TY - GEN
T1 - The robustness of hollow CAPTCHAs
AU - Gao, Haichang
AU - Wang, Wei
AU - Qi, Jiao
AU - Wang, Xuqin
AU - Liu, Xiyang
AU - Yan, Jeff
PY - 2013/11/4
Y1 - 2013/11/4
N2 - CAPTCHA is now a standard security technology for differentiating between computers and humans, and the most widely deployed schemes are text-based. While many text schemes have been broken, hollow CAPTCHAs have emerged as one of the latest designs, and they have been deployed by major companies such as Yahoo!, Tencent, Sina, China Mobile and Baidu. A main feature of such schemes is to use contour lines to form connected hollow characters with the aim of improving security and usability simultaneously, as it is hard for standard techniques to segment and recognize such connected characters, which are however easy to human eyes. In this paper, we provide the first analysis of hollow CAPTCHAs' robustness. We show that with a simple but novel attack, we can successfully break a whole family of hollow CAPTCHAs, including those deployed by all the major companies. While our attack casts serious doubt on the viability of current designs, we offer lessons and guidelines for designing better hollow CAPTCHAs.
AB - CAPTCHA is now a standard security technology for differentiating between computers and humans, and the most widely deployed schemes are text-based. While many text schemes have been broken, hollow CAPTCHAs have emerged as one of the latest designs, and they have been deployed by major companies such as Yahoo!, Tencent, Sina, China Mobile and Baidu. A main feature of such schemes is to use contour lines to form connected hollow characters with the aim of improving security and usability simultaneously, as it is hard for standard techniques to segment and recognize such connected characters, which are however easy to human eyes. In this paper, we provide the first analysis of hollow CAPTCHAs' robustness. We show that with a simple but novel attack, we can successfully break a whole family of hollow CAPTCHAs, including those deployed by all the major companies. While our attack casts serious doubt on the viability of current designs, we offer lessons and guidelines for designing better hollow CAPTCHAs.
KW - captcha
KW - convolutional neural network
KW - graph search
KW - security
UR - http://www.scopus.com/inward/record.url?scp=84889069302&partnerID=8YFLogxK
U2 - 10.1145/2508859.2516732
DO - 10.1145/2508859.2516732
M3 - Conference contribution book
AN - SCOPUS:84889069302
SN - 9781450324779
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 1075
EP - 1085
BT - CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security
T2 - 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013
Y2 - 4 November 2013 through 8 November 2013
ER -