Featured Research

from universities, journals, and other organizations

Better than CAPTCHA: Improved method to let computers know you are human

Date:
August 25, 2014
Source:
University of Alabama at Birmingham
Summary:
Researchers are investigating game-based verification that may improve computer security and reduce user frustration compared to typical “type-what-you-see” CAPTCHA tools that use static images.

CAPTCHA services that require users to recognize and type in static distorted characters may be a method of the past, according to studies published by researchers at the University of Alabama at Birmingham.

Related Articles


CAPTCHAs represent a security mechanism that is often seen as a necessary hassle by Web services providers -- necessary because they seek to prevent Web resource abuse, yet a hassle because the representation of a CAPTCHA may not be easy to solve. Moreover, successful attacks have been developed against many existing CAPTCHA schemes.

Nitesh Saxena, Ph.D., associate professor of the Department of Computer and Information Sciences and information assurance pillar co-leader of the Center for Information Assurance and Joint Forensics Research, led a team that investigated the security and usability of the next generation of CAPTCHAs that are based on simple computer games.

The UAB researchers focused on a broad form of gamelike CAPTCHAs, called dynamic cognitive game, or DCG, CAPTCHAs, which challenge the user to perform a gamelike cognitive task interacting with a series of dynamic images. For example, in a "ship parking" DCG challenge, the user is required to identify the boat from a set of moving objects and drag-and-drop it to the available "dock" location.

The puzzle is easy for the human user to solve, but may be difficult for a computer program to figure out. Also, its gamelike nature may make the process more engaging for the user compared to conventional text-based CAPTCHAs.

Saxena's team set out to investigate the effectiveness of DCG CAPTCHAs. They first created dynamic cognitive game prototypes to represent a common type of DCG CAPTCHA, then developed a novel, fully automated attack framework to break these DCG challenges.

"The attack is based on computer vision techniques and can automatically solve new game challenges based on knowledge present in a 'dictionary' built from past challenges," said Song Gao, a UAB doctoral student and a co-author on the project.

"In traditional CAPTCHA systems, computers may have a hard time figuring out what the distorted characters are -- but trained humans can do it in seconds," Saxena said. "The trouble is that criminals have figured out that they can pay people -- a penny or less per time -- to sit in front of a screen and 'solve' CAPTCHAs to let them do what they want. This is known as a CAPTCHA relay attack."

"Most existing varieties of CAPTCHAs are completely vulnerable to such relay attacks," said Manar Mohamed, a UAB doctoral student and another co-author on the papers. "Our research shows that DCG CAPTCHAs appear to be one of the first CAPTCHA schemes that enable reliable detection of relay attacks."

By the time the solver provides the location of moving objects in the given challenge frame, the objects themselves would have moved to other places, which makes the provided information inaccurate. The Web robot attempting the breach could not pass the challenge due either to time out or to generating too many incorrect drag-and-drop operations, which would be recognized by the backend server as different from normal human behavior. As a result, the DCG CAPTCHAs can provide protection against relay attack to some extent.

The usability studies of these DCG CAPTCHAs conducted by the team indicate a more user-friendly and playful design direction compared to the conventional text-based CAPTCHAs.

The research team is now working toward re-designing DCG CAPTCHAs so that automated or semi-automated attacks can be made difficult while still retaining their inherent usability advantages and tolerance to relay attacks. The team has been working with companies such as Are You a Human which have been offering the first commercial instantiation of DCG CAPTCHAs.

The research is funded in part by a grant from the National Science Foundation and a research award from Comcast. Several studies have been done in conjunction with this research.

The project resulted in three publications at prime security conferences. One study, in collaboration with the Indraprastha Institute of Information Technology in India, Carleton University and Virginia State University, was recently presented at the ACM Symposium on Information, Computer and Communications Security. Another study completed by Saxena and his research team at UAB was presented at the Usability Workshop at the Network and Distributed System Security Symposium. A final study appeared at the IEEE International Conference on Multimedia and Expo. Chengcui Zhang, Ph.D., also an associate professor of Computer and Information Sciences, is a faculty co-author on the project.


Story Source:

The above story is based on materials provided by University of Alabama at Birmingham. Note: Materials may be edited for content and length.


Cite This Page:

University of Alabama at Birmingham. "Better than CAPTCHA: Improved method to let computers know you are human." ScienceDaily. ScienceDaily, 25 August 2014. <www.sciencedaily.com/releases/2014/08/140825185507.htm>.
University of Alabama at Birmingham. (2014, August 25). Better than CAPTCHA: Improved method to let computers know you are human. ScienceDaily. Retrieved December 18, 2014 from www.sciencedaily.com/releases/2014/08/140825185507.htm
University of Alabama at Birmingham. "Better than CAPTCHA: Improved method to let computers know you are human." ScienceDaily. www.sciencedaily.com/releases/2014/08/140825185507.htm (accessed December 18, 2014).

Share This


More From ScienceDaily



More Computers & Math News

Thursday, December 18, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Jaguar Unveils 360 Virtual Windshield Making Car Pillars Appear Transparent

Jaguar Unveils 360 Virtual Windshield Making Car Pillars Appear Transparent

Buzz60 (Dec. 17, 2014) Jaguar unveils a virtual 360 degree windshield that may be the most futuristic automotive development yet. Jen Markham explains. Video provided by Buzz60
Powered by NewsLook.com
BlackBerry Launches Classic Smartphone

BlackBerry Launches Classic Smartphone

AP (Dec. 17, 2014) BlackBerry is returning to its roots with a new smartphone called the Classic, featuring a traditional keyboard at a time when rival Apple and Android phones - and most smartphone customers - have embraced touch screens. (Dec. 17) Video provided by AP
Powered by NewsLook.com
The Future of Work, Skills & Careers in a Digital World-Dr. Tracy Wilen

The Future of Work, Skills & Careers in a Digital World-Dr. Tracy Wilen

Working Mother (Dec. 16, 2014) 2014 Worklife Congress Video provided by Working Mother
Powered by NewsLook.com
Tech Companies Make Holiday Shopping Easier Than Ever

Tech Companies Make Holiday Shopping Easier Than Ever

Newsy (Dec. 16, 2014) Innovative new services allow consumers to shop with their smartphones, split bills and even haggle. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:

Strange & Offbeat Stories


Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins