Over the last years, most websites on which users can register (e.g., email
providers and social networks) adopted CAPTCHAs (Completely Automated Public
Turing test to tell Computers and Humans Apart) as a countermeasure against
automated attacks. The battle of wits between designers and attackers of
CAPTCHAs led to current ones being annoying and hard to solve for users, while
still being vulnerable to automated attacks.
In this paper, we propose CAPTCHaStar, a new image-based CAPTCHA that relies
on user interaction. This novel CAPTCHA leverages the innate human ability to
recognize shapes in a confused environment. We assess the effectiveness of our
proposal for the two key aspects for CAPTCHAs, i.e., usability, and resiliency
to automated attacks. In particular, we evaluated the usability, carrying out a
thorough user study, and we tested the resiliency of our proposal against
several types of automated attacks: traditional ones; designed ad-hoc for our
proposal; and based on machine learning. Compared to the state of the art, our
proposal is more user friendly (e.g., only some 35% of the users prefer current
solutions, such as text-based CAPTCHAs) and more resilient to automated
attacks.Comment: 15 page