Directional captcha: A novel approach to text based CAPTCHA

CAPTCHA: A Systematic Review

Abstract: With the massive growth of accessing Internet-based services by users, there is a need to limit services use to human beings only rather than intelligent bots. The biggest challenge in front of researchers is to determine incoming requests are from benign users or bots. A CAPTCHA (Completely Automated Public Turing Test to tell Computers and Humans Apart) is a basic tool for preventing access to Internet-based services by intelligent bots. It plays a vital role in numerous security applications for denying automatic registration conducted by bots. This paper presents a systematic review of different types of CAPTCHAs and primarily focuses on the benefits of "text-based CAPTCHAs" over other schemes. Further, this paper highlights the major deficiencies of the text-based CAPTCHA schemes.

Usability of CAPTCHAs or usability issues in CAPTCHA design

Abstract: CAPTCHA is now almost a standard security technology, and has found widespread application in commercial websites. Usability and robustness are two fundamental issues with CAPTCHA, and they often interconnect with each other. This paper discusses usability issues that should be considered and addressed in the design of CAPTCHAs. Some of these issues are intuitive, but some others have subtle implications for robustness (or security). A simple but novel framework for examining CAPTCHA usability is also proposed.

Text-based CAPTCHA strengths and weaknesses

Abstract: We carry out a systematic study of existing visual CAPTCHAs based on distorted characters that are augmented with anti-segmentation techniques. Applying a systematic evaluation methodology to 15 current CAPTCHA schemes from popular web sites, we find that 13 are vulnerable to automated attacks. Based on this evaluation, we identify a series of recommendations for CAPTCHA designers and attackers, and possible future directions for producing more reliable human/computer distinguishers.

Designing human friendly human interaction proofs (HIPs)

Abstract: HIPs, or Human Interactive Proofs, are challenges meant to be easily solved by humans, while remaining too hard to be economically solved by computers. HIPs are increasingly used to protect services against automatic script attacks. To be effective, a HIP must be difficult enough to discourage script attacks by raising the computation and/or development cost of breaking the HIP to an unprofitable level. At the same time, the HIP must be easy enough to solve in order to not discourage humans from using the service. Early HIP designs have successfully met these criteria [1]. However, the growing sophistication of attackers and correspondingly increasing profit incentives have rendered most of the currently deployed HIPs vulnerable to attack [2,7,12]. Yet, most companies have been reluctant to increase the difficulty of their HIPs for fear of making them too complex or unappealing to humans. The purpose of this study is to find the visual distortions that are most effective at foiling computer attacks without hindering humans. The contribution of this research is that we discovered that 1) automatically generating HIPs by varying particular distortion parameters renders HIPs that are too easy for computer hackers to break, yet humans still have difficulty recognizing them, and 2) it is possible to build segmentation-based HIPs that are extremely difficult and expensive for computers to solve, while remaining relatively easy for humans.

Breaking text-based CAPTCHAs with variable word and character orientation

Abstract: A novel approach for automatic segmentation and recognition of CAPTCHAs with variable orientation and random collapse of overlapped characters is presented in this paper. Additionally, the extension of the proposed approach to break reCAPTCHA of version of 2012 is also discussed. The original proposal consists in straightening characters and word in CAPTCHA exploiting then a three-color bar code for their segmentation. The recognition of straightened characters and whole word is provided by the proposed original SVM-based learning classifier. The main goal of this research is to reduce vulnerability of CAPTCHA from spam and frauds as well as to provide an approach for recognizing either handwritten or degraded and damaged texts in ancient manuscripts by OCR systems. The designed framework for breaking CAPTCHAs by the proposed approach has been tested achieving average segmentation success rate up to 82% for reCAPTCHA of version 2011 and achieving 95.5% by extended approach for reCAPTCHA of version 2012 with response time less than 0.5s per two-word reCAPTCHA. The implemented SVM classifier shows a competitive precision about 94%. The obtained very satisfactory results confirm that the proposed approach may be used for development of new security mechanisms to protect users against cyber-criminal activities and Internet threats. Automatic segmentation and recognition of CAPTCHAs in Web sites is proposed.Anti-recognition techniques use collapsed characters with variable orientation.Aligned word and straightened characters are segmented by three-color bar code.Original SVM-based learning classifier provides real-time CAPTCHA recognition.Extended approach for beating reCAPTCHA of version 2012 shows better performance.

Easy does it: more usable CAPTCHAs

Abstract: Websites present users with puzzles called CAPTCHAs to curb abuse caused by computer algorithms masquerading as people. While CAPTCHAs are generally effective at stopping abuse, they might impair website usability if they are not properly designed. In this paper we describe how we designed two new CAPTCHA schemes for Google that focus on maximizing usability. We began by running an evaluation on Amazon Mechanical Turk with over 27,000 respondents to test the usability of different feature combinations. Then we studied user preferences using Google's consumer survey infrastructure. Finally, drawing on the insights gleaned during those studies, we tested our new captcha schemes first on Mechanical Turk and then on a fraction of production traffic. The resulting scheme is now an integral part of our production system and is served to millions of users. Our scheme achieved a 95.3% human accuracy, a 6.7.