ADAMAS: Interweaving unicode and color to enhance CAPTCHA security

Abstract We propose, implement and test a new CAPTCHA, called Adamas, which offers resistance against pre-processing and various forms of segmentation and recognition attacks. The multi-layered security approach employed in this CAPTCHA mainly comes from its use of Unicode as an input space, a virtual keyboard as the input device, homoglyphs and correlated usage of color in foreground and background as well as several layers of randomization that aim to minimize the formation of detectable patterns that can be exploited by machines. A user study conducted to measure the usability of Adamas indicates that its solving accuracy is comparable to major CAPTCHAs in use today and offers insights into factors that affect CAPTCHA usability.

[1]  Ming Li,et al.  Clustering by compression , 2003, IEEE International Symposium on Information Theory, 2003. Proceedings..

[2]  John C. Mitchell,et al.  How Good Are Humans at Solving CAPTCHAs? A Large Scale Evaluation , 2010, 2010 IEEE Symposium on Security and Privacy.

[3]  Jeff Yan,et al.  A low-cost attack on a Microsoft captcha , 2008, CCS.

[4]  Tae-Cheon Yang,et al.  Execution Time Prediction for 3D Interactive CAPTCHA by Keystroke Level Model , 2009, 2009 Fourth International Conference on Computer Sciences and Convergence Information Technology.

[5]  Wilhelm Burger,et al.  Digital Image Processing - An Algorithmic Introduction using Java , 2008, Texts in Computer Science.

[6]  Shujun Li,et al.  Breaking e-banking CAPTCHAs , 2010, ACSAC '10.

[7]  Péter Gács,et al.  Information Distance , 1998, IEEE Trans. Inf. Theory.

[8]  B. Chiswick,et al.  Linguistic Distance: A Quantitative Measure of the Distance Between English and Other Languages , 2004, SSRN Electronic Journal.

[9]  Jeff Yan,et al.  Usability of CAPTCHAs or usability issues in CAPTCHA design , 2008, SOUPS '08.

[10]  A. R. Deshpande,et al.  3D drag-n-drop CAPTCHA enhanced security through CAPTCHA , 2011, ICWET.

[11]  Björn N. S. Vlaskamp,et al.  Saccadic search performance: the effect of element spacing , 2005, Experimental Brain Research.

[12]  Mary Czerwinski,et al.  Building Segmentation Based Human-Friendly Human Interaction Proofs (HIPs) , 2005, HIP.

[13]  Matthijs C. Dorst Distinctive Image Features from Scale-Invariant Keypoints , 2011 .

[14]  Henry S. Baird,et al.  BaffleText: a Human Interactive Proof , 2003, IS&T/SPIE Electronic Imaging.

[15]  Chao Yang,et al.  Attacks and design of image recognition CAPTCHAs , 2010, CCS '10.

[16]  Luc Van Gool,et al.  Speeded-Up Robust Features (SURF) , 2008, Comput. Vis. Image Underst..

[17]  David G. Lowe,et al.  Object recognition from local scale-invariant features , 1999, Proceedings of the Seventh IEEE International Conference on Computer Vision.

[18]  James Miller,et al.  A Survey and Analysis of Current CAPTCHA Approaches , 2013, J. Web Eng..

[19]  Guofei Gu,et al.  SEMAGE: a new image-based two-factor CAPTCHA , 2011, ACSAC '11.

[20]  John C. Mitchell,et al.  The Failure of Noise-Based Non-continuous Audio Captchas , 2011, 2011 IEEE Symposium on Security and Privacy.

[21]  Ming Li,et al.  An Introduction to Kolmogorov Complexity and Its Applications , 1997, Texts in Computer Science.

[22]  Laura A. Dabbish,et al.  Labeling images with a computer game , 2004, AAAI Spring Symposium: Knowledge Collection from Volunteer Contributors.

[23]  Jisong Zhang,et al.  Breaking Internet Banking CAPTCHA Based on Instance Learning , 2010, 2010 International Symposium on Computational Intelligence and Design.

[24]  Jon Howell,et al.  Asirra: a CAPTCHA that exploits interest-aligned manual image categorization , 2007, CCS '07.

[25]  Mary Czerwinski,et al.  Designing human friendly human interaction proofs (HIPs) , 2005, CHI.

[26]  D. Pelli,et al.  The uncrowded window of object recognition , 2008, Nature Neuroscience.

[27]  Nicholas Tran The normalized compression distance and image distinguishability , 2007, Electronic Imaging.

[28]  Bastian Leibe,et al.  Visual Object Recognition , 2011, Visual Object Recognition.

[29]  James Miller,et al.  Finding Homoglyphs - A Step towards Detecting Unicode-Based Visual Spoofing Attacks , 2011, WISE.

[30]  J. Yan,et al.  Captcha Robustness: A Security Engineering Perspective , 2011, Computer.

[31]  Jacob D. Furst,et al.  Effect of Image Linearization on Normalized Compression Distance , 2009, FGIT-SIP.

[32]  J R Bloomfield EXPERIMENTS IN VISUAL SEARCH , 1973 .

[33]  James Ze Wang,et al.  IMAGINATION: a robust image-based CAPTCHA generation system , 2005, ACM Multimedia.

[34]  William David Shontz,et al.  A STUDY OF VISUAL SEARCH USING EYE MOVEMENT RECORDINGS: COLOR CODING FOR INFORMATION LOCATION. , 1968 .

[35]  J. P. Lewis Fast Normalized Cross-Correlation , 2010 .

[36]  Yeuan-Kuen Lee,et al.  A New CAPTCHA Interface Design for Mobile Devices , 2011, AUIC.

[37]  M. Shirali-Shahreza,et al.  Motion CAPTCHA , 2008, 2008 Conference on Human System Interactions.

[38]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[39]  Pawel Lupkowski,et al.  SemCAPTCHA—user-friendly alternative for OCR-based CAPTCHA systems , 2008, 2008 International Multiconference on Computer Science and Information Technology.

[40]  Philippe Golle,et al.  Machine learning attacks against the Asirra CAPTCHA , 2008, CCS.

[41]  Geeng-Neng You,et al.  A Spelling Based CAPTCHA System by Using Click , 2012, 2012 International Symposium on Biometrics and Security Technologies.

[42]  Scott Dick,et al.  Detecting visually similar Web pages: Application to phishing detection , 2010, TOIT.