GeoCAPTCHA — A novel personalized CAPTCHA using geographic concept to defend against 3rd Party Human Attack

A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a scheme that can be used to distinguish human and robot such as malicious program. It has become the most widely used standard security technology to prevent automated computer program attacks, DoS attacks and Botnet. Thus, both Google and Microsoft use the text-based CAPTCHA for authenticated process. However, all text-based CAPTCHA has been broken due to the fact that it can't prevent Optical Character Recognition (OCR) attack which can automatically identify the CAPTCHA's words. Consequently, new kinds of CAPTCHAs have been proposed to solve this security hole. For example, image-based and audio-based CAPTCHA are new emerging schemes used to replace text-based CAPTCHA. However, a state-of-the-art attack called Human Attack could still defeat these CAPTCHA schemes. Human Attack means malicious industries hire the third party's humans to collude with the attackers in order to pass the CAPTCHA tests. In this paper, we propose a novel CAPTCHA scheme (GeoCAPTCHA) which utilizes the personalized contents such as geographic information to prevent the 3rd Party Human Attack. Then, we conduct a security analysis of the usability and security of GeoCAPTCHA. Our simulation demonstrate that GeoCAPTCHA can enhance the performance and security of the Google and Microsoft's CATPCHA system with rotated 3D street-view image.

[1]  Jeff Yan,et al.  CAPTCHA Security: A Case Study , 2009, IEEE Security & Privacy.

[2]  Jeff Yan,et al.  The robustness of a new CAPTCHA , 2010, EUROSEC '10.

[3]  Ahad Harati,et al.  Multiple SEIMCHA: Multiple semantic image CAPTCHA , 2011, 2011 International Conference for Internet Technology and Secured Transactions.

[4]  Hwan-Gue Cho,et al.  A new image-based CAPTCHA using the orientation of the polygonally cropped sub-images , 2010, The Visual Computer.

[5]  Chao Yang,et al.  Attacks and design of image recognition CAPTCHAs , 2010, CCS '10.

[6]  Rich Gossweiler,et al.  WWW 2009 MADRID! Track: User Interfaces and Mobile Web / Session: User Interfaces What’s Up CAPTCHA? A CAPTCHA Based on Image Orientation , 2022 .

[7]  Adam Finkelstein,et al.  Sketcha: a captcha based on line drawings of 3D models , 2010, WWW '10.

[8]  Chun-Ming Leung Visual security is feeble for anti-phishing , 2009, 2009 3rd International Conference on Anti-counterfeiting, Security, and Identification in Communication.

[9]  Artemios G. Voyiatzis,et al.  On the necessity of user-friendly CAPTCHA , 2011, CHI.

[10]  Xiamu Niu,et al.  DWT based robust image hashing algorithm , 2010, INC2010: 6th International Conference on Networked Computing.

[11]  U. C. Ugwuoke Employing Response Time Constraints to Mitigate CAPTCHA Relay Attacks , 2012 .

[12]  Manuel Blum,et al.  Telling Humans and Computers Apart Automatically or How Lazy Cryptographers do AI , 2002 .

[13]  Young-Sil Lee,et al.  An Efficient Password Authentication Method Using CAPTCHA , 2011, ICHIT.

[14]  Guofei Gu,et al.  SEMAGE: a new image-based two-factor CAPTCHA , 2011, ACSAC '11.

[15]  Henry S. Baird,et al.  BaffleText: a Human Interactive Proof , 2003, IS&T/SPIE Electronic Imaging.

[16]  John C. Mitchell,et al.  The Failure of Noise-Based Non-continuous Audio Captchas , 2011, 2011 IEEE Symposium on Security and Privacy.

[17]  Daniel P. Lopresti Leveraging the CAPTCHA Problem , 2005, HIP.

[18]  Philippe Golle,et al.  Machine learning attacks against the Asirra CAPTCHA , 2008, CCS.

[19]  Mary Czerwinski,et al.  Computers beat Humans at Single Character Recognition in Reading based Human Interaction Proofs (HIPs) , 2005, CEAS.

[20]  Jeff Yan,et al.  A low-cost attack on a Microsoft captcha , 2008, CCS.

[21]  John Langford,et al.  Telling humans and computers apart automatically , 2004, CACM.

[22]  Der-Feng Tseng,et al.  A Study of CAPTCHA and Its Application to User Authentication , 2010, ICCCI.

[23]  Cliff Changchun Zou,et al.  iCAPTCHA: The Next Generation of CAPTCHA Designed to Defend against 3rd Party Human Attacks , 2011, 2011 IEEE International Conference on Communications (ICC).

[24]  J. Yan,et al.  Captcha Robustness: A Security Engineering Perspective , 2011, Computer.

[25]  Abdul Rehman Abbasi,et al.  An Image-Based CAPTCHA Scheme Exploiting Human Appearance Characteristics , 2012, KSII Trans. Internet Inf. Syst..

[26]  Jon Howell,et al.  Asirra: a CAPTCHA that exploits interest-aligned manual image categorization , 2007, CCS '07.