Blacklisting and blocking anonymous credential users

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),
INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING &
ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME
TECHNOLOGY (IJCET)
ISSN 0976 – 6367(Print)
ISSN 0976 – 6375(Online)
Volume 3, Issue 3, October - December (2012), pp. 41-53 IJCET
© IAEME: www.iaeme.com/ijcet.asp
Journal Impact Factor (2012): 3.9580 (Calculated by GISI) ©IAEME
www.jifactor.com

BLACKLISTING AND BLOCKING ANONYMOUS CREDENTIAL USERS

1
H.Jayasree, Assoc. Prof, Dept. of IT , ATRI, Uppal,
Hyderabad.jayahsree@yahoo.com
2
Dr. A.Damodaram, Prof. of CSE Dept & Director – Academic Audit Cell,
JNTUH, Hyderabad. damodarama@rediff.com

ABSTRACT

Anonymous credential systems provide a mechanism for the users to authenticate themselves
anonymously. Since the transactions are inherently anonymous, some users try to misbehave by taking
advantage of their anonymity. So there is a necessity to formulate some method to stop such users from
misbehaving. Also in order to increase the security at the users end we include an additional entity, the trustee
that the user trusts.

KEYWORDS

Initiator(user), CA (certification authority), responder/verifier(website owner),SSL (Secure socket layer), SHA-
1( secure hash algorithm).

1 INTRODUCTION

Credential systems allow subjects to prove possession of attributes to interested parties. In a sound credential
system subject’s first need to obtain a structure termed a credential from an entity termed the credential issuer.
The issuer encodes some well-defined set of attributes together with their values into the credential which is
then passed on, or `granted', to the subject. Only after having gone through this process can the subject prove
possession of those attributes that are encoded in the credential. During this latter process, the interested party is
said to `verify the credential' and is therefore called a verifier. Subjects are typically human users, issuers are
typically well-known organisations with authority over the attributes they encode into the credentials they issue,
and verifiers typically are service providers that perform attribute based access control.

An example of a credential system is a Public Key Infrastructure (PKI). In a PKI, credentials are public key
certificates that bind together subject attributes such as subject name, public key, its issue and expiry dates, and

41


so on. The credential issuer is the Certification Authority (CA); it grants public key certificates according to
some subject registration procedure. Finally, credential verifiers are the entities within the PKI that accept the
certificates issued by the CA. In conventional credential systems (e.g. a PKI), issuers and verifiers identify any
given subject by a system-wide identifier. This has a potentially severe impact on the subject's privacy, as it
enables issuers and verifiers to combine their knowledge about the subject. Indeed, they can construct
individual transaction histories for all the subjects in the system, simply by correlating credential related events
using these identifiers.

Over the last 20 years, a significant amount of research has been performed on credential systems that try to
address the privacy issue. In an anonymous credential system, subjects establish a different identifier with each
issuer and verifier they wish to interact with, where we assume throughout that these pseudonyms cannot be
connected to the subject's true identity. These identifiers, termed the subject's pseudonyms, are unlinkable, i.e.
they do not possess any connection with one another. This means that it is infeasible, for colluding issuers and
verifiers, to decide with certainty whether or not any given pair of pseudonyms belongs to the same subject1.
While a subject obtains a credential under the pseudonym that was established with the issuer, proof of its
possession2 takes place under the pseudonym established with the verifier. Of course, in order for the system to
remain sound, subjects should only be able to successfully prove possession of credentials that they were indeed
issued by some legitimate issuer.

A number of anonymous credential systems have been proposed in the literature, each with its own particular
set of entities, underlying problems, assumptions and properties. This section presents the model of anonymous
credential systems on which the rest of the paper is based. It is intended to be as general as possible, in order to
be consistent with the majority of existing schemes.

1) Proving possession of a credential amounts to proving possession of the attributes that are encoded within the
credential. We refer to this process also as the showing of a credential.

2) We consider an anonymous credential system to involve four types of player: subjects, issuers and verifiers,
trustee. It is assumed that subjects establish at least one pseudonym with each organisation with which they
wish to interact.

These pseudonyms are assumed to be indistinguishable, meaning that they do not bear any connection to the
identity of the subject they belong to.We further assume that pseudonyms are unlinkable, i.e. two pseudonyms
for the same subject cannot be linked to each other. Subjects may obtain credentials, i.e. structures that encode a
well defined, finite set of attributes together with their values, from issuers. They may subsequently show those
credentials to verifiers, i.e. convince them that they possess (possibly a subset of) the encoded attributes. A
credential is issued under a pseudonym that the subject has established with its issuer, and it is shown under the
pseudonym that the subject has established with the relevant verifier.

It is assumed that the anonymous credential system is sound. This means that it offers pseudonym owner
protection, i.e. that only the subject that established a given pseudonym can show credentials under it.
Soundness also implies credential unforgeability; the only way that subjects may prove possession of a
credential is by having obtained it previously from a legitimate issuer. In some applications, it is required that
the system offers the stronger property of credential non-transferability. This property guarantees that no

42


subject can prove possession of a credential that it has not been issued, even if the subject colludes with other
subject(s) that may have (legitimately) obtained such a credential. In other words, a system that offers non-
transferability prohibits credential sharing, whereas a system that offers only unforgeability, does not. We
require that credentials are bound to the subject to which they have been issued. We therefore assume that either
the system offers non-transferability or that in practice subjects do not share their credentials. It is assumed
further that the system properly protects privacy in that a subject's transactions with organisations do not
compromise the unlinkability of its pseudonyms.

1.1 BASIC TERMINOLOGY

We mention below some basic terminology.

ANONYMITY: To enable the anonymity of a subject, there always has to be an appropriate set of subjects
with potentially the same attributes. Anonymity is thus defined as the state of being not identifiable within a set
of subjects, the anonymity set.

UNLINKABLITY: The [ISO15408 1999] defines unlinkability as follows: "[Unlinkability] ensures that a user
may make multiple uses of resources or services without others being able to link these uses together. [...]
Unlinkability requires that users and/or subjects are unable to determine whether the same user caused certain
specific operations in the system."
PSEUDONYMITY: Pseudonyms are identifiers of subjects. We can generalize pseudonyms to be identifiers of
sets of subjects. The subject whom the pseudonym refers to is the holder of the pseudonym. Being
pseudonymous is the state of using a pseudonym as ID. We assume that each pseudonym refers to exactly one
holder, invariant over time, being not transferred to other subjects. Pseudonymity is the use of pseudonyms as
IDs. An advantage of pseudonymity technologies is that accountability for misbehaviour can be enforced. Also,
persistent pseudonyms allow their owners to build a pseudonymous reputation over time.

BLACKLISTING: Several credential systems have been proposed in which users can authenticate to services
anonymously. Since anonymity can give users the license to misbehave, some variants allow the selective
deanonymization (or linking) of misbehaving users upon a complaint to a trusted third party (TTP). The ability
of the TTP to revoke a user’s privacy at any time, however, is too strong a punishment for misbehavior. To limit
the scope of deanonymization, systems such as “e-cash” have been proposed in which users are deanonymized
under only certain types of well-defined misbehavior such as “double spending.” While useful in some
applications, it is not possible to generalize such techniques to more subjective definitions of misbehavior.

CERTIFICATION AUTHORITY (CA): It is a third party organization that the user as well as the responder
trusts. He issues the certificate for the user. This certificate ensures the responder that the user is a valid person.
Hence the responder allows the user to be anonymous in his transactions.

TRUSTEE: Trustee can be any person or a third party organization that the user trusts. The trustee first ensures
that the user is valid by asking for necessary credentials. If satisfied, the trustee assigns a pseudo name to the
user. He then contacts the certification authority and requests for a certificate on behalf of the user.

43


There are three main entities involved: (1) the initiator (2) the digital analyst (3) responder. Initially the initiator
generates a list of credentials and sends them to the digital analyst revealing only those credentials that are
enough to prove that he is authentic. After authenticating the initiator, the digital analyst signs the list with a
digital signature and gives the initiator a pseudonym. Henceforth the initiator interacts with the responder using
his pseudonym.

2. RELATED WORK

The scenario with multiple users, who, while remaining anonymous to the organizations, manage to transfer
credentials from one organization to another, was first introduced by Chaum [7]. Subsequently, Chaum and
Evertse [6] proposed a solution that is based on the existence of a semi-trusted third party who is involved in all
transactions. However, the involvement of a semi-trusted third party is undesirable.

The scheme later proposed by Damgard [9] employs general complexity-theoretic primitives (one-way
functions and zero-knowledge proofs) and is therefore not applicable for practical use. Moreover, it does not
protect organizations against colluding users. The scheme proposed by Chen [8] is based on discrete-logarithm-
based blind signatures. It does not address the problem of colluding users. Another drawback of her scheme and
the other practical schemes previously proposed is that to use a credential several times, a user needs to obtain
several signatures from the issuing organization. Lysyanskaya, Rivest, Sahai, and Wolf [11] propose a general
credential system. While their general solution captures many of the desirable properties, it is not usable in
practice because their constructions are based on one-way functions and general zero-knowledge proofs. Their
practical construction, based on a non-standard discrete-logarithm-based assumption, has the same problem as
the one due to Chen [8]: a user needs to obtain several signatures from the issuing organization in order to use
unlinkably a credential several times.

Other related work is that of Brands [4] who provides a certificate system in which a user has control over what
is known about the attributes of a pseudonym. Although a credential system with one-show credentials can be
inferred from his framework, obtaining a credential system with multi-show credentials is not immediate and
may in fact be impossible in practice. Another inconvenience of these and the other discrete-logarithm-based
schemes mentioned above is that all the users and the certification authorities in these schemes need to share the
same discrete logarithm group. The concept of revocable anonymity is found in electronic payment systems
(e.g., [5, 14]) and group signature and identity escrow (e.g., [1, 3, 2, 12] schemes. Prior to our work, the
problem of constructing a practical system with multiple-use credentials eluded researchers for some time [4, 8,
9, 11]. We solve it by extending ideas found in the constructions of strong-RSA-based signature schemes [10,
13] and group signature schemes [1].

3. PROPOSAL

In addition to the three main entities i.e, the initiator, the certification authority and the responder we include an
additional entity i.e the trustee. The trustee is a third party individual/organization that the user trusts. Instead of
revealing his credentials to the certification authority, the user approaches a trustee to whom he reveals the
necessary credentials. The trustee provides the user with a pseudo name. The trustee then approaches the CA for
the certificate.

44


The responder keeps track of all the users’ activities and if it tracks one of the users trying to misbehave, it
blacklists that user. The responder maintains a table containing a list of blacklisted and white listed users. The
responder then contacts the respective certification authority and notifies it about the misbehavior. The CA after
investigation revokes the user’s certificate. If any user who is listed as a blacklisted user tries to contact the CA
for renewal of certificate, the CA rejects the request.

The trustee uses sha-1 algorithm to generate pseudo name (hash). The responder meanwhile keeps track of
user’s activities. If any user tries to misbehave, he is blacklisted.

To blacklist the user, the responder should store the login and logout times of each user. If any malpractice is
observed, the responder can check the time at which the site was compromised and compare it with the login
and logout times of the user. Then the responder can make a list of users who were using the site when the
malpractice occurred .the responder can add these names under suspicious list. Then based on the content of the
information compromised or severity of damage, the responder can decide the action to be taken. If the users
name appears more than once in the suspicious list the user’s activities are carefully scrutinized by the
responder. The responder can maintain a threshold such that if the number of times the users name appears in
the suspicious list crosses the threshold value, the user can be blacklisted.

3.1GENERATION OF CERTIFICATE USING OPEN SSL

Secure Sockets Layer (SSL) is a cryptographic protocol that provides communication security over
the Internet SSL encrypts the segments of network connections above the Transport Layer, using asymmetric
cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for
message integrity. Several versions of the protocol are in widespread use in applications such as web
browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP).
ALGORITHMS USED

3.1.1SHA-1 ALGORITHM

In cryptography, SHA-1 is a cryptographic hash function designed by the United States National Security
Agency and published by the United States NIST as a U.S. Federal Information Processing Standard. SHA
stands for "secure hash algorithm". The three SHA algorithms are structured differently and are distinguished
as SHA-0, SHA-1, and SHA-2. SHA-1 is very similar to SHA-0, but corrects an error in the original SHA hash
specification that led to significant weaknesses. The SHA-0 algorithm was not adopted by many applications.
SHA-2 on the other hand significantly differs from the SHA-1 hash function. SHA-1 is the most widely used of
the existing SHA hash functions, and is employed in several widely used security applications and protocols, as
well as a consistency checker in Git. In 2005, security flaws were identified in SHA-1, namely that a
mathematical weakness might exist, indicating that a stronger hash function would be desirable.

3.2.2RSA- ALGORITHM

RSA is an algorithm for public-key cryptography that is based on the presumed difficulty of factoring large
integers, the factoring problem. RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first
publicly described it in 1978. A user of RSA creates and then publishes the product of two large prime numbers,

45


along with an auxiliary value, as their public key. The prime factors must be kept secret. Anyone can use the
public key to encrypt a message, but with currently published methods, if the public key is large enough, only
someone with knowledge of the prime factors can feasibly decode the message.

4. RESULTS AND DISCUSSION

The trustee can use a wamp server with an inbuilt phpmyadmin database. The user enters his credentials on the
web page created by trustee. The trustee after verifying these credentials provides a pseudo name to the user.
The algorithm used is sha-1.

The trustee then contacts the certification authority to request a certificate on behalf of the user. The CA can use
the SSL tool to generate the certificate.

The responder webpage can contain a provision to let the user upload the certificate or enter the certificate serial
number (it is unique to each user). After getting it verified from the CA, the responder can allow access to the
user.

The responder also must keep track of the users activities to avoid any malpractice by the user. The responder
can maintain a white list, blacklist and suspicious list. the white list contains names of valid users. The
suspicious list contains a list of users whose activities are to be carefully scrutinized. The black list contains a
list of users who are blacklisted.

4.1 IMPLEMENTATION

The trustee uses sha-1 algorithm to generate pseudoname (hash). This feature is directly available in php. For
example the code
<?php
echo hash('SHA1', 'xyz');
?>
Generates the hash :66b27417d37e024c46526c2f6d358a754fc552f3
Hence the trustee generates the hash and sends it to the user. The user uses this hash value as his pseudoname
and carries out his transactions with the responder using this pseudoname. The trustee then contacts the
certification authority for the certificate.
The certification authority can use a tool like SSL to generate the certificate. SSL is a freeware and can be
downloaded from the internet.
The following commands are used to obtain the .crt file:

1. genrsa -des3 -out server.key 1024.
2. req -key server.key -out server.csr.
3. x509 -req -days 365 -in server.csr -signkey server.key -out server.crt.
4.
The first command is to generate the keys (Public, Private) using the des algorithm and store the output
in the file server.key which is of 1024 bits.

46

ISSN 0976 – 6375(Online) Volume 3, Issue 3, October December (2012), © IAEME
October-December

The second command is used to generate a .csr file. Hence server.csr file is generated. In this window
server.csr
we can see that the command allow us to enter the default credentials that are shown in the details of the Digital
Certificate.

The third command is to provide the duration of validity for the certificate.

Once the .csr file is generated we can upload it in a website (eg. Verisign, Getacert)

47


The user can use this certificate to register to the responder without revealing his credentials. Here the
certificate serial number is a unique number and can be used as the primary key to identify the user.

4.2 SCREEN SHOTS

2) Trustee Generates Psudoname For The User.
Also Contacts The Ca For The Certificate.
1) Trustees Page For The User To Enter e
Credentials

48


3) Registration With Responder 5) User Enters Login Id And Password

4) User Login 6) Login Id Password And Login Time Are Stored
In Responders Database

49


7) Responders Site 9) Initiator Updates The Changes

8) Initiator Tries To Make Changes To Responders 10) The Change Made And Time At Which The
Site Change Was Made Is Stored In The Responders
Database

50


11)Email To Trustee About Users Misbehaviour 12) Checking the mail

5. CONCLUSION

The above graph shows that the proposal is feasible and helps to secure the site against misbehaving users. The
threshold can be selected by the responder based on the sensitivity of data contained in the site. Our proposed
work blacklists the user based on the login times that are stored in the database of the responder.

51


6. REFERENCES

[1] Giuseppe Ateniese, Jan Camenisch, Marc Joye, and Gene Tsudik. A practical and provably secure coalition-
resistant group signature scheme. In CRYPTO, volume 1880 of LNCS, pages 255–270. Springer, 2000.

[2] David Chaum and Eug`ene van Heyst. Group signatures. In EUROCRYPT, pages 257–265, 1991.

[3] Jan Camenisch and Markus Stadler. Efficient group signature schemes for large groups (extended abstract).
In CRYPTO, volume 1294 of LNCS, pages 410–424. Springer, 1997.

[4] Stefan Brands. Rethinking Public Key Infrastructure and Digital Certificates Building in Privacy. PhD
thesis, Eindhoven Institute of Technology, Eindhoven, The Netherlands, 1999.

[5] Ernie Brickell, Peter Gemmel, and David Kravitz. Trustee-based tracing extensions to anonymous cash and
the making of anonymous change. In Proceedings of the Sixth Annual ACM-SIAMs, pages 457{466.
Association for Computing Machinery, January 1995.

[6] David Chaum and Jan-Hendrik Evertse. A secure and privacy-protecting protocol for transmitting personal
information between organizations. In M. Odlyzko, editor, Advances in Cryptology | CRYPTO '86, volume 263
of Lecture Notes in Computer Science, pages 118{167. Springer-Verlag, 1987.

[7] David Chaum. Security without identification: Transaction systems to make big brother obsolete.
Communications of the ACM, 28(10):1030{1044, October 1985.

[8] Lidong Chen. Access with pseudonyms. In E. Dawson ann J. Golic, editor, Cryptography: Policy and
Algorithms, volume 1029 of Lecture Notes in Computer Science, pages 232{243. Springer Verlag, 1995.

[9] Ivan Bjerre Damgard. Payment systems and credential mechanism with provable security against abuse by
individuals. In Shafi Goldwasser, editor, Advances in Cryptology | CRYPTO '88, volume 403 of Lecture Notes
in Computer Science, pages 328{335. Springer Verlag, 1990.

[10] Ronald Cramer and Victor Shoup. Signature schemes based on the strong rsa assumption. In Proc. 6th
ACM Conference on Computer and Communications Security,pages 46{52. ACM press, nov 1999.

[11] Anna Lysyanskaya, Ron Rivest, Amit Sahai, and Stefan Wolf. Pseudonym systems. In Howard Heys and
Carlisle Adams, editors, Selected Areas in Cryptography, volume 1758 of Lecture Notes in Computer Science.
Springer Verlag, 1999.

[12] Joe Kilian and Erez Petrank. Identity escrow. In Hugo Krawczyk, editor, Advances in Cryptology |
CRYPTO '98, volume 1642 of Lecture Notes in Computer Science, pages 169{185, Berlin, 1998. Springer
Verlag.

[13] Rosario Gennaro, Shai Halevi, and Tal Rabin. Secure hash-and-sign signatures without the random oracle.
In Jacques Stern, editor, Advances in Cryptology | EUROCRYPT '99, volume 1592 of Lecture Notes in
Computer Science, pages 123{139. Springer Verlag, 1999.

[14] Markus Stadler, Jean-Marc Piveteau, and Jan Camenisch. Fair blind signatures. In Louis C. Guillou and
Jean-Jacques Quisquater, editors, Advances in Cryptology | EUROCRYPT '95, volume 921 of Lecture Notes in
Computer Science, pages 209{219. Springer Verlag, 1995.

52


Links:
• http://en.wikipedia.org/wiki/Digital_credential
• http://www.patents.com/us-7360080.html
• http://www.cosic.esat.kuleuven.be/publications/article-1513.pdf
• http://fist.mmu.edu.my/cans2010/Portals/0/Document/slides/day3/Bart_Memnink.pdf
• http://dud.inf.tudresden.de/~ben/kellermann_scholz09_anonymous_credentials_in_web_applications.pdf

Authors

Dr Avula Damodaram obtained his B.Tech. Degree in CSE in 1989, M.Tech. in CSE in 1995 and Ph.D in
Computer Science in 2000 all from JNTUH, Hyderabad. His areas of interest are Computer Networks, Software
Engineering, Data Mining and Image Processing. He has successfully guided 6 Ph.D. and 2 MS Scholars apart
from myriad M.Tech projects. He is currently guiding 9 scholars for Ph.D and 1 scholar for MS. He is on the
editorial board of 2 International Journals and a number of Course materials. He has organized as many as 30
Workshops, Short Term Courses and other Refresher and Orientation programmes. He has published 35 well
researched papers in national and International journals. He has also presented 45 papers at different National
and International conferences. On the basis of his scholarly achievements and other multifarious services, He
was honored with the award of DISTINGUISHED ACADAMICIAN by Pentagram Research Centre, India, in
January 2010.

H.Jayasree obtained her B.E. in CSE from Bangalore University and M.Tech. in CSE from JNTUH, Hyderabad
in 2001 and 2006 respectively. She is currently a Research Scholar of CSE JNTUH, Hyderabad. She is working
as Associate Professor, for Aurora’s Technological and Research Institute and has 10yrs of teaching experience
in various colleges of Hyderabad and Bangalore. Areas of research interest include Computer Networks and
Network Security.

53

Blacklisting and blocking anonymous credential users

More Related Content

What's hot (18)

Viewers also liked (20)

Similar to Blacklisting and blocking anonymous credential users (20)

More from IAEME Publication (20)

Blacklisting and blocking anonymous credential users