Systematic approach to measure strength of Text based CAPTCHA
01 Dec 2015-pp 382-387
TL;DR: A systematic approach to measure the qualitative strength of the Text based CAPTCHA depending on type of TBC, Length of T BC, Character recognition rate and its response time is proposed.
Abstract: There is a substantial emphasis on security design of Text based CAPTCHA by way of providing the security at pre-processing layer, segmentation layer and character recognition layer. The strength to protect the system from security threats defines the robustness of any given system and which in turn depends on number of attempts the malicious program, which does not have direct access, will need to defend it. This paper proposes a systematic approach to measure the qualitative strength of the Text based CAPTCHA depending on type of TBC, Length of TBC, Character recognition rate and its response time. Applying our systematic approach to different CAPTCHA providers and users, we found that approximately 80% CAPTCHAs are weak and susceptible to our attacks. Along with the attacks leading to weakness of text based CAPTCHA, we have provided the distinguishing features of different CAPTCHA Segmenter which play an important role in defending anti-segmentation techniques.
Citations
More filters
TL;DR: The results show current image-based CAPTCHAs to deter automated scripts and malicious programs provide a false sense of security.
27 citations
TL;DR: A comparative analysis of seven image-based CAPTCHAs based on three different criteria: time to find a solution, a number of attempts, and task difficulty suggested which CAPTCHA offered better human accuracy and lower machine attack rates compared to the existing approaches.
Abstract: Today, it is difficult to find an adequate Web site with a registration form that is not protected with some automated human proof test. One of the oldest concepts in Artificial Intelligence as a security mechanism based on the Turing Test is CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). This test was designed to make a difference between the real users and bots and provide security against malicious attacks. The PROMETHEE-GAIA method was employed for ranking different image-based CAPTCHAs according to their usability in this paper. The aim of this study is a comparative analysis of seven image-based CAPTCHAs based on three different criteria: time to find a solution, a number of attempts, and task difficulty. The weights of the considered criteria were calculated objectively by the entropy method, and for the subjective weights, Analytical Hierarchy Process (AHP) was used. A defined research model was applied through four phases. The survey included 320 randomly selected Internet users and experts in computer science who were familiar with CAPTCHA tests. The proposed model suggested which CAPTCHA offered better human accuracy and lower machine attack rates compared to the existing approaches. The obtained results were very helpful to the web administrators because they indicated that this approach could provide useful insights for the decision-makers about the appropriate mechanisms to protect users against cyber-criminal activities and Internet threats.
9 citations
Proceedings Article•
01 Jan 2011TL;DR: This work presents a variation of an existing attack, that exploits smart phone devices to launch a DoS attack against a telephone device by issuing a large amount of missed calls and proposes the integration of Phone CAPTCHAs in smart phone software as a countermeasure against a series of attacks that target such devices.
Abstract: The advancement of computers has also led to the evolution of telephone technology. From traditional PSTN networks and mobile devices we have moved on to the era of Voice over IP (VoIP) and smartphones. Integration of the Internet into everyday life has led to the demand for web access on-the-go and the widespread adoption of new generation mobile devices. Such Internet-enabled devices are becoming increasingly popular, with smartphone users expected to exceed 1 billion worldwide by 2014. Additionally, VoIP subscribers will reach almost half a billion worldwide by 2012. Thus, one can expect that in the near future, legacy telephony technologies will slowly become obsolete. Nonetheless, in this transitional period where such technologies co-exist, we can expect the emergence of new threats that exploit their interconnection. As demonstrated in our previous work, as well as in the wild, an attacker can leverage VoIP technology to flood traditional telephone devices with a large number of missed calls1 and render them unusable. We demonstrated the feasibility of such an attack, which we refer to as DIAL attacks, by leveraging VoIP technology.
3 citations
30 Dec 2020
TL;DR: In this paper, a systematic review of different types of CAPTCHAs is presented, focusing on the benefits of text-based CAPTCHA over other schemes and highlighting the major deficiencies of textbased CAPTs.
Abstract: With the massive growth of accessing Internet-based services by users, there is a need to limit services use to human beings only rather than intelligent bots. The biggest challenge in front of researchers is to determine incoming requests are from benign users or bots. A CAPTCHA (Completely Automated Public Turing Test to tell Computers and Humans Apart) is a basic tool for preventing access to Internet-based services by intelligent bots. It plays a vital role in numerous security applications for denying automatic registration conducted by bots. This paper presents a systematic review of different types of CAPTCHAs and primarily focuses on the benefits of "text-based CAPTCHAs" over other schemes. Further, this paper highlights the major deficiencies of the text-based CAPTCHA schemes.
1 citations
References
More filters
TL;DR: The nature of handwritten language, how it is transduced into electronic data, and the basic concepts behind written language recognition algorithms are described.
Abstract: Handwriting has continued to persist as a means of communication and recording information in day-to-day life even with the introduction of new technologies. Given its ubiquity in human transactions, machine recognition of handwriting has practical significance, as in reading handwritten notes in a PDA, in postal addresses on envelopes, in amounts in bank checks, in handwritten fields in forms, etc. This overview describes the nature of handwritten language, how it is transduced into electronic data, and the basic concepts behind written language recognition algorithms. Both the online case (which pertains to the availability of trajectory data during writing) and the off-line case (which pertains to scanned images) are considered. Algorithms for preprocessing, character and word recognition, and performance with practical systems are indicated. Other fields of application, like signature verification, writer authentification, handwriting learning tools are also considered.
2,653 citations
TL;DR: This paper presents an overview of feature extraction methods for off-line recognition of segmented (isolated) characters in terms of invariance properties, reconstructability and expected distortions and variability of the characters.
1,376 citations
TL;DR: In this paper, lazy cryptographers do AI and show how lazy they can be, and how they do it well, and why they do so poorly, and they are lazy.
Abstract: How lazy cryptographers do AI.
890 citations
18 Jun 2003
TL;DR: Efficient methods based on shape context matching are developed that can identify the word in an EZ-Gimpy image with a success rate of 92%, and the requisite 3 words in a Gimpy image 33% of the time.
Abstract: In this paper we explore object recognition in clutter. We test our object recognition techniques on Gimpy and EZ-Gimpy, examples of visual CAPTCHAs. A CAPTCHA ("Completely Automated Public Turing test to Tell Computers and Humans Apart") is a program that can generate and grade tests that most humans can pass, yet current computer programs can't pass. EZ-Gimpy, currently used by Yahoo, and Gimpy are CAPTCHAs based on word recognition in the presence of clutter. These CAPTCHAs provide excellent test sets since the clutter they contain is adversarial; it is designed to confuse computer programs. We have developed efficient methods based on shape context matching that can identify the word in an EZ-Gimpy image with a success rate of 92%, and the requisite 3 words in a Gimpy image 33% of the time. The problem of identifying words in such severe clutter provides valuable insight into the more general problem of object recognition in scenes. The methods that we present are instances of a framework designed to tackle this general problem.
681 citations
Proceedings Article•
01 Dec 2004TL;DR: This paper studied various Human Interactive Proofs (HIPs) on the market, and found that most HIPs are pure recognition tasks which can easily be broken using machine learning.
Abstract: Machine learning is often used to automatically solve human tasks. In this paper, we look for tasks where machine learning algorithms are not as good as humans with the hope of gaining insight into their current limitations. We studied various Human Interactive Proofs (HIPs) on the market, because they are systems designed to tell computers and humans apart by posing challenges presumably too hard for computers. We found that most HIPs are pure recognition tasks which can easily be broken using machine learning. The harder HIPs use a combination of segmentation and recognition tasks. From this observation, we found that building segmentation tasks is the most effective way to confuse machine learning algorithms. This has enabled us to build effective HIPs (which we deployed in MSN Passport), as well as design challenging segmentation tasks for machine learning algorithms.
275 citations