A security mechanism to increase confidence in m-transactions

Pequegnot, David; Cart-Lamy, Laurent; Thomas, Aurélien; Tigeon, Thibault; Iguchi-Cartigny, Julien; Lanet, Jean-Louis

doi:10.1109/crisis.2011.6061836

Cited by 6 publications

(4 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Yeh et al [18] introduced a mobile user authentication system in cloud environments that uses CAPTCHA to protect cloud servers against malicious registrations and logins. Pequegnot et al [19] suggested to use CAPTCHA to improve the security of PIN codes on mobile devices against automated attacks. Recently, Althamary el al.…”

Section: Captcha Strengthened Authentication and Its Alternativesmentioning

confidence: 99%

Invisible CAPPCHA: A usable mechanism to distinguish between malware and humans on the mobile IoT

Guerar

Merlo

Migliardi

et al. 2018

Computers & Security

View full text Add to dashboard Cite

Smartphone devices are often assuming the role of edge systems in mobile IoT scenarios and the access to cloud-based services through smartphones, for transmitting multiple sensory data related to human activities, often implying some lawful evidence, has become increasingly common. Thus the need for protecting such transactions from abuses and frauds based on automation techniques is now a critical issue. The most widely adopted method to prevent unauthorized access and abuse of a service by malicious software automation is CAPTCHA. However, trying to strengthen CAPTCHA resilience to automated attacks has led to challenges that, while still being vulnerable, are both difficult and unpleasant for humans. Hence, the strong need for a mechanism that is both secure and usable. In this paper, we present Invisible CAPPCHA, a mechanism that, leveraging trusted sensors embedded in a secure element located on a smartphone is capable of separating humans from computers in a way that is completely transparent to users. Furthermore, as no challenge is required, no additional time is needed and the user cannot fail it by mistake. Compared to the state of the art, our proposal is both secure and more user friendly, lending itself optimally to secure mobile cloud services.

show abstract

Section: Captcha Strengthened Authentication and Its Alternativesmentioning

confidence: 99%

Invisible CAPPCHA: A usable mechanism to distinguish between malware and humans on the mobile IoT

Guerar

Merlo

Migliardi

et al. 2018

Computers & Security

View full text Add to dashboard Cite

show abstract

“…Pequegnot et al [11] insisted to use CAPTCHA to enhance the security of PIN codes against automated attacks in mobile devices. To improve the protection of passwords against various attacks Althamary et al [12] proposed a CAPTCHA based authentication in the cloud environment.…”

Section: Literature Reviewmentioning

confidence: 99%

Color Channel CAPTCHA: A Secure Scheme for Cloud Environment

Chithra*,

Sathya

2019

IJITEE

View full text Add to dashboard Cite

Abuse of cloud services consequently unauthorized access to cloud data by malicious software automation is prevented by CAPTCHA. The secure usable mechanism is mandatory for resilience to automate attacks accordingly to create pleasant challenges. In this paper, we propose a novel image-based graphical Color Channel CAPTCHA scheme to distinguish between malware and humans for data security in the cloud environment. This color channel CAPTCHA is designed with 2 X 2 grids of different color channels with micro invisible circles or less visible moving circles. This simple challenge is completed by click on the specified circles in the given order with very less solving time, while compared to the state of the art. The experimental study has been conducted among 41 participants on both usability and performance of color channel CAPTCHA.

show abstract

“…Thus, it requires the selection of some elements in the grid, instead of traditional textual CAPTCHAs that requires inputting a string of characters using the mobile keyboard, which results to be challenging. Despite showing some advantages, this scheme has Pequegnot et al [11] proposed an authentication mechanism based on graphical Turing test to increase the confidence in mobile transactions. Their mechanism consists of typing a secure code of three-digit displayed in a CAPTCHA, in addition to the four-PIN digits.…”

Section: Related Workmentioning

confidence: 99%

“…As stated above, we also assume that the sensitive application is running in a TEE or a SE, and is protected with a common PIN code. Despite the strong isolation provided by TEE and SE to protect sensitive applications, the malicious code running in Android OS can steal the user's PIN code (see e.g., [32,33,34,35]) and replay this PIN in the next authentication session to execute unwanted transactions without the user's consent [11]. , most of the current applications running on mobile devices still use PIN codes to authenticate the user that aims to access sensitive services/data or to perform security-critical transactions.…”

Section: Assumptions and Threat Modelmentioning

confidence: 99%