Advertisement

On the Viability of CAPTCHAs for use in Telephony Systems: A Usability Field Study

  • Niharika SachdevaEmail author
  • Nitesh Saxena
  • Ponnurangam Kumaraguru
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7807)

Abstract

Telephony systems are imperative for information exchange offering low cost services and reachability to millions of customers. They have not only benefited legitimate users but have also opened up a convenient communication medium for spammers. Voice spam is often encountered on telephony systems in various forms, such as by means of an automated telemarketing call asking to call a number to win a reward. A large percentage of voice spam is generated through automated system which introduces the classical challenge of distinguishing machines from humans on telephony systems. CAPTCHA is a conventional solution deployed on the web to address this problem. Audio-based CAPTCHAs have been proposed as a solution to curb voice spam. In this paper, we conducted a field study with 90 participants in order to answer two primary research questions: quantifying the amount of inconvenience telephony-based CAPTCHA may cause to users, and how various features of the CAPTCHA, such as duration and size, influence usability of telephony-based CAPTCHA. Our results suggest that currently proposed CAPTCHAs are far from usable, with very low solving accuracies, high solving times and poor overall user experience. We provide certain guidelines that may help improve existing CAPTCHAs for use in telephony systems.

Keywords

Session Initiation Protocol Edit Distance Federal Trade Commission Voice Over Internet Protocol System Usability Scale 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgements

The research of the first author is supported by TCS (Tata Consultancy Service) Research Scholarship. We would like to thank Dr. Iulia Ion and Paridhi Jain for their input on the study. The authors would also like to thank International Development Research Centre (IRDC) and all members of PreCog research group at IIIT-Delhi. We would like to thank Siddhartha Asthana for helping in deployment of the system and all participants in the study.

References

  1. 1.
  2. 2.
    FTC Robocalls Challenge (2012). http://robocall.challenge.gov/submissions/
  3. 3.
    Andreas, N.K., Schmidt, U., Khayari, R.E.: Spam over internet telephony and how to deal with it. arXiv preprint arXiv:0806.1610 (2008)
  4. 4.
    Baird, H., Bentley, J., Lopresti, D., Wang, S.-Y.: Methods and Apparatus for Defending Against Telephone-Based Robotic Attacks Using Contextual-Based Degradation. United States Patent (2011)Google Scholar
  5. 5.
    Baird, H., Bentley, J., Lopresti, D., Wang, S.-Y.: Methods and Apparatus for Defending against Telephone-Based Robotic Attacks using Random Rersonal Codes. United States Patent (2011)Google Scholar
  6. 6.
    Balasubramaniyan, V.A., Poonawalla, A., Ahamad, M., Hunter, M.T., Traynor, P.: PinDr0p: using single-ended audio features to determine call provenance. In: Proceedings of the 17th ACM Conference on Computer and Communications Security. ACM (2010)Google Scholar
  7. 7.
    Bigham, J.P., Cavender, A.C.: Evaluating existing audio CAPTCHAs and an interface optimized for non-visual use. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM (2009)Google Scholar
  8. 8.
    Bonneau, D.G., Blanchard, H.E.: Human Factors and Voice Interactive Systems. Signals and Communication Technology. Springer, New York (2008)Google Scholar
  9. 9.
    Bradley, J.: Complete counterbalancing of immediate sequential effects in a latin square design. J. Am. Stat. Assoc. 53(282), 525–528 (1958)zbMATHCrossRefGoogle Scholar
  10. 10.
    Bursztein, E., Bethard, S., Fabry, C., J. Mitchell, C., Jurafsky, D.: How good are humans at solving CAPTCHAs? a large scale evaluation. In: IEEE Symposium on Security and Privacy (SP) (2010)Google Scholar
  11. 11.
  12. 12.
    Cooper, G.: Research into cognitive load theory and instructional design at UNSW. http://webmedia.unmc.edu/leis/birk/CooperCogLoad.pdf (1998)
  13. 13.
    Cranor, L.F.: A framework for reasoning about the human in the loop. In: Usability, Psychology, and Security (2008)Google Scholar
  14. 14.
    Datta, R., Li, J., Wang, J.Z.: Imagination: a robust image-based captcha generation system. In: MULTIMEDIA 2005, pp. 331–334 (2005)Google Scholar
  15. 15.
    Federal Trade Commission. Robocalls: All the rage, an FTC summit. http://www.ftc.gov/bcp/workshops/robocalls/docs/RobocallSummitTranscrip t.pdf (2012)
  16. 16.
    Sauer, G., Hochheiser, H., Feng, J., Lazar, J.: Towards a universally usable CAPTCHA. In: Symposium On Usable Privacy and Security (2008)Google Scholar
  17. 17.
    Gross, J.N.: Captcha Using Challenges Optimized for distinguishing between humans and machines. U.S. Patent Application (2009)Google Scholar
  18. 18.
    Hoffstadt, D., Sorge, C., Rebahi, Y.: Spam over internet telephony. http://www.tu-chemnitz.de/etit/kn/Zukunft_der_Netze/presentation_hoffstadt.pdf
  19. 19.
    International Telecommunication Union. Measuring the information Society. http://www.itu.int/ITU-D/ict/publications/idi/material/2012/MIS2012_wi thout_Annex_4.pdf
  20. 20.
    Elson, J., Douceur, J., Howell, J., Saul, J.: Asirra: a CAPTCHA that exploits interest-aligned manual image categorization. In: ACM Conference on Computer and Communications Security (2007)Google Scholar
  21. 21.
    Yan, J., Ahmad, A.: Usability of CAPTCHAs or usability issues in CAPTCHA design. In: Symposium on Usable Privacy and Security (2008)Google Scholar
  22. 22.
    Jakobsson, M., Akavipat, R.: Rethinking passwords to adapt to constrained keyboards. In: MoST (2012)Google Scholar
  23. 23.
    Jakobsson, M., Ramzan, Z.: Crimeware: Understanding New Attacks and Defenses. Symantec Press, Cupertino (2008)Google Scholar
  24. 24.
    Johansen, A.J.: Improvement of spit prevention technique based on turing test. Master’s thesis. Mahanakorn University of Technology (2010)Google Scholar
  25. 25.
    Kluever, K., Zanibbi, R.: Balancing usability and security in a video CAPTCHA. In: Symposium On Usable Privacy and Security, pp. 1–11 (2009)Google Scholar
  26. 26.
    Lazar et al. POSTER: Assessing the Usability of the new Radio Clip Based Human Interaction Proofs. Symposium On Usable Privacy and Security (2010)Google Scholar
  27. 27.
    Martin, S.: Hold the Phone-Will TDoS Be Your Next Big Threat? http://bankinnovation.net/2013/07/hold-the-phone-will-tdos-be-your-next-big-threat/, July 2013
  28. 28.
    Polakis, I., Kontaxis, G., Ioannidis, S.: CAPTCHuring automated (smart) phone attacks. In: SysSec Workshop (SysSec), 2011 First. IEEE (2011)Google Scholar
  29. 29.
    Quittek, J., Niccolini, S., Tartarelli, S., Stiemerling, M., Brunner, M., Ewald, T.: Detecting spit calls by checking human communication patterns. In: IEEE International Conference on Communications, ICC 2007. IEEE (2007)Google Scholar
  30. 30.
    Chow, R., Golle, P., Jakobsson, M., Wang, L., Wang, X.: Making CAPTCHAs clickable. In: HotMobile (2008)Google Scholar
  31. 31.
    Ross, S., Halderman, J., Finkelstein, A.: Sketcha: a CAPTCHA based on line drawings of 3D models. In: Conference on World Wide Web (WWW) (2010)Google Scholar
  32. 32.
    Soupionis, Y., Gritzalis, D.: Audio CAPTCHA: existing solutions assessment and a new implementation for VoIP telephony. Comput. Secur. 29, 603–618 (2010)CrossRefGoogle Scholar
  33. 33.
    Soupionis, Y., Tountas, G., Gritzalis, D.: Audio CAPTCHA for SIP-based VoIP. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009. IFIP AICT, vol. 297, pp. 25–38. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  34. 34.
    The Federal Bureau of Investigation. The Latest Phone Scam Targets Your Bank Account. http://www.fbi.gov/news/stories/2010/june/phone-scam, June 2010
  35. 35.
    Tsiakis, T., Katsaros, P., Gritzalis, D.: Economic evaluation of interactive audio media for securing internet services. In: ICGS3/e-Democracy, pp. 46–53 (2011)Google Scholar
  36. 36.
    von Ahn, L., Blum, M., Langford, J.: Telling Humans and Computers Apart (Automatically) or How Lazy Cryptographers Do AI. Computer Science Department 149 (2002)Google Scholar
  37. 37.
    Zhang, H., Wen, X., He, P., Zheng, W.: Dealing with telephone fraud using captcha. In: ICIS (2009)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Niharika Sachdeva
    • 1
    Email author
  • Nitesh Saxena
    • 2
  • Ponnurangam Kumaraguru
    • 1
  1. 1.IIIT-DelhiNew DelhiIndia
  2. 2.University of Alabama at BirminghamBirminghamUSA

Personalised recommendations