From c4952942f1c9f6a19fee6cf53844af86e03fa477 Mon Sep 17 00:00:00 2001 From: realaravinth Date: Mon, 20 Sep 2021 17:42:54 +0530 Subject: [PATCH] scale and align-obj analysis complete --- analysis/_base.tex | 6 ++++++ analysis/align-obj.tex | 19 +++++++++++++++---- intro/intro.tex | 1 + intro/methods.tex | 4 ++-- intro/params.tex | 13 +++++++++---- intro/scale.tex | 7 +++++++ pre-req/captcha-farms.tex | 4 ++-- 7 files changed, 42 insertions(+), 12 deletions(-) create mode 100644 analysis/_base.tex create mode 100644 intro/scale.tex diff --git a/analysis/_base.tex b/analysis/_base.tex new file mode 100644 index 0000000..7301a3c --- /dev/null +++ b/analysis/_base.tex @@ -0,0 +1,6 @@ +\subsection{% NAME} +\subsubsection{Privacy} +\subsubsection{Effectiveness} +\subsubsection{Accessibility} +\subsubsection{Accuracy} +\subsubsection{Privacy} diff --git a/analysis/align-obj.tex b/analysis/align-obj.tex index 2d4206b..aaf7d6a 100644 --- a/analysis/align-obj.tex +++ b/analysis/align-obj.tex @@ -1,17 +1,28 @@ \subsection{Align Object} + \subsubsection{Privacy} Excellent\\ -The method doesn't on any tracking elements in it's decision process. +The method doesn't employ any tracking elements and works when used in anonymous +networks like TOR\@. \subsubsection{Effectiveness} -Good\\ +Bad\\ The method relies on Optical Character Recognition (OCR) capabilities of human users. OCR technology is becoming increasingly sophisticated which would render this method ineffective in the future. Without OCR, this method can be bypassed using human-powered CAPTCHA farms with % TODO cite CAPTCHA farm cost analysis paper -ease. On an average, farms generate one CAPTCHA solution every 40 seconds +ease. \subsubsection{Accessibility} +Bad\\ +Since the method relies on OCR, it is inaccessible to users with visual and +cognitive disabilities. \subsubsection{Accuracy} -\subsubsection{Privacy} +Good\\ +Success and failure are absolute states in this method. A misaligned object +results in failure while a properly aligned object succeeds. But when using +employing CAPTCHA farms for circumvention, the method fails absolutely. + +The method uses only the object alignment in its decision process. No other +external factors are involved. diff --git a/intro/intro.tex b/intro/intro.tex index 65a7bf6..6f78edf 100644 --- a/intro/intro.tex +++ b/intro/intro.tex @@ -34,6 +34,7 @@ The rest of this paper, rates different CAPTCHA mechanisms and systems based on parameters mentioned below and describe how mCaptcha overcomes some of them. +\input{intro/scale.tex} % ================================================== % Parameters % ================================================== diff --git a/intro/methods.tex b/intro/methods.tex index 1597322..598001b 100644 --- a/intro/methods.tex +++ b/intro/methods.tex @@ -1,11 +1,11 @@ \subsection{CAPTCHA methods analysed} -We analysed at the following CAPTCHA methods using the above mentioned +We analysed at the following CAPTCHA methods using the above-mentioned parameters. These are popular methods are currently in deployment. %TODO add images \subsubsection{Align object} Objects in various degrees of misalignments are displayed to the user and are -asked to chose the one that is perfectly aligned. +asked to choose the one that is perfectly aligned. % Example GitHub/Kik inverted Hipop \subsubsection{Blurred Text} diff --git a/intro/params.tex b/intro/params.tex index e08349b..972b76a 100644 --- a/intro/params.tex +++ b/intro/params.tex @@ -1,8 +1,9 @@ \subsection{CAPTCHA rating parameters} CAPTCHA systems use a variety of methods in their decision process. Every method -has it's own strengths and limitations but the following parameters have been +has its own strengths and limitations, but the following parameters have been chosen to uniformly rate CAPTCHA methods and systems in an attempt to compare them. + \begin{description}[\IEEEsetlabelwidth{Effectiveness}] \item[Privacy] \begin{itemize} @@ -12,9 +13,9 @@ them. \item[Effectiveness] \begin{itemize} \item Is the method/system effective in containing DoS attacks? - \item Can the method be circumvented? If yes, how practical/feasible - the attack? - + \item Can the method be circumvented? If yes, how practical or feasible + is the attack? If the method has feasible or practical + circumventions, it is immediately marked `bad' for effectiveness. \end{itemize} \item[Accessibility] \begin{itemize} @@ -24,10 +25,14 @@ them. \item Does the method have a language dependency which poses a challenge to non-English speakers? \end{itemize} + If a method is impossible to use for any group of users, some of which are + mentioned above, \item[Accuracy] \begin{itemize} \item How accurate is the method in detecting potentially malicious users? \item Are there any factors that method's impact accuracy? \end{itemize} + Bad accuracy when circumventions are used results downgrades `good' to `bad' + rating. \end{description} diff --git a/intro/scale.tex b/intro/scale.tex new file mode 100644 index 0000000..07c8ce9 --- /dev/null +++ b/intro/scale.tex @@ -0,0 +1,7 @@ +\subsection{Ratings scale} +There are three levels of ratings: +\begin{description}[\IEEEsetlabelwidth{Excellent}] + \item[Excellent] The method is flawless for all practical purposes. + \item[Good] The method is flawed but within acceptable norms. + \item[Bad] The method is flawed to a point where it shouldn't be used. +\end{description} diff --git a/pre-req/captcha-farms.tex b/pre-req/captcha-farms.tex index 21c0334..2eb4427 100644 --- a/pre-req/captcha-farms.tex +++ b/pre-req/captcha-farms.tex @@ -1,9 +1,9 @@ \subsection{CAPTCHA farms} CAPTCHA farms are run using cheap labor available in third-world countries. When -an attacker seeks the services of a CAPTCHA farm, they are provided access to an +an attacker seeks the services of a CAPTCHA farm, they are provided access to a web API to forward CAPTCHA challenges. A labourer working in the farm solves the CAPTCHA and the API responds with the solution. The whole process takes less -then a minute to complete and costs only a fraction of what premium services +than a minute to complete and costs only a fraction of what premium services like reCAPTCHA charge. Overall, this attack is very feasible and cheap and is frequently used to bypass