Advertisement

Enhanced CAPTCHAs: Using Animation to Tell Humans and Computers Apart

  • Elias Athanasopoulos
  • Spiros Antonatos
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4237)

Abstract

Completely Automated Public Turing Test to tell Computers and Humans Apart (CAPTCHA) is a –rather– simple test that can be easily answered by a human but extremely difficult to be answered by computers. CAPTCHAs have been widely used for practical security reasons, like preventing automated registration in Web-based services. However, all deployed CAPTCHAs are based on the static identification of an object or text. All CAPTCHAs, from simple ones, like typing the distorted text, to advanced ones, like recognizing an object in an image, are vulnerable to the Laundry attack. An attacker may post the test to a malicious site and attract its visitors to solve the puzzle for her. This paper focuses on sealing CAPTCHAs against such attacks by adding a dimension not used so far: animation. Animated CAPTCHAs do not have a static answer, thus even when they are exposed to laundering, unsuspected visitors will provide answers that will be useless on the attacker’s side.

Keywords

Web Security CAPTCHA Laundry attacks 

References

  1. 1.
  2. 2.
  3. 3.
  4. 4.
    Inaccessibility of CAPTCHA, Alternatives to Visual Turing Tests on the Web, http://www.w3.org/TR/turingtest/
  5. 5.
  6. 6.
  7. 7.
    The CAPTCHA Project, http://www.captcha.net/
  8. 8.
  9. 9.
  10. 10.
    Chellapilla, K., Larson, K., Simard, P., Czerwinski, M.: Computers beat humans at single character recognition in reading based human interaction proofs (hips). In: Second Conference on Email and Anti-Spam (CEAS) (2005)Google Scholar
  11. 11.
    Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: CCS 2003: Proceedings of the 10th ACM conference on Computer and communications security, pp. 272–280. ACM Press, New York (2003)Google Scholar
  12. 12.
    Kerckhoffs, A.: La cryptographie militaire. Journal des Sciences Militaires, pp. 5–38 (January 9, 1883), http://www.petitcolas.net/fabien/kerckhoffs/
  13. 13.
    Mori, G., Malik, J.: Recognizing objects in adversarial clutter – breaking a visual captcha. In: Conf. Computer Vision and Pattern Recognition, Madison, USA (June 2003)Google Scholar
  14. 14.
    Szoer, P., Ferrie, P.: Hunting for metamorphic. In: Virus Bulletin Conference (September 2001)Google Scholar
  15. 15.
    The Honeynet Project Whitepapers. Know your enemy: Tracking botnets (March 2005), http://www.honeynet.org/papers/bots/

Copyright information

© IFIP International Federation for Information Processing 2006

Authors and Affiliations

  • Elias Athanasopoulos
    • 1
  • Spiros Antonatos
    • 1
  1. 1.Institute of Computer ScienceFoundation for Research and Technology HellasHeraklioGreece

Personalised recommendations