Development of two novel face-recognition CAPTCHAs: A security and usability study

CAPTCHAs are challenge-response tests that aim at preventing unwanted machines, including bots, from accessing web services while providing easy access for humans. Recent advances in artificial-intelligence based attacks show that the level of security provided by many state-of-the-art text-based CAPTCHAs is declining. At the same time, techniques for distorting and obscuring the text, which are used to maintain the level of security, make text-based CAPTCHAs difficult to solve for humans, and thereby further degrade usability. The need for developing alternative types of CAPTCHAs that improve both the current security and the usability levels has been emphasized widely.With this study, we contribute to research through (1) the development of two new face recognition CAPTCHAs (Farett-Gender and Farett-Gender&Age), (2) the security analysis of both procedures, and (3) the provision of empirical evidence that one of the suggested CAPTCHAs (Farett-Gender) is similar to Google's reCAPTCHA and better than KCAPTCHA concerning effectiveness (error rates), superior to both regarding learnability and satisfaction but not efficiency.

[1]  Pawel Lupkowski,et al.  SemCAPTCHA—user-friendly alternative for OCR-based CAPTCHA systems , 2008, 2008 International Multiconference on Computer Science and Information Technology.

[2]  Hannes Federrath,et al.  Usability von CAPTCHA-Systemen , 2012, Sicherheit.

[3]  Philippe Golle,et al.  Machine learning attacks against the Asirra CAPTCHA , 2008, CCS.

[4]  Oleg Starostenko,et al.  Breaking text-based CAPTCHAs with variable word and character orientation , 2015, Pattern Recognit..

[5]  Jon Howell,et al.  Asirra: a CAPTCHA that exploits interest-aligned manual image categorization , 2007, CCS '07.

[6]  David J. Crandall,et al.  Solving Avatar Captchas Automatically , 2012, AMLTA.

[7]  Jonathan Lazar,et al.  Investigating the effects of sound masking on the use of audio CAPTCHAs , 2014, Behav. Inf. Technol..

[8]  Luis von Ahn,et al.  Breaking Audio CAPTCHAs , 2008, NIPS.

[9]  Manuel Blum,et al.  reCAPTCHA: Human-Based Character Recognition via Web Security Measures , 2008, Science.

[10]  John Langford,et al.  CAPTCHA: Using Hard AI Problems for Security , 2003, EUROCRYPT.

[11]  Richard Zanibbi,et al.  Balancing usability and security in a video CAPTCHA , 2009, SOUPS.

[12]  A Generalized Method to Solve Text-Based CAPTCHAs , 2009 .

[13]  Sajad Shirali-Shahreza,et al.  SeeSay and HearSay CAPTCHA for mobile interaction , 2013, CHI.

[14]  Muhammad Abid,et al.  Learning Discriminating Features for Gender Recognition of Real World Faces , 2014, Int. J. Image Graph..

[15]  Michael Netter,et al.  Attacking Image Recognition Captchas - A Naive but Effective Approach , 2010, TrustBus.

[16]  Joonhyuk Yang,et al.  FaceCAPTCHA: a CAPTCHA that identifies the gender of face images unrecognized by existing gender classifiers , 2013, Multimedia Tools and Applications.

[17]  Mark L. Mitchell,et al.  Research Design Explained , 1987 .

[18]  Erik Learned-Miller,et al.  Labeled Faces in the Wild : Updates and New Reporting Procedures , 2014 .

[19]  Angelos D. Keromytis,et al.  Using graphic turing tests to counter automated DDoS attacks against web servers , 2003, CCS '03.

[20]  Patrice Y. Simard,et al.  Using Machine Learning to Break Visual Human Interaction Proofs (HIPs) , 2004, NIPS.

[21]  Jeff Yan,et al.  Usability of CAPTCHAs or usability issues in CAPTCHA design , 2008, SOUPS '08.

[22]  Roope Raisamo,et al.  An experimental comparison of gender classification methods , 2008, Pattern Recognit. Lett..

[23]  Jan-Michael Frahm,et al.  Security and Usability Challenges of Moving-Object CAPTCHAs: Decoding Codewords in Motion , 2012, USENIX Security Symposium.

[24]  G. Moy,et al.  Distortion estimation techniques in solving visual CAPTCHAs , 2004, CVPR 2004.

[25]  Yang-Wai Chow,et al.  On the security of text-based 3D CAPTCHAs , 2014, Comput. Secur..

[26]  Nikos Mavrogiannopoulos,et al.  For human eyes only: security and usability evaluation , 2012, WPES '12.

[27]  Jeffrey P. Bigham,et al.  Evaluating existing audio CAPTCHAs and an interface optimized for non-visual use , 2009, CHI.

[28]  Jeff Yan,et al.  Breaking Visual CAPTCHAs with Naive Pattern Recognition Algorithms , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[29]  Wei Gao,et al.  Face Gender Classification on Consumer Images in a Multiethnic Environment , 2009, ICB.

[30]  Frédéric Jurie,et al.  Puzzling face verification algorithms for privacy protection , 2014, 2014 IEEE International Workshop on Information Forensics and Security (WIFS).

[31]  Wei Wang,et al.  The robustness of hollow CAPTCHAs , 2013, CCS.

[32]  Markus Dürmuth,et al.  Achieving Anonymity against Major Face Recognition Algorithms , 2013, Communications and Multimedia Security.

[33]  Richa Singh,et al.  Face recognition CAPTCHA , 2012, 2012 IEEE Fifth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[34]  Gonzalo Álvarez,et al.  CAPTCHAs: An Artificial Intelligence Application to Web Security , 2011, Adv. Comput..

[35]  Dorothea Kolossa,et al.  Using automatic speech recognition for attacking acoustic CAPTCHAs: the trade-off between usability and security , 2014, ACSAC.

[36]  Daniel González-Jiménez,et al.  Single- and cross- database benchmarks for gender classification under unconstrained settings , 2011, 2011 IEEE International Conference on Computer Vision Workshops (ICCV Workshops).

[37]  Mayank Agarwal,et al.  Mitigating denial of service attack using CAPTCHA mechanism , 2011, ICWET.

[38]  Rich Gossweiler,et al.  WWW 2009 MADRID! Track: User Interfaces and Mobile Web / Session: User Interfaces What’s Up CAPTCHA? A CAPTCHA Based on Image Orientation , 2022 .

[39]  Manuel Blum,et al.  Telling Humans and Computers Apart Automatically or How Lazy Cryptographers do AI , 2002 .

[40]  Mary Czerwinski,et al.  Building Segmentation Based Human-Friendly Human Interaction Proofs (HIPs) , 2005, HIP.

[41]  James Ze Wang,et al.  Exploiting the Human–Machine Gap in Image Recognition for Designing CAPTCHAs , 2009, IEEE Transactions on Information Forensics and Security.

[42]  Wei-bang Chen,et al.  A three-way investigation of a game-CAPTCHA: automated attacks, relay attacks and usability , 2014, AsiaCCS.

[43]  Marwan Mattar,et al.  Labeled Faces in the Wild: A Database forStudying Face Recognition in Unconstrained Environments , 2008 .

[44]  Paul A. Viola,et al.  Robust Real-Time Face Detection , 2001, Proceedings Eighth IEEE International Conference on Computer Vision. ICCV 2001.

[45]  Chao Yang,et al.  Attacks and design of image recognition CAPTCHAs , 2010, CCS '10.

[46]  Jakob Nielsen,et al.  Usability engineering , 1997, The Computer Science and Engineering Handbook.

[47]  Francesco Bergadano,et al.  Anti-bot Strategies Based on Human Interactive Proofs , 2010, Handbook of Information and Communication Security.

[48]  Mary Czerwinski,et al.  Computers beat Humans at Single Character Recognition in Reading based Human Interaction Proofs (HIPs) , 2005, CEAS.

[49]  Alessandro Basso,et al.  Preventing massive automated access to web resources , 2009, Comput. Secur..

[50]  John C. Mitchell,et al.  Text-based CAPTCHA strengths and weaknesses , 2011, CCS '11.

[51]  Artemios G. Voyiatzis,et al.  On the necessity of user-friendly CAPTCHA , 2011, CHI.

[52]  John C. Mitchell,et al.  The End is Nigh: Generic Solving of Text-based CAPTCHAs , 2014, WOOT.

[53]  Christos Makris,et al.  Character Segmentation for Automatic CAPTCHA Solving , 2014 .

[54]  Mauro Conti,et al.  CAPTCHaStar! A Novel CAPTCHA Based on Interactive Shape Discovery , 2015, ACNS.

[55]  Jeff Yan,et al.  The Robustness of Google CAPTCHAs , 2011 .

[56]  Henry S. Baird,et al.  Implicit CAPTCHAs , 2005, DRR.

[57]  Marcel Worring,et al.  Content-Based Image Retrieval at the End of the Early Years , 2000, IEEE Trans. Pattern Anal. Mach. Intell..

[58]  Hend Suliman Al-Khalifa An Empirical Pilot Study of CAPTCHA Complexity Using Eye Tracking , 2014, iiWAS.

[59]  Hyeonjoon Moon,et al.  The FERET Evaluation Methodology for Face-Recognition Algorithms , 2000, IEEE Trans. Pattern Anal. Mach. Intell..

[60]  Shree K. Nayar,et al.  Attribute and simile classifiers for face verification , 2009, 2009 IEEE 12th International Conference on Computer Vision.

[61]  Harry Wechsler,et al.  The FERET database and evaluation procedure for face-recognition algorithms , 1998, Image Vis. Comput..

[62]  Hsin Hsin Chang,et al.  Consumer perception of interface quality, security, and loyalty in electronic commerce , 2009, Inf. Manag..

[63]  Dorothea Kolossa,et al.  Constructing Secure Audio CAPTCHAs by Exploiting Differences between Humans and Machines , 2015, CHI.

[64]  John Langford,et al.  Telling humans and computers apart automatically , 2004, CACM.

[65]  Kate Smith-Miles,et al.  Facial age estimation by multilinear subspace analysis , 2009, 2009 IEEE International Conference on Acoustics, Speech and Signal Processing.

[66]  W. Horng,et al.  Classification of Age Groups Based on Facial Features , 2001 .

[67]  Javier Lorenzo-Navarro,et al.  On using periocular biometric for gender classification in the wild , 2016, Pattern Recognit. Lett..

[68]  John C. Mitchell,et al.  Easy does it: more usable CAPTCHAs , 2014, CHI.

[69]  Oleg Starostenko,et al.  Breaking reCAPTCHAs with Unpredictable Collapse: Heuristic Character Segmentation and Recognition , 2012, MCPR.

[70]  Chanathip Namprempre,et al.  Mitigating Dictionary Attacks with Text-Graphics Character Captchas , 2007, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[71]  James Miller,et al.  A Survey and Analysis of Current CAPTCHA Approaches , 2013, J. Web Eng..

[72]  Yun Fu,et al.  Age Synthesis and Estimation via Faces: A Survey , 2010, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[73]  Philip Masek,et al.  Evaluation of Face Recognition APIs and Libraries , 2015 .

[74]  Paul A. Viola,et al.  A unified learning framework for real time face detection and classification , 2002, Proceedings of Fifth IEEE International Conference on Automatic Face Gesture Recognition.

[75]  Anjali Avinash Chandavale,et al.  Algorithm to Break Visual CAPTCHA , 2009, 2009 Second International Conference on Emerging Trends in Engineering & Technology.

[76]  B. Thomas,et al.  Usability Evaluation In Industry , 1996 .

[77]  David J. Sheskin,et al.  Handbook of Parametric and Nonparametric Statistical Procedures , 1997 .

[78]  Zicheng Liu,et al.  ARTiFACIAL: automated reverse turing test using FACIAL features , 2003, MULTIMEDIA '03.

[79]  Marios Belk,et al.  iHIP: Towards a User Centric Individual Human Interaction Proof Framework , 2015, CHI Extended Abstracts.

[80]  Sébastien Marcel,et al.  Audio-visual gender recognition in uncontrolled environment using variability modeling techniques , 2014, IEEE International Joint Conference on Biometrics.

[81]  John C. Mitchell,et al.  How Good Are Humans at Solving CAPTCHAs? A Large Scale Evaluation , 2010, 2010 IEEE Symposium on Security and Privacy.

[82]  Jeff Yan,et al.  A low-cost attack on a Microsoft captcha , 2008, CCS.

[83]  Caifeng Shan,et al.  Learning local binary patterns for gender classification on real-world face images , 2012, Pattern Recognit. Lett..

[84]  Kun Fang,et al.  Segmentation of CAPTCHAs Based on Complex Networks , 2012, AICI.

[85]  Benny Pinkas,et al.  Securing passwords against dictionary attacks , 2002, CCS '02.

[86]  Marc Fischlin,et al.  Breaking reCAPTCHA: A Holistic Approach via Shape Recognition , 2011, SEC.