Current authentication methods for computer systems,
web pages, or monetary transactions are weak in some ways. Passwords,
social security numbers, phone numbers, mother's maiden names,
and personal identification numbers (PINs) all can be easily stolen
or shared and are routinely known to others (e.g. system administrators)
who may abuse them. Biometrics require special hardware, do not
provide universal coverage, and -- more strikingly -- require
trusted terminals.
The goal of the HumanAUT
(Human AUThentication) cryptographic project is to develop a challenge-response
authentication protocol that is easy for any reasonably intelligent,
moderately literate, 6- to 60-year old to learn and use, but hard
for an eavesdropper with a powerful computer to crack. The human
must be able to authenticate him- or herself to a computer while
a powerful adversary -- who knows the protocol, listens online,
and records every challenge and response -- should be incapable
of learning to impersonate the human.
As part of this research, a soda machine in the Computer Science
lounge was set up by undergraduate student Preston Tollinger to
give free sodas to anyone who could authenticate themselves using
a prototype system. This led to a working program and a senior
thesis. [1]
[1] Preston Tollinger, A Secure, Device-Free,
Challenge-Response Protocol, Carnegie Mellon senior thesis,
2000.
Preliminary
Presentation (ppt),
(pdf)
Other Mini-PROBEs for Summer 2003
Algorithms for Facility Location
Anonymous Communication
Designing Overlay Multicast Networks for Streaming
Dynamic Algorithms
Moving Mesh Simulations
Space-Efficient
Point Location