blur text, context and conclusion
This commit is contained in:
parent
c4952942f1
commit
aa42a34764
6 changed files with 90 additions and 6 deletions
31
analysis/blur-text.tex
Normal file
31
analysis/blur-text.tex
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
\subsection{Noisy Text}
|
||||||
|
|
||||||
|
\subsubsection{Privacy}
|
||||||
|
Excellent\\
|
||||||
|
The method doesn't employ any tracking elements and works when used in anonymous
|
||||||
|
networks like TOR\@.
|
||||||
|
|
||||||
|
\subsubsection{Effectiveness}
|
||||||
|
Bad\\
|
||||||
|
The method relies on Optical Character Recognition (OCR) capabilities of human
|
||||||
|
users. OCR technology is becoming increasingly sophisticated which would render
|
||||||
|
this method ineffective in the future.
|
||||||
|
|
||||||
|
Without OCR, this method can be bypassed using human-powered CAPTCHA farms with
|
||||||
|
% TODO cite CAPTCHA farm cost analysis paper
|
||||||
|
ease.
|
||||||
|
\subsubsection{Accessibility}
|
||||||
|
Bad\\
|
||||||
|
Since the method relies on OCR, it is inaccessible to users with visual
|
||||||
|
disabilities and the added noise poses challenges to users with cognitive
|
||||||
|
disabilities. The noise sometimes makes the challenge unsolvable which results
|
||||||
|
in failures for even users without any disabilities,
|
||||||
|
\subsubsection{Accuracy}
|
||||||
|
Good\\
|
||||||
|
Success and failure are absolute states in this method. A solution that doesn't
|
||||||
|
match the challenge text results in failure while a match is considered a
|
||||||
|
success. But when using employing CAPTCHA farms for circumvention, the method
|
||||||
|
fails absolutely.
|
||||||
|
|
||||||
|
The method uses only text matches in its decision process. No other
|
||||||
|
external factors are involved.
|
36
analysis/context.tex
Normal file
36
analysis/context.tex
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
\subsection{Context-based}
|
||||||
|
|
||||||
|
\subsubsection{Privacy}
|
||||||
|
Excellent\\
|
||||||
|
The method doesn't employ any tracking elements and works when used in anonymous
|
||||||
|
networks like TOR\@.
|
||||||
|
|
||||||
|
\subsubsection{Effectiveness}
|
||||||
|
Bad\\
|
||||||
|
|
||||||
|
Domain context is limited in nature. An attacker could either become familiar
|
||||||
|
with the service and then mount an attack, or they could mount brute force attack
|
||||||
|
to aggregate all possible challenges that the service presents.
|
||||||
|
|
||||||
|
Both of these attacks are practical.
|
||||||
|
|
||||||
|
% TODO cite CAPTCHA farm cost analysis paper
|
||||||
|
ease.
|
||||||
|
\subsubsection{Accessibility}
|
||||||
|
Bad\\
|
||||||
|
|
||||||
|
This method poses challenges to users with cognitive disabilities as it requires
|
||||||
|
them to retain information and recollect in a timely manner. Also, this method
|
||||||
|
makes poses challenges to new visitors to service. The familiarization period to
|
||||||
|
solve CAPTCHAs in a timely fashion might be too high for someone new.
|
||||||
|
|
||||||
|
\subsubsection{Accuracy}
|
||||||
|
Bad\\
|
||||||
|
Success and failure are absolute states in this method. A solution that doesn't
|
||||||
|
match the challenge text results in failure while a match is considered a
|
||||||
|
success. But when above-mentioned circumvention methods are used, there will be
|
||||||
|
results will be completely inaccurate and as the system lacks any adaptational
|
||||||
|
capabilities, the failure will be long-lasting.
|
||||||
|
|
||||||
|
The method uses only challenge answers in its decision process. No other
|
||||||
|
external factors are involved.
|
|
@ -1,2 +1,4 @@
|
||||||
\section{Analysis}
|
\section{Analysis}
|
||||||
\input{analysis/align-obj.tex}
|
\input{analysis/align-obj.tex}
|
||||||
|
\input{analysis/blur-text.tex}
|
||||||
|
\input{analysis/context.tex}
|
||||||
|
|
13
conclusion.tex
Normal file
13
conclusion.tex
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
\section{Conclusion}
|
||||||
|
|
||||||
|
In today's web, CAPTCHA systems are the deciding factor in weather a user should
|
||||||
|
be able to access a service or not. Every false positive makes the web less
|
||||||
|
accessible and even a single challenge posed to persons with disabilities makes
|
||||||
|
the web inaccessible entire to groups of users. Also, the
|
||||||
|
ubiquitous presence of privacy-invasive systems like reCAPTCHA post serious
|
||||||
|
threats to the internet and its users as right to access to information is
|
||||||
|
now determined by single entity using an opaque process.
|
||||||
|
|
||||||
|
So it is imperative that future system designers take these factors into
|
||||||
|
consideration. We believe mCaptcha is an attempt at making the web more
|
||||||
|
accessible while securing it with a decentralised command structure.
|
|
@ -6,14 +6,14 @@ parameters. These are popular methods are currently in deployment.
|
||||||
\subsubsection{Align object}
|
\subsubsection{Align object}
|
||||||
Objects in various degrees of misalignments are displayed to the user and are
|
Objects in various degrees of misalignments are displayed to the user and are
|
||||||
asked to choose the one that is perfectly aligned.
|
asked to choose the one that is perfectly aligned.
|
||||||
% Example GitHub/Kik inverted Hipop
|
% Example GitHub/Kik inverted Hippo
|
||||||
|
|
||||||
\subsubsection{Blurred Text}
|
\subsubsection{Noisy Text}
|
||||||
A sequence of randomly generated letters and digits are
|
A sequence of randomly generated letters and digits are presented to the user
|
||||||
presented to the user with added noise, scattered distribution and
|
with added noise, scattered distribution and rotations. Sometimes, they are also
|
||||||
rotations. Sometimes, they are also presented in 3D form.
|
presented in 3D form.
|
||||||
|
|
||||||
\subsubsection{Context based}
|
\subsubsection{Context-based}
|
||||||
This method is personalised to the platforms they are displayed on. They usually
|
This method is personalised to the platforms they are displayed on. They usually
|
||||||
pose challenges which can only be solved if the user is familiar with the
|
pose challenges which can only be solved if the user is familiar with the
|
||||||
platforms. Some examples are:
|
platforms. Some examples are:
|
||||||
|
|
|
@ -13,4 +13,6 @@
|
||||||
\input{pre-req/main.tex}
|
\input{pre-req/main.tex}
|
||||||
\input{analysis/main.tex}
|
\input{analysis/main.tex}
|
||||||
|
|
||||||
|
|
||||||
|
\input{conclusion.tex}
|
||||||
\end{document}
|
\end{document}
|
||||||
|
|
Loading…
Reference in a new issue