Skip to main content
SpringerLink
Log in

ExBLACR: Extending BLACR System

  • Conference paper
Information Security and Privacy (ACISP 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8544))

Included in the following conference series:

Abstract

Reputation-based anonymous blacklisting systems allow users to anonymously authenticate their identities with a service provider (SP) directly, while enabling the service provider to score users’ misbehaviour and deny access from users with insufficient reputation, without the assistance of a Trusted Third Party (TTP). Au, Kapadia and Susilo’s reputation-based anonymous blacklisting system BLACR is an elegant solution except for the linear computational overhead in the size of the reputation list. Therefore, they proposed a more practical strategy for BLACR that allows active users to authenticate in the express lane. However, the strategy disables BLACR’s ability to perform unblacklisting since removing entries from the blacklist invalidates the reputation proofs of express lane tokens. Another problem of BLACR is that the express lane tokens can be reused (replay attack). In this paper, we propose ExBLACR, which provides a solution to the above problems. Our construction directly builds from BLACR and we present an improvement of weighted-score adjusting protocol (\(\mathfrak{G}_{WS-Adj}\)) to support unblacklisting when BLACR employs the express lane authentication. We also make a minor change to the express lane tokens to resist replay attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abbott, R.S., van der Horst, T.W., Seamons, K.E.: CPG: Closed Pseudonymous Groups. In: Proceedings of WPES 2008, pp. 55–64. ACM (2008)

    Google Scholar 

  2. Au, M.H., Susilo, W., Mu, Y.: Constant-size dynamic k-TAA. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 111–125. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  3. Au, M.H., Tsang, P.P., Kapadia, A.: PEREA: Practical TTP-free revocation of repeatedly misbehaving anonymous users. ACM Transactions on Information and System Security 14(4), 29 (2011)

    Article  Google Scholar 

  4. Au, M.H., Tsang, P.P., Kapadia, A., Susilo, W.: BLACR: TTP-Free Blacklistable Anonymous Credentials with Reputation. Technical Report TR695, Indiana University Bloomington (2011)

    Google Scholar 

  5. Au, M.H., Kapadia, A., Susilo, W.: BLACR: TTP-free blacklistable anonymous credentials with reputation. In: Proceedings of NDSS 2012, ISOC (2012)

    Google Scholar 

  6. Au, M.H., Kapadia, A.: PERM: Practical reputation-based blacklisting without TTPs. In: Proceedings of CCS 2012, pp. 929–940. ACM (2012)

    Google Scholar 

  7. Brickell, E., Li, J.: Enhanced Privacy ID: A Direct Anonymous Attestation Scheme with Enhanced Revocation Capabilities. IEEE Transactions on Dependable and Secure Computing 9(3), 345–360 (2012)

    Article  Google Scholar 

  8. Camenisch, J.L., Stadler, M.A.: Efficient group signature schemes for large groups (extended abstract). In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  9. Chaum, D.: Security Without Identification: Transaction Systems to Make Big Brother Obsolete. Communications of the ACM 28(10), 1030–1044 (1985)

    Article  Google Scholar 

  10. Chaum, D., van Heyst, E.: Group Signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)

    Chapter  Google Scholar 

  11. Chen, L.: Access with Pseudonyms. In: Dawson, E.P., Golić, J.D. (eds.) Cryptography: Policy and Algorithms 1995. LNCS, vol. 1029, pp. 232–243. Springer, Heidelberg (1996)

    Google Scholar 

  12. Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: The Second-Generation Onion Router. In: Proceedings of USENIX Security 2004, SSYM 2004, vol. 12, p. 21. USENIX (2004)

    Google Scholar 

  13. Holt, J.E., Seamons, K.E.: Nym: Practical Pseudonymity for Anonymous Networks. Internet Security Research Lab, BYU, Technical Report 2006-4 (2006)

    Google Scholar 

  14. Henry, R., Henry, K., Goldberg, I.: Making a Nymbler Nymble using VERBS. In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 111–129. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  15. Henry, R., Goldberg, I.: Formalizing anonymous blacklisting systems. In: Proceedings of IEEE S&P, pp. 81–95 (2011)

    Google Scholar 

  16. Henry, R., Goldberg, I.: Thinking Inside the BLAC Box: Smarter protocols Faster Anonymous Blacklisting. In: Proceedings of WPES 2013, pp. 71–82. ACM (2013)

    Google Scholar 

  17. Li, J., Li, N., Xue, R.: Universal Accumulators with Efficient Nonmembership Proofs. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 253–269. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  18. Lin, Z., Hopper, N.: Jack: Scalable Accumulator-based Nymble System. In: Proceedings of WPES 2010, pp. 53–62. ACM (2010)

    Google Scholar 

  19. Lofgren, P., Hopper, N.: BNymble: More Anonymous Blacklisting at Almost No Cost (A Short Paper). In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 268–275. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  20. Lofgren, P., Hopper, N.: FAUST: Efficient, TTP-Free Abuse Prevention by Anonymous Whitelisting. In: Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2011), pp. 125–130. ACM (2011)

    Google Scholar 

  21. Lysyanskaya, A.: Pseudonym Systems, Master’s thesis. Department of Electrical Engineering and Computer Science. MIT (1999)

    Google Scholar 

  22. Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)

    Google Scholar 

  23. Peng, K., Bao, F.: Vulnerability of a Non-membership Proof Scheme. In: SECRYPT, pp. 419–422. SciTePress (2010)

    Google Scholar 

  24. Schwartz, E.J., Brumley, D., McCune, J.M.: A Contractual Anonymity System. In: Proceedings of NDSS 2010, ISOC (2010)

    Google Scholar 

  25. Tsang, P.P., Au, M.H., Kapadia, A., Smith, S.W.: Blacklistable Anonymous Credentials: Blocking Misbehaving Users Without TTPs. In: Proceedings of CCS 2007, pp. 72–81. ACM (2007)

    Google Scholar 

  26. Tsang, P.P., Au, M.H., Kapadia, A., Smith, S.W.: PEREA: Towards practical TTP-free revocation in anonymous authentication. In: Proceedings of CCS 2008, pp. 333–344. ACM (2008)

    Google Scholar 

  27. Tsang, P.P., Au, M.H., Kapadia, A., Smith, S.W.: BLAC: Revoking Repeatedly Misbehaving Anonymous Users without Relying on TTPs. ACM Transactions on Information and System Security (TISSEC) 13(4) (2010)

    Google Scholar 

  28. Tsang, P.P., Kapadia, A., Cornelius, C., Smith, S.W.: Nymble: Blocking Misbehaving Users in Anonymizing Networks. IEEE Transactions on Dependable and Secure Computing (TDSC) 8(2), 256–269 (2011)

    Article  Google Scholar 

  29. Yu, K.Y., Yuen, T.H., Chow, S.S.M., Yiu, S.M., Hui, L.C.K.: PE(AR)2: Privacy-Enhanced Anonymous Authentication with Reputation and Revocation. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 679–696. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing, China

    Weijin Wang, Dengguo Feng, Yu Qin, Jianxiong Shao, Li Xi & Xiaobo Chu

Authors
  1. Weijin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dengguo Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yu Qin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jianxiong Shao
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Li Xi
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Xiaobo Chu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Centre for Computer and Information Security Research, School of Computer Science and Software Engineering, University of Wollongong, Northfields Avenue, 2522, Wollongong, NSW, Australia

    Willy Susilo  & Yi Mu  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Wang, W., Feng, D., Qin, Y., Shao, J., Xi, L., Chu, X. (2014). ExBLACR: Extending BLACR System. In: Susilo, W., Mu, Y. (eds) Information Security and Privacy. ACISP 2014. Lecture Notes in Computer Science, vol 8544. Springer, Cham. https://doi.org/10.1007/978-3-319-08344-5_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-08344-5_26

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-08343-8

  • Online ISBN: 978-3-319-08344-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation