Abstract
The landscape of the World Wide Web today consists of a vast amount of services. While most of them are offered for free, the service providers prohibit their malicious usage by automated scripts. To enforce this policy, Captchas have emerged as a reliable method to setup a Turing test to distinguish between human and computers. Image recognition Captchas as one type of Captchas promise high human success rates. In this paper however, we develop an successful approach to attack this type of Captcha. To evaluate our attack we implemented a publicly available tool, which delivers promising results for the HumanAuth Captcha and others. Based upon our findings we propose several techniques for improving future versions of image recognition Captchas.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Banday, M.T., Shah, N.A.: Image flip captcha. ISC International Journal of Information Security (ISeCure) 1(2), 105–123 (2009)
Barnard, K., Duygulu, P., Forsyth, D.A., de Freitas, N., Blei, D.M., Jordan, M.I.: Matching words and pictures. Journal of Machine Learning Research 3, 1107–1135 (2003)
Chew, M., Tygar, J.D.: Image recognition captchas. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 268–279. Springer, Heidelberg (2004)
Elson, J., Douceur, J.R., Howell, J., Saul, J.: Asirra: a captcha that exploits interest-aligned manual image categorization. In: Proc. of the 14th ACM Conference on Computer and Communications, CCS ’07 (2007)
Golle, P.: Machine learning attacks against the asirra captcha. In: Proc. of the 15th ACM Conference on Computer and Communications Security, CCS ’08 (2008)
Hernandez-Castro, C.J., Ribagorda, A., Saez, Y.: Side-channel attack on labeling captchas. Computing Research Repository (08/2009)
Mori, G., Malik, J.: Recognizing objects in adversarial clutter: Breaking a visual captcha. In: Proc. of the 16th IEEE Computer Society Conference on Computer Vision and Pattern Recognition, CVPR ’03 (2003)
Moy, G., Jones, N., Harkless, C., Potter, R.: Distortion estimation techniques in solving visual captchas. In: Proc. of the 17th IEEE Computer Society Conference on Computer Vision and Pattern Recognition, CVPR ’04 (2004)
Naor, M.: Verification of a human in the loop or identification via the turing test, available electronically, http://www.wisdom.weizmann.ac.il/~naor/PAPERS/human.ps
Oechslin, P.: Making a faster cryptanalytic time-memory trade-off. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 617–630. Springer, Heidelberg (2003)
Oliveira, C.J.S., de Albuquerque Araújo, A.: Classifying images collected on the world wide web. In: Proc. of the 15th Brazilian Symposium on Computer Graphics and Image Processing, SIBGRAPI 2002 (2002)
von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: Captcha: Using hard AI problems for security. In: Proc. of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT 2003) (2003)
von Ahn, L., Dabbish, L.: Labeling images with a computer game. In: Proc. of the 22th Conference on Human Factors in Computing Systems, CHI ’04 (2004)
Yan, J., El Ahmad, A.S.: A low-cost attack on a microsoft captcha. In: Proc. of the 15th ACM Conference on Computer and Communications Security, CCS ’08 (2008)
Jeff, Y., Ahmad Salah, E.A.: Usability of captchas or usability issues in captcha design. In: Proc. of the 4th Symposium on Usable Privacy and Security, SOUPS ’08 (2008)
Jeff, Y., Ahmad Salah, E.A.: Captcha security: A case study. IEEE Security & Privacy 7(4), 22–28 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fritsch, C., Netter, M., Reisser, A., Pernul, G. (2010). Attacking Image Recognition Captchas. In: Katsikas, S., Lopez, J., Soriano, M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2010. Lecture Notes in Computer Science, vol 6264. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15152-1_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-15152-1_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15151-4
Online ISBN: 978-3-642-15152-1
eBook Packages: Computer ScienceComputer Science (R0)