CACTI: Captcha Avoidance via Client-side TEE Integration

07/20/2020
by   Yoshimichi Nakatsuka, et al.
0

Preventing abuse of web services by bots is an increasingly important problem, as abusive activities grow in both volume and variety. CAPTCHAs are the most common way for thwarting bot activities. However, they are often ineffective against bots and frustrating for humans. In addition, some recent CAPTCHA techniques diminish user privacy. Meanwhile, client-side Trusted Execution Environments (TEEs) are becoming increasingly widespread (notably, ARM TrustZone and Intel SGX), allowing establishment of trust in a small part (trust anchor or TCB) of client-side hardware. This prompts the question: can a TEE help reduce (or remove entirely) user burden of solving CAPTCHAs? In this paper, we design CACTI: CAPTCHA Avoidance via Client-side TEE Integration. Using client-side TEEs, CACTI allows legitimate clients to generate unforgeable rate-proofs demonstrating how frequently they have performed specific actions. These rate-proofs can be sent to web servers in lieu of solving CAPTCHAs. CACTI provides strong client privacy guarantees, since the information is only sent to the visited website and authenticated using a group signature scheme. Our evaluations show that overall latency of generating and verifying a CACTI rate-proof is less than 0.25 sec, while CACTI's bandwidth overhead is over 98 systems.

READ FULL TEXT

page 3

page 12

research
11/05/2017

Trustware: A Device-based Protocol for Verifying Client Legitimacy

Online services commonly attempt to verify the legitimacy of users with ...
research
11/16/2017

Cloud Data Auditing Using Proofs of Retrievability

Cloud servers offer data outsourcing facility to their clients. A client...
research
06/01/2018

Oblivious DNS: Practical Privacy for DNS Queries

Every Internet communication typically involves a Domain Name System (DN...
research
12/10/2022

Specular: Towards Trust-minimized Blockchain Execution Scalability with EVM-native Fraud Proofs

An optimistic rollup (ORU) enables refereed delegation of computation fr...
research
10/19/2020

Hector: Using Untrusted Browsers to Provision Web Applications

Web applications are on the rise and rapidly evolve into more and more m...
research
02/03/2023

Committed Private Information Retrieval

A private information retrieval (PIR) scheme allows a client to retrieve...
research
04/13/2019

Cryptocurrency with Fully Asynchronous Communication based on Banks and Democracy

Cryptocurrencies came to the world in the recent decade and attempted to...

Please sign up or login with your details

Forgot password? Click here to reset