CAPTCHA Accessibility Study of Online Forums

The rise of online forums has benefited disabled users, who take advantage of better communications and more inclusion into society. However, even with accessibility laws that are supposed to provide disabled people the same equal access as non-disabled users, sites have erected technical barriers, such as CAPTCHAs, that prevent users from taking full advantage of site capability. This study analyzes 150 online forums to determine if sites use CAPTCHAs, and what types are used. Each variety presents accessibility problems to disabled users and the results of the research show that most sites use text-based CAPTCHAs, but rarely provide alternatives that would help users with visual disabilities. The research presents alternatives that site designers may wish to consider in order to allow more disabled users to access their sites

Research trends on CAPTCHA: A systematic literature

The advent of technology has crept into virtually all sectors and this has culminated in automated processes making use of the Internet in executing various tasks and actions. Web services have now become the trend when it comes to providing solutions to mundane tasks. However, this development comes with the bottleneck of authenticity and intent of users. Providers of these Web services, whether as a platform, as a software or as an Infrastructure use various human interaction proof’s (HIPs) to validate authenticity and intent of its users. Completely automated public turing test to tell computer and human apart (CAPTCHA), a form of IDS in web services is advantageous. Research into CAPTCHA can be grouped into two -CAPTCHA development and CAPTCH recognition. Selective learning and convolutionary neural networks (CNN) as well as deep convolutionary neural network (DCNN) have become emerging trends in both the development and recognition of CAPTCHAs. This paper reviews critically over fifty article publications that shows the current trends in the area of the CAPTCHA scheme, its development and recognition mechanisms and the way forward in helping to ensure a robust and yet secure CAPTCHA development in guiding future research endeavor in the subject domain

Human Public-Key Encryption

This paper proposes a public-key cryptosystem and a short password encryption mode, where traditional hardness assumptions are replaced by specific refinements of the CAPTCHA concept called Decisional and Existential CAPTCHAs. The public-key encryption method, achieving 128-bit security, typically requires from the sender to solve one CAPTCHA. The receiver does not need to resort to any human aid. A second symmetric encryption method allows to encrypt messages using very short passwords shared between the sender and the receiver. Here, a simple 5-character alphanumeric password provides sufficient security for all practical purposes. We conjecture that the automatic construction of Decisional and Existential CAPTCHAs is possible and provide candidate ideas for their implementation

Not-a-Bot (NAB): Improving Service Availability in the Face of Botnet Attacks

A large fraction of email spam, distributed denial-of-service (DDoS) attacks, and click-fraud on web advertisements are caused by traffic sent from compromised machines that form botnets. This paper posits that by identifying human-generated traffic as such, one can service it with improved reliability or higher priority, mitigating the effects of botnet attacks. The key challenge is to identify human-generated traffic in the absence of strong unique identities. We develop NAB (``Not-A-Bot''), a system to approximately identify and certify human-generated activity. NAB uses a small trusted software component called an attester, which runs on the client machine with an untrusted OS and applications. The attester tags each request with an attestation if the request is made within a small amount of time of legitimate keyboard or mouse activity. The remote entity serving the request sends the request and attestation to a verifier, which checks the attestation and implements an application-specific policy for attested requests. Our implementation of the attester is within the Xen hypervisor. By analyzing traces of keyboard and mouse activity from 328 users at Intel, together with adversarial traces of spam, DDoS, and click-fraud activity, we estimate that NAB reduces the amount of spam that currently passes through a tuned spam filter by more than 92%, while not flagging any legitimate email as spam. NAB delivers similar benefits to legitimate requests under DDoS and click-fraud attacks