European Workshop on Usable Security (co located with the IEEE European Symposium on Security and Privacy)
Datum/Ort: April 29, 2017 in Paris
Titel: Riddle me this! Context Sensitive CAPTCHAs
Autoren:
Tobias Urban, René Riedel, Norbert Pohlmann (Institute for Internet-Security, Westphalian University of Applied Sciences, Gelsenkirchen), Ulrike Schmuntzsch Matthias Rötting (Human-Machine-Systems, Berlin Institute of Technology, Berlin)
Tobias Urban, René Riedel, Norbert Pohlmann (Institute for Internet-Security, Westphalian University of Applied Sciences, Gelsenkirchen), Ulrike Schmuntzsch Matthias Rötting (Human-Machine-Systems, Berlin Institute of Technology, Berlin)
Abstract:
In modern information society online transactions are an important part of our
daily lives. In this work we propose a protocol that allows users to perform
secure online transaction even if the used system is not trustworthy or infected
with mal-ware. We developed a user-centered protocol that uses a CAPTCHA like
approach to prevent attackers from manipulating a transaction without the user
or the corresponding server notic-ing. Therefore, we add context sensitive
information about the transaction to a task that is set to the user. This task
is designed to be hard to solve for computer programs but easy for humans. To
evaluate our approach we conducted a user study and computed the probability by
which an attacker can successfully attack the system. We show that a vast
majority (>94%) of all transaction can be secured while the system itself
remains useable.
In modern information society online transactions are an important part of our
daily lives. In this work we propose a protocol that allows users to perform
secure online transaction even if the used system is not trustworthy or infected
with mal-ware. We developed a user-centered protocol that uses a CAPTCHA like
approach to prevent attackers from manipulating a transaction without the user
or the corresponding server notic-ing. Therefore, we add context sensitive
information about the transaction to a task that is set to the user. This task
is designed to be hard to solve for computer programs but easy for humans. To
evaluate our approach we conducted a user study and computed the probability by
which an attacker can successfully attack the system. We show that a vast
majority (>94%) of all transaction can be secured while the system itself
remains useable.
