FARB:快速匿名基于信誉的黑名单，没有https

Proceedings of the 13th Workshop on Privacy in the Electronic Society Pub Date : 2014-11-03 DOI:10.1145/2665943.2665947

Li Xi, D. Feng

{"title":"FARB:快速匿名基于信誉的黑名单，没有https","authors":"Li Xi, D. Feng","doi":"10.1145/2665943.2665947","DOIUrl":null,"url":null,"abstract":"Anonymous blacklisting schemes that do not rely on trusted third parties (TTPs) are desirable as they can block misbehaving users while protecting user privacy. Recent TTP-free schemes such as BLACR and PERM present reputation-based blacklisting, for which the service provider (SP) can assign positive or negative scores to anonymous sessions and block users whose reputations are not high enough. Though being the state of the art in anonymous blacklisting, these schemes are heavyweight and only able to support tens of authentications per minute in practical settings. We present FARB, the first reputation-based blacklisting scheme which has constant computational complexity both on the SP and user side. FARB thus supports a reputation list with billions of entries and is efficient enough for heavy-loaded SPs with thousands of authentications per minute. On the user side, FARB is fast enough even for mobile devices and supports flexible rate-limiting. We also present a novel fine-grained weighted extension which allows the SP to ramp up penalties for repeated misbehaviors according to the severity of the misbehaving user's past sessions.","PeriodicalId":408627,"journal":{"name":"Proceedings of the 13th Workshop on Privacy in the Electronic Society","volume":"183 2","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"FARB: Fast Anonymous Reputation-Based Blacklisting without TTPs\",\"authors\":\"Li Xi, D. Feng\",\"doi\":\"10.1145/2665943.2665947\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Anonymous blacklisting schemes that do not rely on trusted third parties (TTPs) are desirable as they can block misbehaving users while protecting user privacy. Recent TTP-free schemes such as BLACR and PERM present reputation-based blacklisting, for which the service provider (SP) can assign positive or negative scores to anonymous sessions and block users whose reputations are not high enough. Though being the state of the art in anonymous blacklisting, these schemes are heavyweight and only able to support tens of authentications per minute in practical settings. We present FARB, the first reputation-based blacklisting scheme which has constant computational complexity both on the SP and user side. FARB thus supports a reputation list with billions of entries and is efficient enough for heavy-loaded SPs with thousands of authentications per minute. On the user side, FARB is fast enough even for mobile devices and supports flexible rate-limiting. We also present a novel fine-grained weighted extension which allows the SP to ramp up penalties for repeated misbehaviors according to the severity of the misbehaving user's past sessions.\",\"PeriodicalId\":408627,\"journal\":{\"name\":\"Proceedings of the 13th Workshop on Privacy in the Electronic Society\",\"volume\":\"183 2\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-11-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 13th Workshop on Privacy in the Electronic Society\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2665943.2665947\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 13th Workshop on Privacy in the Electronic Society","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2665943.2665947","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

摘要

不依赖于可信第三方(TTPs)的匿名黑名单方案是可取的，因为它们可以阻止行为不端的用户，同时保护用户隐私。最近的无ttp方案，如BLACR和PERM提供基于声誉的黑名单，服务提供商(SP)可以为匿名会话分配正面或负面分数，并阻止声誉不够高的用户。虽然是匿名黑名单的最新技术，但这些方案都是重量级的，在实际设置中每分钟只能支持数十次身份验证。我们提出了FARB，这是第一个基于信誉的黑名单方案，它在SP和用户端都具有恒定的计算复杂度。因此，FARB支持具有数十亿项的信誉列表，并且对于每分钟进行数千次身份验证的负载沉重的sp来说足够高效。在用户端，即使对于移动设备，FARB也足够快，并且支持灵活的速率限制。我们还提出了一种新的细粒度加权扩展，允许SP根据不当行为用户过去会话的严重程度增加对重复不当行为的惩罚。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

FARB: Fast Anonymous Reputation-Based Blacklisting without TTPs

Anonymous blacklisting schemes that do not rely on trusted third parties (TTPs) are desirable as they can block misbehaving users while protecting user privacy. Recent TTP-free schemes such as BLACR and PERM present reputation-based blacklisting, for which the service provider (SP) can assign positive or negative scores to anonymous sessions and block users whose reputations are not high enough. Though being the state of the art in anonymous blacklisting, these schemes are heavyweight and only able to support tens of authentications per minute in practical settings. We present FARB, the first reputation-based blacklisting scheme which has constant computational complexity both on the SP and user side. FARB thus supports a reputation list with billions of entries and is efficient enough for heavy-loaded SPs with thousands of authentications per minute. On the user side, FARB is fast enough even for mobile devices and supports flexible rate-limiting. We also present a novel fine-grained weighted extension which allows the SP to ramp up penalties for repeated misbehaviors according to the severity of the misbehaving user's past sessions.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 13th Workshop on Privacy in the Electronic Society

自引率

0.00%

发文量