realaravinth/analysis-of-captcha-systems
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

pow, audio and ip

Browse source
This commit is contained in:
Aravinth Manivannan 2021-09-21 16:21:51 +05:30
parent aa42a34764
commit 6b3ba97892
Signed by: realaravinth
GPG key ID: AD9F0F08E855ED88
7 changed files with 112 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -4,3 +4,4 @@ paper.blg
paper.dvi paper.dvi
paper.log paper.log
paper.pdf paper.pdf
texput.log

31
analysis/audio-based.tex Normal file
View file

@ -0,0 +1,31 @@
\subsection{Audio}
\subsubsection{Privacy}
Excellent\\
Audio CAPTCHA doesn't employ any tracking elements and works when used in anonymous
networks like TOR\@.
\subsubsection{Effectiveness}
Bad\\
There are browser extensions available to bypass audio CAPTCHAs.
% TODO cite CAPTCHA farm cost analysis paper
ease.
\subsubsection{Accessibility}
Bad\\
Audio CAPTCHAs are inaccessible to non-English speaking users and users with
auditory disabilities.
\subsubsection{Accuracy}
Bad\\
Success and failure are absolute states in this method. A solution that doesn't
match the audio content results in failure while a match is considered a
success. But when above-mentioned circumvention methods are used, there will be
results will be completely inaccurate and as the system lacks any adaptational
capabilities, the failure will be long-lasting.
The method uses only challenge solutions in its decision process. No other
external factors are involved.

2
analysis/context.tex
View file

@ -32,5 +32,5 @@ success. But when above-mentioned circumvention methods are used, there will be
results will be completely inaccurate and as the system lacks any adaptational results will be completely inaccurate and as the system lacks any adaptational
capabilities, the failure will be long-lasting. capabilities, the failure will be long-lasting.
The method uses only challenge answers in its decision process. No other The method uses only challenge solutions in its decision process. No other
external factors are involved. external factors are involved.

37
analysis/ip-based.tex Normal file
View file

@ -0,0 +1,37 @@
\subsection{IP tracking-based}
\subsubsection{Privacy}
Bad\\
IP tracking poses privacy threats to users who prefer to be anonymous. Also,
when accessing a service via a VPN like TOR, IP tracking produces false
positives.
\subsubsection{Effectiveness}
Bad\\
Infected computers around the world are used as botnets. So attackers have
access to a wide range of burnable IP addresses. In such cases, IP tracking-based
solutions result in total failure.
Also, due to IPv4 exhaustion and the slow adoption of IPv6, several users access
the internet through Network Address Translation (NAT) routing. In such cases, a
single IP can represent thousands of users. If the system relies on IP
based-tracking entirely for its decision making process, then it will have to
introduce relaxation rules to accommodate users behind NAT, which reduces it's
effectiveness.
Both of these attacks are practical.
% TODO cite CAPTCHA farm cost analysis paper
ease.
\subsubsection{Accessibility}
Bad\\
Without relaxation rules for NAT users, unassuming users will be falsely flagged as
malicious and will dramatically affect their accessibility to the service.
\subsubsection{Accuracy}
Bad\\
This method does not produce accurate results when it encounters users behind
NATs or VPNs.

3
analysis/main.tex
View file

@ -2,3 +2,6 @@
\input{analysis/align-obj.tex} \input{analysis/align-obj.tex}
\input{analysis/blur-text.tex} \input{analysis/blur-text.tex}
\input{analysis/context.tex} \input{analysis/context.tex}
\input{analysis/ip-based.tex}
\input{analysis/audio-based.tex}
\input{analysis/pow.tex}

39
analysis/pow.tex Normal file
View file

@ -0,0 +1,39 @@
\subsection{Proof of Work}
\subsubsection{Privacy}
Excellent\\
Proof of Work (PoW) doesn't use any tracking elements and are able to work
in anonymous networks like TOR\@.
\subsubsection{Effectiveness}
Excellent\\
Proofs are cryptographically sound and can't be forged. PoW works on the idea
that the work done to send a request must be more than the work done to respond
to it. Therefore, a successful attack will require the attacker to dedicate
significantly more resources than what the service provider uses to run the
service.
% TODO cite CAPTCHA farm cost analysis paper
ease.
\subsubsection{Accessibility}
Good\\
The process is fully automated so doesn't require any user interactions. So it
is ideal for users with auditory, cognitive and visual disabilities. But it
poses challenges to users with slower devices. Some PoW implementations
time-to-live (TTL) on challenges so when a device is not able to generate proofs
within that period, their solution will be rejected and will be bared from
accessing the service.
\subsubsection{Accuracy}
Good\\
Success and failure are absolute states in this method. A proof that doesn't
pass verification will be rejected and the user barred from accessing the
service. But when above-mentioned circumvention methods are used, there will be
results will be completely inaccurate and as the system lacks any adaptational
capabilities, the failure will be long-lasting.
The method uses only challenge proofs in its decision process. No other
external factors are involved.

1
paper.tex
View file

@ -13,6 +13,5 @@
\input{pre-req/main.tex} \input{pre-req/main.tex}
\input{analysis/main.tex} \input{analysis/main.tex}
\input{conclusion.tex} \input{conclusion.tex}
\end{document} \end{document}