Featured Research

from universities, journals, and other organizations

Better than CAPTCHA: Improved method to let computers know you are human

Date:
August 25, 2014
Source:
University of Alabama at Birmingham
Summary:
Researchers are investigating game-based verification that may improve computer security and reduce user frustration compared to typical “type-what-you-see” CAPTCHA tools that use static images.

CAPTCHA services that require users to recognize and type in static distorted characters may be a method of the past, according to studies published by researchers at the University of Alabama at Birmingham.

Related Articles


CAPTCHAs represent a security mechanism that is often seen as a necessary hassle by Web services providers -- necessary because they seek to prevent Web resource abuse, yet a hassle because the representation of a CAPTCHA may not be easy to solve. Moreover, successful attacks have been developed against many existing CAPTCHA schemes.

Nitesh Saxena, Ph.D., associate professor of the Department of Computer and Information Sciences and information assurance pillar co-leader of the Center for Information Assurance and Joint Forensics Research, led a team that investigated the security and usability of the next generation of CAPTCHAs that are based on simple computer games.

The UAB researchers focused on a broad form of gamelike CAPTCHAs, called dynamic cognitive game, or DCG, CAPTCHAs, which challenge the user to perform a gamelike cognitive task interacting with a series of dynamic images. For example, in a "ship parking" DCG challenge, the user is required to identify the boat from a set of moving objects and drag-and-drop it to the available "dock" location.

The puzzle is easy for the human user to solve, but may be difficult for a computer program to figure out. Also, its gamelike nature may make the process more engaging for the user compared to conventional text-based CAPTCHAs.

Saxena's team set out to investigate the effectiveness of DCG CAPTCHAs. They first created dynamic cognitive game prototypes to represent a common type of DCG CAPTCHA, then developed a novel, fully automated attack framework to break these DCG challenges.

"The attack is based on computer vision techniques and can automatically solve new game challenges based on knowledge present in a 'dictionary' built from past challenges," said Song Gao, a UAB doctoral student and a co-author on the project.

"In traditional CAPTCHA systems, computers may have a hard time figuring out what the distorted characters are -- but trained humans can do it in seconds," Saxena said. "The trouble is that criminals have figured out that they can pay people -- a penny or less per time -- to sit in front of a screen and 'solve' CAPTCHAs to let them do what they want. This is known as a CAPTCHA relay attack."

"Most existing varieties of CAPTCHAs are completely vulnerable to such relay attacks," said Manar Mohamed, a UAB doctoral student and another co-author on the papers. "Our research shows that DCG CAPTCHAs appear to be one of the first CAPTCHA schemes that enable reliable detection of relay attacks."

By the time the solver provides the location of moving objects in the given challenge frame, the objects themselves would have moved to other places, which makes the provided information inaccurate. The Web robot attempting the breach could not pass the challenge due either to time out or to generating too many incorrect drag-and-drop operations, which would be recognized by the backend server as different from normal human behavior. As a result, the DCG CAPTCHAs can provide protection against relay attack to some extent.

The usability studies of these DCG CAPTCHAs conducted by the team indicate a more user-friendly and playful design direction compared to the conventional text-based CAPTCHAs.

The research team is now working toward re-designing DCG CAPTCHAs so that automated or semi-automated attacks can be made difficult while still retaining their inherent usability advantages and tolerance to relay attacks. The team has been working with companies such as Are You a Human which have been offering the first commercial instantiation of DCG CAPTCHAs.

The research is funded in part by a grant from the National Science Foundation and a research award from Comcast. Several studies have been done in conjunction with this research.

The project resulted in three publications at prime security conferences. One study, in collaboration with the Indraprastha Institute of Information Technology in India, Carleton University and Virginia State University, was recently presented at the ACM Symposium on Information, Computer and Communications Security. Another study completed by Saxena and his research team at UAB was presented at the Usability Workshop at the Network and Distributed System Security Symposium. A final study appeared at the IEEE International Conference on Multimedia and Expo. Chengcui Zhang, Ph.D., also an associate professor of Computer and Information Sciences, is a faculty co-author on the project.


Story Source:

The above story is based on materials provided by University of Alabama at Birmingham. Note: Materials may be edited for content and length.


Cite This Page:

University of Alabama at Birmingham. "Better than CAPTCHA: Improved method to let computers know you are human." ScienceDaily. ScienceDaily, 25 August 2014. <www.sciencedaily.com/releases/2014/08/140825185507.htm>.
University of Alabama at Birmingham. (2014, August 25). Better than CAPTCHA: Improved method to let computers know you are human. ScienceDaily. Retrieved October 25, 2014 from www.sciencedaily.com/releases/2014/08/140825185507.htm
University of Alabama at Birmingham. "Better than CAPTCHA: Improved method to let computers know you are human." ScienceDaily. www.sciencedaily.com/releases/2014/08/140825185507.htm (accessed October 25, 2014).

Share This



More Computers & Math News

Saturday, October 25, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Real-Life Transformer Robot Walks, Then Folds Into a Car

Real-Life Transformer Robot Walks, Then Folds Into a Car

Buzz60 (Oct. 24, 2014) — Brave Robotics and Asratec teamed with original Transformers toy company Tomy to create a functional 5-foot-tall humanoid robot that can march and fold itself into a 3-foot-long sports car. Jen Markham has the story. Video provided by Buzz60
Powered by NewsLook.com
Microsoft Riding High On Strong Surface, Cloud Performance

Microsoft Riding High On Strong Surface, Cloud Performance

Newsy (Oct. 24, 2014) — Microsoft's Q3 earnings showed its tablets and cloud services are really hitting their stride. Video provided by Newsy
Powered by NewsLook.com
The Best Apps to Organize Your Life

The Best Apps to Organize Your Life

Buzz60 (Oct. 23, 2014) — Need help organizing your bills, schedules and other things? Ko Im (@konakafe) has the best apps to help you stay on top of it all! Video provided by Buzz60
Powered by NewsLook.com
Nike And Apple Team Up To Create Wearable ... Something

Nike And Apple Team Up To Create Wearable ... Something

Newsy (Oct. 23, 2014) — For those looking for wearable tech that's significantly less nerdy than Google Glass, Nike CEO Mark Parker says don't worry, It's on the way. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
 
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:  

Breaking News:

Strange & Offbeat Stories

 

Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:  

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile iPhone Android Web
Follow Facebook Twitter Google+
Subscribe RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins