SECURITY AND USER EXPERIENCE: A HOLISTIC MODEL FOR CAPTCHA USABILITY ISSUES

CAPTCHA is a widely adopted security measure in the Web, and is designed to effectively distinguish humans and bots by exploiting human’s ability to recognize patterns that an automated bot is incapable of. To counter this, bots are being designed to recognize patterns in CAPTCHAs. As a result, CAPTCHAs are now being designed to maximize the difficulty for bots to pass human interaction proof tests, while making it quite an arduous task even for humans as well. The approachability of CAPTCHA is increasingly being questioned because of the inconvenience it causes to legitimate users. Irrespective of the popularity, CAPTCHA is indispensable if one wants to avoid potential security threats. We investigated the usability issues associated with CAPTCHA. We built a holistic model by identifying the important concepts associated with CAPTCHAs and its usability. This model can be used as a guide for the design and evaluation of CAPTCHAs

Completely Automated Public Physical test to tell Computers and Humans Apart: A usability study on mobile devices

A very common approach adopted to fight the increasing sophistication and dangerousness of malware and hacking is to introduce more complex authentication mechanisms. This approach, however, introduces additional cognitive burdens for users and lowers the whole authentication mechanism acceptability to the point of making it unusable. On the contrary, what is really needed to fight the onslaught of automated attacks to users data and privacy is to first tell human and computers apart and then distinguish among humans to guarantee correct authentication. Such an approach is capable of completely thwarting any automated attempt to achieve unwarranted access while it allows keeping simple the mechanism dedicated to recognizing the legitimate user. This kind of approach is behind the concept of Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA), yet CAPTCHA leverages cognitive capabilities, thus the increasing sophistication of computers calls for more and more difficult cognitive tasks that make them either very long to solve or very prone to false negatives. We argue that this problem can be overcome by substituting the cognitive component of CAPTCHA with a different property that programs cannot mimic: the physical nature. In past work we have introduced the Completely Automated Public Physical test to tell Computer and Humans Apart (CAPPCHA) as a way to enhance the PIN authentication method for mobile devices and we have provided a proof of concept implementation. Similarly to CAPTCHA, this mechanism can also be used to prevent automated programs from abusing online services. However, to evaluate the real efficacy of the proposed scheme, an extended empirical assessment of CAPPCHA is required as well as a comparison of CAPPCHA performance with the existing state of the art. To this aim, in this paper we carry out an extensive experimental study on both the performance and the usability of CAPPCHA involving a high number of physical users, and we provide comparisons of CAPPCHA with existing flavors of CAPTCHA

Implementasi Prosedur Forensik Untuk Analisis Artefak Whatsapp Pada Ponsel Android

Dengan maraknya penggunaan smartphone terutama yang berbasis Android yang menguasai hampir mencapai 85% pasar smartphone juga mendorong peningkatan jumlah penggunaan aplikasi pertukaran pesan seperti WhatsApp, facebook Messenger dan lainnya. Pengguna aplikasi WhatsApp messenger di seluruh dunia sejak April 2016 telah mencapai lebih dari 1 milyar mengungguli aplikasi sejenis. Di sisi lain pada beberapa kasus kejahatan dan kasus perdata yang sedang marak, mulai menggunakan barang bukti  berupa percakapan, gambar, rekaman video dan lainnya yang berasal dari aplikasi WhatsApp.        Untuk itu pada penelitian ini menghasilkan prosedur yang bisa dijadikan rujukan dalam melakukan investigasi forensic aplikasi WhatsApp untuk mendapatkan barang bukti berupa sesi percakapan, data media seperti audio, no kontak, foto dan lainnya. Penelitian ini menggunakan teknik dekripsi file database aplikasi WhatsApp untuk membaca file database backup yang terenkripsi yang menyimpan sesi percakapan yang sudah dihapus

Оцінювання вразливостей системи кіберзахисту на основі оптичного тесту Тюрінга CAPTCHA

Робота складається з 3 розділів, містить 23 ілюстрації, 5 таблиць, 26 літературних посилань, обсяг роботи – 48 сторінки. Мета роботи полягає в оцінені сильних та слабких сторін різних моделей захисту з використанням тесту Тюрінга Captcha. Об’єктом дослідження є модель захисту від кібератак за допомогою оптичного тесту Тюрінга captcha. Предметом дослідження є вразливості використання різних моделей captcha та методи покращення кібербезпеки. Результати роботи можуть бути використані для підвищення стану захищеності інформаційних ресурсів від ботів, які в свою чергу мають на меті викрадення користувацької інформації, забруднення веб-ресурсу, автоматичний підбор паролів тощо. Результати роботи доповідалися на XIX Всеукраїнській науково-практичній конференції студентів, аспірантів та молодих вчених «Теоретичні та прикладні проблеми фізики, математики та інформатики».The work consists of 3 sections, contains 23 illustrations, 5 tables, 26 references, the volume of work – 48 pages. The aim of the work is to evaluate the strengths and weaknesses of different protection models using the Captcha Turing test. The object of the study is a model of protection against cyber-attacks using the optical Turing captcha test. The subject of the study is the variability in the use of different captcha models and methods to improve security. The results can be used to improve the protection of information resources against bots, which in turn are used to detect corrupted information, blocking the web resource, automatic selection of passwords, etc. The results were presented at the XIX All-Ukrainian scientific and practical conference of students, graduate students and young scientists "Theoretical and applied problems of physics, mathematics and informatics"