Tuesday, April 05, 2005

HIPs or Human Interactive Proofs

While making a rare visit to my discarded Hotmail account, the following text came when i logged in:
MSN Hotmail is also working to help stop junk e-mailers from misusing Hotmail accounts by providing a tool called Human Interactive Proof (HIP). To help our ongoing fight against junk e-mail, please fill out the text when prompted.
Want more information?


While the provided link took me to "An Idiot's guide to using Email" page, I decided to search on HIPs.
Remember those distorted, broken numbers you were asked to enter on most of the sites when creating an account, or when downloading a file? Turns out they all are a part of "CAPTCHA Project".

On the homepage were examples, which showed how urgent need it is to develop such technologies. Here's one
Online Polls. In November 1999, http://www.slashdot.com released an online poll asking which was the best graduate school in computer science (a dangerous question to ask over the web!). As is the case with most online polls, IP addresses of voters were recorded in order to prevent single users from voting more than once. However, students at Carnegie Mellon found a way to stuff the ballots using programs that voted for CMU thousands of times. CMU's score started growing rapidly. The next day, students at MIT wrote their own program and the poll became a contest between voting "bots". MIT finished with 21,156 votes, Carnegie Mellon with 21,032 and every other school with less than 1,000. Can the result of any online poll be trusted? Not unless the poll requires that only humans can vote.

Here's an excerpt from another website explaining HIPs
Classical cryptography has often factored humans out of the equation: when we say Alice and Bob can communicate securely (or authenticate, or sign, or perform a zero knowledge proof), we really mean Alice and Bob's computers can communicate securely. This has resulted in humans being a major security hole in practice. Human Interactive Proofs (HIPs) are an attempt to bring humans back into the picture.
HIPs provide solutions to at least two basic problems in human-related cryptography: telling human users apart from computers (or `bots'), and authenticating single humans securely in the presence of very powerful eavesdroppers.


Few have already broken certain algorithms. CAPTCHA homepage has the list. With quite high accuracy rates too. Nice to see Indians featuring in teams' rosters.

No comments: