Making puzzles green and useful for adaptive identity management in large-scale distributed systems

Various online systems offer a lightweight process for creating accounts (e.g., confirming an e-mail address), so that users can easily join them. With minimum effort, however, an attacker can subvert this process, obtain a multitude of fake accounts, and use them for malicious purposes. Puzzle-based solutions have been proposed to limit the spread of fake accounts, by establishing a price (in terms of computing resources) per identity requested. Although effective, they do not distinguish between requests coming from presumably legitimate users and potential attackers, and also lead to a significant waste of energy and computing power. In this paper, we build on adaptive puzzles and complement them with waiting time to introduce a green design for lightweight, long-term identity management; it balances the complexity of assigned puzzles based on the reputation of the origin (source) of identity requests, and reduces energy consumption caused by puzzle-solving. We also take advantage of lessons learned from massive distributed computing to come up with a design that makes puzzle-processing useful. Based on a set of experiments, we show that our solution provides significant energy savings and makes puzzle-solving a useful task, while not compromising effectiveness in limiting the spread of fake accounts.