论文信息 - Constructing Secure Audio CAPTCHAs by Exploiting Differences between Humans and Machines

Constructing Secure Audio CAPTCHAs by Exploiting Differences between Humans and Machines

To prevent abuses of Internet services, CAPTCHAs are used to distinguish humans from programs where an audio-based scheme is beneficial to support visually impaired people. Previous studies show that most audio CAPTCHAs, albeit hard to solve for humans, are lacking security strength. In this work we propose an audio CAPTCHA that is far more robust against automated attacks than it is reported for current CAPTCHA schemes. The CAPTCHA exhibits a good trade-off between human usability and security. This is achieved by exploiting the fact that the human capabilities of language understanding and speech recognition are clearly superior compared to current machines. We evaluate the CAPTCHA security by using a state-of-the-art attack and assess the intelligibility by means of a large-scale listening experiment.

[1] Biing-Hwang Juang,et al. Fundamentals of speech recognition , 1993, Prentice Hall signal processing series.

[2] Wilhelm Vossenkuhl. design and philosophy , 2015 .

[3] Steve Young,et al. The HTK hidden Markov model toolkit: design and philosophy , 1993 .

[4] Dorothea Kolossa,et al. Using automatic speech recognition for attacking acoustic CAPTCHAs: the trade-off between usability and security , 2014, ACSAC.

[5] Rebecca Wiczorek,et al. Does higher security always result in better protection? An approach for mitigating the trade-off between usability and security , 2013 .

[6] Heiga Zen,et al. The HMM-based speech synthesis system (HTS) version 2.0 , 2007, SSW.

[7] Jeffrey P. Bigham,et al. Evaluating existing audio CAPTCHAs and an interface optimized for non-visual use , 2009, CHI.

[8] Maria Klara Wolters,et al. Evaluating speech synthesis intelligibility using Amazon Mechanical Turk , 2010, SSW.

[9] Hiroshi G. Okuno,et al. Solving Google's Continuous Audio CAPTCHA with HMM-Based Automatic Speech Recognition , 2013, IWSEC.

[10] John C. Mitchell,et al. The Failure of Noise-Based Non-continuous Audio Captchas , 2011, 2011 IEEE Symposium on Security and Privacy.