DeepAI AI Chat
Log In Sign Up

CACTI: Captcha Avoidance via Client-side TEE Integration

by   Yoshimichi Nakatsuka, et al.
University of California, Irvine

Preventing abuse of web services by bots is an increasingly important problem, as abusive activities grow in both volume and variety. CAPTCHAs are the most common way for thwarting bot activities. However, they are often ineffective against bots and frustrating for humans. In addition, some recent CAPTCHA techniques diminish user privacy. Meanwhile, client-side Trusted Execution Environments (TEEs) are becoming increasingly widespread (notably, ARM TrustZone and Intel SGX), allowing establishment of trust in a small part (trust anchor or TCB) of client-side hardware. This prompts the question: can a TEE help reduce (or remove entirely) user burden of solving CAPTCHAs? In this paper, we design CACTI: CAPTCHA Avoidance via Client-side TEE Integration. Using client-side TEEs, CACTI allows legitimate clients to generate unforgeable rate-proofs demonstrating how frequently they have performed specific actions. These rate-proofs can be sent to web servers in lieu of solving CAPTCHAs. CACTI provides strong client privacy guarantees, since the information is only sent to the visited website and authenticated using a group signature scheme. Our evaluations show that overall latency of generating and verifying a CACTI rate-proof is less than 0.25 sec, while CACTI's bandwidth overhead is over 98 systems.


page 3

page 12


Trustware: A Device-based Protocol for Verifying Client Legitimacy

Online services commonly attempt to verify the legitimacy of users with ...

Cloud Data Auditing Using Proofs of Retrievability

Cloud servers offer data outsourcing facility to their clients. A client...

Oblivious DNS: Practical Privacy for DNS Queries

Every Internet communication typically involves a Domain Name System (DN...

Specular: Towards Trust-minimized Blockchain Execution Scalability with EVM-native Fraud Proofs

An optimistic rollup (ORU) enables refereed delegation of computation fr...

Hector: Using Untrusted Browsers to Provision Web Applications

Web applications are on the rise and rapidly evolve into more and more m...

Proofs of Proof-of-Stake with Sublinear Complexity

Popular Ethereum wallets (e.g., MetaMask) entrust centralized infrastruc...

Cryptocurrency with Fully Asynchronous Communication based on Banks and Democracy

Cryptocurrencies came to the world in the recent decade and attempted to...