Advertisement

CAPTCHA Design and Security Issues

  • Yang-Wai Chow
  • Willy Susilo
  • Pairat Thorncharoensri
Chapter

Abstract

The concept of reverse Turing tests, or more commonly known as CAPTCHAs, for distinguishing between humans and computers has been around for many years. The widespread use of CAPTCHAs these days has made them an integral part of the internet for providing online services, which are intended for humans, with some level of protection against automated abuse. Since their inception, much research has focused on investigating various issues surrounding the design and security of CAPTCHAs. A fundamental requirement of CAPTCHAs necessitates that they must be designed to be easy for humans but difficult for computers. However, it is well recognized that the trade-off between usability and security is difficult to balance. In addition, numerous attacks have been developed to defeat CAPTCHAs. In response to this, many different CAPTCHA design variants have been proposed over the years. Despite the fact that CAPTCHAs have been around for more than two decades, the future of CAPTCHAs remains an open question. This chapter presents an overview of research examining a wide range of issues that have been conducted on different types of CAPTCHAs.

Keywords

Audio Image CAPTCHA Machine learning Recognition Security Segmentation Text Usability 

References

  1. 1.
    Ahmad, A. S. E., Yan, J., & Marshall, L. (2010). The robustness of a new CAPTCHA. In M. Costa & E. Kirda (Eds.), Proceedings of the Third European Workshop on System Security, EUROSEC 2010, Paris, France, April 13, 2010 (pp. 36–41). ACM.Google Scholar
  2. 2.
    Ahmad, A. S. E., Yan, J., & Tayara, M. (2011). The robustness of Google CAPTCHAs. University of Newcastle, UK, Technical Report (Vol. 1278, pp. 1–15).Google Scholar
  3. 3.
    Athanasopoulos, E., Antonatos, S., & Markatos, E. P. (2006). Enhanced CAPTCHAs: Using animation to tell humans and computers apart. In H. Leitold (Ed.), Communications and Multimedia Security, 10th IFIP TC-6 TC-11 International Conference, CMS 2006, Heraklion, Crete, Greece, October 19–21, 2006, Proceedings (Vol. 4237, pp. 97–108)., Lecture notes in computer science. Berlin: Springer.CrossRefGoogle Scholar
  4. 4.
    Baecher, P., Büscher, N., Fischlin, M., & Milde, B. (2011). Breaking recaptcha: A holistic approach via shape recognition. In J. Camenisch, S. Fischer-Hübner, Y. Murayama, A. Portmann, & C. Rieder (Eds.), Future Challenges in Security and Privacy for Academia and Industry - 26th IFIP TC 11 International Information Security Conference, SEC 2011, Lucerne, Switzerland, June 7–9, 2011. Proceedings (Vol. 354, pp. 56–67)., IFIP advances in information and communication technology. Berlin: Springer.Google Scholar
  5. 5.
    Baird, H. S., Coates, A. L., & Fateman, R. J. (2003). Pessimal print: A reverse turing test. International Journal on Document Analysis and Recognition, 5(2–3), 158–163.CrossRefGoogle Scholar
  6. 6.
    Baird, H. S., & Popat, K. (2002). Human interactive proofs and document image analysis. In D. P. Lopresti, J. Hu, & R. S. Kashi (Eds.), Document Analysis Systems V, 5th International Workshop, DAS 2002, Princeton, NJ, USA, August 19–21, 2002, Proceedings (Vol. 2423, pp. 507–518)., Lecture notes in computer science. Berlin: Springer.Google Scholar
  7. 7.
    Bigham, J. P., & Cavender, A. (2009). Evaluating existing audio CAPTCHAs and an interface optimized for non-visual use. In D. R. O. Jr, R. B. Arthur, K. Hinckley, M. R. Morris, S .E. Hudson, & S. Greenberg (Eds.), Proceedings of the 27th International Conference on Human Factors in Computing Systems, CHI 2009, Boston, MA, USA, April 4–9, 2009 (pp. 1829–1838). ACM.Google Scholar
  8. 8.
    Bock, K., Patel, D., Hughey, G., & Levin, D. (2017). unCaptcha: A low-resource defeat of reCaptcha’s audio challenge. In W. Enck & C. Mulliner (Eds.), 11th USENIX Workshop on Offensive Technologies, WOOT 2017, Vancouver, BC, Canada, August 14–15, 2017. USENIX Association.Google Scholar
  9. 9.
    Bursztein, E. How we broke the nucaptcha video scheme and what we propose to fix it. https://www.elie.net/blog/security/how-we-broke-the-nucaptcha-video-scheme-and-what-we-propose-to-fix-it
  10. 10.
    Bursztein, E., Aigrain, J., Moscicki, A., & Mitchell, J. C. (2014). The end is nigh: Generic solving of text-based captchas. In S. Bratus & F. F. X. Lindner (Eds.), 8th USENIX Workshop on Offensive Technologies, WOOT ’14, San Diego, CA, USA, August 19, 2014. USENIX Association.Google Scholar
  11. 11.
    Bursztein, E., Beauxis, R., Paskov, H. S., Perito, D., Fabry, C., & Mitchell, J. C. (2011). The failure of noise-based non-continuous audio captchas. In 32nd IEEE Symposium on Security and Privacy, S&P 2011, 22–25 May 2011, Berkeley, California, USA (pp. 19–31). IEEE Computer Society.Google Scholar
  12. 12.
    Bursztein, E., & Bethard, S. (2009). Decaptcha: Breaking 75% of eBay audio CAPTCHAs. In Proceedings of the 3rd USENIX Conference on Offensive Technologies, WOOT’09, pp. 8–8, Berkeley, CA, USA, 2009. USENIX Association.Google Scholar
  13. 13.
    Bursztein, E., Bethard, S., Fabry, C., Mitchell, J. C., & Jurafsky, D. (2010). How good are humans at solving captchas? A large scale evaluation. In 31st IEEE Symposium on Security and Privacy, S&P 2010, 16-19 May 2010, Berleley/Oakland, California, USA (pp. 399–413). IEEE Computer Society.Google Scholar
  14. 14.
    Bursztein, E., Martin, M., & Mitchell, J. C. (2011). Text-based CAPTCHA strengths and weaknesses. In Y. Chen, G. Danezis, & V. Shmatikov (Eds.), Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, Chicago, Illinois, USA, October 17–21, 2011 (pp. 125–138). ACM.Google Scholar
  15. 15.
    C. M. University. The official CAPTCHA site. https://www.captcha.net/
  16. 16.
    Chaudhari, S. K., Deshpande, A. R., Bendale, S. B., & Kotian, R. V. (2011). 3D drag-n-drop CAPTCHA enhanced security through CAPTCHA. In Proceedings of the International Conference and Workshop on Emerging Trends in Technology, ICWET ’11, pp. 598–601, New York, NY, USA, 2011. ACM.Google Scholar
  17. 17.
    Chellapilla, K., Larson, K., Simard, P. Y., & Czerwinski, M. (2005). Building segmentation based human-friendly human interaction proofs (HIPs). In H. S. Baird & D. P. Lopresti (Eds.), Human Interactive Proofs, Second International Workshop, HIP 2005, Bethlehem, PA, USA, May 19–20, 2005, Proceedings (Vol. 3517, pp. 1–26)., Lecture notes in computer science. Berlin: Springer.Google Scholar
  18. 18.
    Chellapilla, K., Larson, K., Simard, P. Y. & Czerwinski, M. (2005). Computers beat humans at single character recognition in reading based human interaction proofs (HIPs). In CEAS 2005 - Second Conference on Email and Anti-Spam, July 21–22, 2005, Stanford University, California, USA.Google Scholar
  19. 19.
    Chellapilla, K., Larson, K., Simard, P. Y., & Czerwinski, M. (2005). Designing human friendly human interaction proofs (HIPs). In G. C. van der Veer & C. Gale (Eds.), Proceedings of the 2005 Conference on Human Factors in Computing Systems, CHI 2005, Portland, Oregon, USA, April 2–7, 2005 (pp. 711–720). ACM.Google Scholar
  20. 20.
    Chellapilla, K., & Simard, P. Y. (2004). Using machine learning to break visual human interaction proofs (HIPs). In Advances in Neural Information Processing Systems 17 [Neural Information Processing Systems, NIPS 2004, December 13–18, 2004, Vancouver, British Columbia, Canada] (pp. 265–272).Google Scholar
  21. 21.
    Chew. M., & Baird, H. S. (2003). BaffleText: a human interactive proof. In T. Kanungo, E. H. B. Smith, J. Hu, & P. B. Kantor (Eds.), Document Recognition and Retrieval X, Santa Clara, California, USA, January 22–23, 2003, Proceedings, (Vol. 5010, pp. 305–316)., SPIE.Google Scholar
  22. 22.
    Chew, M., & Tygar, J. D. (2004). Image recognition CAPTCHAs. In K. Zhang & Y. Zheng (Eds.), Information Security, 7th International Conference, ISC 2004, Palo Alto, CA, USA, September 27–29, 2004, Proceedings (Vol. 3225, pp. 268–279)., Lecture notes in computer science. Berlin: Springer.Google Scholar
  23. 23.
    Chow, R., Golle, P., Jakobsson, M., Wang, L., & Wang, X. (2008). Making CAPTCHAs clickable. In M. Spasojevic & M. D. Corner (Eds.), Proceedings of the 9th Workshop on Mobile Computing Systems and Applications, HotMobile 2008, Napa Valley, California, USA, February 25–26, 2008 (pp. 91–94). ACM.Google Scholar
  24. 24.
    Chow, Y., & Susilo, W. (2011). AniCAP: An animated 3D CAPTCHA scheme based on motion parallax. In D. Lin, G. Tsudik, & X. Wang (Eds.), Cryptology and Network Security - 10th International Conference, CANS 2011, Sanya, China, December 10–12, 2011. Proceedings (Vol. 7092, pp. 255–271)., Lecture notes in computer science. Berlin: Springer.CrossRefGoogle Scholar
  25. 25.
    Chow, Y., Susilo, W., & Zhou, H. (2010). CAPTCHA challenges for massively multiplayer online games: Mini-game CAPTCHAs. In A. Sourin & O. Sourina (Eds.), 2010 International Conference on CyberWorlds, Singapore, October 20–22, 2010 (pp. 254–261). IEEE Computer Society.Google Scholar
  26. 26.
    Cruz-Perez, C., Starostenko, O., Uceda-Ponga, F., Aquino, V. A., & Reyes-Cabrera, L. (2012). Breaking reCAPTCHAs with unpredictable collapse: Heuristic character segmentation and recognition. In J. A. Carrasco-Ochoa, J. F. M. Trinidad, J. A. Olvera-López, & K. L. Boyer (Eds.), Pattern Recognition - 4th Mexican Conference, MCPR 2012, Huatulco, Mexico, June 27–30, 2012. Proceedings (Vol. 7329, pp. 155–165)., Lecture notes in computer science. Berlin: Springer.Google Scholar
  27. 27.
    Cui, J. S., Mei, J. T., Zhang, W. Z., Wang, X., & Zhang, D. (2010). A CAPTCHA implementation based on moving objects recognition problem. In 2010 International Conference on E-Business and E-Government (pp. 1277–1280).Google Scholar
  28. 28.
    Datta, R., Li, J., & Wang, J. Z. (2005). IMAGINATION: A robust image-based CAPTCHA generation system. In H. Zhang, T. Chua, R. Steinmetz, M. S. Kankanhalli, & L. Wilcox (Eds.), Proceedings of the 13th ACM International Conference on Multimedia, Singapore, November 6–11, 2005 (pp. 331–334). ACM.Google Scholar
  29. 29.
    Egele, M., Bilge, L., Kirda, E., & Kruegel, C. (2010). CAPTCHA smuggling: Hijacking web browsing sessions to create CAPTCHA farms. In S. Y. Shin, S. Ossowski, M. Schumacher, M. J. Palakal, & C. Hung (Eds.), Proceedings of the 2010 ACM Symposium on Applied Computing (SAC), Sierre, Switzerland, March 22–26, 2010 (pp. 1865–1870). ACM.Google Scholar
  30. 30.
    Elson, J., Douceur, J. R., Howell, J., & Saul, J. (2007). Asirra: A CAPTCHA that exploits interest-aligned manual image categorization. In P. Ning, S. D. C. di Vimercati, & P. F. Syverson (Eds.), Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, October 28–31, 2007 (pp. 366–374). ACM.Google Scholar
  31. 31.
    Fischer, I., & Herfet, T. (2006). Visual CAPTCHAs for document authentication. In 8th IEEE International Workshop on Multimedia Signal Processing (MMSP 2006) (pp. 471–474).Google Scholar
  32. 32.
    Gao, H., Tang, M., Liu, Y., Zhang, P., & Liu, X. (2017). Research on the security of Microsoft’s two-layer captcha. IEEE Transactions Information Forensics and Security, 12(7), 1671–1685.CrossRefGoogle Scholar
  33. 33.
    Gao, H., Wang, W., Qi, J., Wang, X., Liu, X., & Yan, J. (2013). The robustness of hollow captchas. In A. Sadeghi, V. D. Gligor, & M. Yung (Eds.), 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS’13, Berlin, Germany, November 4–8, 2013 (pp. 1075–1086). ACM.Google Scholar
  34. 34.
    Gao, H., Yan, J., Cao, F., Zhang, Z., Lei, L., Tang, M., Zhang, P., Zhou, X., Wang, X., & Li, J. (2016). A simple generic attack on text captchas. In 23nd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21–24, 2016. The Internet Society.Google Scholar
  35. 35.
    Geman, S., & Geman, D. (1984). Stochastic relaxation, Gibbs distributions, and the Bayesian restoration of images. IEEE Transactions on Pattern Analysis and Machine Intelligence, 6, 721–741.CrossRefGoogle Scholar
  36. 36.
    Golle, P. (2008). Machine learning attacks against the Asirra CAPTCHA. In P. Ning, P. F. Syverson, & S. Jha (Eds.), Proceedings of the 2008 ACM Conference on Computer and Communications Security, CCS 2008, Alexandria, Virginia, USA, October 27–31, 2008 (pp. 535–542). ACM.Google Scholar
  37. 37.
    Google Inc. Google Image Search. https://images.google.com/
  38. 38.
    Gossweiler, R., Kamvar, M., & Baluja, S. (2009). What’s up CAPTCHA?: A CAPTCHA based on image orientation. In J. Quemada, G. León, Y. S. Maarek, & W. Nejdl, (Eds.), Proceedings of the 18th International Conference on World Wide Web, WWW 2009, Madrid, Spain, April 20–24, 2009 (pp. 841–850). ACM.Google Scholar
  39. 39.
    Goswami, G., Powell, B. M., Vatsa, M., Singh, R., & Noore, A. (2014). FaceDCAPTCHA: Face detection based color image CAPTCHA. Future Generation Computer Systems, 31, 59–68.CrossRefGoogle Scholar
  40. 40.
    Hernández-Castro, C. J., Moreno, M. D. R.-, Barrero, D. F., Gibson, S., & FunCAPTCHA case analysis. (2017). Using machine learning to identify common flaws in CAPTCHA design. Computers and Security, 70, 744–756.CrossRefGoogle Scholar
  41. 41.
    Hernández-Castro, C. J., & Ribagorda, A. (2010). Pitfalls in CAPTCHA design and implementation: The math CAPTCHA, a case study. Computers and Security, 29(1), 141–157.CrossRefGoogle Scholar
  42. 42.
    Hoque, M. E., Russomanno, D. J., & Yeasin, M. (2006). 2D captchas from 3D models. Proceedings of the IEEE SoutheastCon, 2006, 165–170.Google Scholar
  43. 43.
    Huang, S., Lee, Y., Bell, G., & Ou, Z. (2010). An efficient segmentation algorithm for CAPTCHAs with line cluttering and character warping. Multimedia Tools Applications, 48(2), 267–289.CrossRefGoogle Scholar
  44. 44.
    Imsamai, M., & Phimoltares, S. (2010). 3D CAPTCHA: A next generation of the CAPTCHA. In Proceedings of the International Conference on Information Science and Applications (ICISA 2010), Seoul, South Korea, 21-23 April, 2010 (pp. 1–8). IEEE Computer Society.Google Scholar
  45. 45.
    Kim, J., Chung, W., & Cho, H. (2010). A new image-based CAPTCHA using the orientation of the polygonally cropped sub-images. The Visual Computer, 26(6–8), 1135–1143.CrossRefGoogle Scholar
  46. 46.
    Kluever, K. A., & Zanibbi, R. (2009). Balancing usability and security in a video CAPTCHA. In L. F. Cranor (Ed.), Proceedings of the 5th Symposium on Usable Privacy and Security, SOUPS 2009, Mountain View, California, USA, July 15–17, 2009. ACM: ACM International Conference Proceeding Series.Google Scholar
  47. 47.
    Kochanski, G., Lopresti, D. P., & Shih, C. (2002). A reverse turing test using speech. In J. H. L. Hansen&B. L. Pellom (Eds.), 7th International Conference on Spoken Language Processing, ICSLP2002 - INTERSPEECH 2002, Denver, Colorado, USA, September 16–20, 2002. ISCA.Google Scholar
  48. 48.
    Li, S., Shah, S. A. H., Khan, M. A. U., Khayam, S. A., Sadeghi, A., & Schmitz, R. (2010). Breaking e-banking captchas. In C. Gates, M. Franz, & J. P. McDermott (Eds.), Twenty-Sixth Annual Computer Security Applications Conference, ACSAC 2010, Austin, Texas, USA, 6–10 December 2010 (pp. 171–180). ACM.Google Scholar
  49. 49.
    Lillibridge, M., Abadi, M., Bharat, K., & Broder, A. (2001). Method for selectively restricting access to computer systems, Feb. 27 2001. US Patent 6,195,698.Google Scholar
  50. 50.
    Macias, C. R., & Izquierdo, E. (2009). Visual word-based captcha using 3d characters. In 3rd International Conference on Imaging for Crime Detection and Prevention (ICDP 2009) (pp. 1–5).Google Scholar
  51. 51.
    Mitra, N. J., Chu, H., Lee, T., Wolf, L., Yeshurun, H., & Cohen-Or, D. (2009). Emerging images. ACM Transactions on Graphics, 28(5), 163:1–163:8.Google Scholar
  52. 52.
    Mohamed, M., Gao, S., Sachdeva, N., Saxena, N., Zhang, C., Kumaraguru, P., et al. (2017). On the security and usability of dynamic cognitive game CAPTCHAs. Journal of Computer Security, 25(3), 205–230.CrossRefGoogle Scholar
  53. 53.
    Mohamed, M., Sachdeva, N., Georgescu, M., Gao, S., Saxena, N., Zhang, C. et al. (2014). A three-way investigation of a game-captcha: automated attacks, relay attacks and usability. In S. Moriai, T. Jaeger, & K. Sakurai (Eds.), 9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS ’14, Kyoto, Japan - June 03–06, 2014 (pp. 195–206). ACM.Google Scholar
  54. 54.
    Mori, G., & Malik, J. (2003). Recognizing objects in adversarial clutter: Breaking a visual CAPTCHA. In 2003 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR 2003), 16–22 June 2003, Madison, WI, USA (pp. 134–144). IEEE Computer Society.Google Scholar
  55. 55.
    Motoyama, M., Levchenko, K., Kanich, C., McCoy, D., Voelker, G. M., & Savage, S. (2010). Re: CAPTCHAs-understanding CAPTCHA-solving services in an economic context. In 19th USENIX Security Symposium, Washington, DC, USA, August 11–13, 2010, Proceedings (pp. 435–462). USENIX AssociationGoogle Scholar
  56. 56.
    Moy, G., Jones, N., Harkless, C., & Potter, R. (2004). Distortion estimation techniques in solving visual captchas. In 2004 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR 2004), with CD-ROM, 27 June–2 July 2004, Washington, DC, USA (pp. 23–28). IEEE Computer Society.Google Scholar
  57. 57.
    Naor, M. (1996). Verification of a Human in the Loop or Identification via the Turing Test. http://www.wisdom.weizmann.ac.il/~naor/PAPERS/human.pdf
  58. 58.
    Naumann, A. B., Franke, T., & Bauckhage, C. (2009). Investigating CAPTCHAs based on visual phenomena. In T. Gross, J. Gulliksen, P. Kotzé, L. Oestreicher, P. A. Palanque, R. O. Prates, & M. Winckler (Eds.), Human-Computer Interaction - INTERACT 2009, 12th IFIP TC 13 International Conference, Uppsala, Sweden, August 24–28, 2009, Proceedings, Part II, (Vol. 5727, pp. 745–748)., Lecture notes in computer science. Berlin: Springer.Google Scholar
  59. 59.
    Nguyen, V. D., Chow, Y., & Susilo, W. (2012). Attacking animated CAPTCHAs via character extraction. In J. Pieprzyk, A. Sadeghi, & M. Manulis (Eds.), Cryptology and Network Security, 11th International Conference, CANS 2012, Darmstadt, Germany, December 12–14, 2012. Proceedings (Vol. 7712, pp. 98–113). Berlin: Springer.CrossRefGoogle Scholar
  60. 60.
    Nguyen, V. D., Chow, Y., & Susilo, W. (2012). Breaking an animated CAPTCHA scheme. In F. Bao, P. Samarati, & J. Zhou (Eds.), Applied Cryptography and Network Security - 10th International Conference, ACNS 2012, Singapore, June 26–29, 2012. Proceedings (Vol. 7341, pp. 12–29)., Lecture notes in computer science. Berlin: Springer.CrossRefGoogle Scholar
  61. 61.
    Nguyen, V. D., Chow, Y., & Susilo, W. (2014). A CAPTCHA scheme based on the identification of character locations. In X. Huang & J. Zhou (Eds.), Information Security Practice and Experience - 10th International Conference, ISPEC 2014, Fuzhou, China, May 5–8, 2014. Proceedings (Vol. 8434, pp. 60–74)., Lecture notes in computer science. Berlin: Springer.CrossRefGoogle Scholar
  62. 62.
    Nguyen, V. D., Chow, Y., & Susilo, W. (2014). On the security of text-based 3D CAPTCHAs. Computers and Security, 45, 84–99.CrossRefGoogle Scholar
  63. 63.
    NuCaptcha Inc. NuCaptcha. http://www.nucaptcha.com/
  64. 64.
    Petfinder. Petfinder. https://www.petfinder.com/
  65. 65.
    Polakis, I., Ilia, P., Maggi, F., Lancini, M., Kontaxis, G., Zanero, S., Ioannidis, S., & Keromytis, A. D. (2014). Faces in the distorting mirror: Revisiting photo-based social authentication. In G. Ahn, M. Yung, & N. Li (Eds.), Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3–7, 2014 (pp. 501–512). ACM.Google Scholar
  66. 66.
    Polakis, I., Lancini, M., Kontaxis, G., Maggi, F., Ioannidis, S., Keromytis, A. D., & Zanero, S. (2012). All your face are belong to us: Breaking Facebook’s social authentication. In R. H. Zakon (Ed.), 28th Annual Computer Security Applications Conference, ACSAC 2012, Orlando, FL, USA, 3–7 December 2012 (pp. 399–408). ACM.Google Scholar
  67. 67.
    Ross, S. A., Halderman, J. A., & Finkelstein, A. (2010). Sketcha: A captcha based on line drawings of 3D models. In M. Rappa, P. Jones, J. Freire, & S. Chakrabarti (Eds.), Proceedings of the 19th International Conference on World Wide Web, WWW 2010, Raleigh, North Carolina, USA, April 26–30, 2010 (pp. 821–830). ACM.Google Scholar
  68. 68.
    Rui, Y., & Liu, Z. (2004). ARTiFACIAL: Automated reverse Turing test using FACIAL features. Multimedia System, 9(6), 493–502.CrossRefGoogle Scholar
  69. 69.
    Sano, S., Otsuka, T., Itoyama, K., & Okuno, H. G. (2015). HMM-based attacks on Google’s ReCAPTCHA with continuous visual and audio symbols. JIP, 23(6), 814–826.Google Scholar
  70. 70.
    Sivakorn, S., Polakis, I., & Keromytis, A. D. (2016). I am robot: (deep) learning to break semantic image CAPTCHAs. In IEEE European Symposium on Security and Privacy, EuroS&P 2016, Saarbrücken, Germany, March 21–24, 2016 (pp. 388–403). IEEE.Google Scholar
  71. 71.
    Solanki, S., Krishnan, G., Sampath, V., & Polakis, J. (2017). In (cyber)space bots can hear you speak: Breaking audio CAPTCHAs using OTS speech recognition. In B. M. Thuraisingham, B. Biggio, D. M. Freeman, B. Miller, & A. Sinha (Eds.), Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, AISec@CCS 2017, Dallas, TX, USA, November 3, 2017. ACM.Google Scholar
  72. 72.
    Soupionis, Y., & Gritzalis, D. (2010). Audio CAPTCHA: Existing solutions assessment and a new implementation for VoIP telephony. Computers and Security, 29(5), 603–618.CrossRefGoogle Scholar
  73. 73.
    Starostenko, O., Cruz-Perez, C., Uceda-Ponga, F., & Aquino, V. A. (2015). Breaking text-based captchas with variable word and character orientation. Pattern Recognition, 48(4), 1101–1112.CrossRefGoogle Scholar
  74. 74.
    Susilo, W., Chow, Y., & Zhou, H. (2010). STE3D-CAP: stereoscopic 3D CAPTCHA. In S. Heng, R. N. Wright, & B. Goi (Eds.), Cryptology and Network Security - 9th International Conference, CANS 2010, Kuala Lumpur, Malaysia, December 12–14, 2010. Proceedings (Vol. 6467, pp. 221–240)., Lecture notes in computer science. Berlin: Springer.CrossRefGoogle Scholar
  75. 75.
    Tam, J., Simsa, J., Hyde, S., & von Ahn, L. (2008). Breaking audio CAPTCHAs. In D. Koller, D. Schuurmans, Y. Bengio, & L. Bottou (Eds.), Advances in Neural Information Processing Systems 21, Proceedings of the Twenty-Second Annual Conference on Neural Information Processing Systems, Vancouver, British Columbia, Canada, December 8–11, 2008 (pp. 1625–1632). Curran Associates, Inc.Google Scholar
  76. 76.
    Turing, A. (1950). Computing machinery and intelligence. Mind, 59(236), 433–460.MathSciNetCrossRefGoogle Scholar
  77. 77.
    von Ahn, L., Blum, M., Hopper, N. J., & Langford, J. (2003). CAPTCHA: Using hard AI problems for security. In E. Biham (Ed.), Advances in Cryptology - EUROCRYPT 2003, International Conference on the Theory and Applications of Cryptographic Techniques, Warsaw, Poland, May 4–8, 2003, Proceedings (Vol. 2656, pp. 294–311)., Lecture notes in computer science. Berlin: Springer.Google Scholar
  78. 78.
    von Ahn, L., & Dabbish, L. (2004). Labeling images with a computer game. In E. Dykstra-Erickson & M. Tscheligi (Eds.), Proceedings of the 2004 Conference on Human Factors in Computing Systems, CHI 2004, Vienna, Austria, April 24–29, 2004 (pp. 319–326). ACM.Google Scholar
  79. 79.
    von Ahn, L., Maurer, B., McMillen, C., Abraham, D., & Blum, M. (2008). reCAPTCHA: Human-based character recognition via web security measures. Science, 321(5895), 1465–1468.MathSciNetCrossRefGoogle Scholar
  80. 80.
    Wang, S. -Y., Baird, H. S., & Bentley, J. L. (2006). Captcha challenge tradeoffs: Familiarity of strings versus degradation of images. In 18th International Conference on Pattern Recognition (ICPR’06) (Vol. 3, pp. 164–167).Google Scholar
  81. 81.
    Xu, Y., Reynaga, G., Chiasson, S., Frahm, J., Monrose, F., & van Oorschot, P. C. (2014). Security analysis and related usability of motion-based captchas: Decoding codewords in motion. IEEE Transactions on Dependable and Secure Computing, 11(5), 480–493.CrossRefGoogle Scholar
  82. 82.
    Yan, J., & Ahmad, A. S. E. (2007). Breaking visual captchas with naive pattern recognition algorithms. In 23rd Annual Computer Security Applications Conference (ACSAC 2007), December 10–14, 2007, Miami Beach, Florida, USA (pp. 279–291). IEEE Computer Society.Google Scholar
  83. 83.
    Yan, J., & Ahmad, A. S. E. (2008). A low-cost attack on a Microsoft captcha. In P. Ning, P. F. Syverson, & S. Jha (Eds.), Proceedings of the 2008 ACM Conference on Computer and Communications Security, CCS 2008, Alexandria, Virginia, USA, October 27–31, 2008 (pp. 543–554). ACM.Google Scholar
  84. 84.
    Yan, J., & Ahmad, A. S. E. (2008). Usability of captchas or usability issues in CAPTCHA design. In L. F. Cranor (Ed.), Proceedings of the 4th Symposium on Usable Privacy and Security, SOUPS 2008, Pittsburgh, Pennsylvania, USA, July 23–25, 2008 (pp. 44–52). ACM: ACM International Conference Proceeding Series.Google Scholar
  85. 85.
    Yardi, S., Feamster, N., & Bruckman, A. (2008). Photo-based authentication using social networks. In C. Faloutsos, T. Karagiannis, & P. Rodriguez (Eds.), Proceedings of the first Workshop on Online Social Networks, WOSN 2008, Seattle, WA, USA, August 17–22, 2008 (pp. 55–60). ACM.Google Scholar
  86. 86.
    Ye, Q., Chen, Y., & Zhu, B. (2014). The robustness of a new 3D CAPTCHA. In J. Ramel, M. Liwicki, J. Ogier, K. Kise, & R. Smith (Eds.), 11th IAPR International Workshop on Document Analysis Systems, DAS 2014, Tours, France, April 7–10, 2014 (pp. 319–323). IEEE Computer Society.Google Scholar
  87. 87.
    Zhu, B. B., Yan, J., Bao, G., Yang, M., & Xu, N. (2014). Captcha as graphical passwords - a new security primitive based on hard AI problems. IEEE Transactions on Information Forensics and Security, 9(6), 891–904.CrossRefGoogle Scholar
  88. 88.
    Zhu, B. B., Yan, J., Li, Q., Yang, C., Liu, J., Xu, N., Yi, M., & Cai, K. (2010). Attacks and design of image recognition CAPTCHAs. In E. Al-Shaer, A. D. Keromytis, & V. Shmatikov (Eds.), Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, October 4–8, 2010 (pp. 187–200). ACM.Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Yang-Wai Chow
    • 1
  • Willy Susilo
    • 1
  • Pairat Thorncharoensri
    • 1
  1. 1.Institute of Cybersecurity and CryptologySchool of Computing and Information Technology University of WollongongWollongongAustralia

Personalised recommendations