Institut für Informatik



Auf Einladung von Prof. Alexandra Dmitrienko findet im Sommersemester 2023 der folgende Vortrag statt:

Montag, 24. April 2023, 16:15 Uhr, Zuse-Hörsaal, Informatikgebäude, Am Hubland

Prof. Gene Y. Tsudik
University of California, Irvine, USA

CACTI: Captcha Avoidance via Client-side TEE Integration


Preventing abuse of web services by bots is an increasingly important problem, as abusive activities grow in both volume and variety. CAPTCHAs are the most common way for thwarting bot activities. However, they are often ineffective against bots and frustrating for humans. In addition, some recent CAPTCHA techniques diminish user privacy. Meanwhile, client-side Trusted Execution Environments (TEEs) are becoming increasingly widespread (notably, ARM TrustZone and Intel SGX), allowing establishment of trust in a small part (trust anchor or TCB) of client-side hardware. This prompts the question: can a TEE help reduce (or remove entirely) user burden of solving CAPTCHAs?

In this work, we design CACTI: CAPTCHA Avoidance via Client-side TEE Integration. Using client-side Trusted Execution Environments, CACTI allows legitimate clients to generate unforgeable rate-proofs demonstrating how frequently they have performed specific actions. These rate-proofs can be sent to web servers in lieu of solving CAPTCHAs. CACTI provides strong client privacy guarantees, since the information is only sent to the visited website and authenticated using a group signature scheme. Our evaluations show that overall latency of generating and verifying a CACTI rate-proof is less than 0:25 sec, while CACTI bandwidth overhead is over 98% lower than that of current CAPTCHA systems.


Short bio:

Gene Tsudik is a Distinguished Professor of Computer Science at the University of California, Irvine (UCI). He obtained his PhD in Computer Science from USC in 1991. Before coming to UCI in 2000, he was at the IBM Zurich Research Laboratory (1991-1996) and USC/ISI (1996-2000). His research interests include many topics in security, privacy and applied cryptography. Gene Tsudik is a Fulbright Scholar, Fulbright Specialist (thrice), a fellow of ACM, IEEE, AAAS, IFIP and a foreign member of Academia Europaea. From 2009 to 2015 he served as Editor-in-Chief of ACM Transactions on Information and Systems Security (TISSEC, renamed TOPS in 2016). Gene was the recipient of 2017 ACM SIGSAC Outstanding Contribution Award. He is also the author of the first crypto-poem published as a refereed paper.



Weitere Vorträge: Informatik-Kolloquium im Sommersemester 2023