A Completely Automatic Public Physical test to tell Computers and Humans Apart: A way to enhance authentication schemes in mobile devices

Nowadays, data security is one of the most - if not the most important aspects in mobile applications, web and information systems in general. On one hand, this is a result of the vital role of mobile and web applications in our daily life. On the other hand, though, the huge, yet accelerating evolution of computers and software has led to more and more sophisticated forms of threats and attacks which jeopardize user's credentials and privacy. Today's computers are capable of automatically performing authentication attempts replaying recorded data. This fact has brought the challenge of access control to a whole new level, and has urged the researchers to develop new mechanisms in order to prevent software from performing automatic authentication attempts. In this research perspective, the Completely Automatic Public Turing test to tell Computers and Humans Apart (CAPTCHA) has been proposed and widely adopted. However, this mechanism consists of a cognitive intelligence test to reinforce traditional authentication against computerized attempts, thus it puts additional strain on the legitimate user too and, quite often, significantly slows the authentication process. In this paper, we introduce a Completely Automatic Public Physical test to tell Computers and Humans Apart (CAPPCHA) as a way to enhance PIN authentication scheme for mobile devices. This test does not introduce any additional cognitive strain on the user as it leverages only his physical nature. We prove that the scheme is even more secure than CAPTCHA and our experiments show that it is fast and easy for users.