Visible to the public Biblio

Found 1260 results

Filters: Keyword is security of data  [Clear All Filters]
2020-09-21
Marcinkevicius, Povilas, Bagci, Ibrahim Ethem, Abdelazim, Nema M., Woodhead, Christopher S., Young, Robert J., Roedig, Utz.  2019.  Optically Interrogated Unique Object with Simulation Attack Prevention. 2019 Design, Automation Test in Europe Conference Exhibition (DATE). :198–203.
A Unique Object (UNO) is a physical object with unique characteristics that can be measured externally. The usually analogue measurement can be converted into a digital representation - a fingerprint - which uniquely identifies the object. For practical applications it is necessary that measurements can be performed without the need of specialist equipment or complex measurement setup. Furthermore, a UNO should be able to defeat simulation attacks; an attacker may replace the UNO with a device or system that produces the expected measurement. Recently a novel type of UNOs based on Quantum Dots (QDs) and exhibiting unique photo-luminescence properties has been proposed. The uniqueness of these UNOs is based on quantum effects that can be interrogated using a light source and a camera. The so called Quantum Confinement UNO (QCUNO) responds uniquely to different light excitation levels which is exploited for simulation attack protection, as opposed to focusing on features too small to reproduce and therefore difficult to measure. In this paper we describe methods for extraction of fingerprints from the QCUNO. We evaluate our proposed methods using 46 UNOs in a controlled setup. Focus of the evaluation are entropy, error resilience and the ability to detect simulation attacks.
Corneci, Vlad-Mihai, Carabas, Costin, Deaconescu, Razvan, Tapus, Nicolae.  2019.  Adding Custom Sandbox Profiles to iOS Apps. 2019 18th RoEduNet Conference: Networking in Education and Research (RoEduNet). :1–5.
The massive adoption of mobile devices by both individuals and companies is raising many security concerns. The fact that such devices are handling sensitive data makes them a target for attackers. Many attack prevention mechanisms are deployed with a last line of defense that focuses on the containment principle. Currently, iOS treats each 3rd party application alike which may lead to security flaws. We propose a framework in which each application has a custom sandboxed environment. We investigated the current confinement architecture used by Apple and built a solution on top of it.
Manikandan, G., Suresh, K., Annabel, L. Sherly Puspha.  2019.  Performance Analysis of Cluster based Secured Key Management Schemes in WSN. 2019 International Conference on Smart Systems and Inventive Technology (ICSSIT). :944–948.
Wireless Sensor Networks (WSNs) utilizes many dedicated sensors for large scale networks in order to record and monitor the conditions over the environment. Cluster-Based Wireless Sensor Networks (CBWSNs) elucidates essential challenges like routing, load balancing, and lifetime of a network and so on. Conversely, security relies a major challenge in CBWSNs by limiting its resources or not forwarding the data to the other clusters. Wireless Sensor Networks utilize different security methods to offer secure information transmission. Encryption of information records transferred into various organizations thus utilizing a very few systems are the normal practices to encourage high information security. For the most part, such encoded data and also the recovery of unique data depend on symmetric or asymmetric key sets. Collectively with the evolution of security advances, unfruitful or unauthorized endeavors have been made by different illicit outsiders to snip the transmitted information and mystery keys deviously, bother the transmission procedure or misshape the transmitted information and keys. Sometimes, the limitations made in the correspondence channel, transmitting and receiving devices might weaken information security and discontinue a critical job to perform. Thus, in this paper we audit the current information security design and key management framework in WSN. Based on this audit and recent security holes, this paper recommends a plausible incorporated answer for secure transmission of information and mystery keys to address these confinements. Thus, consistent and secure clusters is required to guarantee appropriate working of CBWSNs.
Razaque, Abdul, Almiani, Muder, khan, Meer Jaro, Magableh, Basel, Al-Dmour, Ayman, Al-Rahayfeh, Amer.  2019.  Fuzzy-GRA Trust Model for Cloud Risk Management. 2019 Sixth International Conference on Software Defined Systems (SDS). :179–185.
Cloud computing is not adequately secure due to the currently used traditional trust methods such as global trust model and local trust model. These are prone to security vulnerabilities. This paper introduces a trust model based on the fuzzy mathematics and gray relational theory. Fuzzy mathematics and gray relational analysis (Fuzzy-GRA) aims to improve the poor dynamic adaptability of cloud computing. Fuzzy-GRA platform is used to test and validate the behavior of the model. Furthermore, our proposed model is compared to other known models. Based on the experimental results, we prove that our model has the edge over other existing models.
Razin, Yosef, Feigh, Karen.  2019.  Toward Interactional Trust for Humans and Automation: Extending Interdependence. 2019 IEEE SmartWorld, Ubiquitous Intelligence Computing, Advanced Trusted Computing, Scalable Computing Communications, Cloud Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI). :1348–1355.
Trust in human-automation interaction is increasingly imperative as AI and robots become ubiquitous at home, school, and work. Interdependence theory allows for the identification of one-on-one interactions that require trust by analyzing the structure of the potential outcomes. This paper synthesizes multiple, formerly disparate research approaches by extending Interdependence theory to create a unified framework for outcome-based trust in human-automation interaction. This framework quantitatively contextualizes validated empirical results from social psychology on relationship formation, stability, and betrayal. It also contributes insights into trust-related concepts, such as power and commitment, which help further our understanding of trustworthy system design. This new integrated interactional approach reveals how trust and trustworthiness machines from merely reliable tools to trusted teammates working hand-in-actuator toward an automated future.
Rehman, Ateeq Ur, Jiang, Aimin, Rehman, Abdul, Paul, Anand.  2019.  Weighted Based Trustworthiness Ranking in Social Internet of Things by using Soft Set Theory. 2019 IEEE 5th International Conference on Computer and Communications (ICCC). :1644–1648.
Internet of Things (IoT) is an evolving research area for the last two decades. The integration of the IoT and social networking concept results in developing an interdisciplinary research area called the Social Internet of Things (SIoT). The SIoT is dominant over the traditional IoT because of its structure, implementation, and operational manageability. In the SIoT, devices interact with each other independently to establish a social relationship for collective goals. To establish trustworthy relationships among the devices significantly improves the interaction in the SIoT and mitigates the phenomenon of risk. The problem is to choose a trustworthy node who is most suitable according to the choice parameters of the node. The best-selected node by one node is not necessarily the most suitable node for other nodes, as the trustworthiness of the node is independent for everyone. We employ some theoretical characterization of the soft-set theory to deal with this kind of decision-making problem. In this paper, we developed a weighted based trustworthiness ranking model by using soft set theory to evaluate the trustworthiness in the SIoT. The purpose of the proposed research is to reduce the risk of fraudulent transactions by identifying the most trusted nodes.
Chow, Ka-Ho, Wei, Wenqi, Wu, Yanzhao, Liu, Ling.  2019.  Denoising and Verification Cross-Layer Ensemble Against Black-box Adversarial Attacks. 2019 IEEE International Conference on Big Data (Big Data). :1282–1291.
Deep neural networks (DNNs) have demonstrated impressive performance on many challenging machine learning tasks. However, DNNs are vulnerable to adversarial inputs generated by adding maliciously crafted perturbations to the benign inputs. As a growing number of attacks have been reported to generate adversarial inputs of varying sophistication, the defense-attack arms race has been accelerated. In this paper, we present MODEF, a cross-layer model diversity ensemble framework. MODEF intelligently combines unsupervised model denoising ensemble with supervised model verification ensemble by quantifying model diversity, aiming to boost the robustness of the target model against adversarial examples. Evaluated using eleven representative attacks on popular benchmark datasets, we show that MODEF achieves remarkable defense success rates, compared with existing defense methods, and provides a superior capability of repairing adversarial inputs and making correct predictions with high accuracy in the presence of black-box attacks.
Fang, Zheng, Fu, Hao, Gu, Tianbo, Qian, Zhiyun, Jaeger, Trent, Mohapatra, Prasant.  2019.  ForeSee: A Cross-Layer Vulnerability Detection Framework for the Internet of Things. 2019 IEEE 16th International Conference on Mobile Ad Hoc and Sensor Systems (MASS). :236–244.
The exponential growth of Internet-of-Things (IoT) devices not only brings convenience but also poses numerous challenging safety and security issues. IoT devices are distributed, highly heterogeneous, and more importantly, directly interact with the physical environment. In IoT systems, the bugs in device firmware, the defects in network protocols, and the design flaws in system configurations all may lead to catastrophic accidents, causing severe threats to people's lives and properties. The challenge gets even more escalated as the possible attacks may be chained together in a long sequence across multiple layers, rendering the current vulnerability analysis inapplicable. In this paper, we present ForeSee, a cross-layer formal framework to comprehensively unveil the vulnerabilities in IoT systems. ForeSee generates a novel attack graph that depicts all of the essential components in IoT, from low-level physical surroundings to high-level decision-making processes. The corresponding graph-based analysis then enables ForeSee to precisely capture potential attack paths. An optimization algorithm is further introduced to reduce the computational complexity of our analysis. The illustrative case studies show that our multilayer modeling can capture threats ignored by the previous approaches.
Wang, An, Mohaisen, Aziz, Chen, Songqing.  2019.  XLF: A Cross-layer Framework to Secure the Internet of Things (IoT). 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS). :1830–1839.
The burgeoning Internet of Things (IoT) has offered unprecedented opportunities for innovations and applications that are continuously changing our life. At the same time, the large amount of pervasive IoT applications have posed paramount threats to the user's security and privacy. While a lot of efforts have been dedicated to deal with such threats from the hardware, the software, and the applications, in this paper, we argue and envision that more effective and comprehensive protection for IoT systems can only be achieved via a cross-layer approach. As such, we present our initial design of XLF, a cross-layer framework towards this goal. XLF can secure the IoT systems not only from each individual layer of device, network, and service, but also through the information aggregation and correlation of different layers.
2020-09-18
Guo, Xiaolong, Dutta, Raj Gautam, He, Jiaji, Tehranipoor, Mark M., Jin, Yier.  2019.  QIF-Verilog: Quantitative Information-Flow based Hardware Description Languages for Pre-Silicon Security Assessment. 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). :91—100.
Hardware vulnerabilities are often due to design mistakes because the designer does not sufficiently consider potential security vulnerabilities at the design stage. As a result, various security solutions have been developed to protect ICs, among which the language-based hardware security verification serves as a promising solution. The verification process will be performed while compiling the HDL of the design. However, similar to other formal verification methods, the language-based approach also suffers from scalability issue. Furthermore, existing solutions either lead to hardware overhead or are not designed for vulnerable or malicious logic detection. To alleviate these challenges, we propose a new language based framework, QIF-Verilog, to evaluate the trustworthiness of a hardware system at register transfer level (RTL). This framework introduces a quantified information flow (QIF) model and extends Verilog type systems to provide more expressiveness in presenting security rules; QIF is capable of checking the security rules given by the hardware designer. Secrets are labeled by the new type and then parsed to data flow, to which a QIF model will be applied. To demonstrate our approach, we design a compiler for QIF-Verilog and perform vulnerability analysis on benchmarks from Trust-Hub and OpenCore. We show that Trojans or design faults that leak information from circuit outputs can be detected automatically, and that our method evaluates the security of the design correctly.
Zolanvari, Maede, Teixeira, Marcio A., Gupta, Lav, Khan, Khaled M., Jain, Raj.  2019.  Machine Learning-Based Network Vulnerability Analysis of Industrial Internet of Things. IEEE Internet of Things Journal. 6:6822—6834.
It is critical to secure the Industrial Internet of Things (IIoT) devices because of potentially devastating consequences in case of an attack. Machine learning (ML) and big data analytics are the two powerful leverages for analyzing and securing the Internet of Things (IoT) technology. By extension, these techniques can help improve the security of the IIoT systems as well. In this paper, we first present common IIoT protocols and their associated vulnerabilities. Then, we run a cyber-vulnerability assessment and discuss the utilization of ML in countering these susceptibilities. Following that, a literature review of the available intrusion detection solutions using ML models is presented. Finally, we discuss our case study, which includes details of a real-world testbed that we have built to conduct cyber-attacks and to design an intrusion detection system (IDS). We deploy backdoor, command injection, and Structured Query Language (SQL) injection attacks against the system and demonstrate how a ML-based anomaly detection system can perform well in detecting these attacks. We have evaluated the performance through representative metrics to have a fair point of view on the effectiveness of the methods.
Ameli, Amir, Hooshyar, Ali, El-Saadany, Ehab F..  2019.  Development of a Cyber-Resilient Line Current Differential Relay. IEEE Transactions on Industrial Informatics. 15:305—318.
The application of line current differential relays (LCDRs) to protect transmission lines has recently proliferated. However, the reliance of LCDRs on digital communication channels has raised growing cyber-security concerns. This paper investigates the impacts of false data injection attacks (FDIAs) on the performance of LCDRs. It also develops coordinated attacks that involve multiple components, including LCDRs, and can cause false line tripping. Additionally, this paper proposes a technique for detecting FDIAs against LCDRs and differentiating them from actual faults in two-terminal lines. In this method, when an LCDR detects a fault, instead of immediately tripping the line, it calculates and measures the superimposed voltage at its local terminal, using the proposed positive-sequence (PS) and negative-sequence (NS) submodules. To calculate this voltage, the LCDR models the protected line in detail and replaces the rest of the system with a Thevenin equivalent that produces accurate responses at the line terminals. Afterwards, remote current measurement is utilized by the PS and NS submodules to compute each sequence's superimposed voltage. A difference between the calculated and the measured superimposed voltages in any sequence reveals that the remote current measurements are not authentic. Thus, the LCDR's trip command is blocked. The effectiveness of the proposed method is corroborated using simulation results for the IEEE 39-bus test system. The performance of the proposed method is also tested using an OPAL real-time simulator.
Hong, Junho, Nuqui, Reynaldo F., Kondabathini, Anil, Ishchenko, Dmitry, Martin, Aaron.  2019.  Cyber Attack Resilient Distance Protection and Circuit Breaker Control for Digital Substations. IEEE Transactions on Industrial Informatics. 15:4332—4341.
This paper proposes new concepts for detecting and mitigating cyber attacks on substation automation systems by domain-based cyber-physical security solutions. The proposed methods form the basis of a distributed security domain layer that enables protection devices to collaboratively defend against cyber attacks at substations. The methods utilize protection coordination principles to cross check protection setting changes and can run real-time power system analysis to evaluate the impact of the control commands. The transient fault signature (TFS)-based cross-correlation coefficient algorithm has been proposed to detect the false sampled values data injection attack. The proposed functions were verified in a hardware-in-the-loop (HIL) simulation using commercial relays and a real-time digital simulator (RTDS). Various types of cyber intrusions are tested using this test bed to evaluate the consequences and impacts of cyber attacks to power grid as well as to validate the performance of the proposed research-grade cyber attack mitigation functions.
Rasapour, Farhad, Serra, Edoardo, Mehrpouyan, Hoda.  2019.  Framework for Detecting Control Command Injection Attacks on Industrial Control Systems (ICS). 2019 Seventh International Symposium on Computing and Networking (CANDAR). :211—217.
This paper focuses on the design and development of attack models on the sensory channels and an Intrusion Detection system (IDS) to protect the system from these types of attacks. The encoding/decoding formulas are defined to inject a bit of data into the sensory channel. In addition, a signal sampling technique is utilized for feature extraction. Further, an IDS framework is proposed to reside on the devices that are connected to the sensory channels to actively monitor the signals for anomaly detection. The results obtained based on our experiments have shown that the one-class SVM paired with Fourier transformation was able to detect new or Zero-day attacks.
Kaji, Shugo, Kinugawa, Masahiro, Fujimoto, Daisuke, Hayashi, Yu-ichi.  2019.  Data Injection Attack Against Electronic Devices With Locally Weakened Immunity Using a Hardware Trojan. IEEE Transactions on Electromagnetic Compatibility. 61:1115—1121.
Intentional electromagnetic interference (IEMI) of information and communication devices is based on high-power electromagnetic environments far exceeding the device immunity to electromagnetic interference. IEMI dramatically alters the electromagnetic environment throughout the device by interfering with the electromagnetic waves inside the device and destroying low-tolerance integrated circuits (ICs) and other elements, thereby reducing the availability of the device. In contrast, in this study, by using a hardware Trojan (HT) that is quickly mountable by physically accessing the devices, to locally weaken the immunity of devices, and then irradiating electromagnetic waves of a specific frequency, only the attack targets are intentionally altered electromagnetically. Therefore, we propose a method that uses these electromagnetic changes to rewrite or generate data and commands handled within devices. Specifically, targeting serial communication systems used inside and outside the devices, the installation of an HT on the communication channel weakens local immunity. This shows that it is possible to generate an electrical signal representing arbitrary data on the communication channel by applying electromagnetic waves of sufficiently small output compared with the conventional IEMI and letting the IC process the data. In addition, we explore methods for countering such attacks.
Kleckler, Michelle, Mohajer, Soheil.  2019.  Secure Determinant Codes: A Class of Secure Exact-Repair Regenerating Codes. 2019 IEEE International Symposium on Information Theory (ISIT). :211—215.
{1 We present a construction for exact-repair regenerating codes with an information-theoretic secrecy guarantee against an eavesdropper with access to the content of (up to) ℓ nodes. The proposed construction works for the entire range of per-node storage and repair bandwidth for any distributed storage system with parameters (n
2020-09-14
Du, Jia, Wang, Zhe, Yang, Junqiang, Song, Xiaofeng.  2019.  Research on Cognitive Linkage of Network Security Equipment. 2019 International Conference on Robots Intelligent System (ICRIS). :296–298.
To solve the problems of weak linkage ability and low intellectualization of strategy allocation in existing network security devices, a new method of cognitive linkage of network security equipment is proposed by learning from human brain. Firstly, the basic connotation and cognitive cycle of cognitive linkage are expounded. Secondly, the main functions of cognitive linkage are clarified. Finally, the cognitive linkage system model is constructed, and the information process flow of cognitive linkage is described. Cognitive linkage of network security equipment provides a new way to effectively enhance the overall protection capability of network security equipment.
Kim, Seungmin, Kim, Sangwoo, Nam, Ki-haeng, Kim, Seonuk, Kwon, Kook-huei.  2019.  Cyber Security Strategy for Nuclear Power Plant through Vital Digital Assets. 2019 International Conference on Computational Science and Computational Intelligence (CSCI). :224–226.
As nuclear power plant Instrumentation and Control(I&C) systems have turned into digital systems, the possibility of cyber-attacks has increased. To protect the nuclear power plant from cyber-attacks, digital assets are classified and managed as critical digital assets which have safety, security and emergency preparedness functions. However, critical digital assets represent 70-80% of total digital assets, and applying and managing the same security control is inefficient. Therefore, this paper presents the criteria for identifying digital assets that are classified as vital digital assets that can directly affect the serious accidents of nuclear power plants.
Liang, Xiao, Ma, Lixin, An, Ningyu, Jiang, Dongxiao, Li, Chenggang, Chen, Xiaona, Zhao, Lijiao.  2019.  Ontology Based Security Risk Model for Power Terminal Equipment. 2019 12th International Symposium on Computational Intelligence and Design (ISCID). 2:212–216.
IoT based technology are drastically accelerating the informationization development of the power grid system of China that consists of a huge number of power terminal devices interconnected by the network of electric power IoT. However, the networked power terminal equipment oriented cyberspace security has continually become a challenging problem as network attack is continually varying and evolving. In this paper, we concentrate on the security risk of power terminal equipment and their vulnerability based on ATP attack detection and defense. We first analyze the attack mechanism of APT security attack based on power terminal equipment. Based on the analysis of the security and attack of power IoT terminal device, an ontology-based knowledge representation method of power terminal device and its vulnerability is proposed.
Eggendorfer, Tobias, Eiseler, Volker.  2019.  On the Relevance of IT Security in TDL. 2019 International Conference on Computational Science and Computational Intelligence (CSCI). :220–223.
Tactical Data Links (TDL) and Computer Science meet usually when it comes to interoperability andimplementation. However looking at it from an IT security perspective, some interesting issues occur. These become more relevant the more military hard-and software is built using commercial of the shelf (COTS) systems, that are usually implemented using standard Internet technology and software development patterns. This paper looks at Link 16, Link 11 and VMF security considerations and how compatible they are to current IT security standards. Typical security issues are discussed and concepts to mitigate them presented, which however need to be analysed for their suitability to TDL.
2020-09-11
Shukla, Ankur, Katt, Basel, Nweke, Livinus Obiora.  2019.  Vulnerability Discovery Modelling With Vulnerability Severity. 2019 IEEE Conference on Information and Communication Technology. :1—6.
Web browsers are primary targets of attacks because of their extensive uses and the fact that they interact with sensitive data. Vulnerabilities present in a web browser can pose serious risk to millions of users. Thus, it is pertinent to address these vulnerabilities to provide adequate protection for personally identifiable information. Research done in the past has showed that few vulnerability discovery models (VDMs) highlight the characterization of vulnerability discovery process. In these models, severity which is one of the most crucial properties has not been considered. Vulnerabilities can be categorized into different levels based on their severity. The discovery process of each kind of vulnerabilities is different from the other. Hence, it is essential to incorporate the severity of the vulnerabilities during the modelling of the vulnerability discovery process. This paper proposes a model to assess the vulnerabilities present in the software quantitatively with consideration for the severity of the vulnerabilities. It is possible to apply the proposed model to approximate the number of vulnerabilities along with vulnerability discovery rate, future occurrence of vulnerabilities, risk analysis, etc. Vulnerability data obtained from one of the major web browsers (Google Chrome) is deployed to examine goodness-of-fit and predictive capability of the proposed model. Experimental results justify the fact that the model proposed herein can estimate the required information better than the existing VDMs.
Eskandarian, Saba, Cogan, Jonathan, Birnbaum, Sawyer, Brandon, Peh Chang Wei, Franke, Dillon, Fraser, Forest, Garcia, Gaspar, Gong, Eric, Nguyen, Hung T., Sethi, Taresh K. et al..  2019.  Fidelius: Protecting User Secrets from Compromised Browsers. 2019 IEEE Symposium on Security and Privacy (SP). :264—280.
Users regularly enter sensitive data, such as passwords, credit card numbers, or tax information, into the browser window. While modern browsers provide powerful client-side privacy measures to protect this data, none of these defenses prevent a browser compromised by malware from stealing it. In this work, we present Fidelius, a new architecture that uses trusted hardware enclaves integrated into the browser to enable protection of user secrets during web browsing sessions, even if the entire underlying browser and OS are fully controlled by a malicious attacker. Fidelius solves many challenges involved in providing protection for browsers in a fully malicious environment, offering support for integrity and privacy for form data, JavaScript execution, XMLHttpRequests, and protected web storage, while minimizing the TCB. Moreover, interactions between the enclave and the browser, the keyboard, and the display all require new protocols, each with their own security considerations. Finally, Fidelius takes into account UI considerations to ensure a consistent and simple interface for both developers and users. As part of this project, we develop the first open source system that provides a trusted path from input and output peripherals to a hardware enclave with no reliance on additional hypervisor security assumptions. These components may be of independent interest and useful to future projects. We implement and evaluate Fidelius to measure its performance overhead, finding that Fidelius imposes acceptable overhead on page load and user interaction for secured pages and has no impact on pages and page components that do not use its enhanced security features.
Kim, Donghoon, Sample, Luke.  2019.  Search Prevention with Captcha Against Web Indexing: A Proof of Concept. 2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC). :219—224.
A website appears in search results based on web indexing conducted by a search engine bot (e.g., a web crawler). Some webpages do not want to be found easily because they include sensitive information. There are several methods to prevent web crawlers from indexing in search engine database. However, such webpages can still be indexed by malicious web crawlers. Through this study, we explore a paradox perspective on a new use of captchas for search prevention. Captchas are used to prevent web crawlers from indexing by converting sensitive words to captchas. We have implemented the web-based captcha conversion tool based on our search prevention algorithm. We also describe our proof of concept with the web-based chat application modified to utilize our algorithm. We have conducted the experiment to evaluate our idea on Google search engine with two versions of webpages, one containing plain text and another containing sensitive words converted to captchas. The experiment results show that the sensitive words on the captcha version of the webpages are unable to be found by Google's search engine, while the plain text versions are.
Zhang, Yang, Gao, Haichang, Pei, Ge, Luo, Sainan, Chang, Guoqin, Cheng, Nuo.  2019.  A Survey of Research on CAPTCHA Designing and Breaking Techniques. 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :75—84.
The Internet plays an increasingly important role in people's lives, but it also brings security problems. CAPTCHA, which stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart, has been widely used as a security mechanism. This paper outlines the scientific and technological progress in both the design and attack of CAPTCHAs related to these three CAPTCHA categories. It first presents a comprehensive survey of recent developments for each CAPTCHA type in terms of usability, robustness and their weaknesses and strengths. Second, it summarizes the attack methods for each category. In addition, the differences between the three CAPTCHA categories and the attack methods will also be discussed. Lastly, this paper provides suggestions for future research and proposes some problems worthy of further study.
Ababtain, Eman, Engels, Daniel.  2019.  Gestures Based CAPTCHAs the Use of Sensor Readings to Solve CAPTCHA Challenge on Smartphones. 2019 International Conference on Computational Science and Computational Intelligence (CSCI). :113—119.
We present novel CAPTCHA challenges based on user gestures designed for mobile. A gesture CAPTCHA challenge is a security mechanism to prevent malware from gaining access to network resources from mobile. Mobile devices contain a number of sensors that record the physical movement of the device. We utilized the accelerometer and gyroscope data as inputs to our novel CAPTCHAs to capture the physical manipulation of the device. We conducted an experimental study on a group of people. We discovered that younger people are able to solve this type of CAPTCHA challenges successfully in a short amount of time. We found that using accelerometer readings produces issues for some older people.