Using machine learning to identify common flaws in CAPTCHA design: FunCAPTCHA case analysis. Issue 70 (September 2017)
- Record Type:
- Journal Article
- Title:
- Using machine learning to identify common flaws in CAPTCHA design: FunCAPTCHA case analysis. Issue 70 (September 2017)
- Main Title:
- Using machine learning to identify common flaws in CAPTCHA design: FunCAPTCHA case analysis
- Authors:
- Hernández-Castro, Carlos Javier
R-Moreno, María D.
Barrero, David F.
Gibson, Stuart - Abstract:
- Abstract: Human Interactive Proofs (HIPs 1 or CAPTCHAs 2 ) have become a first-level security measure on the Internet to avoid automatic attacks or minimize their effects. All the most widespread, successful or interesting CAPTCHA designs put to scrutiny have been successfully broken. Many of these attacks have been side-channel attacks. New designs are proposed to tackle these security problems while improving the human interface. FunCAPTCHA is the first commercial implementation of a gender classification CAPTCHA, with reported improvements in conversion rates. This article finds weaknesses in the security of FunCAPTCHA and uses simple machine learning (ML) analysis to test them. It shows a side-channel attack that leverages these flaws and successfully solves FunCAPTCHA on 90% of occasions without using meaningful image analysis. This simple yet effective security analysis can be applied with minor modifications to other HIPs proposals, allowing to check whether they leak enough information that would in turn allow for simple side-channel attacks.
- Is Part Of:
- Computers & security. Issue 70(2017)
- Journal:
- Computers & security
- Issue:
- Issue 70(2017)
- Issue Display:
- Volume 70, Issue 70 (2017)
- Year:
- 2017
- Volume:
- 70
- Issue:
- 70
- Issue Sort Value:
- 2017-0070-0070-0000
- Page Start:
- 744
- Page End:
- 756
- Publication Date:
- 2017-09
- Subjects:
- HIP -- CAPTCHA -- Machine learning -- Gender classification -- Side-channel attack
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2017.05.005 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 14526.xml