Invisible CAPPCHA: A usable mechanism to distinguish between malware and humans on the mobile IoT. Issue 78 (September 2018)
- Record Type:
- Journal Article
- Title:
- Invisible CAPPCHA: A usable mechanism to distinguish between malware and humans on the mobile IoT. Issue 78 (September 2018)
- Main Title:
- Invisible CAPPCHA: A usable mechanism to distinguish between malware and humans on the mobile IoT
- Authors:
- Guerar, Meriem
Merlo, Alessio
Migliardi, Mauro
Palmieri, Francesco - Abstract:
- Highlights: Movement-driven invisible CAPTCHA for smartphones. Overcome the limitations of CAPTCHAs without requiring user input. Reliably and transparently identify the presence of a human performing an operation. Leverages micro-movements generated naturally by interactions with touch-screen. Prevent automated programs from abusing cloud services from mobile devices. Abstract: Smartphone devices are often assuming the role of edge systems in mobile IoT scenarios and the access to cloud-based services through smartphones, for transmitting multiple sensory data related to human activities, often implying some lawful evidence, has become increasingly common. Thus the need for protecting such transactions from abuses and frauds based on automation techniques is now a critical issue. The most widely adopted method to prevent unauthorized access and abuse of a service by malicious software automation is CAPTCHA. However, trying to strengthen CAPTCHA resilience to automated attacks has led to challenges that, while still being vulnerable, are both difficult and unpleasant for humans. Hence, the strong need for a mechanism that is both secure and usable. In this paper, we present Invisible CAPPCHA, a mechanism that, leveraging trusted sensors embedded in a secure element located on a smartphone is capable of separating humans from computers in a way that is completely transparent to users. Furthermore, as no challenge is required, no additional time is needed and the user cannotHighlights: Movement-driven invisible CAPTCHA for smartphones. Overcome the limitations of CAPTCHAs without requiring user input. Reliably and transparently identify the presence of a human performing an operation. Leverages micro-movements generated naturally by interactions with touch-screen. Prevent automated programs from abusing cloud services from mobile devices. Abstract: Smartphone devices are often assuming the role of edge systems in mobile IoT scenarios and the access to cloud-based services through smartphones, for transmitting multiple sensory data related to human activities, often implying some lawful evidence, has become increasingly common. Thus the need for protecting such transactions from abuses and frauds based on automation techniques is now a critical issue. The most widely adopted method to prevent unauthorized access and abuse of a service by malicious software automation is CAPTCHA. However, trying to strengthen CAPTCHA resilience to automated attacks has led to challenges that, while still being vulnerable, are both difficult and unpleasant for humans. Hence, the strong need for a mechanism that is both secure and usable. In this paper, we present Invisible CAPPCHA, a mechanism that, leveraging trusted sensors embedded in a secure element located on a smartphone is capable of separating humans from computers in a way that is completely transparent to users. Furthermore, as no challenge is required, no additional time is needed and the user cannot fail it by mistake. Compared to the state of the art, our proposal is both secure and more user friendly, lending itself optimally to secure mobile cloud services. … (more)
- Is Part Of:
- Computers & security. Issue 78(2018)
- Journal:
- Computers & security
- Issue:
- Issue 78(2018)
- Issue Display:
- Volume 78, Issue 78 (2018)
- Year:
- 2018
- Volume:
- 78
- Issue:
- 78
- Issue Sort Value:
- 2018-0078-0078-0000
- Page Start:
- 255
- Page End:
- 266
- Publication Date:
- 2018-09
- Subjects:
- Smartphone -- IoT -- Usable security -- Automatic fraud detection and prevention -- CAPTCHA -- Invisible CAPPCHA
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2018.06.007 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 10941.xml