1

NYMBLE: BLOCKING MISBEHAVING USERS IN ANONYMIZING NETWORKS

Under the guidance of:

Mr.Chandrashekhar.Adki Submitted By:

Smita (3AE08CS038)Supriya (3AE08CS041)Saba (3AE07CS041)Sarojini (3AE07CS037)

2

CONTENTS• Abstract• Existing system and its drawbacks.• Proposed system• Requirements• Modules• Properties• Blacklisting• Advantages• Disadvantages• Conclusion• References

3

ABSTRACT

Anonymizing networks such as Tor allow users to access Internet services privately by using a series of routers to hide the client’s IP address from the server. The success of such networks, however, has been limited by users employing this anonymity for abusive purposes such as defacing popular Web sites. To address this problem, we present Nymble, a system blocking users without compromising their anonymity

4

EXISTING SYSTEM

•Anonymous credential systems employ group

signatures. Basic group signatures allow servers

to revoke a misbehaving user’s anonymity by

complaining to a group manager

• Verifier-local revocation (VLR) fixes this

shortcoming by requiring the server (“verifier”)

to perform only local updates during revocation

5

DRAWBACKS OF EXISTING SYSTEM

•Unfortunately, VLR requires heavy

computation at the server

•Also the privacy of the user is not

maintained

•The speed of authentication in the VLR

systems was also an issue

6

THE PROPOSED SYSTEM

•To address all the problems faced by the

previous system a secure system called Nymble

was proposed

• In Nymble, users acquire an ordered collection

of nymbles, using the stream of nymbles

simulates anonymous access to services

7

THE PROPOSED SYSTEM(Contd..)

•Servers can blacklist anonymous users

without knowledge of their IP addresses

while allowing behaving users to connect

anonymously

• The system ensures that users are aware

of their blacklist status before they present

a nymble

8

THE NYMBLE SYSTEM

9

HARDWARE REQUIREMENTS•PROCESSOR :PENTIUM IV 2.6

GHz•RAM :512 MB DD RAM•MONITOR :15” COLOR•HARD DISK :20 GB•FLOPPY DRIVE :1.44 MB•CDDRIVE :LG 52X•KEYBOARD :STANDARD 102

KEYS•MOUSE :3 BUTTONS

10

SOFTWARE REQUIREMENTS

•Front End : Java, RMI, JFC (Swing)

•Server : apache-tomcat-6.0.18(Web Server)

•Backend : Ms-Access•Tools Used : Eclipse 3.3•Operating System : Windows XP/7

11

MODULES

1. Pseudonym Manager:

• The user must first contact the Pseudonym

Manager (PM) and demonstrate control over a

resource

• Pseudonyms are deterministically chosen based

on the controlled resource, ensuring that the

same pseudonym is always issued for the same

resource

12

MODULES(CONTD…)

2.Nymble Manager:

•After obtaining a pseudonym from the

PM, the user connects to the Nymble

Manager (NM) through the anonymizing

network, and requests nymbles for access

to a particular server

13

MODULES(CONTD…)

3. Blacklisting a user:

• If a user misbehaves, the server may link

any future connection from this user within

the current linkability window

• The ip address of misbehaving user is put

into the server’s blacklist without

disclosing the identity of the user

14

MODULES(CONTD…)

4.Resource-Based Blocking

•To limit the number of identities a user

can obtain (called the Sybil attack ), the

Nymble system binds Nymble to

resources that are sufficiently difficult to

obtain in great numbers

15

PROPERTIES

1. Blacklistability : It assures that any

honest server can indeed block

misbehaving users. If a user misbehaves

then he is immediately blacklisted by the

server

16

PROPERTIES(CONTD…)

•Rate-limiting : It assures any honest

server that no user can successfully

nymble-connect to it more than once

within any single time period

17

PROPERTIES(CONTD…)

•Nonframeability: It guarantees that any

honest user who is legitimate according to

an honest server can nymble-connect to

that server. This prevents an attacker from

framing a legitimate honest user

•This property assumes each user has a

single unique identity

18

PROPERTIES(CONTD…)

•Revocation Audibility

This property enables the users

to know its blacklist status as in when

they needs to know it

19

Blacklisting a user

•If a user misbehaves, the server may link

any future connection from this user

within the current linkability window (e.g.,

the same day)

20

21

ADVANTAGES

1.Non Frameability :

•Any legitimate user cannot be framed by a

dishonest user

•If the users share the same IP address

then a user can be framed

22

ADVANTAGES(CONTD…)

2. Anonymity:

•Anonymity of the user is not lost.

•That is, using Nymble systems the privacy

of the users identity is highly maintained

in the anonymous networks

23

ADVANTAGES(CONTD…)

3.Across multiple linkability windows

•With multiple linkability windows, our

Nymble construction still has

Accountability and Non frame ability

because each ticket is valid for and only

for a specific linkability window

24

DISADVANTAGE:

•In case of user misbehavior, it is difficult

to identify the original culprits

• IP address are neither permanent nor

necessarily permanent

25

CONCLUSIONS

A comprehensive credential system

called Nymble, which can be used to add

a layer of accountability to any publicly

known anonymizing network

26

References

• [1] J. Camenisch and A. Lysyanskaya, “Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials,” Proc. Ann. Int’l Cryptology Conf. (CRYPTO), Springer, pp. 61-76, 2002. 

• [2] J. Camenisch and A. Lysyanskaya, “Signature Schemes and Anonymous Credentials from Bilinear Maps,” Proc. Ann. Int’l Cryptology Conf. (CRYPTO), Springer, pp. 56-72, 2004.

• [3] C. Cornelius, A. Kapadia, P.P. Tsang, and S.W. Smith, “Nymble: Blocking Misbehaving Users in Anonymizing Networks,” Technical Report TR2008-637, Dartmouth College, Computer Science, Dec. 2008.

•   http://java.sun.com• http://www.sourcefordgde.com• http://www.networkcomputing.com/• http://www.roseindia.com/• http://www.java2s.com/

27

THANK YOU