Human Interactive Proofs (HIPs)
See HIPs Workshops

 Classical cryptography has often factored humans out of the equation: when we say Alice and Bob can communicate securely (or authenticate, or sign, or perform a zero knowledge proof), we really mean Alice and Bob's computers can communicate securely. This has resulted in humans being a major security hole in practice. Human Interactive Proofs (HIPs) are an attempt to bring humans back into the picture.
HIPs provide solutions to at least two basic problems in human-related cryptography: telling human users apart from computers (or `bots'), and authenticating single humans securely in the presence of very powerful eavesdroppers.

Telling Humans Apart From Computers (CAPTCHA)
Intuitively, a CAPTCHA is a program that can generate and grade test that:

Most humans can pass
Current computer programs cannot pass.

(The words "Most" and "Current" can be precisely defined later.) The P in CAPTCHA stands for Public: the code for the program should be commented and easy to understand; additionally, the commented code and all the data used by a CAPTCHA should be public. Thus a program that can generate and grade tests that distinguish humans from computers but whose code or data are private is not a CAPTCHA.
CAPTCHA stands for "Completely Automated Public Turing Test to Tell Computers and Humans Apart". Why Turing Test? Because a CAPTCHA is like an automated version of the Turing Test, one in which the judge is a computer.
For more information, see www.captcha.net.

Secure Human Authentication (HUMANOIDs)

Current authentication methods for computer systems, web pages, or monetary transactions are weak in some ways. Passwords, social security numbers, phone numbers, mother's maiden names, and PINs all can be easily stolen or shared and are routinely known to others, e.g. system administrators, who may abuse them. Biometrics require special hardware and do not provide universal coverage. More strikingly, biometrics require trusted terminals.
HUMANOIDs is a protocol that allows a naked human inside a glass house to authenticate securely to a non-trusted terminal. "Naked" means that the human carries nothing: no smart cards, no laptops, no pencil or paper. "Glass house" means that anybody can see what the human is doing, including everything that the human is typing.

 

 

This material is based upon work supported by National Science Foundation under Grant No. 0122581. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the
National Science Foundation