nach oben

Erschienen in:

2016 | OriginalPaper | Buchkapitel

CAPTCHaStar! A Novel CAPTCHA Based on Interactive Shape Discovery

verfasst von : Mauro Conti, Claudio Guarisco, Riccardo Spolaor

Erschienen in: Applied Cryptography and Network Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Over the last years, most websites on which users can register (e.g., email providers and social networks) adopted CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) as a countermeasure against automated attacks. The battle of wits between designers and attackers of captchas led to current ones being annoying and hard to solve for users, while still being vulnerable to automated attacks.

In this paper, we propose CAPTCHaStar, a new image-based captcha that relies on user interaction. This novel captcha leverages the innate human ability to recognize shapes in a confused environment. We assess the effectiveness of our proposal for the two key aspects of captchas, i.e., usability, and resiliency to automated attacks. In particular, we evaluated the usability, carrying out a thorough user study, and we tested the resiliency of our proposal against several types of automated attacks: traditional ones; designed ad-hoc for our proposal; and based on machine learning. Compared to the state of the art, our proposal is more user friendly (e.g., only some 35 % of the users prefer current solutions, such as text-based captchas) and more resilient to automated attacks.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Memory Carving in Embedded Devices: Separate the Wheat from the Chaff

Nächstes Kapitel TMGuard: A Touch Movement-Based Security Mechanism for Screen Unlock Patterns on Smartphones

A demo is available at http://captchastar.math.unipd.it/demo.php.

AreYouAHuman - game based CAPTCHAs (2013). http://areyouahuman.com

Canvas (basic support) (2014). http://caniuse.com/#feat=canvas

Introducing “NoCAPTCHA reCAPTCHA”, December 2014. http://googleonlinesecurity.blogspot.co.uk/2014/12/are-you-robot-introducing-no-captcha.html

Usage of server-side programming languages for websites (2014). http://w3techs.com/technologies/overview/programming_language/all/

recaptcha plugins, December 2015. https://developers.google.com/recaptcha

Baird, H.S., Coates, A.L., Fateman, R.J.: Pessimalprint: a reverse turing test. IJDAR 5, 2–3 (2003)CrossRef

Baird, H.S., Riopka, T.P.: ScatterType: a reading CAPTCHA resistant to segmentation attack. In: Proceedings of EI. SPIE (2005)

N. Ben-Asher, J. Meyer, S. Moller, and R. Englert.: An experimental system for studying the tradeoff between usability and security. In: Proceedings of IEEE ARES (2009)

Bursztein, E., Aigrain, J., Moscicki, A., Mitchell, J.C.: The end is nigh: generic solving of text-based captchas. In: Proceedings of USENIX WOOT (2014)

10.

Bursztein, E., Bethard, S., Fabry, C., Mitchell, J.C., Jurafsky, D.: How good are humans at solving CAPTCHAs? a large scale evaluation. In: Proceedings of IEEE SP (2010)

11.

Bursztein, E., Martin, M., Mitchell, J.: Text-based CAPTCHA strengths and weaknesses. In: Proceedings of ACM CCS (2011)

12.

Chellapilla, K., Larson, K., Simard, P.Y., Czerwinski, M.: Computers beat humans at single character recognition in reading based human interaction proofs (HIPs). In: Proceedings of CEAS (2005)

13.

Conti, M., Guarisco, C., Spolaor, R.: Captchastar! a novel CAPTCHA based on interactive shape discovery (2015). eprint arXiv:1503.00561

14.

El Ahmad, A.S., Yan, J., Marshall, L.: The robustness of a new captcha. In: Proceedings of ACM EuroSys (2010)

15.

Elson, J., Douceur, J.R., Howell, J., Saul, J.: Asirra: a captcha that exploits interest-aligned manual image categorization. In: Proceedings of ACM CCS (2007)

16.

Ferzli, R., Bazzi, R., Karam, L.J.: A captcha based on the human visual systems masking characteristics. In: Proceedings of IEEE ICME (2006)

17.

Fidas, C.A., Voyiatzis, A.G., Avouris, N.M.: On the necessity of user-friendly CAPTCHA. In: Proceedings of ACM SIGCHI CHI (2011)

18.

Gao, H., Yao, D., Liu, H., Liu, X., Wang, L.: A novel image based CAPTCHA using jigsaw puzzle. In: Proceedings of IEEE CSE (2010)

19.

Golle, P.: Machine learning attacks against the asirra CAPTCHA. In: Proceedings of ACM CCS (2008)

20.

Hinton, G.E.: To recognize shapes, first learn to generate images. Prog. Brain Res. 165, 535–547 (2007)CrossRef

21.

Ince, I.F., Yengin, I., Salman, Y.B., Cho, H.-G., Yang, T.-C.: Designing captcha algorithm: splitting and rotating the images against ocrs. In: Proceedings of IEEE ICCIT (2008)

22.

Kanizsa, G., Kanizsa, G.: Organization in vision: Essays on Gestalt perception. Praeger, New York (1979)

23.

Kluever K.A. Zanibbi, R.: Balancing usability and security in a video CAPTCHA. In: Proceedings of ACM SOUPS (2009)

24.

Kosara, R., Healey, C.G., Interrante, V., Laidlaw, D.H., Ware, C.: User studies: why, how, and when? IEEE Comput. Graphics Appl. 23, 20–25 (2003)CrossRef

25.

Lopresti, D.P.: Leveraging the CAPTCHA problem. In: Baird, H.S., Lopresti, D.P. (eds.) HIP 2005. LNCS, vol. 3517, pp. 97–110. Springer, Heidelberg (2005)CrossRef

26.

Mohamed, M., Gao, S., Saxena, N., Zhang, C.: Dynamic cognitive game captcha usability and detection of streaming-based farming. In: Proceedings of the NDSS USEC (2014)

27.

Mohamed, M., Sachdeva, N., Georgescu, M., Gao, S., Saxena, N., Zhang, C., Kumaraguru, P., van Oorschot, P.C., Chen, W.-B.: A three-way investigation of a game-captcha: automated attacks, relay attacks and usability. In: Proceedings of ACM AsiaCCS (2014)

28.

Motoyama, M., Levchenko, K., Kanich, C., McCoy, D., Voelker, G.M., Savage, S.: Re: Captchas understanding captcha solving services in an economic context. In: Proceedings of USENIX Security (2010)

29.

Nejati, H., Cheung, N.-M., Sosa, R., Koh, D.C.: DeepCAPTCHA: an image CAPTCHA based on depth perception. In: Proceedings of ACM MSC (2014)

30.

Norman, D.A.: The design of everyday things: Revised and expanded edition. Basic books, New York (2013)

31.

Okada, M., Matsuyama, S.: New captcha for smartphones and tablet pc. In: Proceedings of IEEE CCNC (2012)

32.

Poslad, S.: Ubiquitous computing: smart devices, environments and interactions. John Wiley & Sons, New York (2011)

33.

Reynaga, G., Chiasson, S.: The usability of CAPTCHAs on smartphones. In: Proceedings of SECRYPT (2013)

34.

Shirali-Shahreza, M., Shirali-Shahreza, S.: Advanced collage captcha. In: Proceedings of IEEE ITNG (2008)

35.

Shirali-Shahreza, M. Shirali-Shahreza, S.: Motion captcha. In: Proceedings of IEEE HSI (2008)

36.

Shirali-Shahreza, M.H., Shirali-Shahreza, S.: Distinguishing Human Users from Bots. IGI Global, Hershey (2014)CrossRef

37.

Thomas, V., Kaur, K.: Cursor CAPTCHA implementing CAPTCHA using mouse cursor. In: Proceedings of IEEE WOCN (2013)

38.

Truong, H.D., Turner, C.F., Zou, C.C.: iCAPTCHA: the next generation of CAPTCHA designed to defend against 3rd party human attacks. In: Proceedings of IEEE ICC (2011)

39.

Ahn, L., Blum, M., Langford, J.: Telling humans and computers apart automatically. Commun. ACM 47, 56–60 (2004)CrossRef

40.

Yan, J., El Ahmad, A.S.: A low-cost attack on a microsoft CAPTCHA. In: Proceedings of ACM CCS (2008)

41.

Yan, J., El Ahmad, A.S.: Usability of CAPTCHAs or usability issues in CAPTCHA design. In: Proceedings of ACM SOUPS (2008)

42.

Zhu, B.B., Yan, J., Li, Q., Yang, C., Liu, J., Xu, N., Yi, M., Cai, K.: Attacks and design of image recognition CAPTCHAs. In: Proceedings of ACM CCS (2010)

Titel: CAPTCHaStar! A Novel CAPTCHA Based on Interactive Shape Discovery
verfasst von: Mauro Conti
Claudio Guarisco
Riccardo Spolaor
Verlag: Springer International Publishing
Buch: Applied Cryptography and Network Security
Print ISBN: 978-3-319-39554-8

Electronic ISBN: 978-3-319-39555-5

Copyright-Jahr: 2016
DOI: https://doi.org/10.1007/978-3-319-39555-5_33

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner