Three-Way Dissection of a Game-CAPTCHA: Automated Attacks, Relay Attacks, and Usability
نویسندگان
چکیده
Existing captcha solutions on the Internet are a major source of user frustration. Game captchas are an interesting and, to date, little-studied approach claiming to make captcha solving a fun activity for the users. One broad form of such captchas – called Dynamic Cognitive Game (DCG) captchas – challenge the user to perform a game-like cognitive task interacting with a series of dynamic images. We pursue a comprehensive analysis of a representative category of DCG captchas. We formalize, design and implement such captchas, and dissect them across: (1) fully automated attacks, (2) humansolver relay attacks, and (3) usability. Our results suggest that the studied DCG captchas exhibit high usability and, unlike other known captchas, offer some resistance to relay attacks, but they are also vulnerable to our novel dictionary-based automated attack.
منابع مشابه
On the security and usability of dynamic cognitive game CAPTCHAs
Existing CAPTCHA solutions are a major source of user frustration on the Internet today, frequently forcing companies to lose customers and business. Game CAPTCHAs are a promising approach which may make CAPTCHA solving a fun activity for the user. One category of such CAPTCHAs – called Dynamic Cognitive Game (DCG) CAPTCHA – challenges the user to perform a game-like cognitive (or recognition) ...
متن کاملDynamic Cognitive Game CAPTCHA Usability and Detection of Streaming-Based Farming
CAPTCHAs are a widely deployed mechanism to distinguish a legitimate human user from a computerized program trying to abuse online services. Attackers, however, have devised a clever and an economical way to bypass the security provided by CAPTCHAs by simply relaying CAPTCHA challenges to remote human-solvers. Most existing varieties of CAPTCHAs are completely vulnerable to such relay attacks, ...
متن کاملCAPTCHaStar! A Novel CAPTCHA Based on Interactive Shape Discovery
Over the last years, most websites where users can register (e.g., email providers and social networks) adopted CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) as a countermeasure for automated attacks. The battle of wits between designers and attackers of CAPTCHAs led to current ones being annoying and hard to resolve for users, while still being vulnerabl...
متن کاملGraphical Password Using Captcha for More Secure Authentication Scheme
388 ISSN: 2278 – 1323 All Rights Reserved © 2015 IJARCET Abstract: A new security primitive for new graphical authentication scheme based on hard artificial intelligence problems. Number of graphical password scheme has been proposed as options to traditional to text password authentication, namely a new family of graphical password system for Captcha technology with the level of security. We...
متن کاملCaptcha as Graphical Passwords—a New Security Primitive Based on Hard AI Problems
Many security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm,but has been under explored a novel family of graphical password systems built on top of Captcha technology,which we call Captcha as a graphical passwords (CaRP).. CaRP addresses a such as online guessing attacks, relay attacks, and, if combined withdual-...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1310.1540 شماره
صفحات -
تاریخ انتشار 2013