A Study of CAPTCHA and Its Application to User Authentication

A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a scheme used to determine whether the user is a human or a malicious computer program. It has become the most widely used standard security technology to prevent automated computer program attacks. In this paper, we first give an overview of CAPTCHA. Next, we discuss the pros and cons of various CAPTCHA techniques. Then, we present the common attacks and vulnerability analysis in CAPTCHA design. Subsequently, we suggest counter-measures and remedies for those attacks. Finally we propose a personalized CAPTCHA to replace the traditional password-based authentication system as possible further research in applying CAPTCHA to user authentication application.

[1]  Young-Koo Lee,et al.  Secured WSN-integrated cloud computing for u-Life Care , 2010, 2010 7th IEEE Consumer Communications and Networking Conference.

[2]  Richard Zanibbi,et al.  Balancing usability and security in a video CAPTCHA , 2009, SOUPS.

[3]  Mary Czerwinski,et al.  Computers beat Humans at Single Character Recognition in Reading based Human Interaction Proofs (HIPs) , 2005, CEAS.

[4]  Manuel Blum,et al.  Telling Humans and Computers Apart Automatically or How Lazy Cryptographers do AI , 2002 .

[5]  Jeff Yan,et al.  A low-cost attack on a Microsoft captcha , 2008, CCS.

[6]  Tae-Cheon Yang,et al.  Execution Time Prediction for 3D Interactive CAPTCHA by Keystroke Level Model , 2009, 2009 Fourth International Conference on Computer Sciences and Convergence Information Technology.

[7]  Masayuki Abe Topics in Cryptology - CT-RSA 2007, The Cryptographers' Track at the RSA Conference 2007, San Francisco, CA, USA, February 5-9, 2007, Proceedings , 2006, CT-RSA.

[8]  John Langford,et al.  Telling humans and computers apart automatically , 2004, CACM.

[9]  Arpan Desai,et al.  Drag and Drop: A Better Approach to CAPTCHA , 2009, 2009 Annual IEEE India Conference.

[10]  Heejo Lee,et al.  Human Identification Through Image Evaluation Using Secret Predicates , 2007, CT-RSA.

[11]  E. Ravindran Vimina,et al.  Telling computers and humans apart automatically using activity recognition , 2009, 2009 IEEE International Conference on Systems, Man and Cybernetics.

[12]  Henry S. Baird,et al.  BaffleText: a Human Interactive Proof , 2003, IS&T/SPIE Electronic Imaging.

[13]  J. Doug Tygar,et al.  Image Recognition CAPTCHAs , 2004, ISC.

[14]  Xia Wang,et al.  A CAPTCHA Implementation Based on 3D Animation , 2009, 2009 International Conference on Multimedia Information Networking and Security.

[15]  Jon Howell,et al.  Asirra: a CAPTCHA that exploits interest-aligned manual image categorization , 2007, CCS '07.

[16]  Janne Lindqvist,et al.  Accessible Voice CAPTCHAs for Internet Telephony , 2008 .