CENTER Carnegie Mellon UniversityCarnegie Mellon Computer Science DepartmentSchool of Computer Science
Computer-Human Authentication with Applications to AI
Related Activities
Outreach Roadshow

(see, see HIPs)

Faculty: Lenore Blum, Manuel Blum, Avrim Blum;
students: Nick Hopper, Luis von Ahn, John Langford, Scott Crosby, Brighten Godfrey; Bartosz Przydatek, Chuck Rosenberg, Ke Yang; partners: Udi Manber (Yahoo); Doug Tygar, Richard Fateman (UC Berkeley); Henry Baird (Xerox Parc)

This PROBE concerns the following general problem: Design a protocol for convincing a computer that one is a member of a specific class of humans --- the singleton "Joan Smith" class, or the class of all humans, etc. --- in such a way that someone outside the class, even with access to powerful computers and numerous examples of successful authentication, cannot impersonate a member of the class .

The "Joan Smith" class: Current authentication methods for monetary transactions are notoriously weak: one gives one's social security number, address, phone number or mother's maiden name. This information is easily csaptured at public phone booths, and in any case is available to the bank clerk or broker with whom one deals. We seek a solution to the problem, "How can a human in a glass house login to a computer when she has nothing but a monitor and keyboard or a telephone and keypad only?" Glass house means that anyone can observe her login any number of times .

The class of all humans: Consider an online poll: Which is the best computer science graduate school? Graduate students can (and did!) write programs to vote thousands of times for their own school. To prevent this, we need a method to tell whether it is a script or a human that is voting. We need what we call a Completely Automatic Public Turing Test to tell Computers and Humans Apart (CAPTCHA). This is an algorithm for administering and grading a test that distinguishes humans from computers. Such an algorithm has many applications. Indeed, Udi Manber of Yahoo has arranged to use our rudimentary prototypes to solve several such Internet problems: 1) The chat room problem: how to keep (ro)bots out of chatrooms. (2) The accounts problem: how to keep bots from signing up for (numerous) accounts. (3) The spam mail problem: how to keep bots from flooding the net with spam mail.

Solutions to the above problems require the collaboration of people from widely different areas .

  • Cognitive Psychology
  • Computer Vision and Speech
  • Artificial Intelligence. A protocol for the "class of all humans" problem is a public challenge to the AI community: "Write a program that can authenticate itself as human to this protocol." We intend to challenge AI researchers with welldefined problems that the AI community find interesting and important .
  • Computational Learning Theory. Learning Theory tells which functions are learnable from examples and, crucially, which are possibly not learnable. Our authentication protocols must have the property that an eavesdropper with a powerful computer, even after observation of many successful authentications, cannot learn to impersonate "Joan Smith." -- Cryptography
  • Theory of Computation. What are the right definitions and models for this problem? Computer Science theory is ideally suited to asking and answering this question

The First Workshop on Human Interactive Proofs, Palo Alto, January 2002


This material is based upon work supported by National Science Foundation under Grant No. 0122581.
Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the
National Science Foundation