Bling signature scheme might just improve privacy, too
CloudFlare has backed up its promise to get rid of the CAPTCHAs that Tor users complain discriminate against them.
The content distribution network’s (CDN’s) hated CAPTCHAs make browsing an unhappy experience for Tor users by offering rather too many challenges. Worse yet, they drop a cookie on validated users’ browsers and thereby create a re-identification risk.
Surfers using Tor have complained for some time that CDNs like CloudFlare discriminate against them. CloudFlare assigns a reputation to a user’s IP address, which means that an innocent Tor user unfairly inherits the reputation of an exit node that might also be serving spam or malware.
Back in February, CEO Matthew Prince told The Register the company was working on ways to get rid of the CAPTCHA. At the time, a couple of CloudFlare engineers had already dropped the first draft-of-the-draft at GitHub.
The pre-Internet Draft draft is here.
Putting the challenge in a plugin makes it audit-able, CloudFlare notes.
Next is the problem of the cookie, which the document highlights as a risk: “the challenge page sets a unique cookie to indicate that the user has been verified. Since Cloudflare controls the domains for all of the protected origins, it can potentially link CAPTCHA users across all >2 million Cloudflare sites without violating same-origin policy.”
Instead of the cookie, the plugin would use a blind signature scheme. Here’s how CloudFlare thinks it could work:
“The protocol allows a user to solve a single CAPTCHA and in return learn a specified number of tokens that are blindly signed that can be used for redemption instead of witnessing CAPTCHA challenges in the future. For each request a client makes to a Cloudflare host that would otherwise demand a CAPTCHA solution, a browser plugin will automatically supply a bypass token.
“By issuing a number of tokens per CAPTCHA solution that is suitable for ordinary browsing but too low for attacks, we maintain similar protective guarantees to those of Cloudflare’s current system.”
The blind signature scheme is described at Wikipedia. In CloudFlare’s implementation, the tokens carrying the signatures will be JSON objects in the plugin: “tokens will be a JSON object comprising a single ‘nonce’ field. The ‘nonce’ field will be made up of 30 cryptographically random bytes”.
The plugin will also contain a CA-issued certificate to validate keys, and certificates will be checked against certificate transparency logs. ®