Enhancing Online Security with Image-based Captchas

Given the data loss, productivity, and financial risks posed by security breaches, there is a great need to protect online systems from automated attacks. Completely Automated Public Turing Tests to Tell Computers and Humans Apart, known as CAPTCHAs, are commonly used as one layer in providing online security. These tests are intended to be easily solvable by legitimate human users while being challenging for automated attackers to successfully complete. Traditionally, CAPTCHAs have asked users to perform tasks based on text recognition or categorization of discrete images to prove whether or not they are legitimate human users. Over time, the efficacy of these CAPTCHAs has been eroded by improved optical character recognition, image classification, and machine learning techniques that can accurately solve many CAPTCHAs at rates approaching those of humans. These CAPTCHAs can also be difficult to complete using the touch-based input methods found on widely used tablets and smartphones.;This research proposes the design of CAPTCHAs that address the shortcomings of existing implementations. These CAPTCHAs require users to perform different image-based tasks including face detection, face recognition, multimodal biometrics recognition, and object recognition to prove they are human. These are tasks that humans excel at but which remain difficult for computers to complete successfully. They can also be readily performed using click- or touch-based input methods, facilitating their use on both traditional computers and mobile devices.;Several strategies are utilized by the CAPTCHAs developed in this research to enable high human success rates while ensuring negligible automated attack success rates. One such technique, used by fgCAPTCHA, employs image quality metrics and face detection algorithms to calculate a fitness value representing the simulated performance of human users and automated attackers, respectively, at solving each generated CAPTCHA image. A genetic learning algorithm uses these fitness values to determine customized generation parameters for each CAPTCHA image. Other approaches, including gradient descent learning, artificial immune systems, and multi-stage performance-based filtering processes, are also proposed in this research to optimize the generated CAPTCHA images.;An extensive RESTful web service-based evaluation platform was developed to facilitate the testing and analysis of the CAPTCHAs developed in this research. Users recorded over 180,000 attempts at solving these CAPTCHAs using a variety of devices. The results show the designs created in this research offer high human success rates, up to 94.6\% in the case of aiCAPTCHA, while ensuring resilience against automated attacks

Mothers\u27 Adaptation to Caring for a New Baby

To date, most research on parents\u27 adjustment after adding a new baby to their family unit has focused on mothers\u27 initial transition to parenthood. This past research has examined changes in mothers\u27 marital satisfaction and perceived well-being across the transition, and has compared their prenatal expectations to their postnatal experiences. This project assessed first-time and experienced mothers\u27 stress and satisfaction associated with parenting, their adjustment to competing demands, and their perceived well-being longitudinally before and after the birth of a baby. Additionally, how maternal and child-related variables influenced the trajectory of mothers\u27 postnatal adaptation was assessed. These variables included mothers\u27 age, their education level, their prenatal expectations and postnatal experiences concerning shared infant care, their satisfaction with the division of infant caregiving, and their perceptions of their infant\u27s temperament. Mothers (N = 136) completed an online survey during their third trimester and additional online surveys when their baby was approximately 2, 4, 6, and 8 weeks old.;First-time mothers prenatally expected a more equal division of infant caregiving between themselves and their partners than did experienced mothers. Both first-time and experienced mothers reported less assistance from their partners than they had prenatally expected. Additionally, they experienced almost twice as many violated expectations than met expectations. Growth curve modeling revealed that a cubic function of time best fit the trajectory of mothers\u27 postnatal parenting satisfaction. Mothers reported less parenting satisfaction at 4 weeks, compared to 2 and 6 weeks, and reported stability in their satisfaction between 6 and 8 weeks. A quadratic function of time best fit the trajectories of mothers\u27 postnatal parenting stress and adjustment to the demands of their baby. Mothers reported more stress and difficulty adjusting to their baby\u27s demands at 4 and 6 weeks, compared to 2 and 8 weeks. A linear function of time best fit the trajectories of mothers\u27 adjustment to home demands, generalized state anxiety, and depressive symptoms. Mothers reported less difficulty meeting home demands, less generalized anxiety, and fewer depressive symptoms across the postnatal period. Mothers\u27 violated expectations were associated with level differences in all aspects of mothers\u27 postnatal adaptation except their adjustment to home demands. Specifically, more violated expectations, in number or in magnitude, were associated with poorer postnatal adaptation. Mothers\u27 violated expectations were not associated with the slope of mothers\u27 postnatal adaptation trajectories. Exploratory models revealed that other maternal and child-related variables also impacted the level and slope of mothers\u27 postnatal adaptation.;Overall, first-time and experienced mothers were more similar than different in regards to their postnatal adaptation. This study suggests that prior findings concerning adults\u27 initial transition to parenthood may also apply to adults during each addition of a new baby into the family unit. Additionally, mothers who reported less of a mismatch between their expectations and experiences concerning shared infant care had fewer issues adapting the postnatal period. Thus, methods to increase the assistance mothers receive from their partner should be sought. Limitations of this study and suggestions for future research are also discussed

An Accessible Web CAPTCHA Design for Visually Impaired Users

In the realm of computing, CAPTCHAs are used to determine if a user engaging with a system is a person or a bot. The most common CAPTCHAs are visual in nature, requiring users to recognize images comprising distorted characters or objects. For people with visual impairments, audio CAPTCHAs are accessible alternatives to standard visual CAPTCHAs. Users are required to enter or say the words in an audio-clip when using Audio CAPTCHAs. However, this approach is time-consuming and vulnerable to machine learning algorithms, since automated speech recognition (ASR) systems could eventually understand the content of audio with the improvement of the technique. While adding background noise may deceive ASR systems temporarily, it may cause people to have difficulties de- ciphering the information, thus reducing usability. To address this, we designed a more secure and accessible web CAPTCHA based on the capabilities of people with visually impairments, obviating the need for sight via the use of audio and movement, while also using object detection techniques to enhance the accessibility of the CAPTCHA

A Novel Design of Audio CAPTCHA for Visually Impaired Users

CAPTCHAs are widely used by web applications for the purpose of security and privacy. However, traditional text-based CAPTCHAs are not suitable for sighted users much less users with visual impairments. To address the issue, this paper proposes a new mechanism for CAPTCHA called HearAct, which is a real-time audio-based CAPTCHA that enables easy access for users with visual impairments. The user listens to the sound of something (the “sound-maker”), and he/she must identify what the sound-maker is. After that, HearAct identifies a word and requires the user to analyze a word and determine whether it has the stated letter or not. If the word has the letter, the user must tap and if not, they swipe. This paper presents our HearAct pilot study conducted with thirteen blind users. The preliminary user study results suggest the new form of CAPTCHA has a lot of potential for both blind and visual users. The results also show that the HearAct CAPTCHA can be solved in a shorter time than the text-based CAPTCHAs because HearAct allows users to solve the CAPTCHA using gestures instead of typing. Thus, participants preferred HearAct over audio-based CAPTCHAs. The results of the study also show that the success rate of solving the HearAct CAPTCHA is 82.05% and 43.58% for audio CAPTCHA. A significant usability differences between the System Usability score for HearAct CAPTCHA method was 88.07 compared to audio CAPTCHA was 52.11%. Using gestures to solve the CAPTCHA challenge is the most preferable feature in the HearAct solution. To increase the security of HearAct, it is necessary to increase the number of sounds in the CAPTCHA. There is also a need to improve the CAPTCHA solution to cover wide range of users by adding corresponding image with each sound to meet deaf users’ needs; they then need to identify the spelling of the sound maker’s word

Privacy-preserving, User-centric VoIP CAPTCHA Challenges: an Integrated Solution in the SIP Environment

Purpose – This work aims to argue that it is possible to address discrimination issues that naturally arise in contemporary audio CAPTCHA challenges and potentially enhance the effectiveness of audio CAPTCHA systems by adapting the challenges to the user characteristics. Design/methodology/approach – A prototype has been designed, called PrivCAPTCHA, to offer privacy-preserving, user-centric CAPTCHA challenges. Anonymous credential proofs are integrated into the Session Initiation Protocol (SIP) protocol and the approach is evaluated in a real-world Voice over Internet Protocol (VoIP) environment. Findings – The results of this work indicate that it is possible to create VoIP CAPTCHA services offering privacy-preserving, user-centric challenges while maintaining sufficient efficiency. Research limitations/implications – The proposed approach was evaluated through an experimental implementation to demonstrate its feasibility. Additional features, such as appropriate user interfaces and efficiency optimisations, would be useful for a commercial product. Security measures to protect the system from attacks against the SIP protocol would be useful to counteract the effects of the introduced overhead. Future research could investigate the use of this approach on non-audio CAPTCHA services. Practical implications – PrivCAPTCHA is expected to achieve fairer, non-discriminating CAPTCHA services while protecting the user’s privacy. Adoption success relies upon the general need for employment of privacy-preserving practices in electronic interactions. Social implications – This approach is expected to enhance the quality of life of users, who will now receive CAPTCHA challenges closer to their characteristics. This applies especially to users with disabilities. Additionally, as a privacy-preserving service, this approach is expected to increase trust during the use of services that use it. Originality/value – To the best of authors’ knowledge, this is the first comprehensive proposal for privacy-preserving CAPTCHA challenge adaptation. The proposed system aims at providing an improved CAPTCHA service that is more appropriate for and trusted by human users

CAPTCHA Types and Breaking Techniques: Design Issues, Challenges, and Future Research Directions

The proliferation of the Internet and mobile devices has resulted in malicious bots access to genuine resources and data. Bots may instigate phishing, unauthorized access, denial-of-service, and spoofing attacks to mention a few. Authentication and testing mechanisms to verify the end-users and prohibit malicious programs from infiltrating the services and data are strong defense systems against malicious bots. Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) is an authentication process to confirm that the user is a human hence, access is granted. This paper provides an in-depth survey on CAPTCHAs and focuses on two main things: (1) a detailed discussion on various CAPTCHA types along with their advantages, disadvantages, and design recommendations, and (2) an in-depth analysis of different CAPTCHA breaking techniques. The survey is based on over two hundred studies on the subject matter conducted since 2003 to date. The analysis reinforces the need to design more attack-resistant CAPTCHAs while keeping their usability intact. The paper also highlights the design challenges and open issues related to CAPTCHAs. Furthermore, it also provides useful recommendations for breaking CAPTCHAs

An Empirical Study & Evaluation of Modern CAPTCHAs

For nearly two decades, CAPTCHAs have been widely used as a means of protection against bots. Throughout the years, as their use grew, techniques to defeat or bypass CAPTCHAs have continued to improve. Meanwhile, CAPTCHAs have also evolved in terms of sophistication and diversity, becoming increasingly difficult to solve for both bots (machines) and humans. Given this long-standing and still-ongoing arms race, it is critical to investigate how long it takes legitimate users to solve modern CAPTCHAs, and how they are perceived by those users. In this work, we explore CAPTCHAs in the wild by evaluating users' solving performance and perceptions of unmodified currently-deployed CAPTCHAs. We obtain this data through manual inspection of popular websites and user studies in which 1,400 participants collectively solved 14,000 CAPTCHAs. Results show significant differences between the most popular types of CAPTCHAs: surprisingly, solving time and user perception are not always correlated. We performed a comparative study to investigate the effect of experimental context -- specifically the difference between solving CAPTCHAs directly versus solving them as part of a more natural task, such as account creation. Whilst there were several potential confounding factors, our results show that experimental context could have an impact on this task, and must be taken into account in future CAPTCHA studies. Finally, we investigate CAPTCHA-induced user task abandonment by analyzing participants who start and do not complete the task.Comment: Accepted at USENIX Security 202

jCAPTCHA: Accessible Human Validation

CAPTCHAs are a widely deployed mechanism for ensuring that a web site user is a human, and not a software agent. They ought to be relatively easy for a human to solve, but hard for software to interpret. Most CAPTCHAs are visual, and this marginalises users with visual impairments. A variety of audible CAPTCHAs have been trialled but these have not been very successful, largely because they are easily interpreted by automated tools and, at the same time, tend to be too challenging for the very humans they are supposed to verify. In this paper an alternative audio CAPTCHA, jCAPTCHA (Jumbled Words CAPTCHA), is presented. We report on the evaluation of jCAPTCHA by 272 human users, of whom 169 used screen readers, both in terms of usability and resistance to software interpretation

An Audio CAPTCHA to Distinguish Humans from Computers

Cette semaine, un jeune triton marbré a posé ses valises à l'entrée de la cavité. Nouvelle mascotte de l'équipe, il nous a incité à créer ue nouvelle rubrique sur le blog, dédiée aux "autres occupants" de la cavité. Merci de vos éclairages à venir sur l'identification de certaines bestioles encore inconnues des membres de l'équipe