blacklisting systems allow users to anonymously authenticate their identities with a service provider (SP) directly, while enabling the service provider to score users’ misbehaviour and deny access from users with insufficient reputation, without the assistance of a Trusted Third Party (TTP). Au, Kapadia and Susilo’s reputation-based anonymous blacklisting system BLACR is an elegant solution except for the linear computational overhead in the size of the reputation list. Therefore, they proposed a more practical strategy for BLACR that allows active users to authenticate in the express lane. However, the strategy disables BLACR’s ability to perform unblacklisting since removing entries from the blacklist invalidates the reputation proofs of express lane tokens. Another problem of BLACR is that the express lane tokens can be reused (replay attack). In this paper, we propose ExBLACR, which provides a solution to the above problems. Our construction directly builds from BLACR and we present an improvement of weighted-score adjusting protocol (\(\mathfrak{G}_{WS-Adj}\)) to support unblacklisting when BLACR employs the express lane authentication. We also make a minor change to the express lane tokens to resist replay attack.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abbott, R.S., van der Horst, T.W., Seamons, K.E.: CPG: Closed Pseudonymous Groups. In: Proceedings of WPES 2008, pp. 55–64. ACM (2008)
Au, M.H., Susilo, W., Mu, Y.: Constant-size dynamic k-TAA. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 111–125. Springer, Heidelberg (2006)
Au, M.H., Tsang, P.P., Kapadia, A.: PEREA: Practical TTP-free revocation of repeatedly misbehaving anonymous users. ACM Transactions on Information and System Security 14(4), 29 (2011)
Au, M.H., Tsang, P.P., Kapadia, A., Susilo, W.: BLACR: TTP-Free Blacklistable Anonymous Credentials with Reputation. Technical Report TR695, Indiana University Bloomington (2011)
Au, M.H., Kapadia, A., Susilo, W.: BLACR: TTP-free blacklistable anonymous credentials with reputation. In: Proceedings of NDSS 2012, ISOC (2012)
Au, M.H., Kapadia, A.: PERM: Practical reputation-based blacklisting without TTPs. In: Proceedings of CCS 2012, pp. 929–940. ACM (2012)
Brickell, E., Li, J.: Enhanced Privacy ID: A Direct Anonymous Attestation Scheme with Enhanced Revocation Capabilities. IEEE Transactions on Dependable and Secure Computing 9(3), 345–360 (2012)
Camenisch, J.L., Stadler, M.A.: Efficient group signature schemes for large groups (extended abstract). In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997)
Chaum, D.: Security Without Identification: Transaction Systems to Make Big Brother Obsolete. Communications of the ACM 28(10), 1030–1044 (1985)
Chaum, D., van Heyst, E.: Group Signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)
Chen, L.: Access with Pseudonyms. In: Dawson, E.P., Golić, J.D. (eds.) Cryptography: Policy and Algorithms 1995. LNCS, vol. 1029, pp. 232–243. Springer, Heidelberg (1996)
Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: The Second-Generation Onion Router. In: Proceedings of USENIX Security 2004, SSYM 2004, vol. 12, p. 21. USENIX (2004)
Holt, J.E., Seamons, K.E.: Nym: Practical Pseudonymity for Anonymous Networks. Internet Security Research Lab, BYU, Technical Report 2006-4 (2006)
Henry, R., Henry, K., Goldberg, I.: Making a Nymbler Nymble using VERBS. In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 111–129. Springer, Heidelberg (2010)
Henry, R., Goldberg, I.: Formalizing anonymous blacklisting systems. In: Proceedings of IEEE S&P, pp. 81–95 (2011)
Henry, R., Goldberg, I.: Thinking Inside the BLAC Box: Smarter protocols Faster Anonymous Blacklisting. In: Proceedings of WPES 2013, pp. 71–82. ACM (2013)
Li, J., Li, N., Xue, R.: Universal Accumulators with Efficient Nonmembership Proofs. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 253–269. Springer, Heidelberg (2007)
Lin, Z., Hopper, N.: Jack: Scalable Accumulator-based Nymble System. In: Proceedings of WPES 2010, pp. 53–62. ACM (2010)
Lofgren, P., Hopper, N.: BNymble: More Anonymous Blacklisting at Almost No Cost (A Short Paper). In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 268–275. Springer, Heidelberg (2012)
Lofgren, P., Hopper, N.: FAUST: Efficient, TTP-Free Abuse Prevention by Anonymous Whitelisting. In: Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2011), pp. 125–130. ACM (2011)
Lysyanskaya, A.: Pseudonym Systems, Master’s thesis. Department of Electrical Engineering and Computer Science. MIT (1999)
Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)
Peng, K., Bao, F.: Vulnerability of a Non-membership Proof Scheme. In: SECRYPT, pp. 419–422. SciTePress (2010)
Schwartz, E.J., Brumley, D., McCune, J.M.: A Contractual Anonymity System. In: Proceedings of NDSS 2010, ISOC (2010)
Tsang, P.P., Au, M.H., Kapadia, A., Smith, S.W.: Blacklistable Anonymous Credentials: Blocking Misbehaving Users Without TTPs. In: Proceedings of CCS 2007, pp. 72–81. ACM (2007)
Tsang, P.P., Au, M.H., Kapadia, A., Smith, S.W.: PEREA: Towards practical TTP-free revocation in anonymous authentication. In: Proceedings of CCS 2008, pp. 333–344. ACM (2008)
Tsang, P.P., Au, M.H., Kapadia, A., Smith, S.W.: BLAC: Revoking Repeatedly Misbehaving Anonymous Users without Relying on TTPs. ACM Transactions on Information and System Security (TISSEC) 13(4) (2010)
Tsang, P.P., Kapadia, A., Cornelius, C., Smith, S.W.: Nymble: Blocking Misbehaving Users in Anonymizing Networks. IEEE Transactions on Dependable and Secure Computing (TDSC) 8(2), 256–269 (2011)
Yu, K.Y., Yuen, T.H., Chow, S.S.M., Yiu, S.M., Hui, L.C.K.: PE(AR)2: Privacy-Enhanced Anonymous Authentication with Reputation and Revocation. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 679–696. Springer, Heidelberg (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Wang, W., Feng, D., Qin, Y., Shao, J., Xi, L., Chu, X. (2014). ExBLACR: Extending BLACR System. In: Susilo, W., Mu, Y. (eds) Information Security and Privacy. ACISP 2014. Lecture Notes in Computer Science, vol 8544. Springer, Cham. https://doi.org/10.1007/978-3-319-08344-5_26
Download citation
DOI: https://doi.org/10.1007/978-3-319-08344-5_26
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-08343-8
Online ISBN: 978-3-319-08344-5
eBook Packages: Computer ScienceComputer Science (R0)