Issue No. 06 - Nov.-Dec. (2015 vol. 19)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MIC.2015.127
Carlos J. Hernandez-Castro , Universidad Complutense de Madrid, Spain
Maria D. R-Moreno , Universidad de Alcalá, Spain
David F. Barrero , Universidad de Alcalá, Spain
Human interactive proofs (HIPs) are a basic security measure on the Internet to avoid several types of automatic attacks. A variety of designs have been proposed. Here, the authors focus on a new type of HIP, based on a puzzle completion scheme that has been created to increase security and usability: the Capy CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). Analyzing its design, the authors find important flaws and weaknesses, and propose a low-cost, side-channel attack, using JPEG to measure the image's continuity. Their attack has a 65 percent success rate. After analyzing experimental results, they extended their approach to other puzzle CAPTCHAs, breaking them at 20 percent (KeyCAPTCHA) and 98 percent (Garb) success ratios.
CAPTCHAs, Transform coding, Image color analysis, Image coding, Discrete cosine transforms, Internet
C. J. Hernandez-Castro, M. D. R-Moreno and D. F. Barrero, "Using JPEG to Measure Image Continuity and Break Capy and Other Puzzle CAPTCHAs," in IEEE Internet Computing, vol. 19, no. 6, pp. 46-53, 2015.