Privacy-preserving, user-centric VoIP CAPTCHA challenges

Aimilia Tasidou (Department of Electrical and Computer Engineering, Democritus University of Thrace, Xanthi, Greece)
Pavlos S. Efraimidis (Department of Electrical and Computer Engineering, Democritus University of Thrace, Xanthi, Greece)
Yannis Soupionis (Institute for the Protection and Security of the Citizen, Joint Research Center, European Commission, Ispra, Italy)
Lilian Mitrou (Deptartment of Information and Communication Systems Engineering, University of the Aegean, Samos, Greece)
Vasilios Katos (Department of Computing,Bournemouth University, Bournemouth, UK)

Information and Computer Security

ISSN: 2056-4961

Publication date: 14 March 2016

Abstract

Purpose

This work aims to argue that it is possible to address discrimination issues that naturally arise in contemporary audio CAPTCHA challenges and potentially enhance the effectiveness of audio CAPTCHA systems by adapting the challenges to the user characteristics.

Design/methodology/approach

A prototype has been designed, called PrivCAPTCHA, to offer privacy-preserving, user-centric CAPTCHA challenges. Anonymous credential proofs are integrated into the Session Initiation Protocol (SIP) protocol and the approach is evaluated in a real-world Voice over Internet Protocol (VoIP) environment.

Findings

The results of this work indicate that it is possible to create VoIP CAPTCHA services offering privacy-preserving, user-centric challenges while maintaining sufficient efficiency.

Research limitations/implications

The proposed approach was evaluated through an experimental implementation to demonstrate its feasibility. Additional features, such as appropriate user interfaces and efficiency optimisations, would be useful for a commercial product. Security measures to protect the system from attacks against the SIP protocol would be useful to counteract the effects of the introduced overhead. Future research could investigate the use of this approach on non-audio CAPTCHA services.

Practical implications

PrivCAPTCHA is expected to achieve fairer, non-discriminating CAPTCHA services while protecting the user’s privacy. Adoption success relies upon the general need for employment of privacy-preserving practices in electronic interactions.

Social implications

This approach is expected to enhance the quality of life of users, who will now receive CAPTCHA challenges closer to their characteristics. This applies especially to users with disabilities. Additionally, as a privacy-preserving service, this approach is expected to increase trust during the use of services that use it.

Originality/value

To the best of authors’ knowledge, this is the first comprehensive proposal for privacy-preserving CAPTCHA challenge adaptation. The proposed system aims at providing an improved CAPTCHA service that is more appropriate for and trusted by human users.

Keywords

Citation

Tasidou, A., Efraimidis, P., Soupionis, Y., Mitrou, L. and Katos, V. (2016), "Privacy-preserving, user-centric VoIP CAPTCHA challenges", Information and Computer Security, Vol. 24 No. 1, pp. 2-19. https://doi.org/10.1108/ICS-07-2014-0046

Download as .RIS

Publisher

:

Emerald Group Publishing Limited

Copyright © 2016, Emerald Group Publishing Limited

Please note you might not have access to this content

You may be able to access this content by login via Shibboleth, Open Athens or with your Emerald account.
If you would like to contact us about accessing this content, click the button and fill out the form.
To rent this content from Deepdyve, please click the button.