International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 9 Sep 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 3067

Blocking and Blacklisting Trespassers in
Anonymous Networks
K.Sravanti
1
, Manda Ashok Kumar
2
, BetamSuresh
3
K. Sravanti pursuing M.Tech(CSE), Vikas Group of Institutions (Formerly known as Mother Theresa Educational Society Group
of Institutions), Nunna, Vijayawada. Affiliated to JNTU- Kakinada, A.P, India
Manda Ashok Kumar is working as a Asst. Professor at Vikas Group of Institutions (Formerly known as Mother Theresa
Educational Society Group of Institutions), Nunna, Vijayawada. Affiliated to JNTU- Kakinada, A.P, India
Betam Suresh ,working as an HOD at Vikas Group of Institutions (Formerly known as Mother Theresa Educational Society
Group of Institutions), Nunna, Vijayawada. Affiliated to JNTU- Kakinada, A.P, India


Abstract-Some anonymous communication technique is being
used by number of users for enabling online anonymity. One
among those is TOR, which allow user to access internet
facility privately by hiding their IP address from server.
Anonymizing is a technique of stripping the identity of the
user of internet from the identification data that accompanies
it. For example, TOR use a node of networks which is
volunteered by nature and they give support to TOR, by using
which TOR can make redirection to his user towards network
by hiding the information of their original IP address. But one
issue has been seen from some time that some users of this
kind of anonymous network has transmitted some abused
information, they want to corrupt the information on server.
Server do not having facility to block the user if server going
to block it will block the normal response with entire
anonymizing network, denying anonymous access to end user
either he is honest or dishonest by nature, alike Nymble is a
credential system that can be used in conjunction with
anonymizing networks such as Tor to selectively block
anonymous users while maintaining their privacy. Nymble
offers a number of properties, such properties are
Anonymous Blacklisting in which a server can block the IP
address of a misbehaving user without knowing identity of
user IP address. Privacy in this honest and misbehaving user
both remain anonymous. Backward Anonymity in this the
blacklisted user's previous activity remains
anonymous/unlikable, and is refused future connections.
Blacklist status awareness in this a user can check whether
he/she has been blocked before accessing services at the
server. Subjective Judging since misbehaving users are
blocked without compromising their own privacy concern and
the belonging server may have their own definition of
misbehaving user. So our proposed system Nymble is a system
in which sever can blacklist misbehaving user and therefore
can block them without affecting their anonymity, means
privacy of user is maintained by using Nymble either he/she
will honest or misbehaved.
Keyword- Anonymity, Anonymization, Nymble, Privacy, Tor,
Blocking.
I-INTRODUCTION
The purpose of the Nymble project is to allow for
authenticated anonymous user in network It provides a
mechanismfor server administrators to block misbehaving
users while allowing for honest users to stay anonymous;
in fact even the blocked users remain anonymous. The
name "Nymble" comes from a play on the word
"pseudonym" and "nimble". Instead of giving users a
simple pseudonym, the Nymble system assigns users
"nymble"; which is a better solution for better pseudonym.
Because the internet address of the sender and the recipient
are not both in clear text at any hop in on the route
someone can haves control mismatch at some way with the
communication supporting channel cannot that the last Tor
node (the exit node) is the originator of the communication
rather than the sender. Because of this TOR
communication system, if an intruder is going to make any
unauthenticated changes to systemthen it is not possible to
track himback. In this paper we proposed a solution for
this problemby using TOR By the no of experiment on
TOR we found that the size of IP packets in the Tor
network can be very dynamic because a cell is an
application concept and the IP layer may repack cells. In
this attack, the attacker can embed a secret signal into the
variation of cell counter of the controlling final traffic. The
misbehaved user place corrupted data with that signal and
that corrupted embedded signal will go through original
traffic and arrive at the malicious entry onion router. There
are many solution of this problem each solution provides
some degree of accountability. First one is Pseudonymous
credential system, in which each user log in into website by
using a pseudonymcode and it can be added to blacklist if
a user misbehave but there is a drawback in this way , here
anonymity of user going to diminish by pseudo code.
Second one is Anonymous credential systemin which a
group signature is provided to all, server is able to revoke
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 9 Sep 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page 3068

misbehaving users anonymity by complaining to group
manager. Other solutions were Subjective blacklisting and
Dynamic accumulators. In this paper we are going to
introduce a new solution which is totally secure systemand
called as Nymble. Nymble provides all properties of
previous solutions together like example of anonymous
authentication, and another one is backward unlink ability,
and one more is fast authentication ,subjective blacklisting,
speed etc. By using our systeman end user will aware of
his current status either he is dishonest and going to be
blacklisted for that in our systemone blacklisted table have
to maintain.
II- SYSTEM ARCHITECTURE
In this section we will discuss about architecture of
Nymble. Nymble system is able to make number of
contribution like blacklisting anonymous users, practical
performance is high, it is an open source implementation.
Systemarchitecture of Nymble is combination of number
of services. Nymble blocking the misbehavior user
depending on some criteria.

Fig 1-Nymble Architecture
A. One criteria for Nymble to block the misbehaved user
depending on their resource, this technique is known as
Resource based blocking. This is use for limiting the
number of identities a user can obtain. It binds nymbles to
resource that is sufficiently difficult to obtain in large
numbers. We can choose the resources like IP address,
email address, identify certificates, trusted hardware etc
B. Fromthe fig 1, in nymble architecture first of all user
must contact with the Pseudonym Manager. The
pseudonym manager having control over resources, and
also having knowledge about Tor routers and can ensure
that user are communicating to it directly. Pseudonymcode
are chosen based on the resources and are identical and
pseudonymmanager ensure that the same pseudonymis
always issued for the same resource. One important thing is
user never disclose that with which server he wants to
connect with , and the pseudonym manager responsibilities
is limited to mapping IP addresses with pseudonyms.
C. When user get a pseudonymcode frompseudonym
manager then the user connect to Nymble manager through
the anonymizing network and start making request to
nymbles for access to a particular server. The request come
to nymbles is pseudonymous and nymbles are generated
using users pseudonymand server identity. These nymbles
are thus specific to user- server interaction. Until unless
nymble manager and pseudonym manager do not
communicate the nymble system cannot identify which
user connect to which server. The Nymble manager knows
only pseudonym-server pair and pseudonym manager
knows only user-identity pseudonympair. To provide the
cryptographic protection and security properties the
Nymble Manager encapsulate nymbles into nymble
tickets. Nymbles tickets are bound to be for specific time
period. While a users access within a time period is wrap
with a single nymble ticket. Smaller time period provide
user with high rates of anonymous verification and high
either longer time will provide to rate-limit the number of
misbehaviors froma particular user before he is blocked.
D. If a user is misbehaves the server responsibility is to
may link any future connection fromthis user within the
current window linkability. Therefore once the server has
complained about a user , the user is blacklisted for the
rest of the time period of current window linkability. Even
though the misbehaving user can be blocked frommaking
connection in the future and the user previous connection
will become unlinkable by implementing this architecture
we are able to achieve backward unlinkability and
subjective blacklisting.
E. Users who made connection with server by using
anonymizing network and want that their connection
should be anonymous. If a server obtain any misbehave
fromthat user, it is mandatory that user be notified of their
blacklist status before they present a nymble ticket to
server. In our systemuser can view servers blacklist and
verify his status, if that user is blacklisted that user should
disconnect immediately. One more important thing is that
the blacklist should be updated in current time period. A
user is ensure that he will not be linked if user verifies the
integrity and freshness of the blacklist before sending his
nymble ticket.
F. Nymble aims four security goal. Security is also a vital
part of architecture of nymble. The goals and threat of
nymble will explain below. An entity is honest when its
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 9 Sep 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page 3069

operation verify by the system parameters. An honest
entity can become curious because he wants to attempts to
infer knowledge from its own information. An honest
entity becomes corrupt when it is compromised by an
attacker and hence reveals its information at the time of
compromise. In our system user can view servers blacklist
and verify his status, if that user is blacklisted that user
should disconnect immediately. One more important thing
is that the blacklist should be updated in current time
period. A user is ensure that he will not be linked if user
verifies the integrity and freshness of the blacklist before
sending his nymble ticket.

III-NYMBLE SETUP
For making the setup, the Nymble manager and the
Pseudonym manager interact as follows-
1)The Nymble manager executes NMInitState() and
initialize its state nmState to algorithms output.
2)The Nymble Manager extract macKey
NP
from nmState
and sends it to the Pseudonym Manger over a authorized
channel and make a shared secret key between the Nymble
Manager and Pseudonym Manger, so that the Nymble
Manager can verify the authenticity of pseudonym issued
by the Pseudonym manager.
3)The Pseudonym manger generates nymble key by
running key generation and initializes its state frompseudo
manager state to nymble manager state.
4) The Nymble Manager publishes verKey
N
in nmState in a
way that the users in Nymble can obtain it and verify its
integrity at any time.
A) Server Registration-To participate in the Nymble
system, a server with identification of server id initiates a
authorization channel to the Nymble manager channel , and
registers with the nymble manager according to the Server
Registration protocol . Each server may register at most
once in any linkability window.

Algorithm: VerifyBL
Input: (siJ,t,w,blist,ccrt)
2
C,n
0
Output: be {truc,olsc}
1: (t
d ,
Joisy,ts ,moc,sig) ccrt
2: if t
d
t t
d
< ts then
3: return false
4: torgct =
(
t
d-
ts
)
(daisy)
5: content :=sid||t
s
||w||target||blist
B) User Registration- A user with identity uid must
register with the PM once for each time window occure
due to linkability for doing this end user with his id
intialtes a channel to the PM, followed by the User
Registration protocol.The Psuedonym manager checking
that if the current user is permissioned for making him
registration. In this paper we proposed a systemin which
pseudonym manager making interfearence to address of
channel and also check that that should not belongd to
previous tor table.If this is not going to happen then
pseudonym manager make it fail and put in failure list..
Otherwise, the PM reads the current linkability The PM
then gives pnym to the user, and terminates with
success.The user, on receiving pnym, sets her state usrState
to (pnym, $), and terminates with success.

Algorithm: NMInitState
Output: nmState S
N
1- mocKcy
NP
:=Mac.KeyGen()
2- mocKcy
N
:=Mac.KeyGen()
3- sccJKcy
N
:=Mac.KeyGen()
4- (cncKcy
N
, JccKcy
N
) :=Enc.KeyGen()
5- (signKcy
N
, :crKcy
N
) :=Sig.KeyGen()
6 Keys :=(mocKcy
Np
,

JccKcy
N,
signKcy
N ,
:crKcy
N
)
7nmEntries :=
8return nmState :=(keys,nmEntries).
C) Nymble Connection Establishment- To establish a
Nymble-connection to a server, nymble user have to
provide a confirmation authentication which is allocated
fromserver by using user first intraction detail for it.

1-The user extract pnyms fromuserState and sends the
pair(pnyms,sid) to the nymble manager.

2- The Nymble manager reads the current linkability
window as W
now
. It make sure that the users pnyms is
valid.

3-The Nymble manager runs NMCredential which return a
credential .The nymble manager sends this credential to the
user and terminates with the success.

International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 9 Sep 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page 3070

4-The user when it receive that credentials create userEntry
and appends it to its state userState and terminates with
success.

To establish a connection to a server ,the user intiates a
type ANOM channel to the server, which also follows the
Nymble-connection establishment protocol.In this protocol
server uses first of all Blacklist validation in which the
server send the blacklist credential to the user, user get this
data in current time period and check linakbility window
and assume these values to be current for the rest of the
protocol. After that secondaly, Since multiple connection
establishment attempts by a user to the same server within
the same time period. At last server making the blacklist
which going to update on current time for making
freshnesh and integrity in the Nymble system.

D. Compaint Resolution- For handling the complaint in
our Nymble systemwe have to update our systemafter
some period of time.At the end of each time period that is
not the last of the current linkability windows, each
registered server updates its svrState by using
ServerUpdateState() algorithmwhich prepares the linking
token list for current running time span and each record
should update by using the upcoming seed and computing
the corresponding nymbleEach registered user sets
ticketDisclosed in every userEntry in userState to false,
signaling that the user has not disclosed any ticket in the
new time period.
At the beginning of each linkability window all the
entities means the pseudonymmanager and the Nymble
manager, the server and the user erase their state and start
afresh. In other word ,The Nymble manager and the
pseudonym manager must re-setup Nymble for the new
current linkability window and all servers and users must
register if they still want to use Nymble.

Algorithm: ServerUpdateState

Persistent state: svrState SS

1: Extract lnkng-tokens fromsvrState

2: for all i =1 to |lnkng-tokens| do

3: (seed, nymble) :=lnkng-tokens[i]

4: seed :=f(seed); nymble :=g(seed)

5: tokens[i] :=(seed, nymble)

6: Replace seen-tickets in svrState with .

IV-PERFORMANCE EVALUATION

In this we are going to discuss the performance of Nymble
solution which is based on number of theoretical and
practical implementations, which verify the linear (in the
number of entries as described below) time and space
costs of the various operations and data structures.




Fig 1-The marshaled sizeof various Nymble data structure

In the above figure we shown the pefomance of the nymble
by using a graph between number of entries and size.Here
The marshaled size of various Nymble in the blacklist
update response, and nymbles in the blacklist. In general,
each structure grows linearly as the number of entries
going to increase the number of credentials and blacklisted
also going to increase in a parallel manner because a
credential is a collection of tickets which is more or less
what is sent as a complaint list when the server wishes to
update its blacklist.

V-CONCLUSION

Nymble is a credential system that can be used in
conjunction with anonymizing networks such as Tor to
selectively block anonymous users while maintaining their
privacy. Nymble offers a number of properties, such
properties are Anonymous Blacklisting in which a server
can block the IP address of a misbehaving user without
knowing identity of user IP address. Privacy in this
honest and misbehaving user both remain anonymous.. In
this paper we present nymble as a powerful technique in
blacklisting misbehaving user when they using any
anonymizing network and save the anonymity of the user
either user is honest or misbehaved. It can be used to add a
layer of accountability to any publicly known anonymizing
network. Here by implementing this we can see that server
can block the misbehaved user either they used anonymous
network and also maintaining their privacy of anonymity.
We suppose that this approach for anonymizing network
make acceptance for anonymoys network with making user
anonumous all the time.
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 9 Sep 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page 3071





REFFERENCES

J. Feigenbaum, A. Johnson, and P. F. Syverson. A Model
of OnionRouting with Provable Anonymity.

S. Goldwasser, S. Micali, and R. L. Rivest. A Digital
Signature Scheme Secure Against Adaptive Chosen-
Message Attacks.

J. E. Holt and K. E. Seamons. Nym: Practical
Pseudonymity for Anonymous Networks. Internet Security
Research Lab Technical.

P. C. Johnson, A. Kapadia, P. P. Tsang, and S. W. Smith.

A. Juels and J. G. Brainard. Client Puzzles
N. S. Evans, R. Dingledine, and C. Grothoff, A practical
congestion. attack on Tor using long paths, in Proc. 18th
USENIX Security Symp., Aug. 1014, 2009

S. J . Murdoch, Hot or not: Revealing hidden services by
their clock skew, in Proc. 13th ACM CCS, Nov. 2006
R. Pries, W. Yu, X. Fu, and W. Zhao, A new replay attack
against anonymous communication networks, in Proc.
IEEE ICC, May 1923, 2008.


AUTHORS PROFILE



K. Sravanti, Pursuing
M.Tech(CSE), Vikas Group
of Institutions (Formerly
Mother Teresa Educational
society Group of Institutions),
Nunna, Vijayawada,
Affiliated to JNTU-Kakinada,
A.P., India

Manda. Ashok Kumar is
working as an Asst.
Professor at Vikas Group of
Institutions, Nunna,
Vijayawada, Affiliated to
JNTU-Kakinada, A.P.,
India.
Betam Suresh, is working
as an HOD, Department of
Computer science
Engineering at Vikas Group
of Institutions (Formerly
Mother Teresa Educational
society Group of
Institutions), Nunna,
Vijayawada, Affiliated to
JNTU-Kakinada, A.P., India