Abstract
Completely Automated Public Turing Test to tell Computers and Humans Apart (CAPTCHA) is a –rather– simple test that can be easily answered by a human but extremely difficult to be answered by computers. CAPTCHAs have been widely used for practical security reasons, like preventing automated registration in Web-based services. However, all deployed CAPTCHAs are based on the static identification of an object or text. All CAPTCHAs, from simple ones, like typing the distorted text, to advanced ones, like recognizing an object in an image, are vulnerable to the Laundry attack. An attacker may post the test to a malicious site and attract its visitors to solve the puzzle for her. This paper focuses on sealing CAPTCHAs against such attacks by adding a dimension not used so far: animation. Animated CAPTCHAs do not have a static answer, thus even when they are exposed to laundering, unsuspected visitors will provide answers that will be useless on the attacker’s side.
Chapter PDF
Similar content being viewed by others
References
cURL., http://curl.haxx.se/
Ethereal, http://www.ethereal.com
Google bombing, http://en.wikipedia.org/wiki/Google_bomb
Inaccessibility of CAPTCHA, Alternatives to Visual Turing Tests on the Web, http://www.w3.org/TR/turingtest/
JCavaJ Java Decompiler, http://www.bysoft.se/sureshot/jcavaj/index.html
Sweatshop, http://en.wikipedia.org/wiki/Sweatshop
The CAPTCHA Project, http://www.captcha.net/
Chellapilla, K., Larson, K., Simard, P., Czerwinski, M.: Computers beat humans at single character recognition in reading based human interaction proofs (hips). In: Second Conference on Email and Anti-Spam (CEAS) (2005)
Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: CCS 2003: Proceedings of the 10th ACM conference on Computer and communications security, pp. 272–280. ACM Press, New York (2003)
Kerckhoffs, A.: La cryptographie militaire. Journal des Sciences Militaires, pp. 5–38 (January 9, 1883), http://www.petitcolas.net/fabien/kerckhoffs/
Mori, G., Malik, J.: Recognizing objects in adversarial clutter – breaking a visual captcha. In: Conf. Computer Vision and Pattern Recognition, Madison, USA (June 2003)
Szoer, P., Ferrie, P.: Hunting for metamorphic. In: Virus Bulletin Conference (September 2001)
The Honeynet Project Whitepapers. Know your enemy: Tracking botnets (March 2005), http://www.honeynet.org/papers/bots/
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2006 IFIP International Federation for Information Processing
About this paper
Cite this paper
Athanasopoulos, E., Antonatos, S. (2006). Enhanced CAPTCHAs: Using Animation to Tell Humans and Computers Apart. In: Leitold, H., Markatos, E.P. (eds) Communications and Multimedia Security. CMS 2006. Lecture Notes in Computer Science, vol 4237. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11909033_9
Download citation
DOI: https://doi.org/10.1007/11909033_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-47820-1
Online ISBN: 978-3-540-47823-2
eBook Packages: Computer ScienceComputer Science (R0)