ZKSENSE: A Friction-less Privacy-Preserving Human Attestation Mechanism for Mobile Devices-Reference-Cited by-同舟云学术

ZKSENSE: A Friction-less Privacy-Preserving Human Attestation Mechanism for Mobile Devices

Published:2021-07-23 Issue:4 Volume:2021 Page:6-29
ISSN:2299-0984
Container-title:Proceedings on Privacy Enhancing Technologies
language:en
Short-container-title:

Author:

Querejeta-Azurmendi Iñigo¹,Papadopoulos Panagiotis²,Varvello Matteo³,Nappa Antonio⁴,Zhang Jiexin⁵,Livshits Benjamin⁶

Affiliation:

1. Universidad Carlos III Madrid / ITFI, CSIC. Part of the work performed while working at Brave Software .

2. Telefónica Research

3. Bell Labs

4. University of California , Berkeley

5. University of Cambridge

6. Brave Software/Imperial College

Abstract

Abstract Recent studies show that 20.4% of the internet traffic originates from automated agents. To identify and block such ill-intentioned traffic, mechanisms that verify the humanness of the user are widely deployed, with CAPTCHAs being the most popular. Traditional CAPTCHAs require extra user effort (e.g., solving mathematical puzzles), which can severely downgrade the end-user’s experience, especially on mobile, and provide sporadic humanness verification of questionable accuracy. More recent solutions like Google’s reCAPTCHA v3, leverage user data, thus raising significant privacy concerns. To address these issues, we present zkSENSE: the first zero-knowledge proof-based humanness attestation system for mobile devices. zkSENSE moves the human attestation to the edge: onto the user’s very own device, where humanness of the user is assessed in a privacy-preserving and seamless manner. zkSENSE achieves this by classifying motion sensor outputs of the mobile device, based on a model trained by using both publicly available sensor data and data collected from a small group of volunteers. To ensure the integrity of the process, the classification result is enclosed in a zero-knowledge proof of humanness that can be safely shared with a remote server. We implement zkSENSE as an Android service to demonstrate its effectiveness and practicality. In our evaluation, we show that zkSENSE successfully verifies the humanness of a user across a variety of attacking scenarios and demonstrate 92% accuracy. On a two years old Samsung S9, zkSENSE’s attestation takes around 3 seconds (when visual CAPTCHAs need 9.8 seconds) and consumes a negligible amount of battery.

Publisher

Walter de Gruyter GmbH

Subject

General Medicine

Link

https://www.sciendo.com/pdf/10.2478/popets-2021-0058

Reference97 articles.

1. [1] Matthew Hughes. Bots drove nearly 40% of internet traffic last year - and the naughty ones are getting smarter. https://thenextweb.com/security/2019/04/17/bots-drove-nearly-40-of-internet-traffic-last-year-and-the-naughty-ones-are-getting-smarter/, 2019.

2. [2] Shailin Dhar Mikko Kotila, Ruben Cuevas Rumin. Compendium of ad fraud knowledge for media investors. https://www.wfanet.org/app/uploads/2017/04/WFA_Compendium_Of_Ad_Fraud_Knowledge.pdf, 2017.

3. [3] ThreatMetrix. H2 2018 cybercrime report. https://www.threatmetrix.com/info/h2-2018-cybercrime-report/, 2018.

4. [4] Drew Phillips. What is securimage? https://www.phpcaptcha.org/, 2015.

5. [5] Intuition Machines, Inc. hcaptcha: Earn money with a captcha. https://www.hcaptcha.com, 2019.

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. FIAT;Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies;2022-11-30

2. FIAT;Proceedings of the 17th International Conference on emerging Networking EXperiments and Technologies;2021-12-02