Visible to the public CAPTCHA

SoS Newsletter- Advanced Book Block


CAPTCHA (acronym for Completely Automated Public Turing test to tell Computers and Humans Apart) technology has become a standard security tool. In the research presented here, some novel uses are presented, including an Arabic language text digitization scheme, use of Captchas as graphical passwords, motion-based captchas, and defeating a captcha using a gaming technique. These works were presented or published in 2014.

  • Zhu, B.B.; Yan, J.; Guanbo Bao; Maowei Yang; Ning Xu, "Captcha as Graphical Passwords--A New Security Primitive Based on Hard AI Problems," Information Forensics and Security, IEEE Transactions on, vol.9, no.6, pp.891,904, June 2014. doi: 10.1109/TIFS.2014.2312547 Many security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm, but has been under-explored. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphical password systems, such as PassPoints, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security.
    Keywords: artificial intelligence; security of data; CaRP password; Captcha as graphical passwords; PassPoints; artificial intelligence; automatic online guessing attacks; dual-view technologies; hard AI problems; hard mathematical problems; image hotspot problem; online security; password choices; relay attacks; search set; security primitives; shoulder-surfing attacks; Animals; Artificial intelligence; Authentication ;CAPTCHAs; Usability; Visualization; CaRP; Captcha; Graphical password; dictionary attack; hotspots; password; password guessing attack; security primitive (ID#:14-2853)
  • Bakry, M.; Khamis, M.; Abdennadher, S., "AreCAPTCHA: Outsourcing Arabic Text Digitization to Native Speakers," Document Analysis Systems (DAS), 2014 11th IAPR International Workshop on, pp.304,308, 7-10 April 2014. doi: 10.1109/DAS.2014.50 There has been a recent increasing demand to digitize Arabic books and documents, due to the fact that digital books do not lose quality over time, and can be easily sustained. Meanwhile, the number of Arabic-speaking Internet users is increasing. We propose AreCAPTCHA, a system that digitizes Arabic text by outsourcing it to native Arabic speakers, while offering protective measures to online web forms of Arabic websites. As users interact with AreCAPTCHA, we collect possible digitizations of words that were not recognized by OCR programs. We explain how the system works, the challenges we faced, and promising preliminary evaluation results.
    Keywords: Web sites; document image processing; natural language processing; optical character recognition; security of data; Arabic Web sites; Arabic book; Arabic document; Arabic text digitization; Arabic-speaking Internet user; AreCAPTCHA; OCR program; digital book; native Arabic speaker; online Web form; protective measure; CAPTCHAs; Databases; Educational institutions; Engines; Internet; Libraries; Optical character recognition software; Arabic; CAPTCHA; Digitization; Human computation; words recognition (ID#:14-2854)
  • Yi Xu; Reynaga, G.; Chiasson, S.; Frahm, J.-M.; Monrose, F.; van Oorschot, P.C., "Security Analysis and Related Usability of Motion-Based CAPTCHAs: Decoding Codewords in Motion," Dependable and Secure Computing, IEEE Transactions on, vol.11, no.5, pp.480,493, Sept.-Oct. 2014. doi: 10.1109/TDSC.2013.52 We explore the robustness and usability of moving-image object recognition (video) CAPTCHAS, designing and implementing automated attacks based on computer vision techniques. Our approach is suitable for broad classes of moving-image CAPTCHAS involving rigid objects. We first present an attack that defeats instances of such a CAPTCHA (NuCaptcha) representing the state-of-the-art, involving dynamic text strings called codewords. We then consider design modifications to mitigate the attacks (e.g., overlapping characters more closely, randomly changing the font of individual characters, or even randomly varying the number of characters in the codeword). We implement the modified CAPTCHAS and test if designs modified for greater robustness maintain usability. Our lab-based studies show that the modified captchas fail to offer viable usability, even when the captcha strength is reduced below acceptable targets. Worse yet, our GPU-based implementation shows that our automated approach can decode these captchas faster than humans can, and we can do so at a relatively low cost of roughly 50 cents per 1,000 captchas solved based on Amazon EC2 rates circa 2012. To further demonstrate the challenges in designing usable captchas, we also implement and test another variant of moving text strings using the known emerging images concept. This variant is resilient to our attacks and also offers similar usability to commercially available approaches. We explain why fundamental elements of the emerging images idea resist our current attack where others fail.
    Keywords: Turing machines; computer vision; graphics processing units; image coding ;image motion analysis; object recognition; security of data; text analysis; Amazon EC2 rates circa strings; GPU-based implementation; automated attack mitigation; computer vision; decoding codeword; design modification; dynamic text strings; motion-based CAPTCHA; moving image object recognition CAPTCHA; security analysis; usability analysis; CAPTCHAs; Feature extraction; Image color analysis; Robustness; Streaming media; Trajectory; Usability; CAPTCHAs; computer vision; security; usability (ID#:14-2855)
  • Subpratatsavee, P.; Kuha, P.; Janthong, N.; Chintho, C., "An Implementation of a Geometric and Arithmetic CAPTCHA without Database," Information Science and Applications (ICISA), 2014 International Conference on, pp.1,3, 6-9 May 2014. doi: 10.1109/ICISA.2014.6847359 This research presented a geometric CAPTCHA which was not created from images in any database, but it is an image of a geometric shape that randomly generated from a program and its edge was incomplete. Geometric CAPTCHAs were tested with users to identify the number of angles from a shape and to do a simple calculation. Users must type a right answer to pass the CAPTCHA test. Geometric CAPTCHAs were test run with other similar three CAPTCHAs in terms of time for task completion, number of errors, and user's satisfaction. This paper was a pilot study for designing a new image- based CAPTCHA, and the improved design will be made in the short future. This research presented a geometric CAPTCHA which was not created from images in any database, but it is an image of a geometric shape that randomly generated from a program and its edge was incomplete. Geometric CAPTCHAs were tested with users to identify the number of angles from a shape and to do a simple calculation. Users must type a right answer to pass the CAPTCHA test. Geometric CAPTCHAs were test run with other similar three CAPTCHAs in terms of time for task completion, number of errors, and user's satisfaction. This paper was a pilot study for designing a new image-based CAPTCHA, and the improved design will be made in the short future.
    Keywords: image processing; message authentication; CAPTCHA test; arithmetic CAPTCHA; authentication; geometric CAPTCHA; geometric shape image; image- based CAPTCHA; shape angle identification; task completion time; user satisfaction; CAPTCHAs; Databases; Educational institutions; Image edge detection; Security; Shape; Silicon (ID#:14-2856)
  • Powell, B.M.; Goswami, G.; Vatsa, M.; Singh, R.; Noore, A, "fgCAPTCHA: Genetically Optimized Face Image CAPTCHA 5," Access, IEEE, vol.2, no., pp.473, 484, 2014. doi: 10.1109/ACCESS.2014.2321001 The increasing use of smartphones, tablets, and other mobile devices poses a significant challenge in providing effective online security. CAPTCHAs, tests for distinguishing human and computer users, have traditionally been popular; however, they face particular difficulties in a modern mobile environment because most of them rely on keyboard input and have language dependencies. This paper proposes a novel image-based CAPTCHA that combines the touch-based input methods favored by mobile devices with genetically optimized face detection tests to provide a solution that is simple for humans to solve, ready for worldwide use, and provides a high level of security by being resilient to automated computer attacks. In extensive testing involving over 2600 users and 40000 CAPTCHA tests, fgCAPTCHA demonstrates a very high human success rate while ensuring a 0% attack rate using three well-known face detection algorithms.
    Keywords: face recognition; mobile computing; security of data; automated computer attacks; face detection algorithms; fgCAPTCHA; genetically optimized face image CAPTCHA; modern mobile environment; novel image-based CAPTCHA; online security; touch-based input methods; CAPTCHAs; Face detection; Face recognition; Mobile communication; Mobile handsets; Noise measurement; Security; CAPTCHA; Mobile security; face detection; web security (ID#:14-2857)
  • Qi Ye; Youbin Chen; Bin Zhu, "The Robustness of a New 3D CAPTCHA," Document Analysis Systems (DAS), 2014 11th IAPR International Workshop on, vol., no., pp.319, 323, 7-10 April 2014 doi: 10.1109/DAS.2014.31 CAPTCHA is a standard security technology to tell humans and computers and the most widely used method is text based scheme. As many text schemes have been broken, 3D CAPTCHAs have emerged as one of the latest one. In this paper, we study the robustness of 3D text-based CAPTCHA adopted by Ku6 which is a leading website providing videos in China and provide the first analysis of 3D hollow CAPTCHA. The security of this CAPTCHA scheme relies on a novel segmentation resistance mechanism, which combines Crowding Character Together (CCT) strategy and side surfaces which form the 3D visual effect of characters and lead to a promising usability even under strong overlapping between characters. However, by exploiting the unique features of the 3D characters in hollow font, i.e. parallel boundaries, the different stroke width of side faces and front faces and relationships between them, we propose a technique that segments connected characters apart and repairs some overlapped apart. The success segmentation rate is 70%. With minor changes, our attack program works well on its two variations, the segmentation rate is 75% and 85% respectively.
    Keywords: cryptography ;image coding; image segmentation; 3D CAPTCHA scheme; CCT strategy; Completely Automated Public Turing test to tell Computers and Humans Apart; attack program; crowding character together; side surfaces; standard security technology; success segmentation rate; CAPTCHAs; Character recognition; Computers; Maintenance engineering; Robustness; Security; Three-dimensional displays;3D;CAPTCHA;hollow font; security; segmentation; usability (ID#:14-2858)
  • Harisinghaney, A; Dixit, A; Gupta, S.; Arora, A, "Text and Image Based Spam Email Classification Using KNN, Naive Bayes and Reverse DBSCAN Algorithm," Optimization, Reliability, and Information Technology (ICROIT), 2014 International Conference on, pp. 153, 155, 6-8 Feb. 2014. doi: 10.1109/ICROIT.2014.6798302 Internet has changed the way of communication, which has become more and more concentrated on emails. Emails, text messages and online messenger chatting have become part and parcel of our lives. Out of all these communications, emails are more prone to exploitation. Thus, various email providers employ algorithms to filter emails based on spam and ham. In this research paper, our prime aim is to detect text as well as image based spam emails. To achieve the objective we applied three algorithms namely: KNN algorithm, Naive Bayes algorithm and reverse DBSCAN algorithm. Pre-processing of email text before executing the algorithms is used to make them predict better. This paper uses Enron corpus's dataset of spam and ham emails. In this research paper, we provide comparison performance of all three algorithms based on four measuring factors namely: precision, sensitivity, specificity and accuracy. We are able to attain good accuracy by all the three algorithms. The results have shown comparison of all three algorithms applied on same data set.
    Keywords: Bayes methods; image classification; neural nets; text analysis; text detection; unsolicited e-mail; Enron corpus dataset; Internet; KNN algorithm; Naive Bayes algorithm; email text pre-processing; image based spam email classification; online messenger chatting; reverse DBSCAN algorithm; text based spam email classification; text detection; text messages; CAPTCHAs; Classification algorithms; Computers; Electronic mail; Image resolution; Technological innovation; Viruses (medical); Ham; Image Spam; KNN; Naive Bayes; Spam; reverse DBSCAN (ID#:14-2859)
  • Goto, Misako; Shirato, Toru; Uda, Ryuya, "Text-Based CAPTCHA Using Phonemic Restoration Effect and Similar Sounds," Computer Software and Applications Conference Workshops (COMPSACW), 2014 IEEE 38th International, pp.270,275, 21-25 July 2014. doi: 10.1109/COMPSACW.2014.48 In Recent years, bot (robot) program has been one of the problems on the web. Some kinds of the bots acquire accounts of web services in order to use the accounts for SPAM mails, phishing, etc. CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) is one of the countermeasures for preventing bots from acquiring the accounts. Text-based CAPTCHA is especially implemented on almost all famous web services. However, CAPTCHA faces a problem that evolution of algorithms for analysis of printed characters disarms text-based CAPTCHA. Of course, stronger distortion of characters is the easiest solution of the problem. However, it makes recognition of characters difficult not only for bots but also for human beings. Therefore, in this paper, we propose a new CAPTCHA with higher safety and convenience. Especially, we focus on the human abilities of phonemic restoration and recognition of similar sounds, and adopt the abilities in the propose CAPTCHA. The proposed CAPTCHA makes machinery presumption difficult for bots, while providing easy recognition for human beings.
    Keywords: CAPTCHAs; Character recognition; Computers; Educational institutions; Google; Image restoration; Time measurement; CAPTCHA; Phonemic Restoration; Web Technology (ID#:14-2860)
  • Song Gao; Mohamed, M.; Saxena, N.; Chengcui Zhang, "Gaming the Game: Defeating A Game Captcha With Efficient And Robust Hybrid Attacks," Multimedia and Expo (ICME), 2014 IEEE International Conference on, pp.1, 6, 14-18 July 2014. doi: 10.1109/ICME.2014.6890287 Dynamic Cognitive Game (DCG) CAPTCHAs are a promising new generation of interactive CAPTCHAs aiming to provide improved security against automated and human-solver relay attacks. Unlike existing CAPTCHAs, defeating DCG CAPTCHAs using pure automated attacks or pure relay attacks may be challenging in practice due to the fundamental limitations of computer algorithms (semantic gap) and synchronization issues with solvers. To overcome this barrier, we propose two hybrid attack frameworks. which carefully combine the strengths of an automated program and offline/online human intelligence. These hybrid attacks require maintaining the synchronization only between the game and the bot similar to a pure automated attack, while solving the static AI problem (i.e., bridging the semantic gap) behind the game challenge similar to a pure relay attack. As a crucial component of our framework, we design a new DCG object tracking algorithm, based on color code histogram, and show that it is simpler, more efficient and more robust compared to several known tracking approaches. We demonstrate that both frameworks can effectively defeat a wide range of DCG CAPTCHAs.
    Keywords: authorisation; computer games; image colour analysis; object tracking; DCG CAPTCHA; DCG object tracking algorithm; automated human-solver relay attacks; automated program; color code histogram; computer algorithms; dynamic cognitive game CAPTCHA; hybrid attack framework; interactive CAPTCHA; offline human intelligence; online human intelligence; security improvement; semantic gap; static AI problem; synchronization issues; High definition video; Light emitting diodes; CAPTCHA; hybrid attack; multi-object tracking; visual processing; web security (ID#:14-2861)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.