{"title":"通过准确的人工认证来抑制机器人流量","authors":"M. Jamshed, Wonho Kim, KyoungSoo Park","doi":"10.1145/1851276.1851287","DOIUrl":null,"url":null,"abstract":"Human attestation is a promising technique to suppress unwanted bot traffic in the Internet. With a proof of human existence attached to the message, the receiving end can verify whether the content is actually drafted by humans. This technique can significantly reduce bot-generated abuse such as spamming, password cracking or even distributed denial-of-service (DDoS) attacks. Unfortunately, existing methods rely on the probabilistic characteristics of attestations and can be exploited by smart attackers.\n In this paper, we propose deterministic human attestation based on trustworthy input devices. By placing the root of trust on the input device, we tightly bind the input events to the content for network delivery. Each input event is generated with a cryptographic hash that attests to human activity and the message consisting of such events gets a third-party verifiable digital signature that is carried to the remote application. For this, we augment the input device with a trusted platform module (TPM) chip and a small attester running inside the device. We focus on trustworthy keyboards here but we plan to extend the framework to other input devices.","PeriodicalId":202924,"journal":{"name":"Asia Pacific Workshop on Systems","volume":"48 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Suppressing bot traffic with accurate human attestation\",\"authors\":\"M. Jamshed, Wonho Kim, KyoungSoo Park\",\"doi\":\"10.1145/1851276.1851287\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Human attestation is a promising technique to suppress unwanted bot traffic in the Internet. With a proof of human existence attached to the message, the receiving end can verify whether the content is actually drafted by humans. This technique can significantly reduce bot-generated abuse such as spamming, password cracking or even distributed denial-of-service (DDoS) attacks. Unfortunately, existing methods rely on the probabilistic characteristics of attestations and can be exploited by smart attackers.\\n In this paper, we propose deterministic human attestation based on trustworthy input devices. By placing the root of trust on the input device, we tightly bind the input events to the content for network delivery. Each input event is generated with a cryptographic hash that attests to human activity and the message consisting of such events gets a third-party verifiable digital signature that is carried to the remote application. For this, we augment the input device with a trusted platform module (TPM) chip and a small attester running inside the device. We focus on trustworthy keyboards here but we plan to extend the framework to other input devices.\",\"PeriodicalId\":202924,\"journal\":{\"name\":\"Asia Pacific Workshop on Systems\",\"volume\":\"48 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-08-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Asia Pacific Workshop on Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1851276.1851287\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Asia Pacific Workshop on Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1851276.1851287","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Suppressing bot traffic with accurate human attestation
Human attestation is a promising technique to suppress unwanted bot traffic in the Internet. With a proof of human existence attached to the message, the receiving end can verify whether the content is actually drafted by humans. This technique can significantly reduce bot-generated abuse such as spamming, password cracking or even distributed denial-of-service (DDoS) attacks. Unfortunately, existing methods rely on the probabilistic characteristics of attestations and can be exploited by smart attackers.
In this paper, we propose deterministic human attestation based on trustworthy input devices. By placing the root of trust on the input device, we tightly bind the input events to the content for network delivery. Each input event is generated with a cryptographic hash that attests to human activity and the message consisting of such events gets a third-party verifiable digital signature that is carried to the remote application. For this, we augment the input device with a trusted platform module (TPM) chip and a small attester running inside the device. We focus on trustworthy keyboards here but we plan to extend the framework to other input devices.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
