A CAPTCHA Scheme Based on the Identification of Character Locations

CAPTCHAs are a standard security mechanism used on many websites to protect online services against abuse by automated programs, or bots. The purpose of a CAPTCHA is to distinguish whether an online transaction is being carried out by a human or a bot. Unfortunately, to date many existing CAPTCHA schemes have been found to be vulnerable to automated attacks. It is widely accepted that state-of-the-art in text-based CAPTCHA design requires that a CAPTCHA be resistant against segmentation. In this paper, we examine CAPTCHA usability issues and current segmentation techniques that have been used to attack various CAPTCHA schemes. We then introduce the design of a new CAPTCHA scheme that was designed based on these usability and segmentation considerations. Our goal was to also design a text-based CAPTCHA scheme that can easily be used on increasingly pervasive touch-screen devices, without the need for keyboard input. This paper also examines the usability and robustness of the proposed CAPTCHA scheme.

[1]  John F. Canny,et al.  A Computational Approach to Edge Detection , 1986, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[2]  Donald Geman,et al.  Stochastic relaxation, Gibbs distributions, and the Bayesian restoration of images , 1984 .

[3]  Yuko Murayama,et al.  Future Challenges in Security and Privacy for Academia and Industry , 2011 .

[4]  Chao Yang,et al.  Attacks and design of image recognition CAPTCHAs , 2010, CCS '10.

[5]  Yueming Lu,et al.  Trustworthy Computing and Services , 2012, Communications in Computer and Information Science.

[6]  Patrice Y. Simard,et al.  Using Machine Learning to Break Visual Human Interaction Proofs (HIPs) , 2004, NIPS.

[7]  Jeff Yan,et al.  Usability of CAPTCHAs or usability issues in CAPTCHA design , 2008, SOUPS '08.

[8]  A. R. Deshpande,et al.  3D drag-n-drop CAPTCHA enhanced security through CAPTCHA , 2011, ICWET.

[9]  Mary Czerwinski,et al.  Computers beat Humans at Single Character Recognition in Reading based Human Interaction Proofs (HIPs) , 2005, CEAS.

[10]  Peipeng Liu,et al.  An Efficient Ellipse-Shaped Blobs Detection Algorithm for Breaking Facebook CAPTCHA , 2012, ISCTCS.

[11]  John Langford,et al.  CAPTCHA: Using Hard AI Problems for Security , 2003, EUROCRYPT.

[12]  Markus Jakobsson,et al.  Making CAPTCHAs clickable , 2008, HotMobile '08.

[13]  John C. Mitchell,et al.  How Good Are Humans at Solving CAPTCHAs? A Large Scale Evaluation , 2010, 2010 IEEE Symposium on Security and Privacy.

[14]  Jeff Yan,et al.  A low-cost attack on a Microsoft captcha , 2008, CCS.

[15]  Jon Louis Bentley,et al.  CAPTCHA Challenge Tradeoffs: Familiarity of Strings versus Degradation of Images , 2006, 18th International Conference on Pattern Recognition (ICPR'06).

[16]  Jeff Yan,et al.  The Robustness of Google CAPTCHAs , 2011 .

[17]  Yang-Wai Chow,et al.  AniCAP: An Animated 3D CAPTCHA Scheme Based on Motion Parallax , 2011, CANS.

[18]  Howon Kim,et al.  Information Security and Cryptology - ICISC 2011 , 2011, Lecture Notes in Computer Science.

[19]  John C. Mitchell,et al.  The Failure of Noise-Based Non-continuous Audio Captchas , 2011, 2011 IEEE Symposium on Security and Privacy.

[20]  Jeff Yan,et al.  The robustness of a new CAPTCHA , 2010, EUROSEC '10.

[21]  Jan-Michael Frahm,et al.  Security and Usability Challenges of Moving-Object CAPTCHAs: Decoding Codewords in Motion , 2012, USENIX Security Symposium.

[22]  Donald Geman,et al.  Stochastic Relaxation, Gibbs Distributions, and the Bayesian Restoration of Images , 1984, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[23]  Jeff Yan,et al.  Breaking Visual CAPTCHAs with Naive Pattern Recognition Algorithms , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[24]  Jeff Yan,et al.  CAPTCHA Design: Color, Usability, and Security , 2012, IEEE Internet Computing.

[25]  Marc Fischlin,et al.  Breaking reCAPTCHA: A Holistic Approach via Shape Recognition , 2011, SEC.

[26]  Yeuan-Kuen Lee,et al.  An efficient segmentation algorithm for CAPTCHAs with line cluttering and character warping , 2010, Multimedia Tools and Applications.

[27]  Mary Czerwinski,et al.  Building Segmentation Based Human-Friendly Human Interaction Proofs (HIPs) , 2005, HIP.

[28]  Yang-Wai Chow,et al.  Breaking a 3D-Based CAPTCHA Scheme , 2011, ICISC.

[29]  Yang-Wai Chow,et al.  Breaking an Animated CAPTCHA Scheme , 2012, ACNS.

[30]  Daniel P. Lopresti,et al.  Human Interactive Proofs, Second International Workshop, HIP 2005, Bethlehem, PA, USA, May 19-20, 2005, Proceedings , 2005, HIP.

[31]  Mark Manulis,et al.  Cryptology and Network Security , 2012, Lecture Notes in Computer Science.

[32]  Jitendra Malik,et al.  Recognizing objects in adversarial clutter: breaking a visual CAPTCHA , 2003, 2003 IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 2003. Proceedings..

[33]  Oleg Starostenko,et al.  Breaking reCAPTCHAs with Unpredictable Collapse: Heuristic Character Segmentation and Recognition , 2012, MCPR.

[34]  Mary Czerwinski,et al.  Designing human friendly human interaction proofs (HIPs) , 2005, CHI.

[35]  John C. Mitchell,et al.  Text-based CAPTCHA strengths and weaknesses , 2011, CCS '11.

[36]  Richard O. Duda,et al.  Use of the Hough transformation to detect lines and curves in pictures , 1972, CACM.