Extended Security Analysis of Hollow CaptchasShow others and affiliations
2018 (English)In: Journal of Internet Technology, ISSN 1607-9264, E-ISSN 2079-4029, Vol. 19, no 4, p. 1075-1088Article in journal (Refereed) Published
Abstract [en]
Text-based Captchas are now most widely used security technology for differentiating between computers and humans. Hollow Captchas have emerged as one of the latest designs, and they have been deployed by more and more major companies. Besides Yahoo!, Tencent, Sina, China Mobile and Baidu, some other websites, especially for higher security requirement shopping websites are also using this scheme. A main feature of such schemes is to use contour lines to form connected hollow characters with the aim of improving security and usability simultaneously. It is hard for standard techniques to segment and recognize such connected characters, which are however easy for human eyes. In this paper, we provide a systematic security analysis of hollow Captchas. We show that with a simple but novel attack, we can break most hollow Captchas with a relatively high success rate, including those deployed by the major companies. Our attack for the first time combines segmentation and recognition in a single step. We also discuss lessons and guidelines for designing better Captchas.
Place, publisher, year, edition, pages
Taiwan, Republic of China: National Dong Hwa University * Computer Center , 2018. Vol. 19, no 4, p. 1075-1088
Keywords [en]
Captcha; Hollow; Graph search; Security
National Category
Interaction Technologies
Identifiers
URN: urn:nbn:se:liu:diva-150499DOI: 10.3966/160792642018081904011ISI: 000441139700011Scopus ID: 2-s2.0-85052019803OAI: oai:DiVA.org:liu-150499DiVA, id: diva2:1241678
Note
Funding Agencies|National Natural Science Foundation of China [61472311]; Fundamental Research Funds for the Central Universities
2018-08-242018-08-242018-09-06Bibliographically approved