International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING &

; ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

TECHNOLOGY (IJCET)

ISSN 0976 6367(Print) ISSN 0976 6375(Online) Volume 3, Issue 3, October - December (2012), pp. 41-53 IAEME: www.iaeme.com/ijcet.asp Journal Impact Factor (2012): 3.9580 (Calculated by GISI) www.jifactor.com

IJCET
IAEME

BLACKLISTING AND BLOCKING ANONYMOUS CREDENTIAL USERS

H.Jayasree, Assoc. Prof, Dept. of IT , ATRI, Uppal, Hyderabad.jayahsree@yahoo.com 2 Dr. A.Damodaram, Prof. of CSE Dept & Director Academic Audit Cell, JNTUH, Hyderabad. damodarama@rediff.com
ABSTRACT Anonymous credential systems provide a mechanism for the users to authenticate themselves anonymously. Since the transactions are inherently anonymous, some users try to misbehave by taking advantage of their anonymity. So there is a necessity to formulate some method to stop such users from misbehaving. Also in order to increase the security at the users end we include an additional entity, the trustee that the user trusts. KEYWORDS Initiator(user), CA (certification authority), responder/verifier(website owner),SSL (Secure socket layer), SHA1( secure hash algorithm). 1 INTRODUCTION Credential systems allow subjects to prove possession of attributes to interested parties. In a sound credential system subjects first need to obtain a structure termed a credential from an entity termed the credential issuer. The issuer encodes some well-defined set of attributes together with their values into the credential which is then passed on, or `granted', to the subject. Only after having gone through this process can the subject prove possession of those attributes that are encoded in the credential. During this latter process, the interested party is said to `verify the credential' and is therefore called a verifier. Subjects are typically human users, issuers are typically well-known organisations with authority over the attributes they encode into the credentials they issue, and verifiers typically are service providers that perform attribute based access control. An example of a credential system is a Public Key Infrastructure (PKI). In a PKI, credentials are public key certificates that bind together subject attributes such as subject name, public key, its issue and expiry dates, and
1

41

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME so on. The credential issuer is the Certification Authority (CA); it grants public key certificates according to some subject registration procedure. Finally, credential verifiers are the entities within the PKI that accept the certificates issued by the CA. In conventional credential systems (e.g. a PKI), issuers and verifiers identify any given subject by a system-wide identifier. This has a potentially severe impact on the subject's privacy, as it enables issuers and verifiers to combine their knowledge about the subject. Indeed, they can construct individual transaction histories for all the subjects in the system, simply by correlating credential related events using these identifiers. Over the last 20 years, a significant amount of research has been performed on credential systems that try to address the privacy issue. In an anonymous credential system, subjects establish a different identifier with each issuer and verifier they wish to interact with, where we assume throughout that these pseudonyms cannot be connected to the subject's true identity. These identifiers, termed the subject's pseudonyms, are unlinkable, i.e. they do not possess any connection with one another. This means that it is infeasible, for colluding issuers and verifiers, to decide with certainty whether or not any given pair of pseudonyms belongs to the same subject1. While a subject obtains a credential under the pseudonym that was established with the issuer, proof of its possession2 takes place under the pseudonym established with the verifier. Of course, in order for the system to remain sound, subjects should only be able to successfully prove possession of credentials that they were indeed issued by some legitimate issuer. A number of anonymous credential systems have been proposed in the literature, each with its own particular set of entities, underlying problems, assumptions and properties. This section presents the model of anonymous credential systems on which the rest of the paper is based. It is intended to be as general as possible, in order to be consistent with the majority of existing schemes. 1) Proving possession of a credential amounts to proving possession of the attributes that are encoded within the credential. We refer to this process also as the showing of a credential. 2) We consider an anonymous credential system to involve four types of player: subjects, issuers and verifiers, trustee. It is assumed that subjects establish at least one pseudonym with each organisation with which they wish to interact. These pseudonyms are assumed to be indistinguishable, meaning that they do not bear any connection to the identity of the subject they belong to.We further assume that pseudonyms are unlinkable, i.e. two pseudonyms for the same subject cannot be linked to each other. Subjects may obtain credentials, i.e. structures that encode a well defined, finite set of attributes together with their values, from issuers. They may subsequently show those credentials to verifiers, i.e. convince them that they possess (possibly a subset of) the encoded attributes. A credential is issued under a pseudonym that the subject has established with its issuer, and it is shown under the pseudonym that the subject has established with the relevant verifier. It is assumed that the anonymous credential system is sound. This means that it offers pseudonym owner protection, i.e. that only the subject that established a given pseudonym can show credentials under it. Soundness also implies credential unforgeability; the only way that subjects may prove possession of a credential is by having obtained it previously from a legitimate issuer. In some applications, it is required that the system offers the stronger property of credential non-transferability. This property guarantees that no

42

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME subject can prove possession of a credential that it has not been issued, even if the subject colludes with other subject(s) that may have (legitimately) obtained such a credential. In other words, a system that offers nontransferability prohibits credential sharing, whereas a system that offers only unforgeability, does not. We require that credentials are bound to the subject to which they have been issued. We therefore assume that either the system offers non-transferability or that in practice subjects do not share their credentials. It is assumed further that the system properly protects privacy in that a subject's transactions with organisations do not compromise the unlinkability of its pseudonyms. 1.1 BASIC TERMINOLOGY We mention below some basic terminology. ANONYMITY: To enable the anonymity of a subject, there always has to be an appropriate set of subjects with potentially the same attributes. Anonymity is thus defined as the state of being not identifiable within a set of subjects, the anonymity set. UNLINKABLITY: The [ISO15408 1999] defines unlinkability as follows: "[Unlinkability] ensures that a user may make multiple uses of resources or services without others being able to link these uses together. [...] Unlinkability requires that users and/or subjects are unable to determine whether the same user caused certain specific operations in the system." PSEUDONYMITY: Pseudonyms are identifiers of subjects. We can generalize pseudonyms to be identifiers of sets of subjects. The subject whom the pseudonym refers to is the holder of the pseudonym. Being pseudonymous is the state of using a pseudonym as ID. We assume that each pseudonym refers to exactly one holder, invariant over time, being not transferred to other subjects. Pseudonymity is the use of pseudonyms as IDs. An advantage of pseudonymity technologies is that accountability for misbehaviour can be enforced. Also, persistent pseudonyms allow their owners to build a pseudonymous reputation over time. BLACKLISTING: Several credential systems have been proposed in which users can authenticate to services anonymously. Since anonymity can give users the license to misbehave, some variants allow the selective deanonymization (or linking) of misbehaving users upon a complaint to a trusted third party (TTP). The ability of the TTP to revoke a users privacy at any time, however, is too strong a punishment for misbehavior. To limit the scope of deanonymization, systems such as e-cash have been proposed in which users are deanonymized under only certain types of well-defined misbehavior such as double spending. While useful in some applications, it is not possible to generalize such techniques to more subjective definitions of misbehavior. CERTIFICATION AUTHORITY (CA): It is a third party organization that the user as well as the responder trusts. He issues the certificate for the user. This certificate ensures the responder that the user is a valid person. Hence the responder allows the user to be anonymous in his transactions. TRUSTEE: Trustee can be any person or a third party organization that the user trusts. The trustee first ensures that the user is valid by asking for necessary credentials. If satisfied, the trustee assigns a pseudo name to the user. He then contacts the certification authority and requests for a certificate on behalf of the user.

43

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME There are three main entities involved: (1) the initiator (2) the digital analyst (3) responder. Initially the initiator generates a list of credentials and sends them to the digital analyst revealing only those credentials that are enough to prove that he is authentic. After authenticating the initiator, the digital analyst signs the list with a digital signature and gives the initiator a pseudonym. Henceforth the initiator interacts with the responder using his pseudonym. 2. RELATED WORK The scenario with multiple users, who, while remaining anonymous to the organizations, manage to transfer credentials from one organization to another, was first introduced by Chaum [7]. Subsequently, Chaum and Evertse [6] proposed a solution that is based on the existence of a semi-trusted third party who is involved in all transactions. However, the involvement of a semi-trusted third party is undesirable. The scheme later proposed by Damgard [9] employs general complexity-theoretic primitives (one-way functions and zero-knowledge proofs) and is therefore not applicable for practical use. Moreover, it does not protect organizations against colluding users. The scheme proposed by Chen [8] is based on discrete-logarithmbased blind signatures. It does not address the problem of colluding users. Another drawback of her scheme and the other practical schemes previously proposed is that to use a credential several times, a user needs to obtain several signatures from the issuing organization. Lysyanskaya, Rivest, Sahai, and Wolf [11] propose a general credential system. While their general solution captures many of the desirable properties, it is not usable in practice because their constructions are based on one-way functions and general zero-knowledge proofs. Their practical construction, based on a non-standard discrete-logarithm-based assumption, has the same problem as the one due to Chen [8]: a user needs to obtain several signatures from the issuing organization in order to use unlinkably a credential several times. Other related work is that of Brands [4] who provides a certificate system in which a user has control over what is known about the attributes of a pseudonym. Although a credential system with one-show credentials can be inferred from his framework, obtaining a credential system with multi-show credentials is not immediate and may in fact be impossible in practice. Another inconvenience of these and the other discrete-logarithm-based schemes mentioned above is that all the users and the certification authorities in these schemes need to share the same discrete logarithm group. The concept of revocable anonymity is found in electronic payment systems (e.g., [5, 14]) and group signature and identity escrow (e.g., [1, 3, 2, 12] schemes. Prior to our work, the problem of constructing a practical system with multiple-use credentials eluded researchers for some time [4, 8, 9, 11]. We solve it by extending ideas found in the constructions of strong-RSA-based signature schemes [10, 13] and group signature schemes [1]. 3. PROPOSAL In addition to the three main entities i.e, the initiator, the certification authority and the responder we include an additional entity i.e the trustee. The trustee is a third party individual/organization that the user trusts. Instead of revealing his credentials to the certification authority, the user approaches a trustee to whom he reveals the necessary credentials. The trustee provides the user with a pseudo name. The trustee then approaches the CA for the certificate.

44

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME The responder keeps track of all the users activities and if it tracks one of the users trying to misbehave, it blacklists that user. The responder maintains a table containing a list of blacklisted and white listed users. The responder then contacts the respective certification authority and notifies it about the misbehavior. The CA after investigation revokes the users certificate. If any user who is listed as a blacklisted user tries to contact the CA for renewal of certificate, the CA rejects the request. The trustee uses sha-1 algorithm to generate pseudo name (hash). The responder meanwhile keeps track of users activities. If any user tries to misbehave, he is blacklisted. To blacklist the user, the responder should store the login and logout times of each user. If any malpractice is observed, the responder can check the time at which the site was compromised and compare it with the login and logout times of the user. Then the responder can make a list of users who were using the site when the malpractice occurred .the responder can add these names under suspicious list. Then based on the content of the information compromised or severity of damage, the responder can decide the action to be taken. If the users name appears more than once in the suspicious list the users activities are carefully scrutinized by the responder. The responder can maintain a threshold such that if the number of times the users name appears in the suspicious list crosses the threshold value, the user can be blacklisted. 3.1GENERATION OF CERTIFICATE USING OPEN SSL Secure Sockets Layer (SSL) is a cryptographic protocol that provides communication security over the Internet SSL encrypts the segments of network connections above the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. Several versions of the protocol are in widespread use in applications such as web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP). ALGORITHMS USED 3.1.1SHA-1 ALGORITHM In cryptography, SHA-1 is a cryptographic hash function designed by the United States National Security Agency and published by the United States NIST as a U.S. Federal Information Processing Standard. SHA stands for "secure hash algorithm". The three SHA algorithms are structured differently and are distinguished as SHA-0, SHA-1, and SHA-2. SHA-1 is very similar to SHA-0, but corrects an error in the original SHA hash specification that led to significant weaknesses. The SHA-0 algorithm was not adopted by many applications. SHA-2 on the other hand significantly differs from the SHA-1 hash function. SHA-1 is the most widely used of the existing SHA hash functions, and is employed in several widely used security applications and protocols, as well as a consistency checker in Git. In 2005, security flaws were identified in SHA-1, namely that a mathematical weakness might exist, indicating that a stronger hash function would be desirable. 3.2.2RSA- ALGORITHM RSA is an algorithm for public-key cryptography that is based on the presumed difficulty of factoring large integers, the factoring problem. RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described it in 1978. A user of RSA creates and then publishes the product of two large prime numbers,

45

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME along with an auxiliary value, as their public key. The prime factors must be kept secret. Anyone can use the public key to encrypt a message, but with currently published methods, if the public key is large enough, only someone with knowledge of the prime factors can feasibly decode the message. 4. RESULTS AND DISCUSSION The trustee can use a wamp server with an inbuilt phpmyadmin database. The user enters his credentials on the web page created by trustee. The trustee after verifying these credentials provides a pseudo name to the user. The algorithm used is sha-1. The trustee then contacts the certification authority to request a certificate on behalf of the user. The CA can use the SSL tool to generate the certificate. The responder webpage can contain a provision to let the user upload the certificate or enter the certificate serial number (it is unique to each user). After getting it verified from the CA, the responder can allow access to the user. The responder also must keep track of the users activities to avoid any malpractice by the user. The responder can maintain a white list, blacklist and suspicious list. the white list contains names of valid users. The suspicious list contains a list of users whose activities are to be carefully scrutinized. The black list contains a list of users who are blacklisted. 4.1 IMPLEMENTATION The trustee uses sha-1 algorithm to generate pseudoname (hash). This feature is directly available in php. For example the code <?php echo hash('SHA1', 'xyz'); ?> Generates the hash :66b27417d37e024c46526c2f6d358a754fc552f3 Hence the trustee generates the hash and sends it to the user. The user uses this hash value as his pseudoname and carries out his transactions with the responder using this pseudoname. The trustee then contacts the certification authority for the certificate. The certification authority can use a tool like SSL to generate the certificate. SSL is a freeware and can be downloaded from the internet. The following commands are used to obtain the .crt file: 1. 2. 3. 4. genrsa -des3 -out server.key 1024. req -key server.key -out server.csr. x509 -req -days 365 -in server.csr -signkey server.key -out server.crt.

The first command is to generate the keys (Public, Private) using the des algorithm and store the output in the file server.key which is of 1024 bits.

46

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October December (2012), IAEME October-December

The second command is used to generate a .csr file. Hence server.csr file is generated. In this window server.csr we can see that the command allow us to enter the default credentials that are shown in the details of the Digital Certificate.

The third command is to provide the duration of validity for the certificate.

Once the .csr file is generated we can upload it in a website (eg. Verisign, Getacert)

47

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

The user can use this certificate to register to the responder without revealing his credentials. Here the certificate serial number is a unique number and can be used as the primary key to identify the user.

4.2 SCREEN SHOTS

2) Trustee Generates Psudoname For The User. Also Contacts The Ca For The Certificate. 1) Trustees Page For The User To Enter e Credentials

48

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

3) Registration With Responder

5) User Enters Login Id And Password

4) User Login

6) Login Id Password And Login Time Are Stored In Responders Database

49

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

7) Responders Site

9) Initiator Updates The Changes

8) Initiator Tries To Make Changes To Responders 10) The Change Made And Time At Which The Site Change Was Made Is Stored In The Responders Database

50

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

11)Email To Trustee About Users Misbehaviour

12) Checking the mail

5. CONCLUSION

The above graph shows that the proposal is feasible and helps to secure the site against misbehaving users. The threshold can be selected by the responder based on the sensitivity of data contained in the site. Our proposed work blacklists the user based on the login times that are stored in the database of the responder.

51

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME 6. REFERENCES [1] Giuseppe Ateniese, Jan Camenisch, Marc Joye, and Gene Tsudik. A practical and provably secure coalitionresistant group signature scheme. In CRYPTO, volume 1880 of LNCS, pages 255270. Springer, 2000. [2] David Chaum and Eug`ene van Heyst. Group signatures. In EUROCRYPT, pages 257265, 1991. [3] Jan Camenisch and Markus Stadler. Efficient group signature schemes for large groups (extended abstract). In CRYPTO, volume 1294 of LNCS, pages 410424. Springer, 1997. [4] Stefan Brands. Rethinking Public Key Infrastructure and Digital Certificates Building in Privacy. PhD thesis, Eindhoven Institute of Technology, Eindhoven, The Netherlands, 1999. [5] Ernie Brickell, Peter Gemmel, and David Kravitz. Trustee-based tracing extensions to anonymous cash and the making of anonymous change. In Proceedings of the Sixth Annual ACM-SIAMs, pages 457{466. Association for Computing Machinery, January 1995. [6] David Chaum and Jan-Hendrik Evertse. A secure and privacy-protecting protocol for transmitting personal information between organizations. In M. Odlyzko, editor, Advances in Cryptology | CRYPTO '86, volume 263 of Lecture Notes in Computer Science, pages 118{167. Springer-Verlag, 1987. [7] David Chaum. Security without identification: Transaction systems to make big brother obsolete. Communications of the ACM, 28(10):1030{1044, October 1985. [8] Lidong Chen. Access with pseudonyms. In E. Dawson ann J. Golic, editor, Cryptography: Policy and Algorithms, volume 1029 of Lecture Notes in Computer Science, pages 232{243. Springer Verlag, 1995. [9] Ivan Bjerre Damgard. Payment systems and credential mechanism with provable security against abuse by individuals. In Shafi Goldwasser, editor, Advances in Cryptology | CRYPTO '88, volume 403 of Lecture Notes in Computer Science, pages 328{335. Springer Verlag, 1990. [10] Ronald Cramer and Victor Shoup. Signature schemes based on the strong rsa assumption. In Proc. 6th ACM Conference on Computer and Communications Security,pages 46{52. ACM press, nov 1999. [11] Anna Lysyanskaya, Ron Rivest, Amit Sahai, and Stefan Wolf. Pseudonym systems. In Howard Heys and Carlisle Adams, editors, Selected Areas in Cryptography, volume 1758 of Lecture Notes in Computer Science. Springer Verlag, 1999. [12] Joe Kilian and Erez Petrank. Identity escrow. In Hugo Krawczyk, editor, Advances in Cryptology | CRYPTO '98, volume 1642 of Lecture Notes in Computer Science, pages 169{185, Berlin, 1998. Springer Verlag. [13] Rosario Gennaro, Shai Halevi, and Tal Rabin. Secure hash-and-sign signatures without the random oracle. In Jacques Stern, editor, Advances in Cryptology | EUROCRYPT '99, volume 1592 of Lecture Notes in Computer Science, pages 123{139. Springer Verlag, 1999. [14] Markus Stadler, Jean-Marc Piveteau, and Jan Camenisch. Fair blind signatures. In Louis C. Guillou and Jean-Jacques Quisquater, editors, Advances in Cryptology | EUROCRYPT '95, volume 921 of Lecture Notes in Computer Science, pages 209{219. Springer Verlag, 1995.

52

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME Links: http://en.wikipedia.org/wiki/Digital_credential http://www.patents.com/us-7360080.html http://www.cosic.esat.kuleuven.be/publications/article-1513.pdf http://fist.mmu.edu.my/cans2010/Portals/0/Document/slides/day3/Bart_Memnink.pdf http://dud.inf.tudresden.de/~ben/kellermann_scholz09_anonymous_credentials_in_web_applications.pdf

Authors Dr Avula Damodaram obtained his B.Tech. Degree in CSE in 1989, M.Tech. in CSE in 1995 and Ph.D in Computer Science in 2000 all from JNTUH, Hyderabad. His areas of interest are Computer Networks, Software Engineering, Data Mining and Image Processing. He has successfully guided 6 Ph.D. and 2 MS Scholars apart from myriad M.Tech projects. He is currently guiding 9 scholars for Ph.D and 1 scholar for MS. He is on the editorial board of 2 International Journals and a number of Course materials. He has organized as many as 30 Workshops, Short Term Courses and other Refresher and Orientation programmes. He has published 35 well researched papers in national and International journals. He has also presented 45 papers at different National and International conferences. On the basis of his scholarly achievements and other multifarious services, He was honored with the award of DISTINGUISHED ACADAMICIAN by Pentagram Research Centre, India, in January 2010. H.Jayasree obtained her B.E. in CSE from Bangalore University and M.Tech. in CSE from JNTUH, Hyderabad in 2001 and 2006 respectively. She is currently a Research Scholar of CSE JNTUH, Hyderabad. She is working as Associate Professor, for Auroras Technological and Research Institute and has 10yrs of teaching experience in various colleges of Hyderabad and Bangalore. Areas of research interest include Computer Networks and Network Security.

53