强制人力参与:建立安全系统的新认证方案

Jun Xu, R. Lipton, Irfan Essa, Minho Sung, Yong Zhu
{"title":"强制人力参与:建立安全系统的新认证方案","authors":"Jun Xu, R. Lipton, Irfan Essa, Minho Sung, Yong Zhu","doi":"10.1109/ICCCN.2003.1284222","DOIUrl":null,"url":null,"abstract":"Mandatory human participation (MHP) is a novel authentication scheme that asks the question \"are you human?\" (Instead of \"who are you?\"), and upon the correct answer to this question, can prove a principal to be a human being instead of a computer program. MHP helps solve old and new problems in computer security that existing security measures cannot address properly, including password (or PIN number) guessing attacks and application-level denial of service. A key component of this \"are you human?\" authentication process is a character morphing algorithm that transforms a character string into its graphical form in such a way that a human being won't have any problem recognizing the original string, while a computer program (e.g., an optical character recognition program), will not be able to decipher it or make a correct guess with nonnegligible probability. The basic idea of the MHP scheme is to ask an agent to recognize the string before its login attempts or transaction requests can be honored. Here a protocol is needed to send a puzzle to an agent, check if the answer supplied by the agent is correct, and most importantly make sure that the agent cannot cheat in the process. A number of system and security issues that relate to the protocol need to be addressed for the protocol to be secure, efficient, robust, and user-friendly. The MHP scheme contributes to the foundation of the computer security by faithfully implementing novel security semantics, \"human,\" which existing cryptographic measures cannot express accurately. As many real-world security applications involve the interaction between a human and a computer, which naturally contains \"human\" as a part of its protocol semantics, we believe that the MHP scheme will find many new applications in the future.","PeriodicalId":168378,"journal":{"name":"Proceedings. 12th International Conference on Computer Communications and Networks (IEEE Cat. No.03EX712)","volume":"52 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2003-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"22","resultStr":"{\"title\":\"Mandatory human participation: a new authentication scheme for building secure systems\",\"authors\":\"Jun Xu, R. Lipton, Irfan Essa, Minho Sung, Yong Zhu\",\"doi\":\"10.1109/ICCCN.2003.1284222\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Mandatory human participation (MHP) is a novel authentication scheme that asks the question \\\"are you human?\\\" (Instead of \\\"who are you?\\\"), and upon the correct answer to this question, can prove a principal to be a human being instead of a computer program. MHP helps solve old and new problems in computer security that existing security measures cannot address properly, including password (or PIN number) guessing attacks and application-level denial of service. A key component of this \\\"are you human?\\\" authentication process is a character morphing algorithm that transforms a character string into its graphical form in such a way that a human being won't have any problem recognizing the original string, while a computer program (e.g., an optical character recognition program), will not be able to decipher it or make a correct guess with nonnegligible probability. The basic idea of the MHP scheme is to ask an agent to recognize the string before its login attempts or transaction requests can be honored. Here a protocol is needed to send a puzzle to an agent, check if the answer supplied by the agent is correct, and most importantly make sure that the agent cannot cheat in the process. A number of system and security issues that relate to the protocol need to be addressed for the protocol to be secure, efficient, robust, and user-friendly. The MHP scheme contributes to the foundation of the computer security by faithfully implementing novel security semantics, \\\"human,\\\" which existing cryptographic measures cannot express accurately. As many real-world security applications involve the interaction between a human and a computer, which naturally contains \\\"human\\\" as a part of its protocol semantics, we believe that the MHP scheme will find many new applications in the future.\",\"PeriodicalId\":168378,\"journal\":{\"name\":\"Proceedings. 12th International Conference on Computer Communications and Networks (IEEE Cat. No.03EX712)\",\"volume\":\"52 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2003-10-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"22\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings. 12th International Conference on Computer Communications and Networks (IEEE Cat. No.03EX712)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCCN.2003.1284222\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings. 12th International Conference on Computer Communications and Networks (IEEE Cat. No.03EX712)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCCN.2003.1284222","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 22

摘要

强制人类参与(MHP)是一种新的身份验证方案,它会问“你是人类吗?”(而不是“你是谁?”),并且根据这个问题的正确答案,可以证明委托人是一个人,而不是一个计算机程序。MHP有助于解决现有安全措施无法妥善解决的计算机安全新老问题,包括密码(或PIN码)猜测攻击和应用程序级拒绝服务。这个“你是人类吗?”认证过程的一个关键组成部分是字符变形算法,它将字符串转换为图形形式,使人类识别原始字符串没有任何问题,而计算机程序(例如光学字符识别程序)将无法破译它或以不可忽略的概率做出正确的猜测。MHP方案的基本思想是要求代理在其登录尝试或事务请求被执行之前识别字符串。这里需要一个协议来发送一个谜题给代理,检查代理提供的答案是否正确,最重要的是要确保代理在这个过程中不会作弊。为了使协议安全、高效、健壮和用户友好,需要解决与协议相关的许多系统和安全问题。MHP方案忠实地实现了现有密码措施无法准确表达的新的安全语义“人”,为计算机安全奠定了基础。由于许多现实世界的安全应用涉及人与计算机之间的交互,其中自然包含“人”作为其协议语义的一部分,我们相信MHP方案将在未来找到许多新的应用。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Mandatory human participation: a new authentication scheme for building secure systems
Mandatory human participation (MHP) is a novel authentication scheme that asks the question "are you human?" (Instead of "who are you?"), and upon the correct answer to this question, can prove a principal to be a human being instead of a computer program. MHP helps solve old and new problems in computer security that existing security measures cannot address properly, including password (or PIN number) guessing attacks and application-level denial of service. A key component of this "are you human?" authentication process is a character morphing algorithm that transforms a character string into its graphical form in such a way that a human being won't have any problem recognizing the original string, while a computer program (e.g., an optical character recognition program), will not be able to decipher it or make a correct guess with nonnegligible probability. The basic idea of the MHP scheme is to ask an agent to recognize the string before its login attempts or transaction requests can be honored. Here a protocol is needed to send a puzzle to an agent, check if the answer supplied by the agent is correct, and most importantly make sure that the agent cannot cheat in the process. A number of system and security issues that relate to the protocol need to be addressed for the protocol to be secure, efficient, robust, and user-friendly. The MHP scheme contributes to the foundation of the computer security by faithfully implementing novel security semantics, "human," which existing cryptographic measures cannot express accurately. As many real-world security applications involve the interaction between a human and a computer, which naturally contains "human" as a part of its protocol semantics, we believe that the MHP scheme will find many new applications in the future.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信