Abstract
CAPTCHAs are used to distinguish between human- and computer-generated (i.e., bot) online traffic. As there is an ever-increasing amount of online traffic from mobile devices, it is necessary to design CAPTCHAs that work well on mobile devices. In this paper, we present SenCAPTCHA, a mobile-first CAPTCHA that leverages the device's orientation sensors. SenCAPTCHA works by showing users an image of an animal and asking them to tilt their device to guide a red ball into the center of that animal's eye. SenCAPTCHA is especially useful for devices with small screen sizes (e.g., smartphones, smartwatches). In this paper, we describe the design of SenCAPTCHA and demonstrate that it is resilient to various machine learning based attacks. We also report on two usability studies of SenCAPTCHA involving a total of 472 participants; our results show that SenCAPTCHA is viewed as an "enjoyable" CAPTCHA and that it is preferred by over half of the participants to other existing CAPTCHA systems.
Supplemental Material
Available for Download
Supplemental movie, appendix, image and software files for, SenCAPTCHA: A Mobile-First CAPTCHA Using Orientation Sensors
- Henry S Baird, Michael A Moll, and Sui-Yu Wang. 2005. ScatterType: a legible but hard-to-segment CAPTCHA. In Document Analysis and Recognition, 2005. Proceedings. Eighth International Conference on. IEEE, 935--939.Google ScholarDigital Library
- M.M. Bongard. 1970. Pattern Recognition. Spartan Books, Rochelle Park, NJ.Google Scholar
- Darko Brodić, Alessia Amelio, and Radmila Janković. 2018. Exploring the influence of CAPTCHA types to the users response time by statistical analysis. Multimedia Tools and Applications 77, 10 (2018), 12293--12329.Google ScholarDigital Library
- John Brooke. 2013. SUS: a retrospective. Journal of usability studies 8, 2 (2013), 29--40.Google ScholarDigital Library
- John Brooke et al. 1996. SUS-A quick and dirty usability scale. Usability evaluation in industry 189, 194 (1996), 4--7.Google Scholar
- Elie Bursztein. 2012. How we broke the NuCaptcha video scheme and what we proposed to fix it. See https://www.elie.net/blog/security/how-we-broke-the-nucaptcha-video-scheme-and-what-we-propose-to-fix-it/, Accessed March (2012).Google Scholar
- Elie Bursztein, Jonathan Aigrain, Angelika Moscicki, and John C Mitchell. 2014. The End is Nigh: Generic Solving of Text-based CAPTCHAs. In WOOT.Google Scholar
- Tsz-Yan Chan. 2003. Using a test-to-speech synthesizer to generate a reverse Turing test. In Tools with Artificial Intelligence, 2003. Proceedings. 15th IEEE International Conference on. IEEE, 226--232.Google ScholarCross Ref
- Monica Chew and J Doug Tygar. 2004. Image recognition captchas. In International Conference on Information Security. Springer, 268--279.Google ScholarCross Ref
- Sarika Choudhary, Ritika Saroha, Yatan Dahiya, and Sachin Choudhary. 2013. understanding CAPTCHA: Text and Audio Based Captcha with its Applications. International Journal of Advanced Research in Computer Science and Software Engineering 3, 6 (2013).Google Scholar
- Mauro Conti, Claudio Guarisco, and Riccardo Spolaor. 2016. CAPTCHaStar! A novel CAPTCHA based on interactive shape discovery. In International Conference on Applied Cryptography and Network Security. Springer, 611--628.Google ScholarCross Ref
- Ritendra Datta, Jia Li, and James Z Wang. 2005. IMAGINATION: a robust image-based CAPTCHA generation system. In Proceedings of the 13th annual ACM international conference on Multimedia. ACM, 331--334.Google ScholarDigital Library
- Jeremy Elson, John R Douceur, Jon Howell, and Jared Saul. 2007. Asirra: a CAPTCHA that exploits interest-aligned manual image categorization. In ACM Conference on Computer and Communications Security, Vol. 7. Citeseer, 366--374.Google Scholar
- Haichang Gao, Honggang Liu, Dan Yao, Xiyang Liu, and Uwe Aickelin. 2010. An audio CAPTCHA to distinguish humans from computers. In Electronic Commerce and Security (ISECS), 2010 Third International Symposium on. IEEE, 265--269.Google ScholarDigital Library
- Haichang Gao, Dan Yao, Honggang Liu, Xiyang Liu, and Liming Wang. 2010. A novel image based CAPTCHA using jigsaw puzzle. In Computational Science and Engineering (CSE), 2010 IEEE 13th International Conference on. IEEE, 351--356.Google ScholarDigital Library
- Barney G Glaser. 1965. The constant comparative method of qualitative analysis. Social problems 12, 4 (1965), 436--445.Google Scholar
- Philippe Golle. 2008. Machine learning attacks against the Asirra CAPTCHA. In Proceedings of the 15th ACM conference on Computer and communications security. ACM, 535--542.Google ScholarDigital Library
- Ian J Goodfellow, Yaroslav Bulatov, Julian Ibarz, Sacha Arnoud, and Vinay Shet. 2013. Multi-digit number recognition from street view imagery using deep convolutional neural networks. arXiv preprint arXiv.1312.6082 (2013).Google Scholar
- Rich Gossweiler, Maryam Kamvar, and Shumeet Baluja. 2009. What's up CAPTCHA?: a CAPTCHA based on image orientation. In Proceedings of the 18th international conference on World wide web. ACM, 841--850.Google ScholarDigital Library
- Jonathan Holman, Jonathan Lazar, Jinjuan Heidi Feng, and John D'Arcy. 2007. Developing usable CAPTCHAs for blind users. In Proceedings of the 9th international ACM SIGACCESS conference on Computers and accessibility. ACM, 245--246.Google ScholarDigital Library
- Chen-Chiung Hsieh and Zong-Yu Wu. 2013. Anti-SIFT images based CAPTCHA using versatile characters. In Information Science and Applications (ICISA), 2013 International Conference on. IEEE, 1--4.Google ScholarCross Ref
- Google Inc. 2018. Google reCAPTCHA. https://www.google.com/recaptcha/intro/Google Scholar
- Leap Marketing Technologies Inc. 2010. Video-Based Captchas Now Available for Sites and Blogs. See www.prnewswire.com/news-releases/video-based-captchas-now-available-for-sites-and-blogs-97471319.html (2010).Google Scholar
- Imperva Incapsula. 2016. Bot Traffic Report. https://www.incapsula.com/blog/bot-traffic-report-2016.htmlGoogle Scholar
- Ramanpreet Kaur and Pooja Choudhary. 2015. A Novel CAPTCHA Design Approach using Boolean Algebra. In 2015 5th International Conference on IT Convergence and Security (ICITCS). Citeseer, 1--7.Google ScholarCross Ref
- Kurt Alfred Kluever and Richard Zanibbi. 2009. Balancing usability and security in a video CAPTCHA. In Proceedings of the 5th Symposium on Usable Privacy and Security. ACM, 14.Google ScholarDigital Library
- Greg Kochanski, Daniel P Lopresti, and Chilin Shih. 2002. A reverse turing test using speech. In INTERSPEECH.Google Scholar
- Martin Koestinger, Paul Wohlhart, Peter M Roth, and Horst Bischof. 2011. Annotated facial landmarks in the wild: A large-scale, real-world database for facial landmark localization. In Computer Vision Workshops (ICCV Workshops), 2011 IEEE International Conference on. IEEE, 2144--2151.Google ScholarCross Ref
- Jonathan Lazar, Jinjuan Feng, Tim Brooks, Genna Melamed, Brian Wentz, Jon Holman, Abiodun Olalere, and Nnanna Ekedebe. 2012. The SoundsRight CAPTCHA: an improved approach to audio human interaction proofs for blind users. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2267--2276.Google ScholarDigital Library
- James R Lewis. 1991. Psychometric evaluation of an after-scenario questionnaire for computer usability studies: the ASQ. ACM Sigchi Bulletin 23, 1 (1991), 78--81.Google ScholarDigital Library
- Mark D Lillibridge, Martin Abadi, Krishna Bharat, and Andrei Z Broder. 2001. Method for selectively restricting access to computer systems. US Patent 6,195,698.Google Scholar
- David G Lowe. 2004. Distinctive image features from scale-invariant keypoints. International journal of computer vision 60, 2 (2004), 91--110.Google Scholar
- Nicholas J. Hopper Luis von Ahn, Manuel Blum and John Langford. 2000. The CAPTCHA Web Page. http://www.captcha.netGoogle Scholar
- Peter Matthews, Andrew Mantel, and Cliff C Zou. 2010. Scene tagging: image-based CAPTCHA using image composition and object relationships. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security. ACM, 345--350.Google ScholarDigital Library
- D Mujumdar and S Polisetti. 2011. A platform to monetize usable & secure CAPTCHAs for desktop and mobile devices (PICATCHA). Retrieved Dec 20 (2011), 2014.Google Scholar
- Drew Phillips. 2019. Securimage. https://www.phpcaptcha.orgGoogle Scholar
- Lawrence R Rabiner and Biing-Hwang Juang. 1993. Fundamentals of speech recognition. (1993).Google Scholar
- Maheen Rashid, Xiuye Gu, and Yong Jae Lee. 2017. Interspecies Knowledge Transfer for Facial Keypoint Detection. arXiv preprint arXiv:1704.04023 (2017).Google Scholar
- Gerardo Reynaga, Sonia Chiasson, and Paul C van Oorschot. 2015. Exploring the usability of captchas on smartphones: Comparisons and recommendations. In NDSS Workshop on Usable Security USEC.Google ScholarCross Ref
- Scott Ruoti, Brent Roberts, and Kent Seamons. 2015. Authentication melee: A usability analysis of seven web authentication systems. In Proceedings of the 24th International Conference on World Wide Web. International World Wide Web Conferences Steering Committee, 916--926.Google ScholarDigital Library
- Hiroaki Sakoe and Seibi Chiba. 1978. Dynamic programming algorithm optimization for spoken word recognition. IEEE transactions on acoustics, speech, and signal processing 26, 1 (1978), 43--49.Google Scholar
- Jeff Sauro and James R Lewis. 2016. Quantifying the user experience: Practical statistics for user research. Morgan Kaufmann.Google Scholar
- Suphannee Sivakorn, Iasonas Polakis, and Angelos D Keromytis. 2016. I am robot:(deep) learning to break semantic image captchas. In Security and Privacy (EuroS&P), 2016 IEEE European Symposium on. IEEE, 388--403.Google Scholar
- Suphannee Sivakorn, Jason Polakis, and Angelos D Keromytis. 2016. I'm not a human: Breaking the Google reCAPTCHA. Black Hat (2016).Google Scholar
- Oleg Starostenko, Claudia Cruz-Perez, Fernando Uceda-Ponga, and Vicente Alarcon-Aquino. 2015. Breaking text-based CAPTCHAs with variable word and character orientation. Pattern Recognition 48, 4 (2015), 1101--1112.Google ScholarDigital Library
- Pranal C Tayade and Mahip M Bartere. 2015. Comprehensive study on performance analysis of various CAPTCHA systems. International Journal of Current Engineering and Technology 5, 1 (2015).Google Scholar
- Thomas S Tullis and Jacqueline N Stetson. 2004. A comparison of questionnaires for assessing website usability. In Usability professional association conference, Vol. 1. Minneapolis, USA.Google Scholar
- Luis Von Ahn. 2008. Human computation. In 2008 IEEE 24th international conference on data engineering. IEEE, 1--2.Google ScholarDigital Library
- Luis Von Ahn, Manuel Blum, and John Langford. 2004. Telling humans and computers apart automatically. Commun. ACM 47, 2 (2004), 56--60.Google ScholarDigital Library
- Luis Von Ahn, Benjamin Maurer, Colin McMillen, David Abraham, and Manuel Blum. 2008. recaptcha: Human-based character recognition via web security measures. Science 321, 5895 (2008), 1465--1468.Google Scholar
- Yi Xu, Gerardo Reynaga, Sonia Chiasson, Jan-Michael Frahm, Fabian Monrose, and Paul C van Oorschot. 2012. Security and Usability Challenges of Moving-Object CAPTCHAs: Decoding Codewords in Motion. In USENIX security symposium. 49--64.Google Scholar
- Heng Yang, Renqiao Zhang, and Peter Robinson. 2016. Human and sheep facial landmarks localisation by triplet interpolated features. In Applications of Computer Vision (WACV), 2016 IEEE Winter Conference on. IEEE, 1--8.Google ScholarCross Ref
Index Terms
- SenCAPTCHA: A Mobile-First CAPTCHA Using Orientation Sensors
Recommendations
Understanding influence of mobile internet services on life behavior of mobile users
HCI'07: Proceedings of the 12th international conference on Human-computer interaction: applications and servicesWe have performed a Web-based survey to analyze a variety of services provided via mobile devices, and we studied how the usage of mobile Internet services is influencing the life behavior of mobile users. The survey was targeted to young generation ...
A new CAPTCHA interface design for mobile devices
AUIC '11: Proceedings of the Twelfth Australasian User Interface Conference - Volume 117This paper discusses and demonstrates the interplay between system security and user interface convenience in CAPTCHA design, and in particular, mobile device CAPTCHA design. A CAPTCHA is a computer-based security test used to distinguish human users ...
Mobile device security
InfoSecCD '04: Proceedings of the 1st annual conference on Information security curriculum developmentBecause of their small size, memory capability, and the case with which information can be downloaded and removed from a facility, mobile devices pose a risk to organizations when used and transported outside physical boundaries. Mobile devices, ...
Comments