Suppressing bot traffic with accurate human attestation
Human attestation is a promising technique to suppress un- wanted bot trac in the Internet. With a proof of human existence attached to the message, the receiving end can verify whether the content is actually drafted by humans. This technique can signicantly reduce bot-generated abuse such as spamming, password cracking or ven distributed denial-of-service (DDoS) attacks. Unfortunately, existing methods rely on the probabilistic haracteristics of attestations and can be exploited by smart attackers. In this paper, we propose eterministic human attestation based on trustworthy input devices. By placing the root of trust on the input device, we ightly bind the input events to the content for network delivery. Each input event is generated with a ryptographic hash that attests to human activity and the message consisting of such events gets a third-party veriable digital signature that is carried to the remote application. For this, we augment the input device
with a trusted platform module (TPM) chip and a small attester running inside the device. We focus on rustworthy keyboards here but we plan to extend the framework to other input devices.
- Publisher
- ACM
- Issue Date
- 2010-08-30
- Language
- English
- Citation
1st ACM Asia-Pacific Workshop on Systems, APSys '10, Co-located with SIGCOMM 2010, pp.43 - 47
- Appears in Collection
- EE-Conference Papers(학술회의논문)
- Files in This Item
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.