pow, audio and ip
This commit is contained in:
parent
aa42a34764
commit
6b3ba97892
GPG key ID:
AD9F0F08E855ED88
7 changed files with 112 additions and 2 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
|
@ -4,3 +4,4 @@ paper.blg
|
|||
paper.dvi
|
||||
paper.log
|
||||
paper.pdf
|
||||
texput.log
|
||||
|
|
|
|||
31
analysis/audio-based.tex
Normal file
31
analysis/audio-based.tex
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
\subsection{Audio}
|
||||
|
||||
\subsubsection{Privacy}
|
||||
Excellent\\
|
||||
Audio CAPTCHA doesn't employ any tracking elements and works when used in anonymous
|
||||
networks like TOR\@.
|
||||
|
||||
\subsubsection{Effectiveness}
|
||||
Bad\\
|
||||
|
||||
There are browser extensions available to bypass audio CAPTCHAs.
|
||||
|
||||
% TODO cite CAPTCHA farm cost analysis paper
|
||||
ease.
|
||||
\subsubsection{Accessibility}
|
||||
Bad\\
|
||||
|
||||
Audio CAPTCHAs are inaccessible to non-English speaking users and users with
|
||||
auditory disabilities.
|
||||
|
||||
\subsubsection{Accuracy}
|
||||
Bad\\
|
||||
|
||||
Success and failure are absolute states in this method. A solution that doesn't
|
||||
match the audio content results in failure while a match is considered a
|
||||
success. But when above-mentioned circumvention methods are used, there will be
|
||||
results will be completely inaccurate and as the system lacks any adaptational
|
||||
capabilities, the failure will be long-lasting.
|
||||
|
||||
The method uses only challenge solutions in its decision process. No other
|
||||
external factors are involved.
|
||||
|
|
@ -32,5 +32,5 @@ success. But when above-mentioned circumvention methods are used, there will be
|
|||
results will be completely inaccurate and as the system lacks any adaptational
|
||||
capabilities, the failure will be long-lasting.
|
||||
|
||||
The method uses only challenge answers in its decision process. No other
|
||||
The method uses only challenge solutions in its decision process. No other
|
||||
external factors are involved.
|
||||
|
|
|
|||
37
analysis/ip-based.tex
Normal file
37
analysis/ip-based.tex
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
\subsection{IP tracking-based}
|
||||
|
||||
\subsubsection{Privacy}
|
||||
Bad\\
|
||||
IP tracking poses privacy threats to users who prefer to be anonymous. Also,
|
||||
when accessing a service via a VPN like TOR, IP tracking produces false
|
||||
positives.
|
||||
|
||||
\subsubsection{Effectiveness}
|
||||
Bad\\
|
||||
|
||||
Infected computers around the world are used as botnets. So attackers have
|
||||
access to a wide range of burnable IP addresses. In such cases, IP tracking-based
|
||||
solutions result in total failure.
|
||||
|
||||
Also, due to IPv4 exhaustion and the slow adoption of IPv6, several users access
|
||||
the internet through Network Address Translation (NAT) routing. In such cases, a
|
||||
single IP can represent thousands of users. If the system relies on IP
|
||||
based-tracking entirely for its decision making process, then it will have to
|
||||
introduce relaxation rules to accommodate users behind NAT, which reduces it's
|
||||
effectiveness.
|
||||
|
||||
Both of these attacks are practical.
|
||||
|
||||
% TODO cite CAPTCHA farm cost analysis paper
|
||||
ease.
|
||||
\subsubsection{Accessibility}
|
||||
Bad\\
|
||||
|
||||
Without relaxation rules for NAT users, unassuming users will be falsely flagged as
|
||||
malicious and will dramatically affect their accessibility to the service.
|
||||
|
||||
\subsubsection{Accuracy}
|
||||
Bad\\
|
||||
|
||||
This method does not produce accurate results when it encounters users behind
|
||||
NATs or VPNs.
|
||||
|
|
@ -2,3 +2,6 @@
|
|||
\input{analysis/align-obj.tex}
|
||||
\input{analysis/blur-text.tex}
|
||||
\input{analysis/context.tex}
|
||||
\input{analysis/ip-based.tex}
|
||||
\input{analysis/audio-based.tex}
|
||||
\input{analysis/pow.tex}
|
||||
|
|
|
|||
39
analysis/pow.tex
Normal file
39
analysis/pow.tex
Normal file
|
|
@ -0,0 +1,39 @@
|
|||
\subsection{Proof of Work}
|
||||
|
||||
\subsubsection{Privacy}
|
||||
Excellent\\
|
||||
Proof of Work (PoW) doesn't use any tracking elements and are able to work
|
||||
in anonymous networks like TOR\@.
|
||||
|
||||
\subsubsection{Effectiveness}
|
||||
Excellent\\
|
||||
|
||||
Proofs are cryptographically sound and can't be forged. PoW works on the idea
|
||||
that the work done to send a request must be more than the work done to respond
|
||||
to it. Therefore, a successful attack will require the attacker to dedicate
|
||||
significantly more resources than what the service provider uses to run the
|
||||
service.
|
||||
|
||||
% TODO cite CAPTCHA farm cost analysis paper
|
||||
ease.
|
||||
\subsubsection{Accessibility}
|
||||
Good\\
|
||||
|
||||
The process is fully automated so doesn't require any user interactions. So it
|
||||
is ideal for users with auditory, cognitive and visual disabilities. But it
|
||||
poses challenges to users with slower devices. Some PoW implementations
|
||||
time-to-live (TTL) on challenges so when a device is not able to generate proofs
|
||||
within that period, their solution will be rejected and will be bared from
|
||||
accessing the service.
|
||||
|
||||
\subsubsection{Accuracy}
|
||||
Good\\
|
||||
|
||||
Success and failure are absolute states in this method. A proof that doesn't
|
||||
pass verification will be rejected and the user barred from accessing the
|
||||
service. But when above-mentioned circumvention methods are used, there will be
|
||||
results will be completely inaccurate and as the system lacks any adaptational
|
||||
capabilities, the failure will be long-lasting.
|
||||
|
||||
The method uses only challenge proofs in its decision process. No other
|
||||
external factors are involved.
|
||||
|
|
@ -13,6 +13,5 @@
|
|||
\input{pre-req/main.tex}
|
||||
\input{analysis/main.tex}
|
||||
|
||||
|
||||
\input{conclusion.tex}
|
||||
\end{document}
|
||||
|
|
|
|||
Loading…
Reference in a new issue