{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,11,30]],"date-time":"2023-11-30T11:57:41Z","timestamp":1701345461564},"reference-count":97,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"4","license":[{"start":{"date-parts":[[2021,7,23]],"date-time":"2021-07-23T00:00:00Z","timestamp":1626998400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,10,1]]},"abstract":"Abstract<\/jats:title>\n Recent studies show that 20.4% of the internet traffic originates from automated agents. To identify and block such ill-intentioned traffic, mechanisms that verify the humanness of the user<\/jats:italic> are widely deployed, with CAPTCHAs being the most popular. Traditional CAPTCHAs require extra user effort (e.g., solving mathematical puzzles), which can severely downgrade the end-user\u2019s experience, especially on mobile, and provide sporadic humanness verification of questionable accuracy. More recent solutions like Google\u2019s reCAPTCHA v3, leverage user data, thus raising significant privacy concerns. To address these issues, we present zkSENSE: the first zero-knowledge proof-based humanness attestation system for mobile devices. zkSENSE moves the human attestation to the edge: onto the user\u2019s very own device, where humanness of the user is assessed in a privacy-preserving and seamless manner. zkSENSE achieves this by classifying motion sensor outputs of the mobile device, based on a model trained by using both publicly available sensor data and data collected from a small group of volunteers. To ensure the integrity of the process, the classification result is enclosed in a zero-knowledge proof of humanness that can be safely shared with a remote server. We implement zkSENSE as an Android service to demonstrate its effectiveness and practicality. In our evaluation, we show that zkSENSE successfully verifies the humanness of a user across a variety of attacking scenarios and demonstrate 92% accuracy. On a two years old Samsung S9, zkSENSE\u2019s attestation takes around 3 seconds (when visual CAPTCHAs need 9.8 seconds) and consumes a negligible amount of battery.<\/jats:p>","DOI":"10.2478\/popets-2021-0058","type":"journal-article","created":{"date-parts":[[2021,7,24]],"date-time":"2021-07-24T23:20:26Z","timestamp":1627168826000},"page":"6-29","source":"Crossref","is-referenced-by-count":2,"title":["ZKSENSE: A Friction-less Privacy-Preserving Human Attestation Mechanism for Mobile Devices"],"prefix":"10.56553","volume":"2021","author":[{"given":"I\u00f1igo","family":"Querejeta-Azurmendi","sequence":"first","affiliation":[{"name":"Universidad Carlos III Madrid \/ ITFI, CSIC. Part of the work performed while working at Brave Software ."}]},{"given":"Panagiotis","family":"Papadopoulos","sequence":"additional","affiliation":[{"name":"Telef\u00f3nica Research"}]},{"given":"Matteo","family":"Varvello","sequence":"additional","affiliation":[{"name":"Bell Labs"}]},{"given":"Antonio","family":"Nappa","sequence":"additional","affiliation":[{"name":"University of California , Berkeley"}]},{"given":"Jiexin","family":"Zhang","sequence":"additional","affiliation":[{"name":"University of Cambridge"}]},{"given":"Benjamin","family":"Livshits","sequence":"additional","affiliation":[{"name":"Brave Software\/Imperial College"}]}],"member":"35752","published-online":{"date-parts":[[2021,7,23]]},"reference":[{"key":"2022051409232931715_j_popets-2021-0058_ref_001","unstructured":"[1] Matthew Hughes. Bots drove nearly 40% of internet traffic last year - and the naughty ones are getting smarter. https:\/\/thenextweb.com\/security\/2019\/04\/17\/bots-drove-nearly-40-of-internet-traffic-last-year-and-the-naughty-ones-are-getting-smarter\/, 2019."},{"key":"2022051409232931715_j_popets-2021-0058_ref_002","unstructured":"[2] Shailin Dhar Mikko Kotila, Ruben Cuevas Rumin. Compendium of ad fraud knowledge for media investors. https:\/\/www.wfanet.org\/app\/uploads\/2017\/04\/WFA_Compendium_Of_Ad_Fraud_Knowledge.pdf, 2017."},{"key":"2022051409232931715_j_popets-2021-0058_ref_003","unstructured":"[3] ThreatMetrix. H2 2018 cybercrime report. https:\/\/www.threatmetrix.com\/info\/h2-2018-cybercrime-report\/, 2018."},{"key":"2022051409232931715_j_popets-2021-0058_ref_004","unstructured":"[4] Drew Phillips. What is securimage? https:\/\/www.phpcaptcha.org\/, 2015."},{"key":"2022051409232931715_j_popets-2021-0058_ref_005","unstructured":"[5] Intuition Machines, Inc. hcaptcha: Earn money with a captcha. https:\/\/www.hcaptcha.com, 2019."},{"key":"2022051409232931715_j_popets-2021-0058_ref_006","unstructured":"[6] Roberto Iriondo. Breaking captcha using machine learning in 0.05 seconds. https:\/\/medium.com\/towards-artificial-intelligence\/breaking-captcha-using-machine-learning-in-0-05-seconds-9feefb997694, 2018."},{"key":"2022051409232931715_j_popets-2021-0058_ref_007","doi-asserted-by":"crossref","unstructured":"[7] Suphannee Sivakorn, Iasonas Polakis, and Angelos D Keromytis. I am robot:(deep) learning to break semantic image captchas. In 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pages 388\u2013403. IEEE, 2016.10.1109\/EuroSP.2016.37","DOI":"10.1109\/EuroSP.2016.37"},{"key":"2022051409232931715_j_popets-2021-0058_ref_008","doi-asserted-by":"crossref","unstructured":"[8] Jeff Yan and Ahmad Salah El Ahmad. A Low-cost Attack on a Microsoft CAPTCHA. In Proceedings of the 15th ACM conference on Computer and communications security, pages 543\u2013554. ACM, 2008.10.1145\/1455770.1455839","DOI":"10.1145\/1455770.1455839"},{"key":"2022051409232931715_j_popets-2021-0058_ref_009","unstructured":"[9] Jarrod Overson. Bypassing captchas with headless chrome. https:\/\/medium.com\/@jsoverson\/bypassing-captchas-with-headless-chrome-93f294518337, 2018."},{"key":"2022051409232931715_j_popets-2021-0058_ref_010","unstructured":"[10] Kevin Bock, Daven Patel, George Hughey, and Dave Levin. uncaptcha: a low-resource defeat of recaptcha\u2019s audio challenge. In 11th USENIX Workshop on Offensive Technologies (WOOT 17), 2017."},{"key":"2022051409232931715_j_popets-2021-0058_ref_011","doi-asserted-by":"crossref","unstructured":"[11] Ruti Gafni and Idan Nagar. Captcha\u2013security affecting user experience. Issues in Informing Science and Information Technology, 13:063\u2013077, 2016.10.28945\/3468","DOI":"10.28945\/3468"},{"key":"2022051409232931715_j_popets-2021-0058_ref_012","unstructured":"[12] Josh Dzieza. Why captchas have gotten so difficult. https:\/\/www.theverge.com\/2019\/2\/1\/18205610\/google-captchaai-robot-human-difficult-artificial-intelligence, 2019."},{"key":"2022051409232931715_j_popets-2021-0058_ref_013","unstructured":"[13] Scott Hollier, Janina Sajka, Jason White, and Michael Cooper. Inaccessibility of captcha: Alternatives to visual turing tests on the web. https:\/\/www.w3.org\/TR\/turingtest\/, 2019."},{"key":"2022051409232931715_j_popets-2021-0058_ref_014","unstructured":"[14] Wei Liu. Introducing recaptcha v3: the new way to stop bots. https:\/\/webmasters.googleblog.com\/2018\/10\/introducing-recaptcha-v3-new-way-to.html, 2018."},{"key":"2022051409232931715_j_popets-2021-0058_ref_015","unstructured":"[15] FreePrivacyPolicy. Privacy policy for recaptcha. https:\/\/www.freeprivacypolicy.com\/blog\/recaptcha-privacy-policy\/, 2019."},{"key":"2022051409232931715_j_popets-2021-0058_ref_016","unstructured":"[16] Thomas Claburn. Google\u2019s recaptcha favors \u2013 you guessed it \u2013 google: Duh, only a bot would refuse to sign into the chocolate factory. https:\/\/www.theregister.co.uk\/2019\/06\/28\/google_recaptcha_favoring_google\/, 2019."},{"key":"2022051409232931715_j_popets-2021-0058_ref_017","unstructured":"[17] Katharine Schwab. Google\u2019s new recaptcha has a dark side. https:\/\/www.fastcompany.com\/90369697\/googles-newrecaptcha-has-a-dark-side, 2019."},{"key":"2022051409232931715_j_popets-2021-0058_ref_018","unstructured":"[18] Ismail Akrout, Amal Feriani, and Mohamed Akrout. Hacking Google reCAPTCHA v3 using Reinforcement Learning. 2019."},{"key":"2022051409232931715_j_popets-2021-0058_ref_019","doi-asserted-by":"crossref","unstructured":"[19] Meriem Guerar, Alessio Merlo, Mauro Migliardi, and Francesco Palmieri. Invisible CAPPCHA: A usable mechanism to distinguish between malware and humans on the mobile IoT. Computers and Security, 78:255\u2013266, 2018.","DOI":"10.1016\/j.cose.2018.06.007"},{"key":"2022051409232931715_j_popets-2021-0058_ref_020","doi-asserted-by":"crossref","unstructured":"[20] Muhammad Asim Jamshed, Wonho Kim, and KyoungSoo Park. Suppressing bot traffic with accurate human attestation. In Proceedings of the first ACM asia-pacific workshop on Workshop on systems, pages 43\u201348, 2010.10.1145\/1851276.1851287","DOI":"10.1145\/1851276.1851287"},{"key":"2022051409232931715_j_popets-2021-0058_ref_021","unstructured":"[21] Tim Allen. Having a captcha is killing your conversion rate. https:\/\/moz.com\/blog\/having-a-captcha-is-killing-your-conversion-rate, 2013."},{"key":"2022051409232931715_j_popets-2021-0058_ref_022","unstructured":"[22] Google. Safetynet recaptcha api. https:\/\/developer.android.com\/training\/safetynet\/recaptcha, 2021."},{"key":"2022051409232931715_j_popets-2021-0058_ref_023","doi-asserted-by":"crossref","unstructured":"[23] Elie Bursztein, Steven Bethard, Celine Fabry, John C Mitchell, and Dan Jurafsky. How good are humans at solving captchas? a large scale evaluation. In 2010 IEEE symposium on security and privacy, 2010.10.1109\/SP.2010.31","DOI":"10.1109\/SP.2010.31"},{"key":"2022051409232931715_j_popets-2021-0058_ref_024","unstructured":"[24] Ivan Enr\u00edquez. Why is captcha killing your conversion rate? https:\/\/blog.arengu.com\/why-captcha-is-killing-your-conversion-rate\/, 2019."},{"key":"2022051409232931715_j_popets-2021-0058_ref_025","unstructured":"[25] Richard Kahn. How the use of captcha can hurt user experience. https:\/\/www.anura.io\/blog\/how-the-use-of-captchacan-hurt-user-experience, 2020."},{"key":"2022051409232931715_j_popets-2021-0058_ref_026","unstructured":"[26] Interaction Design Foundation. Killing the captcha for better ux. https:\/\/www.interaction-design.org\/literature\/article\/killing-the-captcha-for-better-ux, 2016."},{"key":"2022051409232931715_j_popets-2021-0058_ref_027","doi-asserted-by":"crossref","unstructured":"[27] Meriem Guerar, Mauro Migliardi, Alessio Merlo, Mohamed Benmohammed, and Belhadri Messabih. A completely automatic public physical test to tell computers and humans apart: A way to enhance authentication schemes in mobile devices. In 2015 International Conference on High Performance Computing & Simulation (HPCS), 2015.10.1109\/HPCSim.2015.7237041","DOI":"10.1109\/HPCSim.2015.7237041"},{"key":"2022051409232931715_j_popets-2021-0058_ref_028","doi-asserted-by":"crossref","unstructured":"[28] Thomas Hupperich, Katharina Krombholz, and Thorsten Holz. Sensor Captchas: On the Usability of Instrumenting Hardware Sensors to Prove Liveliness. In International Conference on Trust and Trustworthy Computing, 2016.10.1007\/978-3-319-45572-3_3","DOI":"10.1007\/978-3-319-45572-3_3"},{"key":"2022051409232931715_j_popets-2021-0058_ref_029","doi-asserted-by":"crossref","unstructured":"[29] Babins Shrestha, Nitesh Saxena, and Justin Harrison. Wave-to-Access: Protecting Sensitive Mobile Device Services via a Hand Waving Gesture. In Michel Abdalla, Cristina Nita-Rotaru, and Ricardo Dahab, editors, Cryptology and Network Security, 2013.10.1007\/978-3-319-02937-5_11","DOI":"10.1007\/978-3-319-02937-5_11"},{"key":"2022051409232931715_j_popets-2021-0058_ref_030","unstructured":"[30] Anupam Das, Nikita Borisov, and Matthew Caesar. Tracking mobile web users through motion sensors: Attacks and defenses. In NDSS, 2016."},{"key":"2022051409232931715_j_popets-2021-0058_ref_031","doi-asserted-by":"crossref","unstructured":"[31] Jorge-L. Reyes-Ortiz, Luca Oneto, Albert Sam\u00e0, Xavier Parra, and Davide Anguita. Transition-Aware Human Activity Recognition Using Smartphones. Neurocomputing, 2016.10.1016\/j.neucom.2015.07.085","DOI":"10.1016\/j.neucom.2015.07.085"},{"key":"2022051409232931715_j_popets-2021-0058_ref_032","doi-asserted-by":"crossref","unstructured":"[32] Rub\u00e9n San-Segundo, Henrik Blunck, Jos\u00e9 Moreno-Pimentel, Allan Stisen, and Manuel Gil-Mart\u00edn. Robust Human Activity Recognition using smartwatches and smartphones. Engineering Applications of Artificial Intelligence, 2018.10.1016\/j.engappai.2018.04.002","DOI":"10.1016\/j.engappai.2018.04.002"},{"key":"2022051409232931715_j_popets-2021-0058_ref_033","unstructured":"[33] Mohammad Malekzadeh, Richard G Clegg, Andrea Cavallaro, and Hamed Haddadi. Protecting Sensory Data Against Sensitive Inferences. In Proceedings of the 1st Workshop on Privacy by Design in Distributed Systems, W-P2DS\u201918."},{"key":"2022051409232931715_j_popets-2021-0058_ref_034","doi-asserted-by":"crossref","unstructured":"[34] Erhan Davarci, Betul Soysal, Imran Erguler, Sabri Orhun Aydin, Onur Dincer, and Emin Anarim. Age group detection using smartphone motion sensors. In 2017 25th European Signal Processing Conference (EUSIPCO), 2017.10.23919\/EUSIPCO.2017.8081600","DOI":"10.23919\/EUSIPCO.2017.8081600"},{"key":"2022051409232931715_j_popets-2021-0058_ref_035","doi-asserted-by":"crossref","unstructured":"[35] Jiexin Zhang, Alastair R Beresford, and Ian Sheret. SensorID: Sensor Calibration Fingerprinting for Smartphones. In Proceedings of the 40th IEEE Symposium on Security and Privacy (SP). IEEE, 5 2019.10.1109\/SP.2019.00072","DOI":"10.1109\/SP.2019.00072"},{"key":"2022051409232931715_j_popets-2021-0058_ref_036","doi-asserted-by":"crossref","unstructured":"[36] Elias P. Papadopoulos, Michalis Diamantaris, Panagiotis Papadopoulos, Thanasis Petsas, Sotiris Ioannidis, and Evangelos P. Markatos. The long-standing privacy debate: Mobile websites vs mobile apps. In Proceedings of the 26th International Conference on World Wide Web, WWW \u201917, 2017.10.1145\/3038912.3052691","DOI":"10.1145\/3038912.3052691"},{"key":"2022051409232931715_j_popets-2021-0058_ref_037","unstructured":"[37] World Wide Web Consortium (W3C). Captcha alternatives and thoughts. https:\/\/www.w3.org\/WAI\/GL\/wiki\/Captcha_Alternatives_and_thoughts, 2019."},{"key":"2022051409232931715_j_popets-2021-0058_ref_038","unstructured":"[38] Web Accessibility In Mind (WebAIM). Screen reader user survey #7 results. https:\/\/webaim.org\/projects\/screenreadersurvey7\/, 2017."},{"key":"2022051409232931715_j_popets-2021-0058_ref_039","unstructured":"[39] Armin Sebastian. Buster: Captcha solver for humans. https:\/\/github.com\/dessant\/buster, 2019."},{"key":"2022051409232931715_j_popets-2021-0058_ref_040","unstructured":"[40] Jennifer Tam, Jiri Simsa, Sean Hyde, and Luis V Ahn. Breaking audio captchas. In Advances in Neural Information Processing Systems, pages 1625\u20131632, 2009."},{"key":"2022051409232931715_j_popets-2021-0058_ref_041","unstructured":"[41] Yuanxi Ou. What is shuabang, and should i be using it to promote my game? https:\/\/www.mobvista.com\/en\/blog\/shuabang-using-promote-game\/, 2018."},{"key":"2022051409232931715_j_popets-2021-0058_ref_042","unstructured":"[42] Cristina Stefanova. Black hat aso for mobile apps & games: What is it and how it works (and why you shouldn\u2019t do it). https:\/\/thetool.io\/2018\/black-hat-aso, 2018."},{"key":"2022051409232931715_j_popets-2021-0058_ref_043","unstructured":"[43] Gabriel Machuret. Blackhat aso news 2016: Shuabang \u2013 a notorious blackhat app store optimization provider in china. https:\/\/asoprofessional.com\/blackhat-aso-news-2016-shuabang-a-notorious-blackhat-app-store-optimization-provider-in-china\/, 2020."},{"key":"2022051409232931715_j_popets-2021-0058_ref_044","unstructured":"[44] Brave Software, Inc. Get rewarded for browsing and support your favorite content creators. https:\/\/brave.com\/brave-rewards\/, 2019."},{"key":"2022051409232931715_j_popets-2021-0058_ref_045","unstructured":"[45] Anton Kivva. The banker that can steal anything. https:\/\/securelist.com\/the-banker-that-can-steal-anything\/76101\/, 2016."},{"key":"2022051409232931715_j_popets-2021-0058_ref_046","unstructured":"[46] Mike Murray. Pegasus for android: the other side of the story emerges. https:\/\/blog.lookout.com\/pegasus-android, 2017."},{"key":"2022051409232931715_j_popets-2021-0058_ref_047","unstructured":"[47] Henry de Valence, Jack Grigg, George Tankersley, Filippo Valsorda, and Isis Lovecruft. The ristretto255 Group. Internet-Draft draft-hdevalence-cfrg-ristretto-01, Internet Engineering Task Force."},{"key":"2022051409232931715_j_popets-2021-0058_ref_048","unstructured":"[48] Isis Agora Lovecruft and Henry de Valence. curve25519-dalek. https:\/\/crates.io\/crates\/curve25519-dalek, 2020."},{"key":"2022051409232931715_j_popets-2021-0058_ref_049","doi-asserted-by":"crossref","unstructured":"[49] S Goldwasser, S Micali, and C Rackoff. The knowledge complexity of interactive proof-systems. In Proceedings of the Seventeenth Annual ACM Symposium on Theory of Computing, STOC \u201985, 1985.10.1145\/22145.22178","DOI":"10.1145\/22145.22178"},{"key":"2022051409232931715_j_popets-2021-0058_ref_050","doi-asserted-by":"crossref","unstructured":"[50] Manuel Blum, Paul Feldman, and Silvio Micali. Noninteractive zero-knowledge and its applications. In Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, STOC \u201988, 1988.10.1145\/62212.62222","DOI":"10.1145\/62212.62222"},{"key":"2022051409232931715_j_popets-2021-0058_ref_051","doi-asserted-by":"crossref","unstructured":"[51] Matteo Varvello, I\u00f1igo Querejeta Azurmendi, Antonio Nappa, Panagiotis Papadopoulos, Goncalo Pestana, and Benjamin Livshits. Vpn0: A privacy-preserving decentralized virtual private network. In Decentralising the Internet with IPFS and Filecoin, DI2F\u201921, 2021.10.23919\/IFIPNetworking52078.2021.9472843","DOI":"10.23919\/IFIPNetworking52078.2021.9472843"},{"key":"2022051409232931715_j_popets-2021-0058_ref_052","doi-asserted-by":"crossref","unstructured":"[52] Eli Ben-sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza. Zerocash: Decentralized anonymous payments from bitcoin. 2014.10.1109\/SP.2014.36","DOI":"10.1109\/SP.2014.36"},{"key":"2022051409232931715_j_popets-2021-0058_ref_053","unstructured":"[53] Nick Grosz. How icash protects delegate votes and identities in its proof of trust protocol. https:\/\/medium.com\/@nickgrosz\/how-icash-protects-votes-and-voter-identity-inits-proof-of-trust-protocol-7a06c38e4296, 2018."},{"key":"2022051409232931715_j_popets-2021-0058_ref_054","unstructured":"[54] Gon\u00e7alo Pestana, I\u00f1igo Querejeta-Azurmendi, Panagiotis Papadopoulos, and Benjamin Livshits. Themis: Decentralized and trustless ad platform with reporting integrity. arXiv preprint arXiv:2007.05556, 2020."},{"key":"2022051409232931715_j_popets-2021-0058_ref_055","doi-asserted-by":"crossref","unstructured":"[55] Jan Camenisch and Markus Stadler. Efficient Group Signature Schemes for Large Groups (Extended Abstract). In CRYPTO, 1997.10.1007\/BFb0052252","DOI":"10.1007\/BFb0052252"},{"key":"2022051409232931715_j_popets-2021-0058_ref_056","doi-asserted-by":"crossref","unstructured":"[56] Jens Groth. On the size of pairing-based non-interactive arguments. In Proceedings, Part II, of the 35th Annual International Conference on Advances in Cryptology, EURO-CRYPT\u201916, 2016.10.1007\/978-3-662-49896-5_11","DOI":"10.1007\/978-3-662-49896-5_11"},{"key":"2022051409232931715_j_popets-2021-0058_ref_057","doi-asserted-by":"crossref","unstructured":"[57] Mary Maller, Sean Bowe, Markulf Kohlweiss, and Sarah Meiklejohn. Sonic: Zero-knowledge snarks from linear-size universal and updateable structured reference strings. Cryptology ePrint Archive, Report 2019\/099, 2019. https:\/\/eprint.iacr.org\/2019\/099.10.1145\/3319535.3339817","DOI":"10.1145\/3319535.3339817"},{"key":"2022051409232931715_j_popets-2021-0058_ref_058","unstructured":"[58] Ariel Gabizon, Zachary J. Williamson, and Oana Ciobotaru. Plonk: Permutations over lagrange-bases for oecumenical noninteractive arguments of knowledge. Cryptology ePrint Archive, Report 2019\/953, 2019. https:\/\/eprint.iacr.org\/2019\/953."},{"key":"2022051409232931715_j_popets-2021-0058_ref_059","doi-asserted-by":"crossref","unstructured":"[59] B. B\u00fcnz, J. Bootle, D. Boneh, A. Poelstra, P. Wuille, and G. Maxwell. Bulletproofs: Short proofs for confidential transactions and more. In 2018 IEEE Symposium on Security and Privacy (SP), 2018.10.1109\/SP.2018.00020","DOI":"10.1109\/SP.2018.00020"},{"key":"2022051409232931715_j_popets-2021-0058_ref_060","doi-asserted-by":"crossref","unstructured":"[60] Jonathan Bootle, Andrea Cerulli, Pyrros Chaidos, Jens Groth, and Christophe Petit. Efficient zero-knowledge arguments for arithmetic circuits in the discrete log setting. Cryptology ePrint Archive, Report 2016\/263, 2016. https:\/\/eprint.iacr.org\/2016\/263.10.1007\/978-3-662-49896-5_12","DOI":"10.1007\/978-3-662-49896-5_12"},{"key":"2022051409232931715_j_popets-2021-0058_ref_061","unstructured":"[61] Torben P. Pedersen. Non-interactive and information-theoretic secure verifiable secret sharing. In Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO \u201991, 1991."},{"key":"2022051409232931715_j_popets-2021-0058_ref_062","doi-asserted-by":"crossref","unstructured":"[62] Jens Groth. Linear algebra with sub-linear zero-knowledge arguments. In Shai Halevi, editor, Advances in Cryptology -CRYPTO 2009, 2009.10.1007\/978-3-642-03356-8_12","DOI":"10.1007\/978-3-642-03356-8_12"},{"key":"2022051409232931715_j_popets-2021-0058_ref_063","doi-asserted-by":"crossref","unstructured":"[63] Jan Camenisch and Markus Michels. Proving in zero-knowledge that a number is the product of two safe primes. In Jacques Stern, editor, Advances in Cryptology \u2014 EURO-CRYPT \u201999, 1999.10.1007\/3-540-48910-X_8","DOI":"10.1007\/3-540-48910-X_8"},{"key":"2022051409232931715_j_popets-2021-0058_ref_064","unstructured":"[64] Amos Fiat and Adi Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Andrew M. Odlyzko, editor, Advances in Cryptology \u2014 CRYPTO\u2019 86, 1987."},{"key":"2022051409232931715_j_popets-2021-0058_ref_065","unstructured":"[65] Nathan Dowlin, Ran Gilad-Bachrach, Kim Laine, Kristin Lauter, Michael Naehrig, and John Wernsing. CryptoNets: Applying Neural Networks to Encrypted Data with High Throughput and Accuracy. In Proceedings of the 33rd International Conference on International Conference on Machine Learning, ICML\u201916, 2016."},{"key":"2022051409232931715_j_popets-2021-0058_ref_066","doi-asserted-by":"crossref","unstructured":"[66] Thore Graepel, Kristin Lauter, and Michael Naehrig. ML Confidential: Machine Learning on Encrypted Data. In Lecture notes in computer science, volume 7839, 2012.10.1007\/978-3-642-37682-5_1","DOI":"10.1007\/978-3-642-37682-5_1"},{"key":"2022051409232931715_j_popets-2021-0058_ref_067","unstructured":"[67] Joppe Bos, Kristin Lauter, and Michael Naehrig. Private Predictive Analysis on Encrypted Medical Data. Technical Report MSR-TR-2013-81, 9 2013."},{"key":"2022051409232931715_j_popets-2021-0058_ref_068","unstructured":"[68] Android Developers. Android debug bridge (adb). https:\/\/developer.android.com\/studio\/command-line\/adb, 2020."},{"key":"2022051409232931715_j_popets-2021-0058_ref_069","unstructured":"[69] Henry de Valence, Cathie Yun, and Oleg Andreev. Bullet-proofs. https:\/\/crates.io\/crates\/bulletproofs, 2020."},{"key":"2022051409232931715_j_popets-2021-0058_ref_070","doi-asserted-by":"crossref","unstructured":"[70] Mihir Bellare and Phillip Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. CCS \u201993, 1993.10.1145\/168588.168596","DOI":"10.1145\/168588.168596"},{"key":"2022051409232931715_j_popets-2021-0058_ref_071","unstructured":"[71] ZoKrates community. Zokrates: A toolbox for zksnarks on ethereum. https:\/\/github.com\/Zokrates\/ZoKrates, 2019."},{"key":"2022051409232931715_j_popets-2021-0058_ref_072","unstructured":"[72] str4d. Bellman: Zero-knowledge cryptography in rust. https:\/\/github.com\/zkcrypto\/bellman, 2016."},{"key":"2022051409232931715_j_popets-2021-0058_ref_073","doi-asserted-by":"crossref","unstructured":"[73] Matteo Varvello, Kleomenis Katevas, Mihai Plesa, Hamed Haddadi, and Benjamin Livshits. BatteryLab: a distributed power monitoring platform for mobile devices. In HotNets \u201919, 2019.10.1145\/3365609.3365852","DOI":"10.1145\/3365609.3365852"},{"key":"2022051409232931715_j_popets-2021-0058_ref_074","unstructured":"[74] BatteryLab. A Distributed Platform for Battery Measurements. https:\/\/batterylab.dev, 2019."},{"key":"2022051409232931715_j_popets-2021-0058_ref_075","unstructured":"[75] Monsoon Solutions Inc. High voltage power monitor. https:\/\/www.msoon.com\/online-store\/High-Voltage-Power-Monitor-Part-Number-AAA10F-p90002590, 2019."},{"key":"2022051409232931715_j_popets-2021-0058_ref_076","unstructured":"[76] Jory Mackay. Screen time stats 2019: Here\u2019s how much you use your phone during the workday. https:\/\/blog.rescuetime.com\/screen-time-stats-2018\/, 2019."},{"key":"2022051409232931715_j_popets-2021-0058_ref_077","unstructured":"[77] Alex Davidson. The privacy pass protocol. https:\/\/tools.ietf.org\/html\/draft-privacy-pass-00, 2019."},{"key":"2022051409232931715_j_popets-2021-0058_ref_078","unstructured":"[78] Solly Ross Joel Martin, Samuel Mannehed and Pierre Ossman. Novnc: Html vnc client library and application. https:\/\/github.com\/Genymobile\/scrcpy, 2021."},{"key":"2022051409232931715_j_popets-2021-0058_ref_079","unstructured":"[79] Novnc - the open source vnc client. https:\/\/github.com\/novnc\/noVNC, 2021."},{"key":"2022051409232931715_j_popets-2021-0058_ref_080","doi-asserted-by":"crossref","unstructured":"[80] A A Chandavale, A M Sapkal, and R M Jalnekar. Algorithm to Break Visual CAPTCHA. In 2009 Second International Conference on Emerging Trends in Engineering Technology, pages 258\u2013262, 12 2009.10.1109\/ICETET.2009.24","DOI":"10.1109\/ICETET.2009.24"},{"key":"2022051409232931715_j_popets-2021-0058_ref_081","unstructured":"[81] Ian J Goodfellow, Yaroslav Bulatov, Julian Ibarz, Sacha Arnoud, and Vinay Shet. Multi-digit number recognition from street view imagery using deep convolutional neural networks. arXiv preprint arXiv:1312.6082, 2013."},{"key":"2022051409232931715_j_popets-2021-0058_ref_082","unstructured":"[82] Aimilia Tasidou, Pavlos S Efraimidis, Yannis Soupionis, Lilian Mitrou, and Vasilios Katos. User-centric, Privacy-Preserving Adaptation for VoIP CAPTCHA Challenges. 2012."},{"key":"2022051409232931715_j_popets-2021-0058_ref_083","unstructured":"[83] Google. Are you a robot? Introducing \u201cNo CAPTCHA re-CAPTCHA\u201d. https:\/\/security.googleblog.com\/2014\/12\/are-you-robot-introducing-no-captcha.html, 2014."},{"key":"2022051409232931715_j_popets-2021-0058_ref_084","unstructured":"[84] Yuan Zhou, Zesun Yang, Chenxu Wang, and Matthew Boutell. Breaking Google reCaptcha V2. J. Comput. Sci. Coll., 34(1):126\u2013136, 10 2018."},{"key":"2022051409232931715_j_popets-2021-0058_ref_085","unstructured":"[85] Chamila Walgampaya, Mehmed Kantardzic, and Roman Yampolskiy. Real time click fraud prevention using multilevel data fusion. In Proceedings of the World Congress on Engineering and Computer Science, 2010."},{"key":"2022051409232931715_j_popets-2021-0058_ref_086","unstructured":"[86] Gerardo Reynaga and Sonia Chiasson. The usability of CAPTCHAs on smartphones. In 2013 International Conference on Security and Cryptography (SECRYPT), 2013."},{"key":"2022051409232931715_j_popets-2021-0058_ref_087","unstructured":"[87] Google. Choosing the type of reCAPTCHA. https:\/\/developers.google.com\/recaptcha\/docs\/versions, 2019."},{"key":"2022051409232931715_j_popets-2021-0058_ref_088","unstructured":"[88] Google Developers. reCAPTCHA v3. https:\/\/developers.google.com\/recaptcha\/docs\/v3, 2018."},{"key":"2022051409232931715_j_popets-2021-0058_ref_089","unstructured":"[89] Lara O\u2019Reilly. Google\u2019s new CAPTCHA security login raises \u2019legitimate privacy concerns\u2019. https:\/\/www.businessinsider.com\/google-no-captcha-adtruth-privacy-research-2015-2?r=US&IR=T, 2015."},{"key":"2022051409232931715_j_popets-2021-0058_ref_090","doi-asserted-by":"crossref","unstructured":"[90] Alexander De Luca, Alina Hang, Frederik Brudy, Christian Lindner, and Heinrich Hussmann. Touch Me Once and I Know It\u2019s You!: Implicit Authentication Based on Touch Screen Patterns. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI \u201912, 2012.10.1145\/2207676.2208544","DOI":"10.1145\/2207676.2208544"},{"key":"2022051409232931715_j_popets-2021-0058_ref_091","doi-asserted-by":"crossref","unstructured":"[91] Meriem Guerar, Mauro Migliardi, Alessio Merlo, Mohamed Benmohammed, Francesco Palmieri, and Aniello Castiglione. Using screen brightness to improve security in mobile social network access. IEEE Transactions on Dependable and Secure Computing, 15(4):621\u2013632, 2016.10.1109\/TDSC.2016.2601603","DOI":"10.1109\/TDSC.2016.2601603"},{"key":"2022051409232931715_j_popets-2021-0058_ref_092","doi-asserted-by":"crossref","unstructured":"[92] Attaullah Buriro, Sandeep Gupta, and Bruno Crispo. Evaluation of motion-based touch-typing biometrics for online banking. In 2017 International Conference of the Biometrics Special Interest Group (BIOSIG), pages 1\u20135. IEEE, 2017.10.23919\/BIOSIG.2017.8053504","DOI":"10.23919\/BIOSIG.2017.8053504"},{"key":"2022051409232931715_j_popets-2021-0058_ref_093","unstructured":"[93] Theja Tulabandhula, Shailesh Vaya, and Aritra Dhar. Privacy-preserving Targeted Advertising. CoRR, abs\/1710.0, 2017."},{"key":"2022051409232931715_j_popets-2021-0058_ref_094","doi-asserted-by":"crossref","unstructured":"[94] Mikhail Bilenko and Matthew Richardson. Predictive Client-side Profiles for Personalized Advertising. In Proceedings of the 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD \u201911, pages 413\u2013421, New York, NY, USA, 2011. ACM.10.1145\/2020408.2020475","DOI":"10.1145\/2020408.2020475"},{"key":"2022051409232931715_j_popets-2021-0058_ref_095","unstructured":"[95] Saikat Guha, Bin Cheng, and Paul Francis. Privad: Practical Privacy in Online Advertising. In Proceedings of the 8th USENIX Conference on Networked Systems Design and Implementation, NSDI\u201911, 2011."},{"key":"2022051409232931715_j_popets-2021-0058_ref_096","doi-asserted-by":"crossref","unstructured":"[96] Drew Davidson, Matt Fredrikson, and Benjamin Livshits. Morepriv: Mobile os support for application personalization and privacy. In Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC \u201914, 2014.10.1145\/2664243.2664266","DOI":"10.1145\/2664243.2664266"},{"key":"2022051409232931715_j_popets-2021-0058_ref_097","doi-asserted-by":"crossref","unstructured":"[97] George Danezis, Markulf Kohlweiss, Benjamin Livshits, and Alfredo Rial. Private Client-side Profiling with Random Forests and Hidden Markov Models. In Proceedings of the 12th International Conference on Privacy Enhancing Technologies, PETS\u201912, 2012.10.1007\/978-3-642-31680-7_2","DOI":"10.1007\/978-3-642-31680-7_2"}],"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.sciendo.com\/pdf\/10.2478\/popets-2021-0058","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,20]],"date-time":"2022-07-20T16:31:38Z","timestamp":1658334698000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2021\/popets-2021-0058.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,7,23]]},"references-count":97,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2021,7,23]]},"published-print":{"date-parts":[[2021,10,1]]}},"alternative-id":["10.2478\/popets-2021-0058"],"URL":"https:\/\/doi.org\/10.2478\/popets-2021-0058","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,7,23]]}}}