iCAPTCHA: the next generation of CAPTCHA designed to defend against 3rd party human attacks (original) (raw)

Text-based CAPTCHAs over the years

IOP Conference Series: Materials Science and Engineering

The notion of CAPTCHAs has been around for more than two decades. Since its introduction, CAPTCHAs have now become a ubiquitous part of the Internet. Over the years, research on various aspects of CAPTCHAs has evolved and different design principles have emerged. This article discusses text-based CAPTCHAs in terms of their fundamental requirements, namely, security and usability. Practicality necessitates that humans must be able to correctly solve CAPTCHA challenges, while at the same time automated computer programs should have difficulty solving the challenges. This article also presents alternative paradigms to text-based CAPTCHA design that have been examined in previous work. With the advances in techniques to defeat CAPTCHAs, the future of automated Turing tests is an open question.

CAPTCHAs: The Good, the Bad, and the Ugly

2010

A CAPTCHA is a program that generates challenges that are easy to solve for humans but difficult to solve for computers. The most common CAPTCHAs today are text-based ones where a short word is embedded in a cluttered image. In this paper, we survey the state-of-the-art of currently deployed CAPTCHAs, especially of some popular German sites. Surprisingly, despite their importance and the largescale deployment, most of the CAPTCHAs like the ones of the “Umweltpramie”, the Bundesfinanzagentur, and the Sparda-Bank are rather weak. Our results show that these CAPTCHAs are subject to automated attacks solving up to 80% of the puzzles. Furthermore, we suggest design criteria for “good” CAPTCHAs and for the system using them. In light of this we revisit the popular reCAPTCHA system and latest developments about its security. Finally, we discuss some alternative approaches for CAPTCHAs.

A Survey on the Different Implemented Captchas

AIRCC Publishing Corporation, 2019

CAPTCHA is almost a standard security technology, and has found widespread application in commercial websites. There are two types: labeling and image based CAPTCHAs. To date, almost all CAPTCHA designs are labeling based. Labeling based CAPTCHAs refer to those that make judgment based on whether the question “what is it?” has been correctly answered. Essentially in Artificial Intelligence (AI), this means judgment depends on whether the new label provided by the user side matches the label already known to the server. Labeling based CAPTCHA designs have some common weaknesses that can be taken advantage of attackers. First, the label set, i.e., the number of classes, is small and fixed. Due to deformation and noise in CAPTCHAs, the classes have to be further reduced to avoid confusion. Second, clean segmentation in current design, in particular character labeling based CAPTCHAs, is feasible. The state of the art of CAPTCHA design suggests that the robustness of character labeling schemes should rely on the difficulty of finding where the character is (segmentation), rather than which character it is (recognition). However, the shapes of alphabet letters and numbers have very limited geometry characteristics that can be used by humans to tell them yet are also easy to be indistinct. Image recognition CAPTCHAs faces many potential problems which have not been fully studied. It is difficult for a small site to acquire a large dictionary of images which an attacker does not have access to and without a means of automatically acquiring new labeled images, an image based challenge does not usually meet the definition of a CAPTCHA. They are either unusable or prone to attacks. In this paper, we present the different types of CAPTCHAs trying to defeat advanced computer programs or bots, discussing the limitations and drawbacks of each.

Captcha: A Tool for Web Security

2021

Malicious computer programs today have tried to target websites, which have a significant effect on their availability and security. The CAPTCHA is a tool that is an efficient way of solving this problem. CAPTCHA is a full automated public turing test. Many human activities are performed on the Internet every day, such as schooling, commerce, conversations etc. Some hackers write programs to automatically make false registrations, for example when registering in websites, that waste web resources while this may even stop the whole website. Thus, human users should be differentiated from CAPTCHA software systems. CAPTCHA handwritten picture may be a work around. In this paper literature review of CAPTCHA has been done in order to enhance our knowledge about how CAPTCHA can provide web security focusing in particular on handwritten CAPTCHA and audio, video CAPTCHA in general.

On the necessity of user-friendly CAPTCHA

2011

A "Completely Automated Public Turing test to tell Computers and Humans Apart" (CAPTCHA) is a mechanism widely used nowadays for protection of web applications, interfaces, and services from malicious users. A questionnaire-based survey combined with a real usage scenario of a native-language CAPTCHA mechanism was conducted in order to investigate several aspects that affect end-user perceptions related to the quality of CAPTCHA. A total of 210 participants of age between 19 and 64 participated during May and July 2010. The survey results validate the common belief that CAPTCHAs are still difficult for humans to solve. They also provide insights that can be applied to improve users" experience on interacting with CAPTCHA systems.

A DETAILED EXPLANATION OF THE CAPTCHA TO IMPROVE SECURITY

This paper proposes the latest attacks which are been done in the internet. It explains how these various attacks can be stopped by using various techniques of captcha. There are various types of captcha available nowadays. This paper explains how we can improve the internet security by using the advance captcha. There are two types of captcha which we have seen they are: Numerical captcha and image captcha. In this paper we explain about the advance version of captcha like the motion graphical captcha, pictorial captcha. These captcha can be used for various purposes. It can be used for email verification, bank details verification and even for other payment options. These captcha increases the security from getting the websites hacked.

Protection through Intelligent and Multimedia Captchas

International Journal of Adaptive, Resilient and Autonomic Systems, 2012

The Complete Automatic Public Turing test to tell Computers and Humans Apart (CAPTCHA) is a modern implementation of the Turing test. A CAPTCHA asks a series of questions which are supposed to be relatively easy for mature human beings but hard for machines to answer. A CAPTCHA, as its name suggests, is generally used as a tool to distinguish human beings from machines when the corresponding party is invisible in a remote site. There are many CAPTCHAs proposed and widely used in many Internet applications, with varied strength and performance. In this article, a review of current CAPTCHAs is presented. Analysis and comparisons are provided for various CAPTCHAs. Two types of new CAPTCHAs, intelligent and multimedia CAPTCHAs, are proposed. Our experiments have shown that the newly proposed CAPTCHAs have stronger protection than most existing CAPTCHAs and they can be applied to various web applications, such as e-commerce.

Leveraging the CAPTCHA Problem

Efforts to defend against automated attacks on e-commerce services have led to a new security protocol known as a CAPTCHA, a challenge designed to exploit gaps in the perceptual abilities between humans and machines. In this paper, we propose a new paradigm for building CAPTCHA's which offers simultaneous benefits to both online security and pattern recognition research. We illustrate our discussion with a number of examples and suggest various directions for future work.

Securing Websites through Multi-CAPTCHA

2014

CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) is a simple test that is easy for humans but extremely difficult for computers to solve. CAPTCHA has been widely used in commercial websites such as web-based email providers, TicketMaster, GoDaddy, and Facebook to protect their resources from attacks initiated by automatic scripts. By design, CAPTCHA is unable to distinguish between a human attacker and a legitimate human user. This leaves websites using CAPTCHA vulnerable to 3rd party human CAPTCHA attacks. In order to demonstrate the vulnerabilities in existing CAPTCHA technologies we develop a new streamlined human-based CAPTCHA attack that uses Instant Messenger infrastructure. Facing this serious human-based attack threat, we then present a new defense system called Multi-CAPTCHA , which is the next generation of CAPTCHA technology providing the first steps toward defending against 3rd party human CAPTCHA attacks. Multi-CAPTCHA requires a user...