A Survey and Analysis of Current CAPTCHA Approaches

Computer programs are misusing Internet services designed for humans. A CAPTCHA, Completely Automated Public Turing test to tell Computers and Humans Apart, is a standard security mechanism to defend against such attacks. Two fundamental issues with CAPTCHAs are usability and robustness. It is important for a CAPTCHA to be both legible for humans and strong against malicious computer programs. Recently, computer vision and pattern recognition algorithms have broken many well-known CAPTCHAs. Lack of security and usability in CAPTCHAs designed to protect popular websites such as Gmail and Yahoo mail, with almost 500 million users in July 2011, would cause huge problems. Therefore, security researchers have become motivated to discover techniques to improve CAPTCHAs. Exploiting the gap in the recognition abilities between humans and computers is a key point to design a CAPTCHA that is hard-to-break for machines but easy-to-solve for humans. In this paper, we introduce current CAPTCHAs and attacks against them; we investigate the robustness and usability of current CAPTCHAs and discuss ideas to develop more robust and usable CAPTCHAs.

[1]  Sajad Shirali-Shahreza,et al.  A New Human Interactive Proofs System for Deaf Persons , 2008, Fifth International Conference on Information Technology: New Generations (itng 2008).

[2]  Clark Pope,et al.  Is it human or computer? Defending e-commerce with Captchas , 2005, IT Professional.

[3]  Dominik Ślęzak,et al.  Security Technology, Disaster Recovery and Business Continuity , 2011 .

[4]  Jon Howell,et al.  Asirra: a CAPTCHA that exploits interest-aligned manual image categorization , 2007, CCS '07.

[5]  Henry S. Baird,et al.  PessimalPrint: a reverse Turing test , 2001, Proceedings of Sixth International Conference on Document Analysis and Recognition.

[6]  Ashish Jain,et al.  Analysis of tagging variants of Sequenced Tagged Captcha (STC) , 2009, 2009 IEEE Toronto International Conference Science and Technology for Humanity (TIC-STH).

[7]  E. Ravindran Vimina,et al.  Telling computers and humans apart automatically using activity recognition , 2009, 2009 IEEE International Conference on Systems, Man and Cybernetics.

[8]  Jeff Yan,et al.  CAPTCHA Security: A Case Study , 2009, IEEE Security & Privacy.

[9]  S. Shirali-Shahreza,et al.  Spoken captcha: A captcha system for blind users , 2009, 2009 ISECS International Colloquium on Computing, Communication, Control, and Management.

[10]  Kenton O'Hara,et al.  Social Impact , 2019, Encyclopedia of Food and Agricultural Ethics.

[11]  Daniel P. Lopresti,et al.  A reverse turing test using speech , 2002, INTERSPEECH.

[12]  Laura A. Dabbish,et al.  Labeling images with a computer game , 2004, AAAI Spring Symposium: Knowledge Collection from Volunteer Contributors.

[13]  Gyorgy Kepes,et al.  Language of Vision , 1944 .

[14]  Pawel Lupkowski,et al.  SemCAPTCHA—user-friendly alternative for OCR-based CAPTCHA systems , 2008, 2008 International Multiconference on Computer Science and Information Technology.

[15]  Philippe Golle,et al.  Machine learning attacks against the Asirra CAPTCHA , 2008, CCS.

[16]  Manuel Blum,et al.  reCAPTCHA: Human-Based Character Recognition via Web Security Measures , 2008, Science.

[17]  John C. Mitchell,et al.  The Failure of Noise-Based Non-continuous Audio Captchas , 2011, 2011 IEEE Symposium on Security and Privacy.

[18]  Mary Czerwinski,et al.  Designing human friendly human interaction proofs (HIPs) , 2005, CHI.

[19]  Jonathan Lazar,et al.  Developing usable CAPTCHAs for blind users , 2007, Assets '07.

[20]  M. Shirali-Shahreza,et al.  Motion CAPTCHA , 2008, 2008 Conference on Human System Interactions.

[21]  Jitendra Malik,et al.  Recognizing objects in adversarial clutter: breaking a visual CAPTCHA , 2003, 2003 IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 2003. Proceedings..

[22]  Henry S. Baird,et al.  ScatterType: a legible but hard-to-segment CAPTCHA , 2005, Eighth International Conference on Document Analysis and Recognition (ICDAR'05).

[23]  M. Shirali-Shahreza,et al.  Localized CAPTCHA for illiterate people , 2007, 2007 International Conference on Intelligent and Advanced Systems.

[24]  Zicheng Liu,et al.  ARTiFACIAL: automated reverse turing test using FACIAL features , 2003, MULTIMEDIA '03.

[25]  John C. Mitchell,et al.  How Good Are Humans at Solving CAPTCHAs? A Large Scale Evaluation , 2010, 2010 IEEE Symposium on Security and Privacy.

[26]  Jeff Yan,et al.  A low-cost attack on a Microsoft captcha , 2008, CCS.

[27]  Ashish Jain,et al.  Sequenced Tagged Captcha: Generation and its Analysis , 2009, 2009 IEEE International Advance Computing Conference.

[28]  Aleksey Kolupaev,et al.  CAPTCHAs: Humans vs. Bots , 2008, IEEE Security & Privacy.

[29]  Henry S. Baird,et al.  Implicit CAPTCHAs , 2005, DRR.

[30]  Takumi Yamamoto,et al.  CAPTCHA Using Strangeness in Machine Translation , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[31]  Henry S. Baird,et al.  BaffleText: a Human Interactive Proof , 2003, IS&T/SPIE Electronic Imaging.

[32]  B. Chiswick,et al.  Linguistic Distance: A Quantitative Measure of the Distance Between English and Other Languages , 2004, SSRN Electronic Journal.

[33]  Venu Govindaraju,et al.  Generation and use of handwritten CAPTCHAs , 2010, International Journal on Document Analysis and Recognition (IJDAR).

[34]  James Ze Wang,et al.  Exploiting the Human–Machine Gap in Image Recognition for Designing CAPTCHAs , 2009, IEEE Transactions on Information Forensics and Security.

[35]  J. Yan,et al.  Captcha Robustness: A Security Engineering Perspective , 2011, Computer.

[36]  Xia Wang,et al.  A CAPTCHA Implementation Based on Moving Objects Recognition Problem , 2010, 2010 International Conference on E-Business and E-Government.

[37]  Kris Popat,et al.  Human Interactive Proofs and Document Image Analysis , 2002, Document Analysis Systems.

[38]  J. Doug Tygar,et al.  Collaborative Filtering CAPTCHAs , 2005, HIP.

[39]  M. Tariq Banday,et al.  Image flip CAPTCHA , 2009, ISC Int. J. Inf. Secur..

[40]  Philippe Golle,et al.  Keeping bots out of online games , 2005, ACE '05.

[41]  Roshan G. Ragel,et al.  User friendly line CAPTCHAs , 2009, 2009 International Conference on Industrial and Information Systems (ICIIS).

[42]  D.J. Russomanno,et al.  2D Captchas from 3D Models , 2006, Proceedings of the IEEE SoutheastCon 2006.

[43]  Mary Czerwinski,et al.  Building Segmentation Based Human-Friendly Human Interaction Proofs (HIPs) , 2005, HIP.

[44]  Tsz-Yan Chan,et al.  Using a test-to-speech synthesizer to generate a reverse Turing test , 2003, Proceedings. 15th IEEE International Conference on Tools with Artificial Intelligence.

[45]  Gabriel Moy,et al.  Distortion estimation techniques in solving visual CAPTCHAs , 2004, Proceedings of the 2004 IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 2004. CVPR 2004..

[46]  Venu Govindaraju,et al.  Synthetic handwritten CAPTCHAs , 2009, Pattern Recognit..

[47]  Arpan Desai,et al.  Drag and Drop: A Better Approach to CAPTCHA , 2009, 2009 Annual IEEE India Conference.

[48]  Ji Xiang,et al.  CAPTCHA Phishing: A Practical Attack on Human Interaction Proofing , 2009, Inscrypt.

[49]  Yang-Wai Chow,et al.  Breaking an Animated CAPTCHA Scheme , 2012, ACNS.

[50]  Liming Wang,et al.  A Novel Image Based CAPTCHA Using Jigsaw Puzzle , 2010, 2010 13th IEEE International Conference on Computational Science and Engineering.

[51]  Adrian Rusu,et al.  Leveraging Cognitive Factors in Securing WWW with CAPTCHA , 2010, WebApps.

[52]  Steven Bethard,et al.  Decaptcha: Breaking 75% of eBay Audio CAPTCHAs , 2009, WOOT.

[53]  Patrice Y. Simard,et al.  Using Machine Learning to Break Visual Human Interaction Proofs (HIPs) , 2004, NIPS.

[54]  Jeff Yan,et al.  Usability of CAPTCHAs or usability issues in CAPTCHA design , 2008, SOUPS '08.

[55]  A. R. Deshpande,et al.  3D drag-n-drop CAPTCHA enhanced security through CAPTCHA , 2011, ICWET.

[56]  John Langford,et al.  Telling humans and computers apart automatically , 2004, CACM.

[57]  Stefan Katzenbeisser,et al.  Towards Human Interactive Proofs in the Text-Domain (Using the Problem of Sense-Ambiguity for Security) , 2004, ISC.

[58]  Chao Yang,et al.  Attacks and design of image recognition CAPTCHAs , 2010, CCS '10.

[59]  Adam Finkelstein,et al.  Sketcha: a captcha based on line drawings of 3D models , 2010, WWW '10.

[60]  Suphakant Phimoltares,et al.  3D CAPTCHA: A Next Generation of the CAPTCHA , 2010, 2010 International Conference on Information Science and Applications.

[61]  M. Shirali-Shahreza,et al.  Dynamic CAPTCHA , 2008, 2008 International Symposium on Communications and Information Technologies.

[62]  Sajad Shirali-Shahreza,et al.  Collage CAPTCHA , 2007, 2007 9th International Symposium on Signal Processing and Its Applications.

[63]  Hwan-Gue Cho,et al.  A new image-based CAPTCHA using the orientation of the polygonally cropped sub-images , 2010, The Visual Computer.

[64]  Jeff Yan,et al.  Breaking Visual CAPTCHAs with Naive Pattern Recognition Algorithms , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[65]  Jeff Yan,et al.  Bot, Cyborg and Automated Turing Test , 2009, Security Protocols Workshop.

[66]  M.H. Shirali-Shahreza,et al.  Multilingual CAPTCHA , 2007, 2007 IEEE International Conference on Computational Cybernetics.

[67]  M. Tariq Banday,et al.  A Study of CAPTCHAs for Securing Web Services , 2011, ArXiv.

[68]  James Ze Wang,et al.  IMAGINATION: a robust image-based CAPTCHA generation system , 2005, ACM Multimedia.

[69]  M. Shirali-Shahreza,et al.  CAPTCHA for Blind People , 2007, 2007 IEEE International Symposium on Signal Processing and Information Technology.

[70]  O.B. Longe,et al.  Checking Internet masquerading using multiple CAPTCHA challenge-response systems , 2009, 2009 2nd International Conference on Adaptive Science & Technology (ICAST).

[71]  Rich Gossweiler,et al.  WWW 2009 MADRID! Track: User Interfaces and Mobile Web / Session: User Interfaces What’s Up CAPTCHA? A CAPTCHA Based on Image Orientation , 2022 .

[72]  M. Shirali-Shahreza,et al.  Question-Based CAPTCHA , 2007, International Conference on Computational Intelligence and Multimedia Applications (ICCIMA 2007).

[73]  Wen-Hung Liao,et al.  A Captcha Mechanism By Exchange Image Blocks , 2006, 18th International Conference on Pattern Recognition (ICPR'06).

[74]  Liang-Gee Chen,et al.  Bio-inspired unified model of visual segmentation system for CAPTCHA character recognition , 2008, 2008 IEEE Workshop on Signal Processing Systems.

[75]  Сковородников Петр Юрьевич Adobe Flash AS , 2011 .

[76]  M. Shirali-Shahreza,et al.  Drawing CAPTCHA , 2006, 28th International Conference on Information Technology Interfaces, 2006..

[77]  Spyros Antonatos,et al.  Enhanced CAPTCHAs: Using Animation to Tell Humans and Computers Apart , 2006, Communications and Multimedia Security.

[78]  Yeuan-Kuen Lee,et al.  A New CAPTCHA Interface Design for Mobile Devices , 2011, AUIC.

[79]  Mary Czerwinski,et al.  Computers beat Humans at Single Character Recognition in Reading based Human Interaction Proofs (HIPs) , 2005, CEAS.

[80]  Colin L. Mallows,et al.  CAPTCHA challenge strings: problems and improvements , 2006, Electronic Imaging.

[81]  M. Shirali-Shahreza Highlighting CAPTCHA , 2008, 2008 Conference on Human System Interactions.

[82]  Cliff Changchun Zou,et al.  iCAPTCHA: The Next Generation of CAPTCHA Designed to Defend against 3rd Party Human Attacks , 2011, 2011 IEEE International Conference on Communications (ICC).

[83]  Jeffrey P. Bigham,et al.  Evaluating existing audio CAPTCHAs and an interface optimized for non-visual use , 2009, CHI.

[84]  tim converse CAPTCHA Generation as a Web Service , 2005, HIP.

[85]  Muhammad Khurram Khan,et al.  Using Arabic CAPTCHA for Cyber Security , 2010, FGIT-SecTech/DRBC.