The robustness of hollow CAPTCHAs

Haichang Gao, Wei Wang, Jiao Qi, Xuqin Wang, Xiyang Liu, Jeff Yan

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

82 Citations (Scopus)

Abstract

CAPTCHA is now a standard security technology for differentiating between computers and humans, and the most widely deployed schemes are text-based. While many text schemes have been broken, hollow CAPTCHAs have emerged as one of the latest designs, and they have been deployed by major companies such as Yahoo!, Tencent, Sina, China Mobile and Baidu. A main feature of such schemes is to use contour lines to form connected hollow characters with the aim of improving security and usability simultaneously, as it is hard for standard techniques to segment and recognize such connected characters, which are however easy to human eyes. In this paper, we provide the first analysis of hollow CAPTCHAs' robustness. We show that with a simple but novel attack, we can successfully break a whole family of hollow CAPTCHAs, including those deployed by all the major companies. While our attack casts serious doubt on the viability of current designs, we offer lessons and guidelines for designing better hollow CAPTCHAs.

Original languageEnglish
Title of host publicationCCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security
Pages1075-1085
Number of pages11
DOIs
Publication statusPublished - 4 Nov 2013
Event2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013 - Berlin, Germany
Duration: 4 Nov 20138 Nov 2013

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013
Country/TerritoryGermany
CityBerlin
Period4/11/138/11/13

Keywords

  • captcha
  • convolutional neural network
  • graph search
  • security

Fingerprint

Dive into the research topics of 'The robustness of hollow CAPTCHAs'. Together they form a unique fingerprint.

Cite this