KHAP: Using Keyed Hard AI Problems to Secure Human Interfaces

There is often a need for users to securely interact with a remote computing system, ensuring the integrity and authenticity of transmitted messages. Typical solutions assume that a local trusted computing platform is available to perform cryptographic operations, but this is often not the case. We introduce KHAP, a protocol for using hard artificial intelligence problems to provide message authentication checks centered around a human verifier. We also formally introduce the notion of a keyed hard AI problem, which is one that uses an authentication key to prove the source and integrity of a message. We give examples of some keyed hard AI problems, as well as examples of KHAP’s applicability to the specific problem domains of Internet voting and the use of smartcards for digital signatures.

[1]  Moni Naor,et al.  Visual Authentication and Identification , 1997, CRYPTO.

[2]  Daniel P. Lopresti,et al.  A reverse turing test using speech , 2002, INTERSPEECH.

[3]  Eric Rescorla,et al.  HTTP Over TLS , 2000, RFC.

[4]  Hideki Imai,et al.  Human Identification Through Insecure Channel , 1991, EUROCRYPT.

[5]  Qi Li,et al.  Cryptographic key generation from voice , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[6]  Radek Vingralek,et al.  How to build a trusted database system on untrusted storage , 2000, OSDI.

[7]  Manuel Blum,et al.  Secure Human Identification Protocols , 2001, ASIACRYPT.

[8]  Sean W. Smith,et al.  Smart cards in hostile environments , 1996 .

[9]  István Vajda,et al.  Documents from malicious terminals , 2003, SPIE Microtechnologies.

[10]  Bennet S. Yee,et al.  Using Secure Coprocessors , 1994 .

[11]  John Langford,et al.  CAPTCHA: Using Hard AI Problems for Security , 2003, EUROCRYPT.