Protecting Web Resources from Massive Automated Access
The goal of this project is to define effective solutions to prevent massive access to web contents from automated programs, which often represent a threat to security and data integrity of Web application and online services.
The research activity was supported by the PRIN 2006 project and allowed to develop a novel system for content protection, which exploits the properties of picture-based CAPTCHAs. It has been applied with success to the context of Internet polls security and generic Web resources.
Preventing massive automated access to Web resources
Automated web tools are used to achieve a wide range of different tasks, some of which are legal activities, whilst others are considered attacks to the security and data integrity of online services. For this reason, effective solutions to counter the threat represented by such programs are required.
We have studied the problem of massive automated access to web resources and we have developed MosaHIP, a Mosaic-based Human Interactive Proof (HIP, also known as CAPTCHA). Properties of the proposed solution grant an improved security over usual text-based and picture-based HIPs, whereas the user-friendliness of the system alleviates the user from the discomfort of typing any text before accessing to a web content.
Avoiding massive automated voting in Internet polls
We have investigated the security of Polls in an open Internet scenario, where (1) clients cannot be customized or initialized in any way, (2) remote networks have arbitrary architectures including possible proxies and NAT, and (3) it is practically impossible to distribute tokens or passwords. Another requirement is that IP locking cannot be used, because it prevents a large number of legal votes. We have developed a method that is not based on IP-locking and yet is secure against automated attacks, that could massively change the result of the poll.