REU Student	Graduate Mentor	Faculty Advisor
Adam Bender	Nick Hopper	Manuel Blum

Current authentication methods for computer systems, web pages, or monetary transactions are weak in some ways. Passwords, social security numbers, phone numbers, mother's maiden names, and personal identification numbers (PINs) all can be easily stolen or shared and are routinely known to others (e.g. system administrators) who may abuse them. Biometrics require special hardware, do not provide universal coverage, and -- more strikingly -- require trusted terminals.

The goal of the HumanAUT (Human AUThentication) cryptographic project is to develop a challenge-response authentication protocol that is easy for any reasonably intelligent, moderately literate, 6- to 60-year old to learn and use, but hard for an eavesdropper with a powerful computer to crack. The human must be able to authenticate him- or herself to a computer while a powerful adversary -- who knows the protocol, listens online, and records every challenge and response -- should be incapable of learning to impersonate the human.

As part of this research, a soda machine in the Computer Science lounge was set up by undergraduate student Preston Tollinger to give free sodas to anyone who could authenticate themselves using a prototype system. This led to a working program and a senior thesis. [1]

[1] Preston Tollinger, A Secure, Device-Free, Challenge-Response Protocol, Carnegie Mellon senior thesis, 2000.

Preliminary Presentation (ppt), (pdf)

Other Mini-PROBEs for Summer 2003

Algorithms for Facility Location
Anonymous Communication
Designing Overlay Multicast Networks for Streaming
Dynamic Algorithms
Moving Mesh Simulations
Space-Efficient Point Location