Abstract | ||
---|---|---|
Captcha is a security mechanism designed to differentiate between computers and humans, and is used to defend against malicious bot programs. Text-based Captchas are the most widely deployed differentiation mechanism, and almost all text-based Captchas are single layered. Numerous successful attacks on the single-layer text-based Captchas deployed by Google, Yahoo!, and Amazon have been reported. In 2015, Microsoft deployed a new two-layer Captcha scheme. This appears to be the first application of two-layer Captchas. It is, therefore, natural to ask a fundamental question: is the two-layer Captcha as secure as its designers expected? Intrigued by this question, we have for the first time systematically analyzed the security of the two-layer Captcha in this paper. We propose a simple but an effective method to attack the two-layer Captcha deployed by Microsoft, and achieve a success rate of 44.6% with an average speed of 9.05 s on a standard desktop computer (with a 3.3-GHz Intel Core i3 CPU and 2-GB RAM), thus demonstrating clear security issues. We also discuss the originality and applicability of our attack, and offer guidelines for designing Captchas with better security and usability. |
Year | DOI | Venue |
---|---|---|
2017 | 10.1109/TIFS.2017.2682704 | IEEE Trans. Information Forensics and Security |
Keywords | Field | DocType |
CAPTCHAs,Security,Computers,Image segmentation,Guidelines,Usability,Robustness | World Wide Web,Ask price,Effective method,Computer security,Computer science,Usability,Robustness (computer science),Originality,Image segmentation,CAPTCHA | Journal |
Volume | Issue | ISSN |
12 | 7 | 1556-6013 |
Citations | PageRank | References |
5 | 0.44 | 21 |
Authors | ||
5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Haichang Gao | 1 | 172 | 17.41 |
Mengyun Tang | 2 | 17 | 1.72 |
Yi Liu | 3 | 13 | 3.34 |
Ping Zhang | 4 | 11 | 1.29 |
Xiyang Liu | 5 | 159 | 18.55 |