296 research outputs found
A Novel Gesture-based CAPTCHA Design for Smart Devices
CAPTCHAs have been widely used in Web applications to prevent service abuse. With the evolution of computing environment from desktop computing to ubiquitous computing, more and more users are accessing Web applications on smart devices where touch based interactions are dominant. However, the majority of CAPTCHAs are designed for use on computers and laptops which do not reflect the shift of interaction style very well. In this paper, we propose a novel CAPTCHA design to utilise the convenience of touch interface while retaining the needed security. This is achieved through using a hybrid challenge to take advantages of human’s cognitive abilities. A prototype is also developed and found to be more user friendly than conventional CAPTCHAs in the preliminary user acceptance test
CAPTCHaStar! A novel CAPTCHA based on interactive shape discovery
Over the last years, most websites on which users can register (e.g., email
providers and social networks) adopted CAPTCHAs (Completely Automated Public
Turing test to tell Computers and Humans Apart) as a countermeasure against
automated attacks. The battle of wits between designers and attackers of
CAPTCHAs led to current ones being annoying and hard to solve for users, while
still being vulnerable to automated attacks.
In this paper, we propose CAPTCHaStar, a new image-based CAPTCHA that relies
on user interaction. This novel CAPTCHA leverages the innate human ability to
recognize shapes in a confused environment. We assess the effectiveness of our
proposal for the two key aspects for CAPTCHAs, i.e., usability, and resiliency
to automated attacks. In particular, we evaluated the usability, carrying out a
thorough user study, and we tested the resiliency of our proposal against
several types of automated attacks: traditional ones; designed ad-hoc for our
proposal; and based on machine learning. Compared to the state of the art, our
proposal is more user friendly (e.g., only some 35% of the users prefer current
solutions, such as text-based CAPTCHAs) and more resilient to automated
attacks.Comment: 15 page
Completely Automated Public Physical test to tell Computers and Humans Apart: A usability study on mobile devices
A very common approach adopted to fight the increasing sophistication and dangerousness of malware and hacking is to introduce more complex authentication mechanisms. This approach, however, introduces additional cognitive burdens for users and lowers the whole authentication mechanism acceptability to the point of making it unusable. On the contrary, what is really needed to fight the onslaught of automated attacks to users data and privacy is to first tell human and computers apart and then distinguish among humans to guarantee correct authentication. Such an approach is capable of completely thwarting any automated attempt to achieve unwarranted access while it allows keeping simple the mechanism dedicated to recognizing the legitimate user. This kind of approach is behind the concept of Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA), yet CAPTCHA leverages cognitive capabilities, thus the increasing sophistication of computers calls for more and more difficult cognitive tasks that make them either very long to solve or very prone to false negatives. We argue that this problem can be overcome by substituting the cognitive component of CAPTCHA with a different property that programs cannot mimic: the physical nature. In past work we have introduced the Completely Automated Public Physical test to tell Computer and Humans Apart (CAPPCHA) as a way to enhance the PIN authentication method for mobile devices and we have provided a proof of concept implementation. Similarly to CAPTCHA, this mechanism can also be used to prevent automated programs from abusing online services. However, to evaluate the real efficacy of the proposed scheme, an extended empirical assessment of CAPPCHA is required as well as a comparison of CAPPCHA performance with the existing state of the art. To this aim, in this paper we carry out an extensive experimental study on both the performance and the usability of CAPPCHA involving a high number of physical users, and we provide comparisons of CAPPCHA with existing flavors of CAPTCHA
CAPTCHA Accessibility Study of Online Forums
The rise of online forums has benefited disabled users, who take advantage of better communications and more inclusion into society. However, even with accessibility laws that are supposed to provide disabled people the same equal access as non-disabled users, sites have erected technical barriers, such as CAPTCHAs, that prevent users from taking full advantage of site capability. This study analyzes 150 online forums to determine if sites use CAPTCHAs, and what types are used. Each variety presents accessibility problems to disabled users and the results of the research show that most sites use text-based CAPTCHAs, but rarely provide alternatives that would help users with visual disabilities. The research presents alternatives that site designers may wish to consider in order to allow more disabled users to access their sites
Designing Mobile Friendly CAPTCHAs: An Exploratory Study.
CAPTCHAs (Completely Automated Public Turing Test to Tell Computers and Humans Apart) are one of the most widely used authentication mechanisms that help to prevent online service abuse. With the advent of mobile computing, mobile devices such as smartphones and tablets have become the primary way people access the Internet. As a result, increasing attention has been paid to designing CAPTCHAs that are mobile friendly. Although such CAPTCHAs generally show their advantages over traditional ones, it is still unclear what the best practices are for designing a CAPTCHA scheme that is easy to use on mobile devices. In this paper, we present an exploratory study that focuses on developing a more holistic view of usability issues with interactive CAPTCHAs to inform design guidance. This is done through investigating the usability performance of seven mobile friendly CAPTCHA schemes representing five different CAPTCHA types
SECURITY AND USER EXPERIENCE: A HOLISTIC MODEL FOR CAPTCHA USABILITY ISSUES
CAPTCHA is a widely adopted security measure in the Web, and is designed to effectively distinguish humans and bots by exploiting human’s ability to recognize patterns that an automated bot is incapable of. To counter this, bots are being designed to recognize patterns in CAPTCHAs. As a result, CAPTCHAs are now being designed to maximize the difficulty for bots to pass human interaction proof tests, while making it quite an arduous task even for humans as well. The approachability of CAPTCHA is increasingly being questioned because of the inconvenience it causes to legitimate users. Irrespective of the popularity, CAPTCHA is indispensable if one wants to avoid potential security threats. We investigated the usability issues associated with CAPTCHA. We built a holistic model by identifying the important concepts associated with CAPTCHAs and its usability. This model can be used as a guide for the design and evaluation of CAPTCHAs
CAPTCHA Types and Breaking Techniques: Design Issues, Challenges, and Future Research Directions
The proliferation of the Internet and mobile devices has resulted in
malicious bots access to genuine resources and data. Bots may instigate
phishing, unauthorized access, denial-of-service, and spoofing attacks to
mention a few. Authentication and testing mechanisms to verify the end-users
and prohibit malicious programs from infiltrating the services and data are
strong defense systems against malicious bots. Completely Automated Public
Turing test to tell Computers and Humans Apart (CAPTCHA) is an authentication
process to confirm that the user is a human hence, access is granted. This
paper provides an in-depth survey on CAPTCHAs and focuses on two main things:
(1) a detailed discussion on various CAPTCHA types along with their advantages,
disadvantages, and design recommendations, and (2) an in-depth analysis of
different CAPTCHA breaking techniques. The survey is based on over two hundred
studies on the subject matter conducted since 2003 to date. The analysis
reinforces the need to design more attack-resistant CAPTCHAs while keeping
their usability intact. The paper also highlights the design challenges and
open issues related to CAPTCHAs. Furthermore, it also provides useful
recommendations for breaking CAPTCHAs
Towards Enhanced Usability of IT Security Mechanisms - How to Design Usable IT Security Mechanisms Using the Example of Email Encryption
Nowadays, advanced security mechanisms exist to protect data, systems, and
networks. Most of these mechanisms are effective, and security experts can
handle them to achieve a sufficient level of security for any given system.
However, most of these systems have not been designed with focus on good
usability for the average end user. Today, the average end user often struggles
with understanding and using security mecha-nisms. Other security mechanisms
are simply annoying for end users. As the overall security of any system is
only as strong as the weakest link in this system, bad usability of IT security
mechanisms may result in operating errors, resulting in inse-cure systems.
Buying decisions of end users may be affected by the usability of security
mechanisms. Hence, software provid-ers may decide to better have no security
mechanism then one with a bad usability. Usability of IT security mechanisms is
one of the most underestimated properties of applications and sys-tems. Even IT
security itself is often only an afterthought. Hence, usability of security
mechanisms is often the after-thought of an afterthought. This paper presents
some guide-lines that should help software developers to improve end user
usability of security-related mechanisms, and analyzes com-mon applications
based on these guidelines. Based on these guidelines, the usability of email
encryption is analyzed and an email encryption solution with increased
usability is presented. The approach is based on an automated key and trust
man-agement. The compliance of the proposed email encryption solution with the
presented guidelines for usable security mechanisms is evaluated
The robustness of animated text CAPTCHAs
PhD ThesisCAPTCHA is standard security technology that uses AI techniques to tells computer and
human apart. The most widely used CAPTCHA are text-based CAPTCHA schemes. The
robustness and usability of these CAPTCHAs relies mainly on the segmentation resistance
mechanism that provides robustness against individual character recognition attacks.
However, many CAPTCHAs have been shown to have critical flaws caused by many
exploitable invariants in their design, leaving only a few CAPTCHA schemes resistant to
attacks, including ReCAPTCHA and the Wikipedia CAPTCHA.
Therefore, new alternative approaches to add motion to the CAPTCHA are used to add
another dimension to the character cracking algorithms by animating the distorted
characters and the background, which are also supported by tracking resistance
mechanisms that prevent the attacks from identifying the main answer through frame-toframe
attacks. These technologies are used in many of the new CAPTCHA schemes
including the Yahoo CAPTCHA, CAPTCHANIM, KillBot CAPTCHAs, non-standard
CAPTCHA and NuCAPTCHA.
Our first question: can the animated techniques included in the new CAPTCHA schemes
provide the required level of robustness against the attacks? Our examination has shown
many of the CAPTCHA schemes that use the animated features can be broken through
tracking attacks including the CAPTCHA schemes that uses complicated tracking
resistance mechanisms.
The second question: can the segmentation resistance mechanism used in the latest standard
text-based CAPTCHA schemes still provide the additional required level of resistance
against attacks that are not present missed in animated schemes? Our test against the latest
version of ReCAPTCHA and the Wikipedia CAPTCHA exposed vulnerability problems
against the novel attacks mechanisms that achieved a high success rate against them.
The third question: how much space is available to design an animated text-based
CAPTCHA scheme that could provide a good balance between security and usability? We
designed a new animated text-based CAPTCHA using guidelines we designed based on the
results of our attacks on standard and animated text-based CAPTCHAs, and we then tested
its security and usability to answer this question.
ii
In this thesis, we put forward different approaches to examining the robustness of animated
text-based CAPTCHA schemes and other standard text-based CAPTCHA schemes against
segmentation and tracking attacks. Our attacks included several methodologies that
required thinking skills in order to distinguish the animated text from the other animated
noises, including the text distorted by highly tracking resistance mechanisms that displayed
them partially as animated segments and which looked similar to noises in other
CAPTCHA schemes. These attacks also include novel attack mechanisms and other
mechanisms that uses a recognition engine supported by attacking methods that exploit the
identified invariants to recognise the connected characters at once. Our attacks also
provided a guideline for animated text-based CAPTCHAs that could provide resistance to
tracking and segmentation attacks which we designed and tested in terms of security and
usability, as mentioned before. Our research also contributes towards providing a toolbox
for breaking CAPTCHAs in addition to a list of robustness and usability issues in the
current CAPTCHA design that can be used to provide a better understanding of how to
design a more resistant CAPTCHA scheme
- …