Smartphone devices are often assuming the role of edge systems in mobile IoT scenarios and the access to cloud-based services through smartphones, for transmitting multiple sensory data related to human activities, often implying some lawful evidence, has become increasingly common. Thus the need for protecting such transactions from abuses and frauds based on automation techniques is now a critical issue. The most widely adopted method to prevent unauthorized access and abuse of a service by malicious software automation is CAPTCHA. However, trying to strengthen CAPTCHA resilience to automated attacks has led to challenges that, while still being vulnerable, are both difficult and unpleasant for humans. Hence, the strong need for a mechanism that is both secure and usable. In this paper, we present Invisible CAPPCHA, a mechanism that, leveraging trusted sensors embedded in a secure element located on a smartphone is capable of separating humans from computers in a way that is completely transparent to users. Furthermore, as no challenge is required, no additional time is needed and the user cannot fail it by mistake. Compared to the state of the art, our proposal is both secure and more user friendly, lending itself optimally to secure mobile cloud services.

Invisible CAPPCHA: A usable mechanism to distinguish between malware and humans on the mobile IoT

MIGLIARDI, MAURO;Francesco Palmieri
2018-01-01

Abstract

Smartphone devices are often assuming the role of edge systems in mobile IoT scenarios and the access to cloud-based services through smartphones, for transmitting multiple sensory data related to human activities, often implying some lawful evidence, has become increasingly common. Thus the need for protecting such transactions from abuses and frauds based on automation techniques is now a critical issue. The most widely adopted method to prevent unauthorized access and abuse of a service by malicious software automation is CAPTCHA. However, trying to strengthen CAPTCHA resilience to automated attacks has led to challenges that, while still being vulnerable, are both difficult and unpleasant for humans. Hence, the strong need for a mechanism that is both secure and usable. In this paper, we present Invisible CAPPCHA, a mechanism that, leveraging trusted sensors embedded in a secure element located on a smartphone is capable of separating humans from computers in a way that is completely transparent to users. Furthermore, as no challenge is required, no additional time is needed and the user cannot fail it by mistake. Compared to the state of the art, our proposal is both secure and more user friendly, lending itself optimally to secure mobile cloud services.
2018
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11386/4717154
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 27
  • ???jsp.display-item.citation.isi??? 20
social impact