Enhancing CAPTCHA Security Using Interactivity, Dynamism, and Mouse Movement Patterns

Many existing CAPTCHAs require users to identify characters in a static image and match them with their counterparts in another image. Requiring intelligent human interaction in the matching task of these CAPTCHAs will pose a second challenge, which is straightforward for human users but difficult to emulate for Bots. In this paper, the authors develop several interactive matching tasks involving dynamic elements and demonstrate their impact on CAPTCHA security and usability in a series of tests and user studies. Their tests indicate that requiring intelligent human interaction can substantially decrease the likelihood of a CAPTCHA being broken in addition to making an attack computationally expensive. The authors' results provide both a security and a usability benchmark for the development of interactive dual-challenge CAPTCHAs. Their proposed findings from users' mouse movement data analysis can be readily incorporated in several types of existing CAPTCHA to enhance their security.

[1]  Geeng-Neng You,et al.  A Spelling Based CAPTCHA System by Using Click , 2012, 2012 International Symposium on Biometrics and Security Technologies.

[2]  O.B. Longe,et al.  Checking Internet masquerading using multiple CAPTCHA challenge-response systems , 2009, 2009 2nd International Conference on Adaptive Science & Technology (ICAST).

[3]  Venu Govindaraju,et al.  Generation and use of handwritten CAPTCHAs , 2010, International Journal on Document Analysis and Recognition (IJDAR).

[4]  Albert B. Jeng,et al.  DDIM-CAPTCHA: A Novel Drag-n-Drop Interactive Masking CAPTCHA against the Third Party Human Attacks , 2013, 2013 Conference on Technologies and Applications of Artificial Intelligence.

[5]  A. R. Deshpande,et al.  3D drag-n-drop CAPTCHA enhanced security through CAPTCHA , 2011, ICWET.

[6]  Jeff Yan,et al.  A low-cost attack on a Microsoft captcha , 2008, CCS.

[7]  Chao Yang,et al.  Attacks and design of image recognition CAPTCHAs , 2010, CCS '10.

[8]  Luc Van Gool,et al.  Speeded-Up Robust Features (SURF) , 2008, Comput. Vis. Image Underst..

[9]  Akif Nazar Synthesis and Simulation of Mouse Dynamics , 2008 .

[10]  M. Tariq Banday,et al.  Drag and Drop Image CAPTCHA , 2010 .

[11]  Zhenyu Wu,et al.  Battle of Botcraft: fighting bots in online games with human observational proofs , 2009, CCS.

[12]  Ahmed Awad E. Ahmed,et al.  A New Biometric Technology Based on Mouse Dynamics , 2007, IEEE Transactions on Dependable and Secure Computing.

[13]  James Ze Wang,et al.  IMAGINATION: a robust image-based CAPTCHA generation system , 2005, ACM Multimedia.

[14]  Oleg Starostenko,et al.  Breaking reCAPTCHAs with Unpredictable Collapse: Heuristic Character Segmentation and Recognition , 2012, MCPR.

[15]  Yang-Wai Chow,et al.  Breaking a 3D-Based CAPTCHA Scheme , 2011, ICISC.

[16]  S. Shirali-Shahreza,et al.  Spoken captcha: A captcha system for blind users , 2009, 2009 ISECS International Colloquium on Computing, Communication, Control, and Management.

[17]  Karanvir Kaur,et al.  Cursor CAPTCHA — Implementing CAPTCHA using mouse cursor , 2013, 2013 Tenth International Conference on Wireless and Optical Communications Networks (WOCN).

[18]  Yeuan-Kuen Lee,et al.  A New CAPTCHA Interface Design for Mobile Devices , 2011, AUIC.

[19]  Pranav Shah,et al.  Mouse Movements Biometric Identification: A Feasibility Study , 2007 .

[20]  Narges Roshanbin Interweaving Unicode, Color, and Human Interactions to Enhance CAPTCHA Security , 2014 .

[21]  Jitendra Malik,et al.  Recognizing objects in adversarial clutter: breaking a visual CAPTCHA , 2003, 2003 IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 2003. Proceedings..

[22]  M. Tariq Banday,et al.  Image flip CAPTCHA , 2009, ISC Int. J. Inf. Secur..

[23]  Adam Finkelstein,et al.  Sketcha: a captcha based on line drawings of 3D models , 2010, WWW '10.

[24]  Francesco Versaci,et al.  A Novel Method to Detect Encrypted Data Exfiltration , 2013, ICPADS 2013.

[25]  Manuel Blum,et al.  reCAPTCHA: Human-Based Character Recognition via Web Security Measures , 2008, Science.

[26]  Yang-Wai Chow,et al.  Breaking an Animated CAPTCHA Scheme , 2012, ACNS.

[27]  Yang-Wai Chow,et al.  Attacking Animated CAPTCHAs via Character Extraction , 2012, CANS.

[28]  Arpan Desai,et al.  Drag and Drop: A Better Approach to CAPTCHA , 2009, 2009 Annual IEEE India Conference.

[29]  Yaroslav Bulatov,et al.  Multi-digit Number Recognition from Street View Imagery using Deep Convolutional Neural Networks , 2013, ICLR.

[30]  Ning Xu,et al.  Captcha as Graphical Passwords—A New Security Primitive Based on Hard AI Problems , 2014, IEEE Transactions on Information Forensics and Security.