Full Program »
Emerging Image Game CAPTCHAs for Resisting Automated and Human-Solver Relay Attacks
Yet, current CAPTCHAs do not fully meet the web security
requirements. Many existing CAPTCHAs can be broken using automated
attacks based on image processing and machine learning
techniques. Moreover, most existing CAPTCHAs are completely
vulnerable to human-solver relay attacks, whereby CAPTCHA
challenges are simply outsourced to a remote human solver.
In this paper, we introduce a new class of CAPTCHAs that can
not only resist automated attacks but can also make relay attacks
hard and detectable. These CAPTCHAs are carefully built on the
notions of dynamic cognitive games (DCG) and emerging images
(EI), present in the literature. While existing CAPTCHAs based on
the DCG notion alone (e.g., an object matching game embedded in
a clear background) are prone to automated attacks and those based
on the EI notion alone (e.g., moving text embedded in emerging
images) are prone to relay attacks, we show that a careful amalgamation
of the two notions can resist both forms of attacks. Specifically,
we formalize, design and implement a concrete instantiation
of EI-DCG CAPTCHAs, and demonstrate its security with respect
to image processing and object tracking techniques as well as their
resistance to and detectability of relay attacks.
Author(s):
Song Gao
University of Alabama at Birmingham
United States
Manar Mohamed
University of Alabama at Birmingham
United States
Nitesh Saxena
University of Alabama at Birmingham
United States
Chengcui Zhang
University of Alabama at Birmingham
United States