CAPTCHA challenge strings: problems and improvements
نویسندگان
چکیده
A CAPTCHA is a Completely Automated Public Test to tell Computers and Humans Apart. Typical CAPTCHAs present a challenge string consisting of a visually distorted sequence of letters and perhaps numbers, which in theory only a human can read. Attackers of CAPTCHAs have two primary points of leverage: Optical Character Recognition (OCR) can identify some characters, while nonuniform probabilities make other characters relatively easy to guess. This paper uses a mathematical theory of assurance to characterize the probability that a correct answer to a CAPTCHA is not just a lucky guess. We examine the three most common types of challenge strings, dictionary words, Markov text, and random strings, and find substantial weaknesses in each. We therefore propose improvements to Markov text, and new challenges based on the consonant-vowel-consonant (CVC) trigrams of psychology. Theory and experiment together quantify problems in current challenges and the improvements offered by modifications.
منابع مشابه
ScatterType: a reading CAPTCHA resistant to segmentation attack
A reading-based CAPTCHA, called ‘ScatterType,’ designed to resist character–segmentation attacks, is described. Its challenges are pseudorandomly synthesized images of text strings rendered in machine-print typefaces: within each image, characters are fragmented using horizontal and vertical cuts, and the fragments are scattered by vertical and horizontal displacements. This scattering is desig...
متن کاملVideo CAPTCHAs: Usability vs. Security
A Completely Automated Public Turing test to tell Computer and Humans Apart (CAPTCHA) is a variation of the Turing test, in which a challenge is used to distinguish humans from computers (‘bots’) on the internet. They are commonly used to prevent the abuse of online services; for example, malicious users have written automated programs that signup for thousands of free email accounts and send S...
متن کاملSecurity and Usability Challenges of Moving-Object CAPTCHAs: Decoding Codewords in Motion
We explore the robustness and usability of movingimage object recognition (video) captchas, designing and implementing automated attacks based on computer vision techniques. Our approach is suitable for broad classes of moving-image captchas involving rigid objects. We first present an attack that defeats instances of such a captcha (NuCaptcha) representing the state-ofthe-art, involving dynami...
متن کاملDesign and Comparison of Advanced Color based Image CAPTCHAs
CAPTCHA is a technology which has its base in a test called the Turing Test. Alan Turing, proposed this test as a way to examine whether or not machines can think or appear to think like humans. The main purpose of a CAPTCHA is to block form submissions from spam botsthat is automated scripts. Various types of CAPTCHAs are used, which mostly requires users to enter the strings of characters tha...
متن کاملCAPTCHA and Accessibility - Is This the Best We Can Do?
Web access is affected by a great amount of accessibility issues that do not allow some users to access all information presented. Therefore, Web accessibility is an important issue because everybody should access Web content independently of their access features. Among these accessibility issues, a Web content element that interferes with Web accessibility is a CAPTCHA. A CAPTCHA is a challen...
متن کامل