Security Analysis of CAPTCHA

Chandavale, Anjali Avinash; Sapkal, A.

doi:10.1007/978-3-642-34135-9_10

Security Analysis of CAPTCHA

Anjali Avinash Chandavale⁵ &
A. Sapkal⁶

Conference paper

1355 Accesses
4 Citations

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 335))

Abstract

CAPTCHA stands for Completely Automated Public Turing test to distinguish Computers and Humans apart. CAPTCHA is a program which can generate and grade the tests that it itself cannot pass. The security aspect of CAPTCHA should be such that none of the computer program should be able to pass the tests generated by it even if the knowledge of the exact working of the CAPTCHA is known. The effectiveness of CAPTCHA of a given strength is determined by how frequently the guesses of CAPTCHA can be tested by an attacker. This paper proposes a simple and uniform framework for the assessment of security and usability of CAPTCHA that arbitrary compositions of security measures can provide”. In this sentence instead of ”a simple and uniform framework”, use ”parameters”. This paper proposes parameters for the assessment of security and usability of CAPTCHA that arbitrary compositions of security measures can provide.The pre-processing attack on targeted CAPTCHA is demonstrated having success rate of approximately 97% which in turn helps to build more robust and human friendly CAPTCHA. The universal structure for segmentation attack is framed to analyze security of CAPTCHA.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Kato, N., Suzuki, M., Omachi, S., Aso, H., Nemoto, Y.: A handwritten character recognition system using directional element feature and asymmetric Mahalanobis distance. IEEE Trans. on Pattern Analysis and Machine Intelligence 21(3), 258–262 (1999)
Article Google Scholar
Lu, Y.: Machine Printed Character Segmentation-An Overview. Pattern Recognition 28(1), 67–80 (1995)
Article Google Scholar
von Ahn, L., Blum, M., Langford, J.: Telling humans and computers apart (automatically), CMU Tech. Report CMUCS-02-117 (2002)
Google Scholar
von Ahn, L., Blum, M., Hopper, N.J.: CAPTCHA: Using Hard AI Problems for Security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 294–311. Springer, Heidelberg (2003)
Chapter Google Scholar
Mori, G., Malik, J.: Recognizing Objects in Adversarial Clutter: Breaking a Visual CAPTCHA. In: Proc. IEEE Conf. Computer Vision and Pattern Recognition, vol. 1, pp. 134–141 (2003)
Google Scholar
Moy, G., Jones, N., Harkless, C., Potter, R.: Distortion Estimation Techniques in Solving Visual CAPTCHAs. In: IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR 2004), vol. 2, pp. 23–28 (2004)
Google Scholar
Chellapilla, K., Larson, K., Simard, P.Y., Czerwinski, M.: Building Segmentation Based Human-Friendly Human Interaction Proofs (HIPs). In: Baird, H.S., Lopresti, D.P. (eds.) HIP 2005. LNCS, vol. 3517, pp. 1–26. Springer, Heidelberg (2005)
Chapter Google Scholar
Yan, J., Ahmad, A.E.: A Low-cost Attack on a Microsoft CAPTCHA. Technical report, School of Computing Science, Newcastle University, UK (2008)
Google Scholar
Rabkin, A.: Personal knowledge questions for fallback authentication: Security questions in the era of Face book. In: IEEE Symposium on Usable Privacy and Security, SOUPS 2008 (July 2008)
Google Scholar
Chandavale, A.A., Sapkal, A.M., Jalnekar, R.M.: A framework to analyze security of Text based CAPTCHA. International Journal of Forensics and Computer Application (February 2010)
Google Scholar
Converse, T.: CAPTCHA Generation as a Web Service. In: Baird, H.S., Lopresti, D.P. (eds.) HIP 2005. LNCS, vol. 3517, pp. 82–96. Springer, Heidelberg (2005)
Chapter Google Scholar
Ahmad, A.E., Yan, J.: Colour, Usability and Security: A Case Study. Tech. report CS-TR 1203, School of Computing Science, Newcastle Univ. (May 2010), www.cs.ncl.ac.uk/publications/trs/papers/1203.pdf

Download references

Author information

Authors and Affiliations

IEEE, India
Anjali Avinash Chandavale
LMIETE, India
A. Sapkal

Authors

Anjali Avinash Chandavale
View author publications
You can also search for this author in PubMed Google Scholar
A. Sapkal
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Indian Institute of Information Technology and Management, Technopark Campus, 695581, Trivandrum, Kerala, India
Sabu M. Thampi & Tony Thomas &
School of Information Technologies, The University of Sydney, Building J12, 2006, Sydney, NSW, Australia
Albert Y. Zomaya
FG Peer-to-Peer-Netzwerke, TU Darmstadt - FB 20, Hochschulstr. 10, 64289, Darmstadt, Germany
Thorsten Strufe
Hewlett-Packard Laboratories, Stoke Gifford, BS34 8QZ, Bristol, UK
Jose M. Alcaraz Calero

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Chandavale, A.A., Sapkal, A. (2012). Security Analysis of CAPTCHA. In: Thampi, S.M., Zomaya, A.Y., Strufe, T., Alcaraz Calero, J.M., Thomas, T. (eds) Recent Trends in Computer Networks and Distributed Systems Security. SNDS 2012. Communications in Computer and Information Science, vol 335. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34135-9_10

Download citation

DOI: https://doi.org/10.1007/978-3-642-34135-9_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34134-2
Online ISBN: 978-3-642-34135-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics