Scrappy: SeCure Rate Assuring Protocol with PrivacY
Kosei Akama
Network and Distributed System Security (NDSS) Symposium 2024 · Day 2 · Network & DNS Security
The internet’s reliance on online services has brought with it an escalating challenge: how to mitigate abusive activities without compromising user privacy or degrading the user experience. Adversaries routinely exploit online platforms by accessing resources at rates far exceeding intended limits, leading to issues such as manipulation of online polls and product ratings, exorbitant billing from overuse of third-party APIs, exploitation of free trials, relentless dictionary attacks on login systems, and excessive data collection by web crawlers. Traditional defenses like SMS authentication and CAPTCHAs, while widely deployed, suffer from significant drawbacks, including privacy concerns, ease of circumvention by attackers, and diminishing effectiveness against sophisticated machine learning models and CAPTCHA farms.