πŸ“„ Security Whitepaper β€” v2.1

HumanAttest Security Whitepaper

A technical overview of the HumanAttest architecture, threat model, cryptographic protocols, and privacy guarantees.

Version 2.1.0Β·Published May 2026Β·HumanAttest Security Ltd.

1. Executive Summary

Business Email Compromise (BEC) caused over $2.9 billion in losses in 2023 (FBI IC3). The root cause is not weak passwords β€” it is the absence of human-intent verification at the send layer. HumanAttest introduces a mandatory out-of-band verification step that proves a real human intentionally sent an email, using FIDO2 WebAuthn or TOTP, without ever accessing email content.

2. Threat Model

HumanAttest is designed to defend against:

Session Hijacking

Attacker steals browser session cookie and sends emails from victim's account. HumanAttest blocks this β€” the attacker cannot pass the biometric/TOTP check without the victim's physical device.

AI-Generated Phishing

AI writes convincing emails from compromised accounts. HumanAttest ensures every sent email has a cryptographic proof of human intent.

Malware-Driven Sending

Malware on the victim's machine attempts to send emails silently. The extension intercepts all send actions, including programmatic ones.

Insider Threats

An employee sends unauthorized emails. The audit log provides a timestamped, cryptographically signed record of every verified send action.

3. Cryptographic Protocol

The verification flow uses standard, auditable cryptographic primitives:

Hash Function

SHA-256 (NIST FIPS 180-4)

WebAuthn

FIDO2 / W3C Level 2

TOTP

RFC 6238 (HMAC-SHA1, 30s window)

Transport

TLS 1.3

Storage Encryption

AES-256-GCM

Key Exchange

ECDH P-256

4. Privacy Architecture

HumanAttest is designed with a zero-knowledge architecture. The extension has no Gmail API permissions and cannot read email content. The server receives only a cryptographic hash β€” never the email itself. This is enforced at the protocol level, not just by policy.

Data Minimization Principle

We collect the minimum data required to prove human intent. The four stored fields (hash, timestamp, name, result) are the irreducible minimum for a verifiable audit trail. No additional data is collected, inferred, or retained.

For security disclosures, contact security@humanattest.com. For the full technical specification, see the Documentation.