Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
ATZ-Fachkongress

Chassis.tech plus 2024


4 Kongresse in einer Veranstaltung

Treffen Sie in München die Fachleute von Chassis, Lenkung, Bremsen sowie Reifen/Räder.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Fine-Grained Privacy Control for Fitness and Health Applications Using the Privacy Management Platform Kapitel lesen Erstes Kapitel lesen

2019 | OriginalPaper | Buchkapitel

A Simple Attack on CaptchaStar

verfasst von : Thomas Gougeon, Patrick Lacharme

Erschienen in: Information Systems Security and Privacy

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

CaptchaStar is a new type of Captcha, proposed in 2016, based on shape recovery. This paper shows that the security of this Captcha is not as good as intended. More precisely, we present and implement an efficient attack on CaptchaStar with a success rate of 96%. The impact of this attack is also investigated in other scenarios as noise addition, and it continues to be very efficient. This paper is a revised version of the paper entitled How to break CaptchaStar, presented at the conference ICISSP 2018 [29].

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Elicitation of Privacy Requirements for the Internet of Things Using ACCESSORS
Nächstes Kapitel Notify This: Exploiting Android Notifications for Fun and Profit
Anhänge
Nur mit Berechtigung zugänglich
Fußnoten
1
Captcha will be now written in lower-case for a better readability of the paper.
 
Literatur
1.
2.
von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: Telling humans and computers apart automatically. Commun. ACM 47(2), 57–60 (2004)
3.
von Ahn, L., Dabbish, L.: Labeling images with a computer game. In: SIGCHI Conference on Human Factors in Computing Systems, pp. 319–326 (2004)
4.
von Ahn, L., Dabbish, L.: Designing games with a purpose. Commun. ACM 51(8), 58–67 (2008)
5.
von Ahn, L., Maurer, B., McMillen, C., Abraham, D., Blum, M.: reCAPTCHA: human-based character recognition via web security measures. Science 321, 1465–1468 (2008)MathSciNetCrossRef
6.
Algwil, A., Ciresan, D., Liu, B.B., Yan, J.: A security analysis of automated Chinese turing tests. In: Annual Conference on Computer Security Applications (ACSAC), pp. 520–532 (2016)
7.
Baird, H.S., Coates, A.L., Fateman, R.J.: PessimalPrint: a reverse turing test. Int. J. Doc. Anal. Recognit. 5(2–3), 158–163 (2003)CrossRef
8.
Bursztein, E., Aigrain, J., Moscicki, A., Mitchell, J.C.: The end is nigh: generic solving of text-based CAPTCHAs. In: USENIX Workshop on Offensive Technologies (WOOT) (2014)
9.
Bursztein, E., Beauxis, R., Paskov, H.S., Perito, D., Fabry, C., Mitchell, J.C.: The failure of noise-based non-continuous audio CAPTCHAs. In: IEEE Symposium on Security and Privacy (S&P), pp. 19–31 (2011)
10.
Bursztein, E., Bethard, S.: DeCAPTCHA: breaking 75% of ebay audio CAPTCHAs. In: USENIX Coference on Offensive Technologies (2009)
11.
Bursztein, E., Bethard, S., Fabry, C., Mitchell, J.C., Jurafsky, D.: How good are humans at solving CAPTCHAs? A large scale evaluation. In: IEEE Symposium on Security and Privacy (S&P), pp. 399–413 (2010)
12.
Bursztein, E., Martin, M., Mitchell, J.: Text-based CAPTCHA strengths and weaknesses. In: ACM Conference on Computer and Communications Security (CCS), pp. 125–138 (2011)
13.
Bursztein, E., Moscicki, A., Fabry, C., Bethard, S., Mitchell, J.C., Jurafsky, D.: Easy does it: more usable CAPTCHAs. In: Conference on Human Factors in Computing Systems (CHI), pp. 2637–2646 (2014)
14.
Chellapilla, K., Larson, K., Simard, P.Y., Czerwinski, M.: Building segmentation based human-friendly human interaction proofs (HIPs). In: Baird, H.S., Lopresti, D.P. (eds.) HIP 2005. LNCS, vol. 3517, pp. 1–26. Springer, Heidelberg (2005). https://​doi.​org/​10.​1007/​11427896_​1CrossRef
15.
Chellapilla, K., Larson, K., Simard, P.Y., Czerwinski, M.: Designing human friendly human interaction proofs. In: ACM Conference on Human Factors in Computing Systems (CHI), pp. 711–720 (2005)
16.
Chellapilla, K., Simard, P.Y.: Using machine learning to break visual human interaction proofs (HIPs). In: Neural Information Processing Systems (NIPS), pp. 265–272 (2004)
17.
18.
19.
20.
Cui, J.S., Mei, J.T., Zhang, W.Z., Wang, X., Zhang, D.: A CAPTCHA implementation based on moving objects recognition problem. In: IEEE International Conference on E-Business and E-Government (ICEE), pp. 1277–1280 (2010)
21.
Datta, R., Li, J., Wang, J.Z.: Imagination: a robust image-based CAPTCHA generation system. In: ACM International Conference on Multimedia, pp. 331–334 (2005)
22.
Elson, J., Douceur, J.R., Howell, J., Saul, J.: Asirra: a CAPTCHA that exploits interest-aligned manual image categorization. In: ACM Conference on Computer and Communications Security (CCS), pp. 366–374 (2007)
23.
Fidas, C., Voyiatzis, A., Avouris, N.: On the necessity of user-friendly CAPTCHA. In: SIGCHI Conference on Human Factors in Computing Systems (CHI), pp. 2623–2626 (2011)
24.
Gao, H., Wang, W., Qi, J., Wang, X., Liu, X., Yan, J.: The robustness of hollow CAPTCHAs. In: ACM Conference on Computer and Communications Security (CCS), pp. 1075–1086 (2013)
25.
Gao, H., et al.: A simple generic attack on text CAPTCHAs. In: Network and Distributed System Security Symposium (NDSS) (2016)
26.
Golle, P.: Machine learning attacks against the asirra CAPTCHA. In: ACM Conference on Computer and Communications Security (CCS), pp. 535–542 (2008)
27.
Goodfellow, I.J., Bulatov, Y., Ibarz, J., Arnoud, S., Shet, V.D.: Multi-digit number recognition from street view imagery using deep convolutional neural networks. coRR abs/1312.6082 (2013)
28.
Gossweiler, R., Kamvar, M., Baluja, S.: What’s up CAPTCHA? A CAPTCHA based on image orientation. In: 18th International Conference on World Wide Web (WWW), pp. 841–850 (2008)
29.
Gougeon, T., Lacharme, P.: How to break CAPTCHaStar. In: 4th International Conference on Information Systems Security and Privacy (ICISSP), pp. 41–51 (2018)
30.
Hernández-Castro, C.J., R-Moreno, M.D., Barrero, D.F., Gibson, S.: Using machine learning to identify common flaws in CAPTCHA design: FunCAPTCHA case analysis. Comput. Secur. 70, 744–756 (2017)CrossRef
31.
Hernández-Castro, C.J., Ribagorda, A.: Pitfalls in CAPTCHA design and implementation: the math CAPTCHA, a case study. Comput. Secur. 29, 141–157 (2010)CrossRef
32.
Hindle, A., Godfreya, M.W., Holt, R.C.: Reverse engineering CAPTCHAs (2008)
33.
Kim, J., Kim, S., Yang, J., Ryu, J., Wohn, K.: FaceCAPTCHA: a CAPTCHA that identifies the gender of face images unrecognized by existing gender classifiers. Multimed. Tools Appl. 72(2), 1215–1237 (2014)CrossRef
34.
Kim, J., Chung, W., Cho, H.: A new image-based CAPTCHA using the orientation of the polygonally cropped sub-images. Vis. Comput. 26, 1135–1143 (2010)CrossRef
35.
Kluever, K.A., Zanibbi, R.: Balancing usability and security in a video CAPTCHA. In: ACM Symposium on Usable Privacy and Security (SOUPS) (2009)
36.
Mohamed, M., Gao, S., Saxena, N., Zhang, C.: Dynamic cognitive game CAPTCHA usability and detection of streaming-based farming. In: Workshop NDSS on Usable Security (USEC) (2014)
37.
Mohamed, M., et al.: A three-way investigation of a game-CAPTCHA: automated attacks, relay attacks and usability. In: ACM Symposium on Information, Computer and Communications Security (ASIACCS), pp. 195–206 (2014)
38.
Mori, G., Malik, J.: Recognizing objects in adversarial clutter: breaking a visual CAPTCHA. In: Conference on Computer Vision and Pattern Recognition (CVPR), pp. 133–144 (2003)
39.
Motoyama, M., Levchenko, K., Kanich, C., McCoy, D., Voelker, G.M., Savage, S.: Re: CAPTCHAs-understanding CAPTCHA-solving services in an economic context. In: USENIX Security Symposium, vol. 10, pp. 435–462 (2010)
40.
Naor, M.: Verification of a human in the loop or identification via the turing test (1996)
41.
Nejati, H., Cheung, N.M., Sosa, R., Koh, D.C.I.: DeepCAPTCHA: an image CAPTCHA based on depth perception. In: ACM Multimedia Systems Conference (MMSys), pp. 81–90 (2014)
42.
Nguyen, V.D., Chow, Y.W., Susilo, W.: On the security of text-based 3D CAPTCHAs. Comput. Secur. 45, 84–99 (2014)CrossRef
43.
Osadchy, M., Hernandez-Castro, J., Gibson, S., Dunkelman, O., Perez-Cabo, D.: No bot expects the deepCAPTCHA! Introducing immutable adversarial examples with applications to CAPTCHA. iACR Cryptology ePrint Archive (2016)
44.
Pinkas, B., Sander, T.: Securing passwords against dictionary attacks. In: ACM Computer and Security Conference (CCS), pp. 161–170 (2002)
45.
Rui, Y., Liu, Z.: Artifacial: automated reverse turing test using facial features. Multimed. Syst. 9(6), 493–502 (2004)CrossRef
46.
Shirali-Shahreza, S., Shirali-Shahreza, M.: CAPTCHA for children. In: IEEE International Conference on System of Systems Engineering (SoSE), pp. 1–6 (2008)
47.
Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:​1409.​1556 (2014)
48.
Sivakorn, S., Polakis, I., Keromytis, A.D.: I am robot: (deep) learning to break semantic image CAPTCHAs. In: IEEE European Symposium on Security and Privacy (EuroS&P), pp. 388–403 (2016)
49.
Tam, J., Simsa, J., Hyde, S., von Ahn, L.: Breaking audio CAPTCHAs. In: Advances in Neural Information Processing Systems (NIPS), pp. 1625–1632 (2008)
50.
Thomas, K., McCoy, D., Grier, C., Kolcz, A., Paxson, V.: Trafficking fraudulent accounts: the role of the underground market in Twitter spam and abuse. In: USENIX Security Symposium. pp. 195–210 (2013)
51.
Truong, H.D., Turner, C.F., Zou, C.C.: iCAPTCHA: the next generation of CAPTCHA designed to defend against 3rd party human attacks. In: IEEE International Conference on Communications (ICC), pp. 1–6 (2011)
52.
53.
Wilkins, J.: Strong CAPTCHA guidelines. Technical Report (v1.2) (2009)
54.
Xu, Y., Reynaga, G., Chiasson, S., Frahm, J.M., Monrose, F., van Oorschot, P.C.: Security and usability challenges of moving-object CAPTCHAs: decoding codewords in motion. In: USENIX Security Symposium, pp. 49–64 (2012)
55.
Yan, J., Ahmad, A.S.E.: Breaking visual CAPTCHAs with naive pattern recognition algorithms. In: Annual Computer Security Applications Conference (ACSAC), pp. 279–291 (2007)
56.
Yan, J., Ahmad, A.S.E.: A low-cost attack on a Microsoft CAPTCHA. In: ACM Conference on Computer and communications security (CCS), pp. 543–554 (2007)
57.
Yan, J., Ahmad, A.S.E.: Usability of CAPTCHAs or usability issues in CAPTCHA design. In: 4th Symposium on Usable Privacy and Security (SOUPS), pp. 44–52 (2008)
58.
Yan, J., Ahmad, A.S.E.: CAPTCHA security: a case study. IEEE Secur. Priv. 7(4), 22–28 (2009)CrossRef
59.
Zhu, B.B., et al.: Attacks and design of image recognition CAPTCHAs. In: ACM Conference on Computer and Communications Security (CCS), pp. 187–200 (2010)
Metadaten
Titel
A Simple Attack on CaptchaStar
verfasst von
Thomas Gougeon
Patrick Lacharme
Copyright-Jahr
2019
Buch
Information Systems Security and Privacy

Print ISBN: 978-3-030-25108-6

Electronic ISBN: 978-3-030-25109-3

Copyright-Jahr: 2019

DOI
https://doi.org/10.1007/978-3-030-25109-3_4

Premium Partner

    Bildnachweise