101 research outputs found
CAPTCHA Types and Breaking Techniques: Design Issues, Challenges, and Future Research Directions
The proliferation of the Internet and mobile devices has resulted in
malicious bots access to genuine resources and data. Bots may instigate
phishing, unauthorized access, denial-of-service, and spoofing attacks to
mention a few. Authentication and testing mechanisms to verify the end-users
and prohibit malicious programs from infiltrating the services and data are
strong defense systems against malicious bots. Completely Automated Public
Turing test to tell Computers and Humans Apart (CAPTCHA) is an authentication
process to confirm that the user is a human hence, access is granted. This
paper provides an in-depth survey on CAPTCHAs and focuses on two main things:
(1) a detailed discussion on various CAPTCHA types along with their advantages,
disadvantages, and design recommendations, and (2) an in-depth analysis of
different CAPTCHA breaking techniques. The survey is based on over two hundred
studies on the subject matter conducted since 2003 to date. The analysis
reinforces the need to design more attack-resistant CAPTCHAs while keeping
their usability intact. The paper also highlights the design challenges and
open issues related to CAPTCHAs. Furthermore, it also provides useful
recommendations for breaking CAPTCHAs
The robustness of animated text CAPTCHAs
PhD ThesisCAPTCHA is standard security technology that uses AI techniques to tells computer and
human apart. The most widely used CAPTCHA are text-based CAPTCHA schemes. The
robustness and usability of these CAPTCHAs relies mainly on the segmentation resistance
mechanism that provides robustness against individual character recognition attacks.
However, many CAPTCHAs have been shown to have critical flaws caused by many
exploitable invariants in their design, leaving only a few CAPTCHA schemes resistant to
attacks, including ReCAPTCHA and the Wikipedia CAPTCHA.
Therefore, new alternative approaches to add motion to the CAPTCHA are used to add
another dimension to the character cracking algorithms by animating the distorted
characters and the background, which are also supported by tracking resistance
mechanisms that prevent the attacks from identifying the main answer through frame-toframe
attacks. These technologies are used in many of the new CAPTCHA schemes
including the Yahoo CAPTCHA, CAPTCHANIM, KillBot CAPTCHAs, non-standard
CAPTCHA and NuCAPTCHA.
Our first question: can the animated techniques included in the new CAPTCHA schemes
provide the required level of robustness against the attacks? Our examination has shown
many of the CAPTCHA schemes that use the animated features can be broken through
tracking attacks including the CAPTCHA schemes that uses complicated tracking
resistance mechanisms.
The second question: can the segmentation resistance mechanism used in the latest standard
text-based CAPTCHA schemes still provide the additional required level of resistance
against attacks that are not present missed in animated schemes? Our test against the latest
version of ReCAPTCHA and the Wikipedia CAPTCHA exposed vulnerability problems
against the novel attacks mechanisms that achieved a high success rate against them.
The third question: how much space is available to design an animated text-based
CAPTCHA scheme that could provide a good balance between security and usability? We
designed a new animated text-based CAPTCHA using guidelines we designed based on the
results of our attacks on standard and animated text-based CAPTCHAs, and we then tested
its security and usability to answer this question.
ii
In this thesis, we put forward different approaches to examining the robustness of animated
text-based CAPTCHA schemes and other standard text-based CAPTCHA schemes against
segmentation and tracking attacks. Our attacks included several methodologies that
required thinking skills in order to distinguish the animated text from the other animated
noises, including the text distorted by highly tracking resistance mechanisms that displayed
them partially as animated segments and which looked similar to noises in other
CAPTCHA schemes. These attacks also include novel attack mechanisms and other
mechanisms that uses a recognition engine supported by attacking methods that exploit the
identified invariants to recognise the connected characters at once. Our attacks also
provided a guideline for animated text-based CAPTCHAs that could provide resistance to
tracking and segmentation attacks which we designed and tested in terms of security and
usability, as mentioned before. Our research also contributes towards providing a toolbox
for breaking CAPTCHAs in addition to a list of robustness and usability issues in the
current CAPTCHA design that can be used to provide a better understanding of how to
design a more resistant CAPTCHA scheme
Research trends on CAPTCHA: A systematic literature
The advent of technology has crept into virtually all sectors and this has culminated in automated processes making use of the Internet in executing various tasks and actions. Web services have now become the trend when it comes to providing solutions to mundane tasks. However, this development comes with the bottleneck of authenticity and intent of users. Providers of these Web services, whether as a platform, as a software or as an Infrastructure use various human interaction proof’s (HIPs) to validate authenticity and intent of its users. Completely automated public turing test to tell computer and human apart (CAPTCHA), a form of IDS in web services is advantageous. Research into CAPTCHA can be grouped into two -CAPTCHA development and CAPTCH recognition. Selective learning and convolutionary neural networks (CNN) as well as deep convolutionary neural network (DCNN) have become emerging trends in both the development and recognition of CAPTCHAs. This paper reviews critically over fifty article publications that shows the current trends in the area of the CAPTCHA scheme, its development and recognition mechanisms and the way forward in helping to ensure a robust and yet secure CAPTCHA development in guiding future research endeavor in the subject domain
Hunting CAPTCHA-solving bots
openToday, smart phones have become an integral part of modern human life. By increasing CPU power and energy efficiency of these types of equipment, almost all daily routines and even personal activities of people have become dependent on these devices. By knowing the importance of these equipment in today's human life and crucial role of them to protect personal sensitive information, security and authorized access to these data are indispensable requirement in any new methods in this field of study. Today, CAPTCHAs are used to protect smart phones and computers from robot access, however most of which are broken and hacked by robots and machine learning based method. Therefore, it is necessary to provide more accurate and comprehensive algorithm in order to identify robots and prevent them from entering mobile phones
SECURITY AND USER EXPERIENCE: A HOLISTIC MODEL FOR CAPTCHA USABILITY ISSUES
CAPTCHA is a widely adopted security measure in the Web, and is designed to effectively distinguish humans and bots by exploiting human’s ability to recognize patterns that an automated bot is incapable of. To counter this, bots are being designed to recognize patterns in CAPTCHAs. As a result, CAPTCHAs are now being designed to maximize the difficulty for bots to pass human interaction proof tests, while making it quite an arduous task even for humans as well. The approachability of CAPTCHA is increasingly being questioned because of the inconvenience it causes to legitimate users. Irrespective of the popularity, CAPTCHA is indispensable if one wants to avoid potential security threats. We investigated the usability issues associated with CAPTCHA. We built a holistic model by identifying the important concepts associated with CAPTCHAs and its usability. This model can be used as a guide for the design and evaluation of CAPTCHAs
Enhancing Online Security with Image-based Captchas
Given the data loss, productivity, and financial risks posed by security breaches, there is a great need to protect online systems from automated attacks. Completely Automated Public Turing Tests to Tell Computers and Humans Apart, known as CAPTCHAs, are commonly used as one layer in providing online security. These tests are intended to be easily solvable by legitimate human users while being challenging for automated attackers to successfully complete. Traditionally, CAPTCHAs have asked users to perform tasks based on text recognition or categorization of discrete images to prove whether or not they are legitimate human users. Over time, the efficacy of these CAPTCHAs has been eroded by improved optical character recognition, image classification, and machine learning techniques that can accurately solve many CAPTCHAs at rates approaching those of humans. These CAPTCHAs can also be difficult to complete using the touch-based input methods found on widely used tablets and smartphones.;This research proposes the design of CAPTCHAs that address the shortcomings of existing implementations. These CAPTCHAs require users to perform different image-based tasks including face detection, face recognition, multimodal biometrics recognition, and object recognition to prove they are human. These are tasks that humans excel at but which remain difficult for computers to complete successfully. They can also be readily performed using click- or touch-based input methods, facilitating their use on both traditional computers and mobile devices.;Several strategies are utilized by the CAPTCHAs developed in this research to enable high human success rates while ensuring negligible automated attack success rates. One such technique, used by fgCAPTCHA, employs image quality metrics and face detection algorithms to calculate a fitness value representing the simulated performance of human users and automated attackers, respectively, at solving each generated CAPTCHA image. A genetic learning algorithm uses these fitness values to determine customized generation parameters for each CAPTCHA image. Other approaches, including gradient descent learning, artificial immune systems, and multi-stage performance-based filtering processes, are also proposed in this research to optimize the generated CAPTCHA images.;An extensive RESTful web service-based evaluation platform was developed to facilitate the testing and analysis of the CAPTCHAs developed in this research. Users recorded over 180,000 attempts at solving these CAPTCHAs using a variety of devices. The results show the designs created in this research offer high human success rates, up to 94.6\% in the case of aiCAPTCHA, while ensuring resilience against automated attacks
Mothers\u27 Adaptation to Caring for a New Baby
To date, most research on parents\u27 adjustment after adding a new baby to their family unit has focused on mothers\u27 initial transition to parenthood. This past research has examined changes in mothers\u27 marital satisfaction and perceived well-being across the transition, and has compared their prenatal expectations to their postnatal experiences. This project assessed first-time and experienced mothers\u27 stress and satisfaction associated with parenting, their adjustment to competing demands, and their perceived well-being longitudinally before and after the birth of a baby. Additionally, how maternal and child-related variables influenced the trajectory of mothers\u27 postnatal adaptation was assessed. These variables included mothers\u27 age, their education level, their prenatal expectations and postnatal experiences concerning shared infant care, their satisfaction with the division of infant caregiving, and their perceptions of their infant\u27s temperament. Mothers (N = 136) completed an online survey during their third trimester and additional online surveys when their baby was approximately 2, 4, 6, and 8 weeks old.;First-time mothers prenatally expected a more equal division of infant caregiving between themselves and their partners than did experienced mothers. Both first-time and experienced mothers reported less assistance from their partners than they had prenatally expected. Additionally, they experienced almost twice as many violated expectations than met expectations. Growth curve modeling revealed that a cubic function of time best fit the trajectory of mothers\u27 postnatal parenting satisfaction. Mothers reported less parenting satisfaction at 4 weeks, compared to 2 and 6 weeks, and reported stability in their satisfaction between 6 and 8 weeks. A quadratic function of time best fit the trajectories of mothers\u27 postnatal parenting stress and adjustment to the demands of their baby. Mothers reported more stress and difficulty adjusting to their baby\u27s demands at 4 and 6 weeks, compared to 2 and 8 weeks. A linear function of time best fit the trajectories of mothers\u27 adjustment to home demands, generalized state anxiety, and depressive symptoms. Mothers reported less difficulty meeting home demands, less generalized anxiety, and fewer depressive symptoms across the postnatal period. Mothers\u27 violated expectations were associated with level differences in all aspects of mothers\u27 postnatal adaptation except their adjustment to home demands. Specifically, more violated expectations, in number or in magnitude, were associated with poorer postnatal adaptation. Mothers\u27 violated expectations were not associated with the slope of mothers\u27 postnatal adaptation trajectories. Exploratory models revealed that other maternal and child-related variables also impacted the level and slope of mothers\u27 postnatal adaptation.;Overall, first-time and experienced mothers were more similar than different in regards to their postnatal adaptation. This study suggests that prior findings concerning adults\u27 initial transition to parenthood may also apply to adults during each addition of a new baby into the family unit. Additionally, mothers who reported less of a mismatch between their expectations and experiences concerning shared infant care had fewer issues adapting the postnatal period. Thus, methods to increase the assistance mothers receive from their partner should be sought. Limitations of this study and suggestions for future research are also discussed
- …