Attacks on websites from automated clients remain a significant problem for the Internet. Websites often employ reverse Turing tests known as CAPTCHAs to combat automated agents. Unfortunately, that defense requires frequent human user input, is becoming less effective as computer vision techniques improve, and can be completely subverted by adversaries willing to hire humans to solve challenges.
Several alternative defenses based upon cryptographic methods rather than human input have been proposed to achieve the same goals. One such "Proof-of-Work" technique prioritizes clients based on their willingness to solve computational challenges of client-specific difficulty set by the server. Unfortunately, few Proof-of-Work schemes have been deployed since they require wide-scale adoption of special client software.
This talk focuses on solutions to these problems. We will present mod_kaPoW, a novel system that has the efficiency and human-transparency of Proof-of-Work schemes as well as the software backwards-compatibility of CAPTCHA schemes. The system leverages common web technologies to deliver a challenge, solve it, and submit the client response, while still providing accessibility for legacy clients.
Edward Kaiser is a doctoral candidate in the Department of Computer Science at Portland State University. Ed graduated from the University of Waterloo (Canada) in 2003 with a BASc degree in Computer Engineering. His current research focuses on network security, specifically an area known as "Proof-of-Work" where he has developed a number of prototype systems. His research goals include developing computational challenges that provide reusable or meaningful computation, and algorithms for effectively controlling the difficulty of a Proof-of-Work challenge.
Wu-chang Feng