Pitfalls in CAPTCHA design and implementation: The Math CAPTCHA, a case study
نویسندگان
چکیده
We present a black-box attack against an already deployed CAPTCHA that aims to protect a free service delivered using the Internet. This CAPTCHA, referred to as ‘‘Math CAPTCHA’’ or ‘‘QRBGS CAPTCHA’’, requests the user to solve a mathematical problem in order to prove human. We study significant problems both in its design and its implementation, and how those flaws can be used to completely solve this CAPTCHA using a low-cost attack. This attack requires no development in Artificial Intelligence or automatic character recognition, the intended path, thus becoming a side-channel attack, based on the previously mentioned CAPTCHAs flaws. We relate these flaws to common flaws found in other CAPTCHA proposals. We conclude with some tips for enhancing this CAPTCHA that can be considered as general guidelines. a 2009 Elsevier Ltd. All rights reserved.
منابع مشابه
Introducing New Trends for Persian CAPTCHA
To distinguish between human user and computer program to enhance security, a popular test called CAPTCHA is used on Web. CAPTCHA has an important role in preventing Denial Of Service (DOS) attacks in computer networks. There are many different types of CAPTCHA in different languages. Due to the expansion of Persian-language and documents on internet, creating a suitable Persian CAPTCHA seems t...
متن کاملImage flip CAPTCHA
The massive and automated access to Web resources through robots has made it essential for Web service providers to make some conclusion about whether the "user" is a human or a robot. A Human Interaction Proof (HIP) like Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) offers a way to make such a distinction. CAPTCHA is a reverse Turing test used by Web serv...
متن کاملSEIMCHA: a new semantic image CAPTCHA using geometric transformations
As protection of web applications are getting more and more important every day, CAPTCHAs are facing booming attention both by users and designers. Nowadays, it is well accepted that using visual concepts enhance security and usability of CAPTCHAs. There exist few major different ideas for designing image CAPTCHAs. Some methods apply a set of modifications such as rotations to the original imag...
متن کاملShortcomings in CAPTCHA Design and Implementation: Captcha2, a Commercial Proposal
Many CAPTCHA proposals have shortcomings in their design or implementation that make themmuch weaker than intended. In this paper we study Captcha2, a commercial algorithm, as a means of showing typical flaws that make many CAPTCHAs prone to successful low-cost attacks. The attack we present makes no use of any AI techniques, not affecting the resilience of the original AI problem this CAPTCHA ...
متن کاملCAPTCHAs based on the Principle- Hard to Separate Text from Background
CAPTCHAs have become a very popular security mechanism used to prevent automated abuse of online services intended for humans. Different flavors of CAPTCHA can be seen on Internet. However, a wide variety of CAPTCHAs have been successfully attacked by automated programs. This has made CAPTCHA design an interesting area for research. Among various flavors of CAPTCHA text based are most preferabl...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Computers & Security
دوره 29 شماره
صفحات -
تاریخ انتشار 2010