Human Interactive
Proofs (HIPs) See HIPs Workshops |
Classical cryptography has often factored humans out of the equation:
when we say Alice and Bob can communicate securely (or authenticate, or
sign, or perform a zero knowledge proof), we really mean Alice and Bob's
computers can communicate securely. This has resulted in humans being
a major security hole in practice. Human Interactive Proofs (HIPs) are
an attempt to bring humans back into the picture. Telling Humans Apart From Computers (CAPTCHA) Most humans can
pass (The words "Most" and "Current" can be precisely
defined later.) The P in CAPTCHA stands for Public: the code for the program
should be commented and easy to understand; additionally, the commented
code and all the data used by a CAPTCHA should be public. Thus a program
that can generate and grade tests that distinguish humans from computers
but whose code or data are private is not a CAPTCHA. Secure Human Authentication (HUMANOIDs) Current authentication methods for computer systems, web pages, or monetary
transactions are weak in some ways. Passwords, social security numbers,
phone numbers, mother's maiden names, and PINs all can be easily stolen
or shared and are routinely known to others, e.g. system administrators,
who may abuse them. Biometrics require special hardware and do not provide
universal coverage. More strikingly, biometrics require trusted terminals.
This material is based upon work supported
by National Science Foundation under Grant No. 0122581. Any opinions,
findings, and conclusions or recommendations expressed in this material
are those of the author(s) and do not necessarily reflect the views of
the
National Science Foundation |