Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Reliability and security in the CoDeeN content distribution network
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Securing web service by automatic robot detection
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
Filtering spam with behavioral blacklisting
Proceedings of the 14th ACM conference on Computer and communications security
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Exploiting network structure for proactive spam mitigation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Characterizing botnets from email spam records
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Spamming botnets: signatures and characteristics
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Studying spamming botnets using Botlab
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Not-a-Bot: improving service availability in the face of botnet attacks
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
BotGraph: large scale spamming botnet detection
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Detecting spammers with SNARE: spatio-temporal network-level automatic reputation engine
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
| Hi-index | 0.00 |
Human attestation is a promising technique to suppress unwanted bot traffic in the Internet. With a proof of human existence attached to the message, the receiving end can verify whether the content is actually drafted by humans. This technique can significantly reduce bot-generated abuse such as spamming, password cracking or even distributed denial-of-service (DDoS) attacks. Unfortunately, existing methods rely on the probabilistic characteristics of attestations and can be exploited by smart attackers. In this paper, we propose deterministic human attestation based on trustworthy input devices. By placing the root of trust on the input device, we tightly bind the input events to the content for network delivery. Each input event is generated with a cryptographic hash that attests to human activity and the message consisting of such events gets a third-party verifiable digital signature that is carried to the remote application. For this, we augment the input device with a trusted platform module (TPM) chip and a small attester running inside the device. We focus on trustworthy keyboards here but we plan to extend the framework to other input devices.