Attacks and design of image recognition CAPTCHAs
Attacks and design of image recognition CAPTCHAs
We systematically study the design of image recognition CAPTCHAs (IRCs) in this paper. We first review and examine all IRCs schemes known to us and evaluate each scheme against the practical requirements in CAPTCHA applications, particularly in large-scale real-life applications such as Gmail and Hotmail. Then we present a security analysis of the representative schemes we have identified. For the schemes that remain unbroken, we present our novel attacks. For the schemes for which known attacks are available, we propose a theoretical explanation why those schemes have failed. Next, we provide a simple but novel framework for guiding the design of robust IRCs. Then we propose an innovative IRC called Cortcha that is scalable to meet the requirements of large-scale applications. Cortcha relies on recognizing an object by exploiting its surrounding context, a task that humans can perform well but computers cannot. An infinite number of types of objects can be used to generate challenges, which can effectively disable the learning process in machine learning attacks. Cortcha does not require the images in its image database to be labeled. Image collection and CAPTCHA generation can be fully automated. Our usability studies indicate that, compared with Google's text CAPTCHA, Cortcha yields a slightly higher human accuracy rate but on average takes more time to solve a challenge.
CAPTCHA, Cortcha, HIP, Human interactive proof, Image recognition CAPTCHA, IRC, Object recognition, Robustness, Security
187-200
Zhu, Bin B.
ac66f851-8282-4ebf-918e-284693cc1d4f
Yan, Jeff
a2c03187-3722-46c8-b73b-439eb9d1a10e
Li, Qiujie
9d7a3317-9d7f-4e35-84a4-ba89e2b39065
Yang, Chao
0a24b74d-70a8-4f0a-ad80-74f1992f46cf
Liu, Jia
0b8a8611-d480-4611-9c81-e5a9e5eea30e
Xu, Ning
bf61c09c-898d-446b-8d00-dea5ec938797
Yi, Meng
7d61eec4-3812-4e0e-936a-a77753c87ca8
Cai, Kaiwei
31dab8df-0185-4558-97c0-5f5f4381d91f
2010
Zhu, Bin B.
ac66f851-8282-4ebf-918e-284693cc1d4f
Yan, Jeff
a2c03187-3722-46c8-b73b-439eb9d1a10e
Li, Qiujie
9d7a3317-9d7f-4e35-84a4-ba89e2b39065
Yang, Chao
0a24b74d-70a8-4f0a-ad80-74f1992f46cf
Liu, Jia
0b8a8611-d480-4611-9c81-e5a9e5eea30e
Xu, Ning
bf61c09c-898d-446b-8d00-dea5ec938797
Yi, Meng
7d61eec4-3812-4e0e-936a-a77753c87ca8
Cai, Kaiwei
31dab8df-0185-4558-97c0-5f5f4381d91f
Zhu, Bin B., Yan, Jeff, Li, Qiujie, Yang, Chao, Liu, Jia, Xu, Ning, Yi, Meng and Cai, Kaiwei
(2010)
Attacks and design of image recognition CAPTCHAs.
In CCS'10 - Proceedings of the 17th ACM Conference on Computer and Communications Security.
.
(doi:10.1145/1866307.1866329).
Record type:
Conference or Workshop Item
(Paper)
Abstract
We systematically study the design of image recognition CAPTCHAs (IRCs) in this paper. We first review and examine all IRCs schemes known to us and evaluate each scheme against the practical requirements in CAPTCHA applications, particularly in large-scale real-life applications such as Gmail and Hotmail. Then we present a security analysis of the representative schemes we have identified. For the schemes that remain unbroken, we present our novel attacks. For the schemes for which known attacks are available, we propose a theoretical explanation why those schemes have failed. Next, we provide a simple but novel framework for guiding the design of robust IRCs. Then we propose an innovative IRC called Cortcha that is scalable to meet the requirements of large-scale applications. Cortcha relies on recognizing an object by exploiting its surrounding context, a task that humans can perform well but computers cannot. An infinite number of types of objects can be used to generate challenges, which can effectively disable the learning process in machine learning attacks. Cortcha does not require the images in its image database to be labeled. Image collection and CAPTCHA generation can be fully automated. Our usability studies indicate that, compared with Google's text CAPTCHA, Cortcha yields a slightly higher human accuracy rate but on average takes more time to solve a challenge.
This record has no associated files available for download.
More information
Published date: 2010
Venue - Dates:
17th ACM Conference on Computer and Communications Security, CCS'10, , Chicago, IL, United States, 2010-10-04 - 2010-10-08
Keywords:
CAPTCHA, Cortcha, HIP, Human interactive proof, Image recognition CAPTCHA, IRC, Object recognition, Robustness, Security
Identifiers
Local EPrints ID: 500831
URI: http://eprints.soton.ac.uk/id/eprint/500831
ISSN: 1543-7221
PURE UUID: 0c9dd6e6-87d3-4b69-b149-c4dae4d04c75
Catalogue record
Date deposited: 13 May 2025 17:24
Last modified: 13 May 2025 17:24
Export record
Altmetrics
Contributors
Author:
Bin B. Zhu
Author:
Jeff Yan
Author:
Qiujie Li
Author:
Chao Yang
Author:
Jia Liu
Author:
Ning Xu
Author:
Meng Yi
Author:
Kaiwei Cai
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics