Privacy-preserving, User-centric VoIP CAPTCHA Challenges: an Integrated Solution in the SIP Environment

Article English OPEN
Tasidou, A. ; Soupionis, Y. ; Efraimidis, P. ; Mitrou, L. ; Katos, Vasilis (2015)

Purpose\ud – This work aims to argue that it is possible to address discrimination issues that naturally arise in contemporary audio CAPTCHA challenges and potentially enhance the effectiveness of audio CAPTCHA systems by adapting the challenges to the user characteristics.\ud \ud Design/methodology/approach\ud – A prototype has been designed, called PrivCAPTCHA, to offer privacy-preserving, user-centric CAPTCHA challenges. Anonymous credential proofs are integrated into the Session Initiation Protocol (SIP) protocol and the approach is evaluated in a real-world Voice over Internet Protocol (VoIP) environment.\ud \ud Findings\ud – The results of this work indicate that it is possible to create VoIP CAPTCHA services offering privacy-preserving, user-centric challenges while maintaining sufficient efficiency.\ud \ud Research limitations/implications\ud – The proposed approach was evaluated through an experimental implementation to demonstrate its feasibility. Additional features, such as appropriate user interfaces and efficiency optimisations, would be useful for a commercial product. Security measures to protect the system from attacks against the SIP protocol would be useful to counteract the effects of the introduced overhead. Future research could investigate the use of this approach on non-audio CAPTCHA services.\ud \ud Practical implications\ud – PrivCAPTCHA is expected to achieve fairer, non-discriminating CAPTCHA services while protecting the user’s privacy. Adoption success relies upon the general need for employment of privacy-preserving practices in electronic interactions.\ud \ud Social implications\ud – This approach is expected to enhance the quality of life of users, who will now receive CAPTCHA challenges closer to their characteristics. This applies especially to users with disabilities. Additionally, as a privacy-preserving service, this approach is expected to increase trust during the use of services that use it.\ud \ud Originality/value\ud – To the best of authors’ knowledge, this is the first comprehensive proposal for privacy-preserving CAPTCHA challenge adaptation. The proposed system aims at providing an improved CAPTCHA service that is more appropriate for and trusted by human users.
  • References (27)
    27 references, page 1 of 3

    Ahn, L. von, Blum, M. and Langford, J. (2004), "Telling humans and computers apart automatically", Communications of the ACM, Volume 47, Number 2, pp. 56-60.

    Basso, A. and Bergadano, F. (2010), "Anti-bot Strategies Based on Human Interactive Proofs", in Stavroulakis, P. and Stamp, M. (Eds.) Handbook of Information and Communication Security, Springer, Berlin / Heidelberg, pp. 273-291.

    Bichsel, P. and Camenisch, J. (2010), "Mixing Identities with Ease", in Leeuw, E., FischerHübner, S. and Fritsch, L. (Eds.) Policies and Research in Identity Management, Springer Berlin Heidelberg, pp. 1-17.

    Bigham, J. P. and Cavender, A. C. (2009), "Evaluating existing audio CAPTCHAs and an interface optimized for non-visual use", in Proceedings of the 27th international conference on Human factors in computing systems, Boston, MA, USA, 2009, pp. 1829-1838.

    Bursztein, E., Bethard, S., Fabry, C., Mitchell, J. C. and Jurafsky, D. (2010), "How good are humans at solving CAPTCHAs? a large scale evaluation", in Proceedings of the 2010 IEEE Symposium on Security and Privacy, Oakland, California, USA, 2010, pp. 399-413.

    Camenisch, J., Dubovitskaya, M., Kohlweiss, M., Lapon, J. and Neven, G. (2011), "Cryptographic Mechanisms for Privacy", in Camenisch, J., Fischer-Hübner, S. and Rannenberg, K. (Eds.) Privacy and Identity Management for Life, Springer, Berlin / Heidelberg, pp 117-134.

    Camenisch, J. and Gross, T. (2008). "Efficient attributes for anonymous credentials", in Proceedings of the 15th ACM conference on Computer and communications security. Alexandria, Virginia, USA: ACM, pp. 345-356.

    Camenisch, J. and Lysyanskaya, A. (2001), "An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation", in Pfitzmann, B. (Ed.) Advances in Cryptology - EUROCRYPT 2001, Springer Berlin Heidelberg, pp. 93-118.

    Camenisch, J. and Pfitzmann, B. (2007), "Federated Identity Management", in Petković, M. and Jonker, W. (Eds.) Security, Privacy, and Trust in Modern Data Management, Springer, Berlin / Heidelberg, pp. 213-238.

    Dantu, R., Fahmy, S., Schulzrinne, H. and Cangussu, J. (2009), "Issues and challenges in securing VoIP", Computers & Security, Vol. 28, No 8, pp. 743-753.

  • Metrics
    No metrics available
Share - Bookmark