iCaptcha-ICC2011 - 1 iCAPTCHA: The Next Generation of...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
1 Abstract — CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) is a simple test that is easy for humans but extremely difficult for computers to solve. CAPTCHA has been widely used in commercial websites such as web-based email providers, TicketMaster, GoDaddy, and Facebook to protect their resources from attacks initiated by automatic scripts. By design, CAPTCHA is unable to distinguish between a human attacker and a legitimate human user. This leaves websites using CAPTCHA vulnerable to 3rd party human CAPTCHA attacks. In order to demonstrate the vulnerabilities in existing CAPTCHA technologies we develop a new streamlined human-based CAPTCHA attack that uses Instant Messenger infrastructure. Facing this serious human-based attack threat, we then present a new defense system called Interactive CAPTCHA (iCAPTCHA), which is the next generation of CAPTCHA technology providing the first steps toward defending against 3rd party human CAPTCHA attacks. iCAPTCHA requires a user to solve a CAPTCHA test via a series of user interactions. The multi-step back-and-forth traffic between client and server amplifies the statistical timing difference between a legitimate user and a human solver, which enables better attack detection performance. A performance and usability study of iCAPTCHA shows the proposed scheme is effective in attack detection, is easy to use, and is a viable replacement of the current text-based CAPTCHA. Index Terms — CAPTCHA, Experimentation, Human Factors, Security I. INTRODUCTION he mechanism for using randomly generated images containing words or characters for human-user validation was developed by Alta Vista in the late 1990’s [1]. The term CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford [1]. CAPTCHAs were designed to generate tests that distinguish humans from malicious computer programs. Today, CAPTCHA technology is widely used to defend against scripted registrations in web-based services such as web-based email accounts. Despite their widespread use, CAPTCHAs are not foolproof. CATPCHAs can and have been broken consistently. Besides the primary attack method Huy D. Truong is a Graduate Student at University of Central Florida, Orlando, FL 32816 USA (e-mail: htruong@knights.ucf.edu). Christopher F. Turner was with University of Central Florida, Orlando, FL 32816 USA. He is now with the Lockheed Martin Corporation, Orlando, FL 32825 USA (e-mail: ctuner80@gmail.com). Cliff C. Zou is with Electrical Engineering and Computer Science Department, University of Central Florida, Orlando, FL 32816 USA, (czou@eecs.ucf.edu). using image processing to decode CAPTCHA tests, recently
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 08/25/2011 for the course EEL 5937 taught by Professor Staff during the Spring '08 term at University of Central Florida.

Page1 / 6

iCaptcha-ICC2011 - 1 iCAPTCHA: The Next Generation of...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online