From 6b3ba97892aafd195be202d00c280e8d648b9917 Mon Sep 17 00:00:00 2001 From: realaravinth Date: Tue, 21 Sep 2021 16:21:51 +0530 Subject: [PATCH] pow, audio and ip --- .gitignore | 1 + analysis/audio-based.tex | 31 +++++++++++++++++++++++++++++++ analysis/context.tex | 2 +- analysis/ip-based.tex | 37 +++++++++++++++++++++++++++++++++++++ analysis/main.tex | 3 +++ analysis/pow.tex | 39 +++++++++++++++++++++++++++++++++++++++ paper.tex | 1 - 7 files changed, 112 insertions(+), 2 deletions(-) create mode 100644 analysis/audio-based.tex create mode 100644 analysis/ip-based.tex create mode 100644 analysis/pow.tex diff --git a/.gitignore b/.gitignore index 6a080af..9bd0ef5 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ paper.blg paper.dvi paper.log paper.pdf +texput.log diff --git a/analysis/audio-based.tex b/analysis/audio-based.tex new file mode 100644 index 0000000..d7d01bb --- /dev/null +++ b/analysis/audio-based.tex @@ -0,0 +1,31 @@ +\subsection{Audio} + +\subsubsection{Privacy} +Excellent\\ +Audio CAPTCHA doesn't employ any tracking elements and works when used in anonymous +networks like TOR\@. + +\subsubsection{Effectiveness} +Bad\\ + +There are browser extensions available to bypass audio CAPTCHAs. + +% TODO cite CAPTCHA farm cost analysis paper +ease. +\subsubsection{Accessibility} +Bad\\ + +Audio CAPTCHAs are inaccessible to non-English speaking users and users with +auditory disabilities. + +\subsubsection{Accuracy} +Bad\\ + +Success and failure are absolute states in this method. A solution that doesn't +match the audio content results in failure while a match is considered a +success. But when above-mentioned circumvention methods are used, there will be +results will be completely inaccurate and as the system lacks any adaptational +capabilities, the failure will be long-lasting. + +The method uses only challenge solutions in its decision process. No other +external factors are involved. diff --git a/analysis/context.tex b/analysis/context.tex index b8af88e..452ee3a 100644 --- a/analysis/context.tex +++ b/analysis/context.tex @@ -32,5 +32,5 @@ success. But when above-mentioned circumvention methods are used, there will be results will be completely inaccurate and as the system lacks any adaptational capabilities, the failure will be long-lasting. -The method uses only challenge answers in its decision process. No other +The method uses only challenge solutions in its decision process. No other external factors are involved. diff --git a/analysis/ip-based.tex b/analysis/ip-based.tex new file mode 100644 index 0000000..2ed6257 --- /dev/null +++ b/analysis/ip-based.tex @@ -0,0 +1,37 @@ +\subsection{IP tracking-based} + +\subsubsection{Privacy} +Bad\\ +IP tracking poses privacy threats to users who prefer to be anonymous. Also, +when accessing a service via a VPN like TOR, IP tracking produces false +positives. + +\subsubsection{Effectiveness} +Bad\\ + +Infected computers around the world are used as botnets. So attackers have +access to a wide range of burnable IP addresses. In such cases, IP tracking-based +solutions result in total failure. + +Also, due to IPv4 exhaustion and the slow adoption of IPv6, several users access +the internet through Network Address Translation (NAT) routing. In such cases, a +single IP can represent thousands of users. If the system relies on IP +based-tracking entirely for its decision making process, then it will have to +introduce relaxation rules to accommodate users behind NAT, which reduces it's +effectiveness. + +Both of these attacks are practical. + +% TODO cite CAPTCHA farm cost analysis paper +ease. +\subsubsection{Accessibility} +Bad\\ + +Without relaxation rules for NAT users, unassuming users will be falsely flagged as +malicious and will dramatically affect their accessibility to the service. + +\subsubsection{Accuracy} +Bad\\ + +This method does not produce accurate results when it encounters users behind +NATs or VPNs. diff --git a/analysis/main.tex b/analysis/main.tex index b755628..11a1737 100644 --- a/analysis/main.tex +++ b/analysis/main.tex @@ -2,3 +2,6 @@ \input{analysis/align-obj.tex} \input{analysis/blur-text.tex} \input{analysis/context.tex} +\input{analysis/ip-based.tex} +\input{analysis/audio-based.tex} +\input{analysis/pow.tex} diff --git a/analysis/pow.tex b/analysis/pow.tex new file mode 100644 index 0000000..d91eeff --- /dev/null +++ b/analysis/pow.tex @@ -0,0 +1,39 @@ +\subsection{Proof of Work} + +\subsubsection{Privacy} +Excellent\\ +Proof of Work (PoW) doesn't use any tracking elements and are able to work +in anonymous networks like TOR\@. + +\subsubsection{Effectiveness} +Excellent\\ + +Proofs are cryptographically sound and can't be forged. PoW works on the idea +that the work done to send a request must be more than the work done to respond +to it. Therefore, a successful attack will require the attacker to dedicate +significantly more resources than what the service provider uses to run the +service. + +% TODO cite CAPTCHA farm cost analysis paper +ease. +\subsubsection{Accessibility} +Good\\ + +The process is fully automated so doesn't require any user interactions. So it +is ideal for users with auditory, cognitive and visual disabilities. But it +poses challenges to users with slower devices. Some PoW implementations +time-to-live (TTL) on challenges so when a device is not able to generate proofs +within that period, their solution will be rejected and will be bared from +accessing the service. + +\subsubsection{Accuracy} +Good\\ + +Success and failure are absolute states in this method. A proof that doesn't +pass verification will be rejected and the user barred from accessing the +service. But when above-mentioned circumvention methods are used, there will be +results will be completely inaccurate and as the system lacks any adaptational +capabilities, the failure will be long-lasting. + +The method uses only challenge proofs in its decision process. No other +external factors are involved. diff --git a/paper.tex b/paper.tex index 3e526f2..b4776f8 100644 --- a/paper.tex +++ b/paper.tex @@ -13,6 +13,5 @@ \input{pre-req/main.tex} \input{analysis/main.tex} - \input{conclusion.tex} \end{document}