Scrappy: SeCure Rate Assuring Protocol with PrivacY
CoRR(2023)
摘要
Preventing abusive activities caused by adversaries accessing online services
at a rate exceeding that expected by websites has become an ever-increasing
problem. CAPTCHAs and SMS authentication are widely used to provide a solution
by implementing rate limiting, although they are becoming less effective, and
some are considered privacy-invasive. In light of this, many studies have
proposed better rate-limiting systems that protect the privacy of legitimate
users while blocking malicious actors. However, they suffer from one or more
shortcomings: (1) assume trust in the underlying hardware and (2) are
vulnerable to side-channel attacks. Motivated by the aforementioned issues,
this paper proposes Scrappy: SeCure Rate Assuring Protocol with PrivacY.
Scrappy allows clients to generate unforgeable yet unlinkable rate-assuring
proofs, which provides the server with cryptographic guarantees that the client
is not misbehaving. We design Scrappy using a combination of DAA and hardware
security devices. Scrappy is implemented over three types of devices, including
one that can immediately be deployed in the real world. Our baseline evaluation
shows that the end-to-end latency of Scrappy is minimal, taking only 0.32
seconds, and uses only 679 bytes of bandwidth when transferring necessary data.
We also conduct an extensive security evaluation, showing that the
rate-limiting capability of Scrappy is unaffected even if the hardware security
device is compromised.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要