POSH: A generalized CAPTCHA with security applications

Waseem Daher, Ran Canetti*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

7 Scopus citations

Abstract

A puzzle only solvable by humans, or POSH, is a prompt or question with three important properties: it can be generated by a computer, it can be answered consistently by a human, and a human answer cannot be efficiently predicted by a computer. In fact, unlike a CAPTCHA, a POSHdoes not necessarily have to be verifiable by a computer at all. One application of POSHes is a scheme proposed by Canetti et al. that limits off-line dictionary attacks against password-protected local storage, without the use of any secure hardware or secret storage. We explore the area of POSHes, implement several candidate POSHes and have users solve them, to evaluate their effectiveness. Given these data, we then implement the above scheme as an extension to the Mozilla Firefox web browser, where it is used to protect user certificates and saved passwords. In the course of doing so, we also define certain aspects of the threat model for our implementation (and the scheme) more precisely.

Original languageEnglish
Title of host publicationProceedings of the 1st ACM Workshop on AISec, AISec'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
Pages1-10
Number of pages10
DOIs
StatePublished - 2008
Externally publishedYes
Event1st ACM Workshop on AISec, AISec'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08 - Alexandria, VA, United States
Duration: 27 Oct 200831 Oct 2008

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference1st ACM Workshop on AISec, AISec'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
Country/TerritoryUnited States
CityAlexandria, VA
Period27/10/0831/10/08

Fingerprint

Dive into the research topics of 'POSH: A generalized CAPTCHA with security applications'. Together they form a unique fingerprint.

Cite this