Advertisement

Sensor Captchas: On the Usability of Instrumenting Hardware Sensors to Prove Liveliness

  • Thomas HupperichEmail author
  • Katharina Krombholz
  • Thorsten Holz
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9824)

Abstract

A CAPTCHA is a challenge-response test often used on the Web to determine whether a Web site’s visitor is a human or an automated program (so called bot). Existing and widely used CAPTCHA schemes are based on visual puzzles that are hard to solve on mobile devices with a limited screen. We propose to leverage movement data from hardware sensors to build a CAPTCHA scheme suitable for mobile devices. Our approach is based on human motion information and the scheme requires users to perform gestures from everyday life (e. g., hammering where the smartphone should be imagined as a hammer and the user has to hit a nail five times). We implemented a prototype of the proposed method and report findings from a comparative usability study with 50 participants. The results suggest that our scheme outperforms other competing schemes on usability metrics such as solving time, accuracy, and error rate. Furthermore, the results of the user study indicate that gestures are a suitable input method to solve CAPTCHAs on (mobile) devices with smaller screens and hardware sensors.

Keywords

CAPTCHAs Motion-based liveliness test Device sensors 

References

  1. 1.
    Inside ReCaptcha. https://github.com/neuroradiology/InsideReCaptcha.Accessed 01 Mar 2016
  2. 2.
    Buitinck, L., Louppe, G., Blondel, M., Pedregosa, F., Mueller, A., Grisel, O., Niculae, V., Prettenhofer, P., Gramfort, A., Grobler, J., Layton, R., VanderPlas, J., Joly, A., Holt, B., Varoquaux, G.: API design for machine learning software. In: ECML PKDD Workshop, pp. 108–122 (2013)Google Scholar
  3. 3.
    Bursztein, E., Aigrain, J., Moscicki, A., Mitchell, J.C.: The end is nigh: generic solving of text-based captchas. In: 8th USENIX Workshop on Offensive Technologies (WOOT 14) (2014)Google Scholar
  4. 4.
    Bursztein, E., Martin, M., Mitchell, J.: Text-based captcha strengths and weaknesses. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 125–138. ACM (2011)Google Scholar
  5. 5.
    Bursztein, E., Moscicki, A., Fabry, C., Bethard, S., Mitchell, J.C., Jurafsky, D.: Easy does it: more usable captchas. In: Proceedings of the 32nd Annual ACM Conference on Human Factors in Computing Systems, pp. 2637–2646. ACM (2014)Google Scholar
  6. 6.
    Fidas, C.A., Voyiatzis, A.G., Avouris, N.M.: On the necessity of user-friendly captcha. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2623–2626. ACM (2011)Google Scholar
  7. 7.
    Gao, S., Mohamed, M., Saxena, N., Zhang, C.: Emerging image game CAPTCHAs for resisting automated and human-solver relay attacks. In: 31st Annual Computer Security Applications Conference, ACSAC. ACM (2015)Google Scholar
  8. 8.
    Google Inc.: Introducing noCAPTCHA. http://goo.gl/x7N7qt. Accessed 01 Mar 2016
  9. 9.
    Google Inc.: reCAPTCHA – Easy on Humans Hard on Bots. https://www.google.com/recaptcha/intro/index.html. Accessed 01 Mar 2016
  10. 10.
    He, H.: HAR on Smartphones Using Various Classifiers (2013)Google Scholar
  11. 11.
    Hupperich, T., Maiorca, D., Kührer, M., Holz, T., Giacinto, G.: On the robustness of mobile device fingerprinting. In: Proceedings of the 31st Annual Computer Security Applications Conference, ACSAC. ACM (2015)Google Scholar
  12. 12.
    Jiang, N., Dogan, H.: A gesture-based captcha design supporting mobile devices. In: Proceedings of the 2015 British HCI Conference, pp. 202–207. ACM (2015)Google Scholar
  13. 13.
    Kluever, K.A., Zanibbi, R.: Balancing usability and security in a video captcha. In: 5th Symposium on Usable Privacy and Security, SOUPS. ACM (2009)Google Scholar
  14. 14.
    Reynaga, G., Chiasson, S.: The usability of captchas on smartphones. In: Security and Cryptography (SECRYPT) 2013 (2013)Google Scholar
  15. 15.
    Reynaga, G., Chiasson, S., van Oorschot, P.C.: Exploring the usability of captchas on smartphones: comparisons and recommendations. In: NDSS Workshop on Usable Security USEC 2015. NDSS (2015)Google Scholar
  16. 16.
    Sinofsky, S.: Supporting sensors in windows 8. http://blogs.msdn.com/b/b8/archive/2012/01/24/supporting-sensors-in-windows-8.aspx. Accessed 24 Apr 2016
  17. 17.
    Von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: Captcha: using hard AI problems for security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 294–311. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. 18.
    Xu, Y., Reynaga, G., Chiasson, S., Frahm, J.M., Monrose, F., van Oorschot, P.: Security analysis and related usability of motion-based CAPTCHAs: decoding codewords in motion. IEEE TDSC 11(5), 480–493 (2014)Google Scholar
  19. 19.
    Xu, Y., Reynaga, G., Chiasson, S., Frahm, J.M., Monrose, F., Van Oorschot, P.: Security and usability challenges of moving-object captchas: decoding codewords in motion. In: 21st USENIX Security Symposium, pp. 49–64 (2012)Google Scholar
  20. 20.
    Yan, J., Ahmad, E., Salah, A.: Usability of CAPTCHAs or usability issues in CAPTCHA design. In: Proceedings of the 4th Symposium on Usable Privacy and Security, pp. 44–52. ACM (2008)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Thomas Hupperich
    • 1
    Email author
  • Katharina Krombholz
    • 2
  • Thorsten Holz
    • 1
  1. 1.Horst Görtz Institute for IT-Security (HGI)Ruhr-UniversityBochumGermany
  2. 2.SBA ResearchViennaAustria

Personalised recommendations