A multibiometrics-based CAPTCHA for improved online security

CAPTCHA (Completely Automated Public Turing Test to tell Computers and Humans Apart) have been a common tool for preventing unauthorized access to websites for over a decade, but increasingly sophisticated optical character recognition algorithms and attack strategies have rendered traditional CAPTCHAs insecure. In this paper, we propose a new CAPTCHA incorporating multiple biometric modalities. Users are asked to identify faces, eyes, and fingerprints in a complex composite image. With over 1,900 volunteers and 30,000+ attempts, the proposed approach achieves high human accuracy while being resistant to existing attacks on CAPTCHAs and to detection by state-of-the-art software.

[1]  Philippe Golle,et al.  Machine learning attacks against the Asirra CAPTCHA , 2008, CCS.

[2]  Mathias Kölsch,et al.  Keyboards without Keyboards: A Survey of Virtual Keyboards , 2002 .

[3]  Manuel Blum,et al.  reCAPTCHA: Human-Based Character Recognition via Web Security Measures , 2008, Science.

[4]  Richard Zanibbi,et al.  Balancing usability and security in a video CAPTCHA , 2009, SOUPS.

[5]  James Ze Wang,et al.  Exploiting the Human–Machine Gap in Image Recognition for Designing CAPTCHAs , 2009, IEEE Transactions on Information Forensics and Security.

[6]  Chao Yang,et al.  Attacks and design of image recognition CAPTCHAs , 2010, CCS '10.

[7]  Steven Bethard,et al.  Decaptcha: Breaking 75% of eBay Audio CAPTCHAs , 2009, WOOT.

[8]  Dipankar Dasgupta,et al.  Human-Cognition-Based CAPTCHAs , 2015, IT Professional.

[9]  Jeffrey P. Bigham,et al.  Evaluating existing audio CAPTCHAs and an interface optimized for non-visual use , 2009, CHI.

[10]  Anil K. Jain,et al.  Handbook of Fingerprint Recognition , 2005, Springer Professional Computing.

[11]  Richa Singh,et al.  On cross spectral periocular recognition , 2014, 2014 IEEE International Conference on Image Processing (ICIP).

[12]  S. Shirali-Shahreza,et al.  Bibliography of works done on CAPTCHA , 2008, 2008 3rd International Conference on Intelligent System and Knowledge Engineering.

[13]  Jiawei Li,et al.  The Robustness of Face-Based CAPTCHAs , 2015, 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing.

[14]  Paul A. Viola,et al.  Robust Real-time Object Detection , 2001 .

[15]  Jon Howell,et al.  Asirra: a CAPTCHA that exploits interest-aligned manual image categorization , 2007, CCS '07.

[16]  Angelos D. Keromytis,et al.  WebSOS: an overlay-based system for protecting web servers from denial of service attacks , 2005, Comput. Networks.

[17]  Karl Ricanek,et al.  MORPH: a longitudinal image database of normal adult age-progression , 2006, 7th International Conference on Automatic Face and Gesture Recognition (FGR06).

[18]  Paul A. Viola,et al.  Robust Real-Time Face Detection , 2001, International Journal of Computer Vision.

[19]  Guofei Gu,et al.  SEMAGE: a new image-based two-factor CAPTCHA , 2011, ACSAC '11.

[20]  Richa Singh,et al.  FaceDCAPTCHA: Face detection based color image CAPTCHA , 2014, Future Gener. Comput. Syst..

[21]  Peter Matthews,et al.  Scene tagging: image-based CAPTCHA using image composition and object relationships , 2010, ASIACCS '10.

[22]  John C. Mitchell,et al.  How Good Are Humans at Solving CAPTCHAs? A Large Scale Evaluation , 2010, 2010 IEEE Symposium on Security and Privacy.