Song Gao, Manar Mohamed, Nitesh Saxena, Chengcui Zhang
{"title":"新兴的图像游戏验证码,用于抵抗自动和人类求解器中继攻击","authors":"Song Gao, Manar Mohamed, Nitesh Saxena, Chengcui Zhang","doi":"10.1145/2818000.2818006","DOIUrl":null,"url":null,"abstract":"CAPTCHAs represent an important pillar in the web security domain. Yet, current CAPTCHAs do not fully meet the web security requirements. Many existing CAPTCHAs can be broken using automated attacks based on image processing and machine learning techniques. Moreover, most existing CAPTCHAs are completely vulnerable to human-solver relay attacks, whereby CAPTCHA challenges are simply outsourced to a remote human solver. In this paper, we introduce a new class of CAPTCHAs that can not only resist automated attacks but can also make relay attacks hard and detectable. These CAPTCHAs are carefully built on the notions of dynamic cognitive games (DCG) and emerging images (EI), present in the literature. While existing CAPTCHAs based on the DCG notion alone (e.g., an object matching game embedded in a clear background) are prone to automated attacks and those based on the EI notion alone (e.g., moving text embedded in emerging images) are prone to relay attacks, we show that a careful amalgamation of the two notions can resist both forms of attacks. Specifically, we formalize, design and implement a concrete instantiation of EI-DCG CAPTCHAs, and demonstrate its security with respect to image processing and object tracking techniques as well as their resistance to and detectability of relay attacks.","PeriodicalId":338725,"journal":{"name":"Proceedings of the 31st Annual Computer Security Applications Conference","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Emerging Image Game CAPTCHAs for Resisting Automated and Human-Solver Relay Attacks\",\"authors\":\"Song Gao, Manar Mohamed, Nitesh Saxena, Chengcui Zhang\",\"doi\":\"10.1145/2818000.2818006\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"CAPTCHAs represent an important pillar in the web security domain. Yet, current CAPTCHAs do not fully meet the web security requirements. Many existing CAPTCHAs can be broken using automated attacks based on image processing and machine learning techniques. Moreover, most existing CAPTCHAs are completely vulnerable to human-solver relay attacks, whereby CAPTCHA challenges are simply outsourced to a remote human solver. In this paper, we introduce a new class of CAPTCHAs that can not only resist automated attacks but can also make relay attacks hard and detectable. These CAPTCHAs are carefully built on the notions of dynamic cognitive games (DCG) and emerging images (EI), present in the literature. While existing CAPTCHAs based on the DCG notion alone (e.g., an object matching game embedded in a clear background) are prone to automated attacks and those based on the EI notion alone (e.g., moving text embedded in emerging images) are prone to relay attacks, we show that a careful amalgamation of the two notions can resist both forms of attacks. Specifically, we formalize, design and implement a concrete instantiation of EI-DCG CAPTCHAs, and demonstrate its security with respect to image processing and object tracking techniques as well as their resistance to and detectability of relay attacks.\",\"PeriodicalId\":338725,\"journal\":{\"name\":\"Proceedings of the 31st Annual Computer Security Applications Conference\",\"volume\":\"23 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-12-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 31st Annual Computer Security Applications Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2818000.2818006\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 31st Annual Computer Security Applications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2818000.2818006","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Emerging Image Game CAPTCHAs for Resisting Automated and Human-Solver Relay Attacks
CAPTCHAs represent an important pillar in the web security domain. Yet, current CAPTCHAs do not fully meet the web security requirements. Many existing CAPTCHAs can be broken using automated attacks based on image processing and machine learning techniques. Moreover, most existing CAPTCHAs are completely vulnerable to human-solver relay attacks, whereby CAPTCHA challenges are simply outsourced to a remote human solver. In this paper, we introduce a new class of CAPTCHAs that can not only resist automated attacks but can also make relay attacks hard and detectable. These CAPTCHAs are carefully built on the notions of dynamic cognitive games (DCG) and emerging images (EI), present in the literature. While existing CAPTCHAs based on the DCG notion alone (e.g., an object matching game embedded in a clear background) are prone to automated attacks and those based on the EI notion alone (e.g., moving text embedded in emerging images) are prone to relay attacks, we show that a careful amalgamation of the two notions can resist both forms of attacks. Specifically, we formalize, design and implement a concrete instantiation of EI-DCG CAPTCHAs, and demonstrate its security with respect to image processing and object tracking techniques as well as their resistance to and detectability of relay attacks.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
