Lookup NU author(s): Dr Jeff Yan,
Full text for this publication is not currently held within this repository. Alternative links are provided below where available.
We systematically study the design of image recognition CAPTCHAs (IRCs) in this paper. We first review and examine all IRCs schemes known to us and evaluate each scheme against the practical requirements in CAPTCHA applications, particularly in large-scale real-life applications such as Gmail and Hotmail. Then we present a security analysis of the representative schemes we have identified. For the schemes that remain unbroken, we present our novel attacks. For the schemes for which known attacks are available, we propose a theoretical explanation why those schemes have failed. Next, we provide a simple but novel framework for guiding the design of robust IRCs. Then we propose an innovative IRC called Cortcha that is scalable to meet the requirements of large-scale applications. Cortcha relies on recognizing an object by exploiting its surrounding context, a task that humans can perform well but computers cannot. An infinite number of types of objects can be used to generate challenges, which can effectively disable the learning process in machine learning attacks. Cortcha does not require the images in its image database to be labeled. Image collection and CAPTCHA generation can be fully automated. Our usability studies indicate that, compared with Google's text CAPTCHA, Cortcha yields a slightly higher human accuracy rate but on average takes more time to solve a challenge. Copyright 2010 ACM.
Author(s): Zhu B, Yan J, Li Q, Yang C, Liu J, Xu N, Yi M, Cai K
Publication type: Conference Proceedings (inc. Abstract)
Publication status: Published
Conference Name: CCS 2010: Proceedings of the 17th ACM Conference on Computer and Communications Security
Year of Conference: 2010
Publisher: ACM Press
Library holdings: Search Newcastle University Library for this item