论文信息 - Side-Channel Attack against the Capy HIP

Side-Channel Attack against the Capy HIP

One of the first approaches to proposed to prevent automated attacks on Internet were the Human Interactive Proofs(HIPs). Since their invention, a variety of designs have been proposed, yet most of them have been successfully attacked. In this paper we focus on a new HIP, based on a puzzle solving scheme, created to increase both security and usability: the Capy CAPTCHA. We have analyzed its design, finding some important flaws. Based on them, we propose a low-cost, side-channel attack. Initial results show that the attack is able to break Capy with a 61% success ratio.

María Dolores Rodríguez-Moreno | David F. Barrero | Carlos Javier Hernández-Castro

[1] Marc Fischlin,et al. CAPTCHAs: The Good, the Bad, and the Ugly , 2010, Sicherheit.

[2] Laura A. Dabbish,et al. Labeling images with a computer game , 2004, AAAI Spring Symposium: Knowledge Collection from Volunteer Contributors.

[3] Wei-bang Chen,et al. Three-Way Dissection of a Game-CAPTCHA: Automated Attacks, Relay Attacks, and Usability , 2013, ArXiv.

[4] James D. Murray,et al. Encyclopedia of graphics file formats , 1994 .

[5] Philippe Golle,et al. Machine learning attacks against the Asirra CAPTCHA , 2008, CCS.

[6] Jon Howell,et al. Asirra: a CAPTCHA that exploits interest-aligned manual image categorization , 2007, CCS '07.

[7] John C. Mitchell,et al. Text-based CAPTCHA strengths and weaknesses , 2011, CCS '11.

[8] Chao Yang,et al. Attacks and design of image recognition CAPTCHAs , 2010, CCS '10.

[9] Artemios G. Voyiatzis,et al. On the necessity of user-friendly CAPTCHA , 2011, CHI.

[10] James Ze Wang,et al. IMAGINATION: a robust image-based CAPTCHA generation system , 2005, ACM Multimedia.

[11] Moni Naor,et al. VERI CATION OF A HUMAN IN THE LOOP OR IDENTI CATION VIA THE TURING TEST , 1996 .