scale and align-obj analysis complete

This commit is contained in:
Aravinth Manivannan 2021-09-20 17:42:54 +05:30
parent 2b342d2de4
commit c4952942f1
Signed by: realaravinth
GPG key ID: AD9F0F08E855ED88
7 changed files with 42 additions and 12 deletions

6
analysis/_base.tex Normal file
View file

@ -0,0 +1,6 @@
\subsection{% NAME}
\subsubsection{Privacy}
\subsubsection{Effectiveness}
\subsubsection{Accessibility}
\subsubsection{Accuracy}
\subsubsection{Privacy}

View file

@ -1,17 +1,28 @@
\subsection{Align Object} \subsection{Align Object}
\subsubsection{Privacy} \subsubsection{Privacy}
Excellent\\ Excellent\\
The method doesn't on any tracking elements in it's decision process. The method doesn't employ any tracking elements and works when used in anonymous
networks like TOR\@.
\subsubsection{Effectiveness} \subsubsection{Effectiveness}
Good\\ Bad\\
The method relies on Optical Character Recognition (OCR) capabilities of human The method relies on Optical Character Recognition (OCR) capabilities of human
users. OCR technology is becoming increasingly sophisticated which would render users. OCR technology is becoming increasingly sophisticated which would render
this method ineffective in the future. this method ineffective in the future.
Without OCR, this method can be bypassed using human-powered CAPTCHA farms with Without OCR, this method can be bypassed using human-powered CAPTCHA farms with
% TODO cite CAPTCHA farm cost analysis paper % TODO cite CAPTCHA farm cost analysis paper
ease. On an average, farms generate one CAPTCHA solution every 40 seconds ease.
\subsubsection{Accessibility} \subsubsection{Accessibility}
Bad\\
Since the method relies on OCR, it is inaccessible to users with visual and
cognitive disabilities.
\subsubsection{Accuracy} \subsubsection{Accuracy}
\subsubsection{Privacy} Good\\
Success and failure are absolute states in this method. A misaligned object
results in failure while a properly aligned object succeeds. But when using
employing CAPTCHA farms for circumvention, the method fails absolutely.
The method uses only the object alignment in its decision process. No other
external factors are involved.

View file

@ -34,6 +34,7 @@ The rest of this paper, rates different CAPTCHA mechanisms and systems based on
parameters mentioned below and describe how mCaptcha overcomes some of parameters mentioned below and describe how mCaptcha overcomes some of
them. them.
\input{intro/scale.tex}
% ================================================== % ==================================================
% Parameters % Parameters
% ================================================== % ==================================================

View file

@ -1,11 +1,11 @@
\subsection{CAPTCHA methods analysed} \subsection{CAPTCHA methods analysed}
We analysed at the following CAPTCHA methods using the above mentioned We analysed at the following CAPTCHA methods using the above-mentioned
parameters. These are popular methods are currently in deployment. parameters. These are popular methods are currently in deployment.
%TODO add images %TODO add images
\subsubsection{Align object} \subsubsection{Align object}
Objects in various degrees of misalignments are displayed to the user and are Objects in various degrees of misalignments are displayed to the user and are
asked to chose the one that is perfectly aligned. asked to choose the one that is perfectly aligned.
% Example GitHub/Kik inverted Hipop % Example GitHub/Kik inverted Hipop
\subsubsection{Blurred Text} \subsubsection{Blurred Text}

View file

@ -1,8 +1,9 @@
\subsection{CAPTCHA rating parameters} \subsection{CAPTCHA rating parameters}
CAPTCHA systems use a variety of methods in their decision process. Every method CAPTCHA systems use a variety of methods in their decision process. Every method
has it's own strengths and limitations but the following parameters have been has its own strengths and limitations, but the following parameters have been
chosen to uniformly rate CAPTCHA methods and systems in an attempt to compare chosen to uniformly rate CAPTCHA methods and systems in an attempt to compare
them. them.
\begin{description}[\IEEEsetlabelwidth{Effectiveness}] \begin{description}[\IEEEsetlabelwidth{Effectiveness}]
\item[Privacy] \item[Privacy]
\begin{itemize} \begin{itemize}
@ -12,9 +13,9 @@ them.
\item[Effectiveness] \item[Effectiveness]
\begin{itemize} \begin{itemize}
\item Is the method/system effective in containing DoS attacks? \item Is the method/system effective in containing DoS attacks?
\item Can the method be circumvented? If yes, how practical/feasible \item Can the method be circumvented? If yes, how practical or feasible
the attack? is the attack? If the method has feasible or practical
circumventions, it is immediately marked `bad' for effectiveness.
\end{itemize} \end{itemize}
\item[Accessibility] \item[Accessibility]
\begin{itemize} \begin{itemize}
@ -24,10 +25,14 @@ them.
\item Does the method have a language dependency which poses a challenge to \item Does the method have a language dependency which poses a challenge to
non-English speakers? non-English speakers?
\end{itemize} \end{itemize}
If a method is impossible to use for any group of users, some of which are
mentioned above,
\item[Accuracy] \item[Accuracy]
\begin{itemize} \begin{itemize}
\item How accurate is the method in detecting potentially malicious \item How accurate is the method in detecting potentially malicious
users? users?
\item Are there any factors that method's impact accuracy? \item Are there any factors that method's impact accuracy?
\end{itemize} \end{itemize}
Bad accuracy when circumventions are used results downgrades `good' to `bad'
rating.
\end{description} \end{description}

7
intro/scale.tex Normal file
View file

@ -0,0 +1,7 @@
\subsection{Ratings scale}
There are three levels of ratings:
\begin{description}[\IEEEsetlabelwidth{Excellent}]
\item[Excellent] The method is flawless for all practical purposes.
\item[Good] The method is flawed but within acceptable norms.
\item[Bad] The method is flawed to a point where it shouldn't be used.
\end{description}

View file

@ -1,9 +1,9 @@
\subsection{CAPTCHA farms} \subsection{CAPTCHA farms}
CAPTCHA farms are run using cheap labor available in third-world countries. When CAPTCHA farms are run using cheap labor available in third-world countries. When
an attacker seeks the services of a CAPTCHA farm, they are provided access to an an attacker seeks the services of a CAPTCHA farm, they are provided access to a
web API to forward CAPTCHA challenges. A labourer working in the farm solves the web API to forward CAPTCHA challenges. A labourer working in the farm solves the
CAPTCHA and the API responds with the solution. The whole process takes less CAPTCHA and the API responds with the solution. The whole process takes less
then a minute to complete and costs only a fraction of what premium services than a minute to complete and costs only a fraction of what premium services
like reCAPTCHA charge. like reCAPTCHA charge.
Overall, this attack is very feasible and cheap and is frequently used to bypass Overall, this attack is very feasible and cheap and is frequently used to bypass