Person:
Essa, Irfan

Permanent Link
https://hdl.handle.net/1853/71242
Associated Organization(s)
Organizational Unit
ORCID
ArchiveSpace Name Record

Filters

2000 - 2001 2
2
2
2
2
Reset filters

Settings
Author: Lipton, Richard J. × search.filters.applied.f.resourcesubtype: Technical Report ×

Publication Search Results

Now showing 1 - 2 of 2
Thumbnail Image
Item

Mandatory Human Participation: A New Scheme for Building Secure Systems

2001 , Essa, Irfan , Sung, Min-Ho , Lipton, Richard J. , Xu, Jun

Mandatory Human Participation (MHP) is a novel authentication scheme that asks the question "are you human?" (instead of "who are you?"), and upon the correct answer to this question, can prove a principal to be a human being instead of a computer program. MHP helps solve old and new problems in computer security that existing security measures can not address properly, including password (or PIN number) guessing attacks, automated service and information theft, and denial of service. A key component of this `are you human?'' authentication process is a character morphing algorithm that transforms a character string into its graphical form in such a way that a human being won't have any problem recognizing the original string, while a computer program (e.g., an Optical Character Recognition program), will not be able to decipher it or make a correct guess with non-negligible probability. The basic idea of the MHP scheme is to ask an agent to recognize the string before its login attempts or transaction requests can be honored. Here a protocol is needed to send a puzzle to an agent, check if the answer supplied by the agent is correct, and most importantly make sure that the agent can not cheat in the process. A number of system and security issues that relate to the protocol need to be addressed for the protocol to be secure, efficient, robust, and user-friendly. The MHP scheme contributes to the foundation of the computer security by faithfully implementing a novel security semantics, "human," which existing cryptographic measures can not express accurately. As many real-world security applications involve the interaction between a human and a computer, which naturally contains "human" as a part of its protocol semantics, we believe that the MHP scheme will find many new applications in the future.

View
Thumbnail Image
Item

Hello, Are You Human?

2000 , Essa, Irfan , Lipton, Richard J. , Xu, Jun

In this paper, we propose the concept of a humanizer and explore its applications in network security and E-commerce. A humanizer is a novel authentication scheme that asks the question "are you human?" (instead of "who are you?"), and upon the correct answer to this question, can prove a principal to be a human being instead of a computer program. We demonstrate that the humanizer helps solve problems in network security and E-commerce that existing security measures can not address properly. A key component of this "are you human?" authentication process is a new type of trapdoor one-way hash function, called Turing-resistant hashing. It transforms a character string (the preimage) into a graphical form (the image) in such a way that a human being won't have any problem recovering the preimage through the trapdoor of human pattern recognition skills, while a computer program, essentially a Turing machine, will not be able to decode it or make a correct guess of the preimage with non-negligible probability. Based on this hash function, we design a stateless generic humanizer that can be parameterized for use in various real-world applications.

View