CAPTCHaStar! A Novel CAPTCHA Based on Interactive Shape Discovery

  • Mauro Conti
  • Claudio Guarisco
  • Riccardo SpolaorEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9696)


Over the last years, most websites on which users can register (e.g., email providers and social networks) adopted CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) as a countermeasure against automated attacks. The battle of wits between designers and attackers of captchas led to current ones being annoying and hard to solve for users, while still being vulnerable to automated attacks.

In this paper, we propose CAPTCHaStar, a new image-based captcha that relies on user interaction. This novel captcha leverages the innate human ability to recognize shapes in a confused environment. We assess the effectiveness of our proposal for the two key aspects of captchas, i.e., usability, and resiliency to automated attacks. In particular, we evaluated the usability, carrying out a thorough user study, and we tested the resiliency of our proposal against several types of automated attacks: traditional ones; designed ad-hoc for our proposal; and based on machine learning. Compared to the state of the art, our proposal is more user friendly (e.g., only some 35 % of the users prefer current solutions, such as text-based captchas) and more resilient to automated attacks.


Usable security Image-based captcha Access control 


  1. 1.
    AreYouAHuman - game based CAPTCHAs (2013).
  2. 2.
    Canvas (basic support) (2014).
  3. 3.
  4. 4.
    Usage of server-side programming languages for websites (2014).
  5. 5.
    recaptcha plugins, December 2015.
  6. 6.
    Baird, H.S., Coates, A.L., Fateman, R.J.: Pessimalprint: a reverse turing test. IJDAR 5, 2–3 (2003)CrossRefGoogle Scholar
  7. 7.
    Baird, H.S., Riopka, T.P.: ScatterType: a reading CAPTCHA resistant to segmentation attack. In: Proceedings of EI. SPIE (2005)Google Scholar
  8. 8.
    N. Ben-Asher, J. Meyer, S. Moller, and R. Englert.: An experimental system for studying the tradeoff between usability and security. In: Proceedings of IEEE ARES (2009)Google Scholar
  9. 9.
    Bursztein, E., Aigrain, J., Moscicki, A., Mitchell, J.C.: The end is nigh: generic solving of text-based captchas. In: Proceedings of USENIX WOOT (2014)Google Scholar
  10. 10.
    Bursztein, E., Bethard, S., Fabry, C., Mitchell, J.C., Jurafsky, D.: How good are humans at solving CAPTCHAs? a large scale evaluation. In: Proceedings of IEEE SP (2010)Google Scholar
  11. 11.
    Bursztein, E., Martin, M., Mitchell, J.: Text-based CAPTCHA strengths and weaknesses. In: Proceedings of ACM CCS (2011)Google Scholar
  12. 12.
    Chellapilla, K., Larson, K., Simard, P.Y., Czerwinski, M.: Computers beat humans at single character recognition in reading based human interaction proofs (HIPs). In: Proceedings of CEAS (2005)Google Scholar
  13. 13.
    Conti, M., Guarisco, C., Spolaor, R.: Captchastar! a novel CAPTCHA based on interactive shape discovery (2015). eprint arXiv:1503.00561
  14. 14.
    El Ahmad, A.S., Yan, J., Marshall, L.: The robustness of a new captcha. In: Proceedings of ACM EuroSys (2010)Google Scholar
  15. 15.
    Elson, J., Douceur, J.R., Howell, J., Saul, J.: Asirra: a captcha that exploits interest-aligned manual image categorization. In: Proceedings of ACM CCS (2007)Google Scholar
  16. 16.
    Ferzli, R., Bazzi, R., Karam, L.J.: A captcha based on the human visual systems masking characteristics. In: Proceedings of IEEE ICME (2006)Google Scholar
  17. 17.
    Fidas, C.A., Voyiatzis, A.G., Avouris, N.M.: On the necessity of user-friendly CAPTCHA. In: Proceedings of ACM SIGCHI CHI (2011)Google Scholar
  18. 18.
    Gao, H., Yao, D., Liu, H., Liu, X., Wang, L.: A novel image based CAPTCHA using jigsaw puzzle. In: Proceedings of IEEE CSE (2010)Google Scholar
  19. 19.
    Golle, P.: Machine learning attacks against the asirra CAPTCHA. In: Proceedings of ACM CCS (2008)Google Scholar
  20. 20.
    Hinton, G.E.: To recognize shapes, first learn to generate images. Prog. Brain Res. 165, 535–547 (2007)CrossRefGoogle Scholar
  21. 21.
    Ince, I.F., Yengin, I., Salman, Y.B., Cho, H.-G., Yang, T.-C.: Designing captcha algorithm: splitting and rotating the images against ocrs. In: Proceedings of IEEE ICCIT (2008)Google Scholar
  22. 22.
    Kanizsa, G., Kanizsa, G.: Organization in vision: Essays on Gestalt perception. Praeger, New York (1979)Google Scholar
  23. 23.
    Kluever K.A. Zanibbi, R.: Balancing usability and security in a video CAPTCHA. In: Proceedings of ACM SOUPS (2009)Google Scholar
  24. 24.
    Kosara, R., Healey, C.G., Interrante, V., Laidlaw, D.H., Ware, C.: User studies: why, how, and when? IEEE Comput. Graphics Appl. 23, 20–25 (2003)CrossRefGoogle Scholar
  25. 25.
    Lopresti, D.P.: Leveraging the CAPTCHA problem. In: Baird, H.S., Lopresti, D.P. (eds.) HIP 2005. LNCS, vol. 3517, pp. 97–110. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  26. 26.
    Mohamed, M., Gao, S., Saxena, N., Zhang, C.: Dynamic cognitive game captcha usability and detection of streaming-based farming. In: Proceedings of the NDSS USEC (2014)Google Scholar
  27. 27.
    Mohamed, M., Sachdeva, N., Georgescu, M., Gao, S., Saxena, N., Zhang, C., Kumaraguru, P., van Oorschot, P.C., Chen, W.-B.: A three-way investigation of a game-captcha: automated attacks, relay attacks and usability. In: Proceedings of ACM AsiaCCS (2014)Google Scholar
  28. 28.
    Motoyama, M., Levchenko, K., Kanich, C., McCoy, D., Voelker, G.M., Savage, S.: Re: Captchas understanding captcha solving services in an economic context. In: Proceedings of USENIX Security (2010)Google Scholar
  29. 29.
    Nejati, H., Cheung, N.-M., Sosa, R., Koh, D.C.: DeepCAPTCHA: an image CAPTCHA based on depth perception. In: Proceedings of ACM MSC (2014)Google Scholar
  30. 30.
    Norman, D.A.: The design of everyday things: Revised and expanded edition. Basic books, New York (2013)Google Scholar
  31. 31.
    Okada, M., Matsuyama, S.: New captcha for smartphones and tablet pc. In: Proceedings of IEEE CCNC (2012)Google Scholar
  32. 32.
    Poslad, S.: Ubiquitous computing: smart devices, environments and interactions. John Wiley & Sons, New York (2011)Google Scholar
  33. 33.
    Reynaga, G., Chiasson, S.: The usability of CAPTCHAs on smartphones. In: Proceedings of SECRYPT (2013)Google Scholar
  34. 34.
    Shirali-Shahreza, M., Shirali-Shahreza, S.: Advanced collage captcha. In: Proceedings of IEEE ITNG (2008)Google Scholar
  35. 35.
    Shirali-Shahreza, M. Shirali-Shahreza, S.: Motion captcha. In: Proceedings of IEEE HSI (2008)Google Scholar
  36. 36.
    Shirali-Shahreza, M.H., Shirali-Shahreza, S.: Distinguishing Human Users from Bots. IGI Global, Hershey (2014)CrossRefGoogle Scholar
  37. 37.
    Thomas, V., Kaur, K.: Cursor CAPTCHA implementing CAPTCHA using mouse cursor. In: Proceedings of IEEE WOCN (2013)Google Scholar
  38. 38.
    Truong, H.D., Turner, C.F., Zou, C.C.: iCAPTCHA: the next generation of CAPTCHA designed to defend against 3rd party human attacks. In: Proceedings of IEEE ICC (2011)Google Scholar
  39. 39.
    Ahn, L., Blum, M., Langford, J.: Telling humans and computers apart automatically. Commun. ACM 47, 56–60 (2004)CrossRefGoogle Scholar
  40. 40.
    Yan, J., El Ahmad, A.S.: A low-cost attack on a microsoft CAPTCHA. In: Proceedings of ACM CCS (2008)Google Scholar
  41. 41.
    Yan, J., El Ahmad, A.S.: Usability of CAPTCHAs or usability issues in CAPTCHA design. In: Proceedings of ACM SOUPS (2008)Google Scholar
  42. 42.
    Zhu, B.B., Yan, J., Li, Q., Yang, C., Liu, J., Xu, N., Yi, M., Cai, K.: Attacks and design of image recognition CAPTCHAs. In: Proceedings of ACM CCS (2010)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Mauro Conti
    • 1
  • Claudio Guarisco
    • 1
  • Riccardo Spolaor
    • 1
    Email author
  1. 1.University of PaduaPaduaItaly

Personalised recommendations