KHAP: Using Keyed Hard AI Problems to Secure Human Interfaces

Suppose Alice is a on a trip to a computer security conference. Her coworker, Bob, stays behind to watch over their cubicles. Suddenly, Alice remembers that she forgot to send an important memo to Bob. No problem, she thinks – there are computers available at the conference, and she can just fire off an email to Bob. Because it’s so important, Alice is going to want to sign the memo. Because Alice always carries a smartcard that has her private key, she can sign the memo. She sits down at a conference computer, plugs her smartcard into the computer’s reader, and types out the memo. She presses the send button, and the memo is sent to her card for signing; the signature comes back to the computer and is emailed with the memo to Bob. Or is it? What did the smartcard really sign? How does Alice know it’s the same thing that was on her screen? How does Alice even know if anything was sent to her card? When humans interact with computing systems, the human often wants to know that data has reached the intended system, and that it has not been modified in transit. Traditionally, this issue has been dealt with by making one of two assumptions: 1. there is a direct channel between the human and the system; the human identifies the system by its ability to transmit on the channel, and it is assumed that an attacker is not able to tamper with data on the channel. Examples include Automated Teller Machines (ATM) and programs running locally on Personal Computers (PCs). 2. the human has a direct channel to a computing platform that he trusts at least as much as the destination system. This trusted platform communicates with the destination system over an untrusted channel; it uses cryptography to verify the system’s identity and the integrity of the data. An example is using a PC to browse a web page through an encrypted tunnel[10]. In our example, Alice assumed that she had a direct, secure link to her smartcard. In reality, she was trusting the computer she was sitting at to accurately relay the information. If the computer was acting maliciously, it could easily have displayed one memo on screen and sent another to the smartcard to be signed; Alice has no way of directly communicating with the smartcard. There are many cases where a computing system is not accessible by a direct, trusted link. The system may be physically located far away. It may be incapable of direct interaction, as with a typical smartcard. Likewise, the assumption that an intermediate platform can be trusted is often false. The platform may be a public