iCAPTCHA: The Next Generation of CAPTCHA Designed to Defend against 3rd Party Human Attacks

Truong, Huy D.; Turner, Christopher F.; Zou, Cliff C.

doi:10.1109/icc.2011.5963009

Cited by 27 publications

(23 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The first paper which mentioned the name "third party human attack" is Truong's iCAPTCHA [12]. A user has to solve a traditional text-based question, and the answering procedure would be divided into several phase.…”

Section: Existing Remediesmentioning

confidence: 99%

“…We call the first type "hired gun attacks" (special third party human attack [12]) because the attackers perform the attacks by hiring a group of people to solve CAPTCHAs. A hired gun uses the client to send a request to the attacker's server, and the server calls an automated script to scrape a challenge from a victim CAPTCHA system and passes it to the waiting client.…”

Section: Third Party Human Attackmentioning

confidence: 99%

“…A third party human attack [12] is a new state-of-the-art attack which employs CAPTCHA redirection and a group of third party users to help attackers solve CAPTCHA challenges. CAPTCHA redirection is a technique usually used by downloading software designed for file hosting services (ex.MEGA, bitshare, rapidgator, etc.)…”

Section: Third Party Human Attackmentioning

confidence: 99%

See 2 more Smart Citations

DDIM-CAPTCHA: A Novel Drag-n-Drop Interactive Masking CAPTCHA against the Third Party Human Attacks

Wei

Jeng

et al. 2013

2013 Conference on Technologies and Applications of Artificial Intelligence

View full text Add to dashboard Cite

A CAPTCHA(Completely Automated Public Turing test to tell Computers and Humans Apart) is a security mechanism that can be used to distinguish between humans and machines. Most existing CAPTCHA systems are vulnerable against a so-called "third party human attack." The third party human attack employs hired human to solve challenges so that the CAPTCHA systems will no longer be effective. In this paper, we design an efficient and effective aspect to defend the attack. Following the aspect, we design and analyze a novel CAPTCHA system, Drag-n-Drop Interactive Masking CAPTCHA (DDIM CAPTCHA), to deal with both the traditional attacks and the third party human attack. The DDIM CAPTCHA retains the basic requirements of CAPTCHAs and adds the properties of interaction and masking. Through a series of analyses and experiments, the proposed Drag-nDrop CAPTCHA can be claimed to be a good approach for deployment to remedy the weaknesses of present CAPTCHA systems.Keywords-third party human attack; CAPTCHA; drag and drop.

show abstract

Section: Existing Remediesmentioning

confidence: 99%

Section: Third Party Human Attackmentioning

confidence: 99%

See 1 more Smart Citation

DDIM-CAPTCHA: A Novel Drag-n-Drop Interactive Masking CAPTCHA against the Third Party Human Attacks

Wei

Jeng

et al. 2013

2013 Conference on Technologies and Applications of Artificial Intelligence

View full text Add to dashboard Cite

show abstract

“…Although using human users to break CAPTCHAs is relatively expensive and is only rational for commercial purposes, in fact, it could be regarded as a concern for the security of CAPTCHAs. To overcome these third‐party attacks, reference was one of the early works that was dedicated for this problem.…”

Section: Problems With Captchasmentioning

confidence: 99%

CAPTCHA and its Alternatives: A Review

Moradi

Keyvanpour

2014

Security Comm Networks

View full text Add to dashboard Cite

Nowadays, because of the undeniable impact of the Internet on all aspects of human life, security preserving has received more attention. To reach an acceptable level of security, Completely Automatic Public Turing test to tell Computer and Human Apart or simply CAPTCHA as a security preserving tool has been tailored for situations that need to prevent bots from doing a specific action; for example, signing up and downloading. Simultaneously, it should be also designed in such a way to allow humans to perform the same action. Despite its advantageous applications, there are several important issues such as security, usability, and accessibility that make its use controversial. In this paper, attempts were made to do a comprehensive review on various aspects and state-of-the-art of CAPTCHA in general and its alternatives in particular to help researchers easily focus on specific issues for the sake of proposing new solutions and ideas. Regarding the advancement in CAPTCHA development, new classifications were proposed to categorize different variations of CAPTCHAs and their problems and then compare them. Moreover, different types of CAPTCHAs' alternatives were classified and evaluated by introducing several proposed measures. This evaluation could come in handy for future studies that aim to develop new techniques for overcoming current deficiencies.

show abstract

“…"In fact, some unethical businesses are profiting by providing 3rd party human CAPTCHA solving as a service. In India, a CAPTCHA solving economy has developed in which people work as human CAPTCHA solvers, earning $2 for every thousand CAPTCHAs solved" [11]. Although, there are multiple anti-CAPTCHA OCR software solutions, which can be used to break CAPTCHAs and sending spam to forums, but there are no methods to use these software solutions in CSRF attacks.…”

Section: Literature Reviewmentioning

confidence: 99%

Strategies and scenarios of CSRF attacks against the CAPTCHA forms

Moradi¹,

Moghaddam

2015

JACST

View full text Add to dashboard Cite

In this article, we've tried to examine the hypothesis of the robustness of a form by using CAPTCHA against CSRF and login CSRF attacks. Our investigations showed that unlike public opinion, common attacks to bypass CAPTCHAs such as Optical Character Recognition (OCR) and 3rd party human attacks are not applicable in the CSRF case and instead, Clickjacking is the most important scenario of CSRF and login CSRF attacks against a secure session-dependent CAPTCHA form. Remember that the Clickjacking is also applicable to bypass the well-known CSRF protections, such as the secret token and the Referer header. Therefore, although the frequent application of CAPTCHA on every page of a website negatively impacts the user experience, but the robustness of a robust session-dependent CAPTCHA against the CSRF and login CSRF attacks is almost the same as the session-dependent security token. Moreover, when a website is using a session-independent or week pattern of CAPTCHA, attackers can bypass the CAPTCHAs and launch the CSRF or login CSRF attacks by using XSS, session hijacking, replay attacks or submitting a random response.

show abstract

iCAPTCHA: The Next Generation of CAPTCHA Designed to Defend against 3rd Party Human Attacks

Cited by 27 publications

References 5 publications

DDIM-CAPTCHA: A Novel Drag-n-Drop Interactive Masking CAPTCHA against the Third Party Human Attacks

DDIM-CAPTCHA: A Novel Drag-n-Drop Interactive Masking CAPTCHA against the Third Party Human Attacks

CAPTCHA and its Alternatives: A Review

Strategies and scenarios of CSRF attacks against the CAPTCHA forms

Contact Info

Product

Resources

About