scale and align-obj analysis complete
This commit is contained in:
parent
2b342d2de4
commit
c4952942f1
GPG key ID:
AD9F0F08E855ED88
7 changed files with 42 additions and 12 deletions
6
analysis/_base.tex
Normal file
6
analysis/_base.tex
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
\subsection{% NAME}
|
||||
\subsubsection{Privacy}
|
||||
\subsubsection{Effectiveness}
|
||||
\subsubsection{Accessibility}
|
||||
\subsubsection{Accuracy}
|
||||
\subsubsection{Privacy}
|
||||
|
|
@ -1,17 +1,28 @@
|
|||
\subsection{Align Object}
|
||||
|
||||
\subsubsection{Privacy}
|
||||
Excellent\\
|
||||
The method doesn't on any tracking elements in it's decision process.
|
||||
The method doesn't employ any tracking elements and works when used in anonymous
|
||||
networks like TOR\@.
|
||||
|
||||
\subsubsection{Effectiveness}
|
||||
Good\\
|
||||
Bad\\
|
||||
The method relies on Optical Character Recognition (OCR) capabilities of human
|
||||
users. OCR technology is becoming increasingly sophisticated which would render
|
||||
this method ineffective in the future.
|
||||
|
||||
Without OCR, this method can be bypassed using human-powered CAPTCHA farms with
|
||||
% TODO cite CAPTCHA farm cost analysis paper
|
||||
ease. On an average, farms generate one CAPTCHA solution every 40 seconds
|
||||
ease.
|
||||
\subsubsection{Accessibility}
|
||||
Bad\\
|
||||
Since the method relies on OCR, it is inaccessible to users with visual and
|
||||
cognitive disabilities.
|
||||
\subsubsection{Accuracy}
|
||||
\subsubsection{Privacy}
|
||||
Good\\
|
||||
Success and failure are absolute states in this method. A misaligned object
|
||||
results in failure while a properly aligned object succeeds. But when using
|
||||
employing CAPTCHA farms for circumvention, the method fails absolutely.
|
||||
|
||||
The method uses only the object alignment in its decision process. No other
|
||||
external factors are involved.
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@ The rest of this paper, rates different CAPTCHA mechanisms and systems based on
|
|||
parameters mentioned below and describe how mCaptcha overcomes some of
|
||||
them.
|
||||
|
||||
\input{intro/scale.tex}
|
||||
% ==================================================
|
||||
% Parameters
|
||||
% ==================================================
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
\subsection{CAPTCHA methods analysed}
|
||||
We analysed at the following CAPTCHA methods using the above mentioned
|
||||
We analysed at the following CAPTCHA methods using the above-mentioned
|
||||
parameters. These are popular methods are currently in deployment.
|
||||
%TODO add images
|
||||
|
||||
\subsubsection{Align object}
|
||||
Objects in various degrees of misalignments are displayed to the user and are
|
||||
asked to chose the one that is perfectly aligned.
|
||||
asked to choose the one that is perfectly aligned.
|
||||
% Example GitHub/Kik inverted Hipop
|
||||
|
||||
\subsubsection{Blurred Text}
|
||||
|
|
|
|||
|
|
@ -1,8 +1,9 @@
|
|||
\subsection{CAPTCHA rating parameters}
|
||||
CAPTCHA systems use a variety of methods in their decision process. Every method
|
||||
has it's own strengths and limitations but the following parameters have been
|
||||
has its own strengths and limitations, but the following parameters have been
|
||||
chosen to uniformly rate CAPTCHA methods and systems in an attempt to compare
|
||||
them.
|
||||
|
||||
\begin{description}[\IEEEsetlabelwidth{Effectiveness}]
|
||||
\item[Privacy]
|
||||
\begin{itemize}
|
||||
|
|
@ -12,9 +13,9 @@ them.
|
|||
\item[Effectiveness]
|
||||
\begin{itemize}
|
||||
\item Is the method/system effective in containing DoS attacks?
|
||||
\item Can the method be circumvented? If yes, how practical/feasible
|
||||
the attack?
|
||||
|
||||
\item Can the method be circumvented? If yes, how practical or feasible
|
||||
is the attack? If the method has feasible or practical
|
||||
circumventions, it is immediately marked `bad' for effectiveness.
|
||||
\end{itemize}
|
||||
\item[Accessibility]
|
||||
\begin{itemize}
|
||||
|
|
@ -24,10 +25,14 @@ them.
|
|||
\item Does the method have a language dependency which poses a challenge to
|
||||
non-English speakers?
|
||||
\end{itemize}
|
||||
If a method is impossible to use for any group of users, some of which are
|
||||
mentioned above,
|
||||
\item[Accuracy]
|
||||
\begin{itemize}
|
||||
\item How accurate is the method in detecting potentially malicious
|
||||
users?
|
||||
\item Are there any factors that method's impact accuracy?
|
||||
\end{itemize}
|
||||
Bad accuracy when circumventions are used results downgrades `good' to `bad'
|
||||
rating.
|
||||
\end{description}
|
||||
|
|
|
|||
7
intro/scale.tex
Normal file
7
intro/scale.tex
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
\subsection{Ratings scale}
|
||||
There are three levels of ratings:
|
||||
\begin{description}[\IEEEsetlabelwidth{Excellent}]
|
||||
\item[Excellent] The method is flawless for all practical purposes.
|
||||
\item[Good] The method is flawed but within acceptable norms.
|
||||
\item[Bad] The method is flawed to a point where it shouldn't be used.
|
||||
\end{description}
|
||||
|
|
@ -1,9 +1,9 @@
|
|||
\subsection{CAPTCHA farms}
|
||||
CAPTCHA farms are run using cheap labor available in third-world countries. When
|
||||
an attacker seeks the services of a CAPTCHA farm, they are provided access to an
|
||||
an attacker seeks the services of a CAPTCHA farm, they are provided access to a
|
||||
web API to forward CAPTCHA challenges. A labourer working in the farm solves the
|
||||
CAPTCHA and the API responds with the solution. The whole process takes less
|
||||
then a minute to complete and costs only a fraction of what premium services
|
||||
than a minute to complete and costs only a fraction of what premium services
|
||||
like reCAPTCHA charge.
|
||||
|
||||
Overall, this attack is very feasible and cheap and is frequently used to bypass
|
||||
|
|
|
|||
Loading…
Reference in a new issue