The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.04 - July/August (2009 vol.7)
pp: 22-28
Jeff Yan , Newcastle University, England
ABSTRACT
CAPTCHAs have been widely used across the Internet to defend against undesirable or malicious bot programs. In this article, the authors describe the security of a CAPTCHA reported in a recent peer-reviewed paper and deployed on the Internet. They show that although this scheme was effectively resistant to one of the best optical character recognition programs on the market, they could break it with a success rate of higher than 90 percent by using a simple but novel attack. In contrast to early work that relied on sophisticated computer vision or machine learning algorithms, they used simple pattern recognition algorithms that exploited fatal design errors. The main contribution of their work is that simply counting the pixels in a CAPTCHA's characters can be a very powerful attack.
INDEX TERMS
CAPTCHA, security, pixel count, dictionary attacks
CITATION
Jeff Yan, "CAPTCHA Security: A Case Study", IEEE Security & Privacy, vol.7, no. 4, pp. 22-28, July/August 2009, doi:10.1109/MSP.2009.84
REFERENCES
1. L. Von Ahn, M. Blum, and J. Langford, "Telling Humans and Computers Apart Automatically," Comm. ACM, vol. 47, no. 2, 2004, pp. 56–60.
2. J. Yan and A.S. El Ahmad, "A Low-Cost Attack on a Microsoft CAPTCHA," Proc. 15th ACM Conf. Computer and Communications Security (CCS 08), ACM Press, 2008, pp. 543–554.
3. T. Converse, "CAPTCHA Generation as a Web Service," Proc. 2nd Int'l Workshop on Human Interactive Proofs (HIP 05), LNCS 3517, H.S. Baird, and D.P. Lopresti eds., Springer-Verlag, 2005, pp. 82–96.
4. J. Yan, and A.S. El Ahmad, "Breaking Visual CAPTCHAs with Naïve Pattern Recognition Algorithms," Proc. 23rd Annual Computer Security Applications Conf. (ACSAC 07), IEEE CS Press, 2007, pp. 279–291.
5. G. Mori and J. Malik, "Recognising Objects in Adversarial Clutter: Breaking a Visual CAPTCHA," Proc. IEEE Conf. Computer Vision and Pattern Recognition, IEEE CS Press, 2003, pp. 134–141.
6. G. Moy et al., "Distortion Estimation Techniques in Solving Visual CAPTCHAs," Proc. IEEE Conf. Computer Vision and Pattern Recognition, IEEE CS Press, 2004, pp. 23–28.
7. K. Chellapilla et al., "Designing Human Friendly Human Interaction Proofs," Proc. ACM Conf. Human Factors in Computing Systems (CHI 05), ACM Press, 2005, pp. 711–720.
38 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool