scale and align-obj analysis complete
This commit is contained in:
parent
2b342d2de4
commit
c4952942f1
7 changed files with 42 additions and 12 deletions
6
analysis/_base.tex
Normal file
6
analysis/_base.tex
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
\subsection{% NAME}
|
||||||
|
\subsubsection{Privacy}
|
||||||
|
\subsubsection{Effectiveness}
|
||||||
|
\subsubsection{Accessibility}
|
||||||
|
\subsubsection{Accuracy}
|
||||||
|
\subsubsection{Privacy}
|
|
@ -1,17 +1,28 @@
|
||||||
\subsection{Align Object}
|
\subsection{Align Object}
|
||||||
|
|
||||||
\subsubsection{Privacy}
|
\subsubsection{Privacy}
|
||||||
Excellent\\
|
Excellent\\
|
||||||
The method doesn't on any tracking elements in it's decision process.
|
The method doesn't employ any tracking elements and works when used in anonymous
|
||||||
|
networks like TOR\@.
|
||||||
|
|
||||||
\subsubsection{Effectiveness}
|
\subsubsection{Effectiveness}
|
||||||
Good\\
|
Bad\\
|
||||||
The method relies on Optical Character Recognition (OCR) capabilities of human
|
The method relies on Optical Character Recognition (OCR) capabilities of human
|
||||||
users. OCR technology is becoming increasingly sophisticated which would render
|
users. OCR technology is becoming increasingly sophisticated which would render
|
||||||
this method ineffective in the future.
|
this method ineffective in the future.
|
||||||
|
|
||||||
Without OCR, this method can be bypassed using human-powered CAPTCHA farms with
|
Without OCR, this method can be bypassed using human-powered CAPTCHA farms with
|
||||||
% TODO cite CAPTCHA farm cost analysis paper
|
% TODO cite CAPTCHA farm cost analysis paper
|
||||||
ease. On an average, farms generate one CAPTCHA solution every 40 seconds
|
ease.
|
||||||
\subsubsection{Accessibility}
|
\subsubsection{Accessibility}
|
||||||
|
Bad\\
|
||||||
|
Since the method relies on OCR, it is inaccessible to users with visual and
|
||||||
|
cognitive disabilities.
|
||||||
\subsubsection{Accuracy}
|
\subsubsection{Accuracy}
|
||||||
\subsubsection{Privacy}
|
Good\\
|
||||||
|
Success and failure are absolute states in this method. A misaligned object
|
||||||
|
results in failure while a properly aligned object succeeds. But when using
|
||||||
|
employing CAPTCHA farms for circumvention, the method fails absolutely.
|
||||||
|
|
||||||
|
The method uses only the object alignment in its decision process. No other
|
||||||
|
external factors are involved.
|
||||||
|
|
|
@ -34,6 +34,7 @@ The rest of this paper, rates different CAPTCHA mechanisms and systems based on
|
||||||
parameters mentioned below and describe how mCaptcha overcomes some of
|
parameters mentioned below and describe how mCaptcha overcomes some of
|
||||||
them.
|
them.
|
||||||
|
|
||||||
|
\input{intro/scale.tex}
|
||||||
% ==================================================
|
% ==================================================
|
||||||
% Parameters
|
% Parameters
|
||||||
% ==================================================
|
% ==================================================
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
\subsection{CAPTCHA methods analysed}
|
\subsection{CAPTCHA methods analysed}
|
||||||
We analysed at the following CAPTCHA methods using the above mentioned
|
We analysed at the following CAPTCHA methods using the above-mentioned
|
||||||
parameters. These are popular methods are currently in deployment.
|
parameters. These are popular methods are currently in deployment.
|
||||||
%TODO add images
|
%TODO add images
|
||||||
|
|
||||||
\subsubsection{Align object}
|
\subsubsection{Align object}
|
||||||
Objects in various degrees of misalignments are displayed to the user and are
|
Objects in various degrees of misalignments are displayed to the user and are
|
||||||
asked to chose the one that is perfectly aligned.
|
asked to choose the one that is perfectly aligned.
|
||||||
% Example GitHub/Kik inverted Hipop
|
% Example GitHub/Kik inverted Hipop
|
||||||
|
|
||||||
\subsubsection{Blurred Text}
|
\subsubsection{Blurred Text}
|
||||||
|
|
|
@ -1,8 +1,9 @@
|
||||||
\subsection{CAPTCHA rating parameters}
|
\subsection{CAPTCHA rating parameters}
|
||||||
CAPTCHA systems use a variety of methods in their decision process. Every method
|
CAPTCHA systems use a variety of methods in their decision process. Every method
|
||||||
has it's own strengths and limitations but the following parameters have been
|
has its own strengths and limitations, but the following parameters have been
|
||||||
chosen to uniformly rate CAPTCHA methods and systems in an attempt to compare
|
chosen to uniformly rate CAPTCHA methods and systems in an attempt to compare
|
||||||
them.
|
them.
|
||||||
|
|
||||||
\begin{description}[\IEEEsetlabelwidth{Effectiveness}]
|
\begin{description}[\IEEEsetlabelwidth{Effectiveness}]
|
||||||
\item[Privacy]
|
\item[Privacy]
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
|
@ -12,9 +13,9 @@ them.
|
||||||
\item[Effectiveness]
|
\item[Effectiveness]
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item Is the method/system effective in containing DoS attacks?
|
\item Is the method/system effective in containing DoS attacks?
|
||||||
\item Can the method be circumvented? If yes, how practical/feasible
|
\item Can the method be circumvented? If yes, how practical or feasible
|
||||||
the attack?
|
is the attack? If the method has feasible or practical
|
||||||
|
circumventions, it is immediately marked `bad' for effectiveness.
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\item[Accessibility]
|
\item[Accessibility]
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
|
@ -24,10 +25,14 @@ them.
|
||||||
\item Does the method have a language dependency which poses a challenge to
|
\item Does the method have a language dependency which poses a challenge to
|
||||||
non-English speakers?
|
non-English speakers?
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
|
If a method is impossible to use for any group of users, some of which are
|
||||||
|
mentioned above,
|
||||||
\item[Accuracy]
|
\item[Accuracy]
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item How accurate is the method in detecting potentially malicious
|
\item How accurate is the method in detecting potentially malicious
|
||||||
users?
|
users?
|
||||||
\item Are there any factors that method's impact accuracy?
|
\item Are there any factors that method's impact accuracy?
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
|
Bad accuracy when circumventions are used results downgrades `good' to `bad'
|
||||||
|
rating.
|
||||||
\end{description}
|
\end{description}
|
||||||
|
|
7
intro/scale.tex
Normal file
7
intro/scale.tex
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
\subsection{Ratings scale}
|
||||||
|
There are three levels of ratings:
|
||||||
|
\begin{description}[\IEEEsetlabelwidth{Excellent}]
|
||||||
|
\item[Excellent] The method is flawless for all practical purposes.
|
||||||
|
\item[Good] The method is flawed but within acceptable norms.
|
||||||
|
\item[Bad] The method is flawed to a point where it shouldn't be used.
|
||||||
|
\end{description}
|
|
@ -1,9 +1,9 @@
|
||||||
\subsection{CAPTCHA farms}
|
\subsection{CAPTCHA farms}
|
||||||
CAPTCHA farms are run using cheap labor available in third-world countries. When
|
CAPTCHA farms are run using cheap labor available in third-world countries. When
|
||||||
an attacker seeks the services of a CAPTCHA farm, they are provided access to an
|
an attacker seeks the services of a CAPTCHA farm, they are provided access to a
|
||||||
web API to forward CAPTCHA challenges. A labourer working in the farm solves the
|
web API to forward CAPTCHA challenges. A labourer working in the farm solves the
|
||||||
CAPTCHA and the API responds with the solution. The whole process takes less
|
CAPTCHA and the API responds with the solution. The whole process takes less
|
||||||
then a minute to complete and costs only a fraction of what premium services
|
than a minute to complete and costs only a fraction of what premium services
|
||||||
like reCAPTCHA charge.
|
like reCAPTCHA charge.
|
||||||
|
|
||||||
Overall, this attack is very feasible and cheap and is frequently used to bypass
|
Overall, this attack is very feasible and cheap and is frequently used to bypass
|
||||||
|
|
Loading…
Reference in a new issue