research-article

For human eyes only: security and usability evaluation

Authors:
Andreas Pashalidis

KU Leuven, Heverlee, Belgium

KU Leuven, Heverlee, Belgium
View Profile

,
Nikos Mavrogiannopoulos

KU Leuven, Heverlee, Belgium

KU Leuven, Heverlee, Belgium
View Profile

,
Xavier Ferrer

Universitat Autònoma de Barcelona, Bellatera, Spain

Universitat Autònoma de Barcelona, Bellatera, Spain
View Profile

,
Beñat Bermejo Olaizola

Universidad del Pais Vasco, San Sebastián, Spain

Universidad del Pais Vasco, San Sebastián, Spain
View Profile

WPES '12: Proceedings of the 2012 ACM workshop on Privacy in the electronic societyOctober 2012Pages 129–140https://doi.org/10.1145/2381966.2381984

Published:15 October 2012Publication History

WPES '12: Proceedings of the 2012 ACM workshop on Privacy in the electronic society

Pages 129–140

ABSTRACT

This paper presents 'For Human Eyes Only' (FHEO), our Firefox extension that enables one to conveniently post online messages, such as short emails, comments, and tweets in a form that discourages automatic processing of these messages. Similar to CAPTCHA systems, FHEO distorts the text to various extents. We provide a security analysis of its four default distortion profiles as well as a usability analysis that shows how these profiles affect response time and accurate understanding. Our results illustrate the security/usability tradeoffs that arise in the face of adversaries that use current, off-the-shelf optical character recognition technology in order to launch a variety of attacks. Two profiles, in particular, achieve a level of protection that seems to justify their respective usability degradation in many situations. The 'strongest' distortion profile, however, does not seem to provide a large additional security margin against the adversaries we considered.

References

The Digital Millennium Copyright Act. Pub. L. no 105-304, 112 Stat 2860, Oct. 1998.Google Scholar
A. S. E. Ahmad, J. Yan, and M. Tayara. The robustness of google CAPTCHAs. Technical report, School of Computer Science, Newcastle University, UK, May 2011.Google Scholar
F. Beato, M. Kohlweiss, and K. Wouters. Scramble! your social network data. In S. Fischer-Huebner and N. J. Hopper, editors, Privacy Enhancing Technologies - 2011st International Symposium, PETS 2011, volume 6794 of Lecture Notes in Computer Science, page 15, Waterloo,ON,CA, 2011. Springer-Verlag. Google ScholarDigital Library
T. Besenyei, Ádám Máté Földes, G. G. Gulyás, and S. Imre. StegoWeb: Towards the ideal private web content publishing tool. In Proceedings of the fifth international conference on emerging security information, systems and technologies (SECURWARE 2011), pages 109--114. IARIA, 2011.Google Scholar
C. M. Bishop. Pattern Recognition and Machine Learning (Information Science and Statistics). Springer-Verlag New York, Inc., Secaucus, NJ, USA, 2006. Google ScholarDigital Library
E. Bursztein, M. Martin, and J. C. Mitchell. Text-based CAPTCHA strengths and weaknesses. In Y. Chen, G. Danezis, and V. Shmatikov, editors, Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, Chicago, Illinois, USA, October 17-21, 2011, pages 125--138. ACM, 2011. Google ScholarDigital Library
K. Chellapilla, K. Larson, P. Y. Simard, and M. Czerwinski. Computers beat humans at single character recognition in reading based human interaction proofs (HIPs). In CEAS 2005 - Second Conference on Email and Anti-Spam, July 21-22, 2005, Stanford University, California, USA, 2005.Google Scholar
T. Fawcett. An introduction to ROC analysis. Pattern Recognition Letters, 27(8):861--874, 2006. Google ScholarDigital Library
P. Golle. Machine learning attacks against the Asirra CAPTCHA. In L. F. Cranor, editor, Proceedings of the 5th Symposium on Usable Privacy and Security, SOUPS 2009, Mountain View, California, USA, July 15-17, 2009, ACM International Conference Proceeding Series. ACM, 2009. Google ScholarDigital Library
S. Guha, K. Tang, and P. Francis. Noyb: privacy in online social networks. In Proceedings of the first workshop on Online social networks, WOSN '08, pages 49--54, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
M. Hollander and D. A. Wolfe. Nonparametric Statistical Methods, 2nd Edition. Wiley, Jan. 1999.Google Scholar
P. Holtz and W. Wagner. Muslimische Lebenswelten im Kontext: muslimische Internetforen und Fokusgruppen mit jungen Muslimen (Chapter 4). http://www.bmi.bund.de/SharedDocs/Downloads/DE/Broschueren/2012/junge_muslime.pdf, last accessed on March 1st, 2012, Bundesministerium des Innern, Alt-Moabit 101 D, 10559 Berlin.Google Scholar
C. W. J. Jennings. Speed-accuracy tradeoff functions in choice reaction time: Experimental designs and computational procedures. Attention, Perception, & Psychophysics, 19:92--102, 1976.Google Scholar
M. Kay and M. A. Terry. Textured agreements: re-envisioning electronic consent. In L. F. Cranor, editor, Proceedings of the 5th Symposium on Usable Privacy and Security, SOUPS 2009, Mountain View, California, USA, July 15-17, 2009, ACM International Conference Proceeding Series. ACM, 2009. Google ScholarDigital Library
R. J. Larsen and M. L. Marx. An introduction to mathematical statistics and its applications. Pearson, 2012.Google Scholar
V. I. Levenshtein. Binary Codes Capable of Correcting Deletions, Insertions and Reversals. Soviet Physics Doklady, 10(8):707--710, 1966.Google Scholar
S. Li, S. A. H. Shah, M. A. U. Khan, S. A. Khayam, and A.-R. Sadeghi. Breaking e-Banking CAPTCHAs. In C. Gates, M. Franz, and J. P. McDermott, editors, Twenty-Sixth Annual Computer Security Applications Conference, ACSAC 2010, Austin, Texas, USA, 6-10 December 2010, pages 171--180. ACM, 2010. Google ScholarDigital Library
Y. Li and B. Liu. A normalized Levenshtein distance metric. IEEE Trans. Pattern Anal. Mach. Intell., 29(6):1091--1095, 2007. Google ScholarDigital Library
A. M. McDonald and L. F. Cranor. Americans' attitudes about internet behavioral advertising practices. In E. Al-Shaer and K. B. Frikken, editors, Proceedings of the 2010 ACM Workshop on Privacy in the Electronic Society, WPES 2010, Chicago, Illinois, USA, October 4, 2010, pages 63--72, 2010. Google ScholarDigital Library
M. Motoyama, K. Levchenko, C. Kanich, D. McCoy, G. M. Voelker, and S. Savage. Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context. In 19th USENIX Security Symposium, Washington, DC, USA, August 11-13, 2010, Proceedings, pages 435--462. USENIX Association, 2010. Google ScholarDigital Library
A. Pashalidis, N. Mavrogiannopoulos, X. Ferrer, and B. Bermejo Olaizola. For Human Eyes Only: Security and Usability Evaluation. COSIC internal report 2258, KU Leuven, 2012.Google Scholar
D. L. Schnipke and D. J. Scrams. Representing response-time information in item banks. Law School Admission Council, 1999.Google Scholar
M. J. J. Scott, M. Niranjan, and R. W. Prager. Realisable classifiers: Improving operating performance on variable cost problems. In J. N. Carter and M. S. Nixon, editors, Proceedings of the British Machine Vision Conference 1998, BMVC 1998, Southampton, UK, 1998, pages 304--315. British Machine Vision Association, 1998.Google ScholarCross Ref
L. J. Skitka and E. G. Sargis. The internet as psychological laboratory. Annual Review of Psychology, (57):529--555, 2006.Google ScholarCross Ref
R. Smith. An overview of the Tesseract OCR engine. In 9th International Conference on Document Analysis and Recognition (ICDAR 2007), 23-26 September, Curitiba, Paraná, Brazil, pages 629--633. IEEE Computer Society, 2007. Google ScholarDigital Library
R. Smith, D. Antonova, and D.-S. Lee. Adapting the Tesseract open source OCR engine for multilingual OCR. In Proceedings of the International Workshop on Multilingual OCR, MOCR '09, pages 1:1--1:8, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
H. Suh. A Study of Bayesian Estimation and Comparison of Response Time Models in Item Response Theory. PhD thesis, University of Kansas, April 2010.Google Scholar
W. J. van der Linden. A lognormal model for response times on test items. Journal of Educational and Behavioral Statistics, 31(2):181--204, 2006.Google ScholarCross Ref
W. J. van der Linden and R. K. Hambleton. Handbook of modern item response theory. Springer, 1997.Google ScholarCross Ref
J. Yan and A. S. E. Ahmad. A low-cost attack on a Microsoft CAPTCHA. In P. Ning, P. F. Syverson, and S. Jha, editors, Proceedings of the 2008 ACM Conference on Computer and Communications Security, CCS 2008, Alexandria, Virginia, USA, October 27-31, 2008, pages 543--554. ACM, 2008. Google ScholarDigital Library

Index Terms

For human eyes only: security and usability evaluation
1. Applied computing
  1. Electronic commerce
    1. Secure online transactions
2. Security and privacy

Recommendations

Your digital image: factors behind demographic and psychometric predictions from social network profiles
AAMAS '14: Proceedings of the 2014 international conference on Autonomous agents and multi-agent systems

We demonstrate how information gathered from social network profiles can be used to predict personal attributes such as gender and age, religious and political views, intelligence, happiness and personality traits. Our approach is based on applying ...
Read More
Identifying the influential bloggers in a community
WSDM '08: Proceedings of the 2008 International Conference on Web Search and Data Mining

Blogging becomes a popular way for a Web user to publish information on the Web. Bloggers write blog posts, share their likes and dislikes, voice their opinions, provide suggestions, report news, and form groups in Blogosphere. Bloggers form their ...
Read More
Predicting Dark Triad Personality Traits from Twitter Usage and a Linguistic Analysis of Tweets
ICMLA '12: Proceedings of the 2012 11th International Conference on Machine Learning and Applications - Volume 02

Social media sites are now the most popular destination for Internet users, providing social scientists with a great opportunity to understand online behaviour. There are a growing number of research papers related to social media, a small number of ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
WPES '12: Proceedings of the 2012 ACM workshop on Privacy in the electronic society
October 2012
150 pages
ISBN:9781450316637
DOI:10.1145/2381966
General Chair:
Ting Yu
North Carolina State University, USA
,
Program Chair:
Nikita Borisov
University of Illinois at Urbana-Champaign, USA
Copyright © 2012 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 15 October 2012
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
online messaging
privacy
social networks
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate106of355submissions,30%
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 6
  Total Citations
  View Citations
- 244
  Total Downloads
- Downloads (Last 12 months)7
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

For human eyes only: security and usability evaluation

WPES '12: Proceedings of the 2012 ACM workshop on Privacy in the electronic society

ABSTRACT

References

Cited By

Index Terms

Recommendations

Your digital image: factors behind demographic and psychometric predictions from social network profiles

Identifying the influential bloggers in a community

Predicting Dark Triad Personality Traits from Twitter Usage and a Linguistic Analysis of Tweets