A. Pashalidis, Nikos Mavrogiannopoulos, Xavier Ferrer Aran, Beñat Bermejo Olaizola
{"title":"仅供人眼使用:安全性和可用性评估","authors":"A. Pashalidis, Nikos Mavrogiannopoulos, Xavier Ferrer Aran, Beñat Bermejo Olaizola","doi":"10.1145/2381966.2381984","DOIUrl":null,"url":null,"abstract":"This paper presents 'For Human Eyes Only' (FHEO), our Firefox extension that enables one to conveniently post online messages, such as short emails, comments, and tweets in a form that discourages automatic processing of these messages. Similar to CAPTCHA systems, FHEO distorts the text to various extents. We provide a security analysis of its four default distortion profiles as well as a usability analysis that shows how these profiles affect response time and accurate understanding. Our results illustrate the security/usability tradeoffs that arise in the face of adversaries that use current, off-the-shelf optical character recognition technology in order to launch a variety of attacks. Two profiles, in particular, achieve a level of protection that seems to justify their respective usability degradation in many situations. The 'strongest' distortion profile, however, does not seem to provide a large additional security margin against the adversaries we considered.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"84 1","pages":"129-140"},"PeriodicalIF":0.0000,"publicationDate":"2012-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"For human eyes only: security and usability evaluation\",\"authors\":\"A. Pashalidis, Nikos Mavrogiannopoulos, Xavier Ferrer Aran, Beñat Bermejo Olaizola\",\"doi\":\"10.1145/2381966.2381984\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper presents 'For Human Eyes Only' (FHEO), our Firefox extension that enables one to conveniently post online messages, such as short emails, comments, and tweets in a form that discourages automatic processing of these messages. Similar to CAPTCHA systems, FHEO distorts the text to various extents. We provide a security analysis of its four default distortion profiles as well as a usability analysis that shows how these profiles affect response time and accurate understanding. Our results illustrate the security/usability tradeoffs that arise in the face of adversaries that use current, off-the-shelf optical character recognition technology in order to launch a variety of attacks. Two profiles, in particular, achieve a level of protection that seems to justify their respective usability degradation in many situations. The 'strongest' distortion profile, however, does not seem to provide a large additional security margin against the adversaries we considered.\",\"PeriodicalId\":74537,\"journal\":{\"name\":\"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society\",\"volume\":\"84 1\",\"pages\":\"129-140\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-10-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2381966.2381984\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2381966.2381984","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 8
摘要
本文介绍了“For Human Eyes Only”(FHEO),我们的Firefox扩展,它使人们能够方便地发布在线消息,如短邮件,评论和推文,以一种不鼓励自动处理这些消息的形式。与CAPTCHA系统类似,FHEO会在不同程度上扭曲文本。我们提供了四种默认失真配置文件的安全性分析,以及显示这些配置文件如何影响响应时间和准确理解的可用性分析。我们的结果说明了在面对使用当前现成的光学字符识别技术以发起各种攻击的对手时出现的安全性/可用性权衡。特别是两个概要文件,它们实现了一定程度的保护,这似乎证明了它们在许多情况下各自的可用性退化是合理的。然而,对于我们所考虑的对手,“最强”失真配置文件似乎并没有提供很大的额外安全裕度。
For human eyes only: security and usability evaluation
This paper presents 'For Human Eyes Only' (FHEO), our Firefox extension that enables one to conveniently post online messages, such as short emails, comments, and tweets in a form that discourages automatic processing of these messages. Similar to CAPTCHA systems, FHEO distorts the text to various extents. We provide a security analysis of its four default distortion profiles as well as a usability analysis that shows how these profiles affect response time and accurate understanding. Our results illustrate the security/usability tradeoffs that arise in the face of adversaries that use current, off-the-shelf optical character recognition technology in order to launch a variety of attacks. Two profiles, in particular, achieve a level of protection that seems to justify their respective usability degradation in many situations. The 'strongest' distortion profile, however, does not seem to provide a large additional security margin against the adversaries we considered.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
