Abstract
CAPTCHAs are a standard security mechanism used on many websites to protect online services against abuse by automated programs, or bots. The purpose of a CAPTCHA is to distinguish whether an online transaction is being carried out by a human or a bot. Unfortunately, to date many existing CAPTCHA schemes have been found to be vulnerable to automated attacks. It is widely accepted that state-of-the-art in text-based CAPTCHA design requires that a CAPTCHA be resistant against segmentation. In this paper, we examine CAPTCHA usability issues and current segmentation techniques that have been used to attack various CAPTCHA schemes. We then introduce the design of a new CAPTCHA scheme that was designed based on these usability and segmentation considerations. Our goal was to also design a text-based CAPTCHA scheme that can easily be used on increasingly pervasive touch-screen devices, without the need for keyboard input. This paper also examines the usability and robustness of the proposed CAPTCHA scheme.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Ahmad, A.S.E., Yan, J., Marshall, L.: The robustness of a new CAPTCHA. In: EUROSEC, pp. 36–41 (2010)
Ahmad, A.S.E., Yan, J., Ng, W.-Y.: CAPTCHA design: Color, usability, and security. IEEE Internet Computing 16(2), 44–51 (2012)
Ahmad, A.S.E., Yan, J., Tayara, M.: The robustness of Google CAPTCHAs. University of Newcastle, UK, Technical Report 1278, 1–15 (2011)
Baecher, P., Büscher, N., Fischlin, M., Milde, B.: Breaking reCAPTCHA: A holistic approach via shape recognition. In: Camenisch, J., Fischer-Hübner, S., Murayama, Y., Portmann, A., Rieder, C. (eds.) SEC 2011. IFIP AICT, vol. 354, pp. 56–67. Springer, Heidelberg (2011)
Bursztein, E., Beauxis, R., Paskov, H., Perito, D., Fabry, C., Mitchell, J.C.: The failure of noise-based non-continuous audio CAPTCHAs. In: IEEE Symposium on Security and Privacy, pp. 19–31. IEEE Computer Society (2011)
Bursztein, E., Bethard, S., Fabry, C., Mitchell, J.C., Jurafsky, D.: How good are humans at solving CAPTCHAs? a large scale evaluation. In: IEEE Symposium on Security and Privacy, pp. 399–413. IEEE Computer Society (2010)
Bursztein, E., Martin, M., Mitchell, J.C.: Text-based CAPTCHA strengths and weaknesses. In: Chen, Y., Danezis, G., Shmatikov, V. (eds.) ACM Conference on Computer and Communications Security, pp. 125–138. ACM (2011)
Canny, J.: A Computational Approach to Edge Detection. IEEE Transactions on Pattern Analysis and Machine Intelligence PAMI-8(6), 679–698 (1986)
Chaudhari, S.K., Deshpande, A.R., Bendale, S.B., Kotian, R.V.: 3D drag-n-drop CAPTCHA enhanced security through CAPTCHA. In: Mishra, B.K. (ed.) ICWET, pp. 598–601. ACM (2011)
Chellapilla, K., Larson, K., Simard, P.Y., Czerwinski, M.: Building segmentation based human-friendly Human Interaction Proofs (HIPs). In: Baird, H.S., Lopresti, D.P. (eds.) HIP 2005. LNCS, vol. 3517, pp. 1–26. Springer, Heidelberg (2005)
Chellapilla, K., Larson, K., Simard, P.Y., Czerwinski, M.: Computers beat humans at single character recognition in reading based Human Interaction Proofs (HIPs). In: CEAS (2005)
Chellapilla, K., Larson, K., Simard, P.Y., Czerwinski, M.: Designing human friendly Human Interaction Proofs (HIPs). In: van der Veer, G.C., Gale, C. (eds.) CHI, pp. 711–720. ACM (2005)
Chellapilla, K., Simard, P.Y.: Using machine learning to break visual Human Interaction Proofs (HIPs). In: NIPS (2004)
Chow, R., Golle, P., Jakobsson, M., Wang, L., Wang, X.: Making CAPTCHAs clickable. In: Spasojevic, M., Corner, M.D. (eds.) HotMobile, pp. 91–94. ACM (2008)
Chow, Y.-W., Susilo, W.: AniCAP: An animated 3D CAPTCHA scheme based on motion parallax. In: Lin, D., Tsudik, G., Wang, X. (eds.) CANS 2011. LNCS, vol. 7092, pp. 255–271. Springer, Heidelberg (2011)
Cruz-Perez, C., Starostenko, O., Uceda-Ponga, F., Alarcon-Aquino, V., Reyes-Cabrera, L.: Breaking reCAPTCHAs with unpredictable collapse: Heuristic character segmentation and recognition. In: Carrasco-Ochoa, J.A., Martínez-Trinidad, J.F., Olvera López, J.A., Boyer, K.L. (eds.) MCPR 2012. LNCS, vol. 7329, pp. 155–165. Springer, Heidelberg (2012)
Duda, R.O., Hart, P.E.: Use of the Hough transformation to detect lines and curves in pictures. Commun. ACM 15(1), 11–15 (1972)
Geman, S., Geman, D.: Stochastic relaxation, Gibbs distributions, and the Bayesian restoration of images. IEEE Transactions on Pattern Analysis and Machine Intelligence (6), 721–741 (1984)
Huang, S.-Y., Lee, Y.-K., Bell, G., Ou, Z.-H.: An efficient segmentation algorithm for CAPTCHAs with line cluttering and character warping. Multimedia Tools and Applications 48(2), 267–289 (2010)
Liu, P., Shi, J., Wang, L., Guo, L.: An efficient ellipse-shaped blobs detection algorithm for breaking Facebook CAPTCHA. In: Yuan, Y., Wu, X., Lu, Y. (eds.) ISCTCS 2012. CCIS, vol. 320, pp. 420–428. Springer, Heidelberg (2013)
Mori, G., Malik, J.: Recognizing objects in adversarial clutter: Breaking a visual CAPTCHA. In: CVPR (1), pp. 134–144 (2003)
Nguyen, V.D., Chow, Y.-W., Susilo, W.: Breaking a 3D-based CAPTCHA scheme. In: Kim, H. (ed.) ICISC 2011. LNCS, vol. 7259, pp. 391–405. Springer, Heidelberg (2012)
Nguyen, V.D., Chow, Y.-W., Susilo, W.: Breaking an animated CAPTCHA scheme. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 12–29. Springer, Heidelberg (2012)
von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: Using hard AI problems for security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 294–311. Springer, Heidelberg (2003)
Wang, S.-Y., Baird, H.S., Bentley, J.L.: CAPTCHA challenge tradeoffs: Familiarity of strings versus degradation of images. In: ICPR (3), pp. 164–167. IEEE Computer Society (2006)
Wilkins, J.: Strong CAPTCHA guidelines v1.2 (2009), http://www.bitland.net/captcha.pdf
Xu, Y., Reynaga, G., Chiasson, S., Frahm, J.-M., Monrose, F., Van Oorschot, P.: Security and usability challenges of moving-object CAPTCHAs: Decoding codewords in motion. In: Proceedings of the 21st USENIX Conference on Security Symposium, Security 2012, p. 4. USENIX Association, Berkeley (2012)
Yan, J., Ahmad, A.S.E.: Breaking visual CAPTCHAs with naive pattern recognition algorithms. In: ACSAC, pp. 279–291. IEEE Computer Society (2007)
Yan, J., Ahmad, A.S.E.: A low-cost attack on a Microsoft CAPTCHA. In: Ning, P., Syverson, P.F., Jha, S. (eds.) ACM Conference on Computer and Communications Security, pp. 543–554. ACM (2008)
Yan, J., Ahmad, A.S.E.: Usability of CAPTCHAs or usability issues in CAPTCHA design. In: Cranor, L.F. (ed.) SOUPS, ACM International Conference Proceeding Series, pp. 44–52. ACM (2008)
Zhu, B.B., Yan, J., Li, Q., Yang, C., Liu, J., Xu, N., Yi, M., Cai, K.: Attacks and design of image recognition CAPTCHAs. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) ACM Conference on Computer and Communications Security, pp. 187–200. ACM (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Nguyen, V.D., Chow, YW., Susilo, W. (2014). A CAPTCHA Scheme Based on the Identification of Character Locations. In: Huang, X., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2014. Lecture Notes in Computer Science, vol 8434. Springer, Cham. https://doi.org/10.1007/978-3-319-06320-1_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-06320-1_6
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-06319-5
Online ISBN: 978-3-319-06320-1
eBook Packages: Computer ScienceComputer Science (R0)