CAHICHA: Computer Automated Hardware Interaction test to tell Computer and Humans Apart

TL;DR

This paper introduces CAHICHA, a hardware-based user verification system that reliably distinguishes real humans from AI-powered bots by leveraging hardware interaction signals and cryptographic user presence verification.

Contribution

It presents a novel hardware interaction-based verification method that improves security and usability over traditional CAPTCHA and knowledge-based techniques.

Findings

System demonstrated high throughput and zero request failures.

Achieved robust security against automated attacks.

Proved effective under high concurrency conditions.

Abstract

As automation bot technology and Artificial Intelligence is evolving rapidly, conventional human verification techniques like voice CAPTCHAs and knowledge-based authentication are becoming less effective. Bots and scrapers with Artificial Intelligence (AI) capabilities can now detect and solve visual challenges, emulate human like typing patterns, and avoid most security tests, leading to high-volume threats like credential stuffing, account abuse, ad fraud, and automated scalping. This leaves a vital gap in identifying real human users versus advanced bots. We present a novel technique for distinguishing real human users based on hardware interaction signals to address this issue. In contrast to conventional approaches, our method leverages human interactions and a cryptographically attested User Presence (UP) flag from trusted hardware to verify genuine physical user engagement providing a secure and reliable way to distinguish authentic users from automated bots or scripted routines. The suggested approach was thoroughly assessed in terms of performance, usability, and security. The system demonstrated consistent throughput and zero request failures under prolonged concurrent user demand, indicating good operational reliability, efficient load handling, and the underlying architecture's robustness. These thorough analyses support the conclusion that the suggested system provides a safer, more effective, and easier-to-use substitute for current human verification methods.