Skip to main content
SpringerLink
Log in
Book cover

Advances in Cyber Security: Principles, Techniques, and Applications pp 69–92Cite as

CAPTCHA Design and Security Issues

  • Chapter
  • First Online:

Abstract

The concept of reverse Turing tests, or more commonly known as CAPTCHAs, for distinguishing between humans and computers has been around for many years. The widespread use of CAPTCHAs these days has made them an integral part of the internet for providing online services, which are intended for humans, with some level of protection against automated abuse. Since their inception, much research has focused on investigating various issues surrounding the design and security of CAPTCHAs. A fundamental requirement of CAPTCHAs necessitates that they must be designed to be easy for humans but difficult for computers. However, it is well recognized that the trade-off between usability and security is difficult to balance. In addition, numerous attacks have been developed to defeat CAPTCHAs. In response to this, many different CAPTCHA design variants have been proposed over the years. Despite the fact that CAPTCHAs have been around for more than two decades, the future of CAPTCHAs remains an open question. This chapter presents an overview of research examining a wide range of issues that have been conducted on different types of CAPTCHAs.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD   179.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Ahmad, A. S. E., Yan, J., & Marshall, L. (2010). The robustness of a new CAPTCHA. In M. Costa & E. Kirda (Eds.), Proceedings of the Third European Workshop on System Security, EUROSEC 2010, Paris, France, April 13, 2010 (pp. 36–41). ACM.

    Google Scholar 

  2. Ahmad, A. S. E., Yan, J., & Tayara, M. (2011). The robustness of Google CAPTCHAs. University of Newcastle, UK, Technical Report (Vol. 1278, pp. 1–15).

    Google Scholar 

  3. Athanasopoulos, E., Antonatos, S., & Markatos, E. P. (2006). Enhanced CAPTCHAs: Using animation to tell humans and computers apart. In H. Leitold (Ed.), Communications and Multimedia Security, 10th IFIP TC-6 TC-11 International Conference, CMS 2006, Heraklion, Crete, Greece, October 19–21, 2006, Proceedings (Vol. 4237, pp. 97–108)., Lecture notes in computer science. Berlin: Springer.

    Chapter  Google Scholar 

  4. Baecher, P., Büscher, N., Fischlin, M., & Milde, B. (2011). Breaking recaptcha: A holistic approach via shape recognition. In J. Camenisch, S. Fischer-Hübner, Y. Murayama, A. Portmann, & C. Rieder (Eds.), Future Challenges in Security and Privacy for Academia and Industry - 26th IFIP TC 11 International Information Security Conference, SEC 2011, Lucerne, Switzerland, June 7–9, 2011. Proceedings (Vol. 354, pp. 56–67)., IFIP advances in information and communication technology. Berlin: Springer.

    Google Scholar 

  5. Baird, H. S., Coates, A. L., & Fateman, R. J. (2003). Pessimal print: A reverse turing test. International Journal on Document Analysis and Recognition, 5(2–3), 158–163.

    Article  Google Scholar 

  6. Baird, H. S., & Popat, K. (2002). Human interactive proofs and document image analysis. In D. P. Lopresti, J. Hu, & R. S. Kashi (Eds.), Document Analysis Systems V, 5th International Workshop, DAS 2002, Princeton, NJ, USA, August 19–21, 2002, Proceedings (Vol. 2423, pp. 507–518)., Lecture notes in computer science. Berlin: Springer.

    Google Scholar 

  7. Bigham, J. P., & Cavender, A. (2009). Evaluating existing audio CAPTCHAs and an interface optimized for non-visual use. In D. R. O. Jr, R. B. Arthur, K. Hinckley, M. R. Morris, S .E. Hudson, & S. Greenberg (Eds.), Proceedings of the 27th International Conference on Human Factors in Computing Systems, CHI 2009, Boston, MA, USA, April 4–9, 2009 (pp. 1829–1838). ACM.

    Google Scholar 

  8. Bock, K., Patel, D., Hughey, G., & Levin, D. (2017). unCaptcha: A low-resource defeat of reCaptcha’s audio challenge. In W. Enck & C. Mulliner (Eds.), 11th USENIX Workshop on Offensive Technologies, WOOT 2017, Vancouver, BC, Canada, August 14–15, 2017. USENIX Association.

    Google Scholar 

  9. Bursztein, E. How we broke the nucaptcha video scheme and what we propose to fix it. https://www.elie.net/blog/security/how-we-broke-the-nucaptcha-video-scheme-and-what-we-propose-to-fix-it

  10. Bursztein, E., Aigrain, J., Moscicki, A., & Mitchell, J. C. (2014). The end is nigh: Generic solving of text-based captchas. In S. Bratus & F. F. X. Lindner (Eds.), 8th USENIX Workshop on Offensive Technologies, WOOT ’14, San Diego, CA, USA, August 19, 2014. USENIX Association.

    Google Scholar 

  11. Bursztein, E., Beauxis, R., Paskov, H. S., Perito, D., Fabry, C., & Mitchell, J. C. (2011). The failure of noise-based non-continuous audio captchas. In 32nd IEEE Symposium on Security and Privacy, S&P 2011, 22–25 May 2011, Berkeley, California, USA (pp. 19–31). IEEE Computer Society.

    Google Scholar 

  12. Bursztein, E., & Bethard, S. (2009). Decaptcha: Breaking 75% of eBay audio CAPTCHAs. In Proceedings of the 3rd USENIX Conference on Offensive Technologies, WOOT’09, pp. 8–8, Berkeley, CA, USA, 2009. USENIX Association.

    Google Scholar 

  13. Bursztein, E., Bethard, S., Fabry, C., Mitchell, J. C., & Jurafsky, D. (2010). How good are humans at solving captchas? A large scale evaluation. In 31st IEEE Symposium on Security and Privacy, S&P 2010, 16-19 May 2010, Berleley/Oakland, California, USA (pp. 399–413). IEEE Computer Society.

    Google Scholar 

  14. Bursztein, E., Martin, M., & Mitchell, J. C. (2011). Text-based CAPTCHA strengths and weaknesses. In Y. Chen, G. Danezis, & V. Shmatikov (Eds.), Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, Chicago, Illinois, USA, October 17–21, 2011 (pp. 125–138). ACM.

    Google Scholar 

  15. C. M. University. The official CAPTCHA site. https://www.captcha.net/

  16. Chaudhari, S. K., Deshpande, A. R., Bendale, S. B., & Kotian, R. V. (2011). 3D drag-n-drop CAPTCHA enhanced security through CAPTCHA. In Proceedings of the International Conference and Workshop on Emerging Trends in Technology, ICWET ’11, pp. 598–601, New York, NY, USA, 2011. ACM.

    Google Scholar 

  17. Chellapilla, K., Larson, K., Simard, P. Y., & Czerwinski, M. (2005). Building segmentation based human-friendly human interaction proofs (HIPs). In H. S. Baird & D. P. Lopresti (Eds.), Human Interactive Proofs, Second International Workshop, HIP 2005, Bethlehem, PA, USA, May 19–20, 2005, Proceedings (Vol. 3517, pp. 1–26)., Lecture notes in computer science. Berlin: Springer.

    Google Scholar 

  18. Chellapilla, K., Larson, K., Simard, P. Y. & Czerwinski, M. (2005). Computers beat humans at single character recognition in reading based human interaction proofs (HIPs). In CEAS 2005 - Second Conference on Email and Anti-Spam, July 21–22, 2005, Stanford University, California, USA.

    Google Scholar 

  19. Chellapilla, K., Larson, K., Simard, P. Y., & Czerwinski, M. (2005). Designing human friendly human interaction proofs (HIPs). In G. C. van der Veer & C. Gale (Eds.), Proceedings of the 2005 Conference on Human Factors in Computing Systems, CHI 2005, Portland, Oregon, USA, April 2–7, 2005 (pp. 711–720). ACM.

    Google Scholar 

  20. Chellapilla, K., & Simard, P. Y. (2004). Using machine learning to break visual human interaction proofs (HIPs). In Advances in Neural Information Processing Systems 17 [Neural Information Processing Systems, NIPS 2004, December 13–18, 2004, Vancouver, British Columbia, Canada] (pp. 265–272).

    Google Scholar 

  21. Chew. M., & Baird, H. S. (2003). BaffleText: a human interactive proof. In T. Kanungo, E. H. B. Smith, J. Hu, & P. B. Kantor (Eds.), Document Recognition and Retrieval X, Santa Clara, California, USA, January 22–23, 2003, Proceedings, (Vol. 5010, pp. 305–316)., SPIE.

    Google Scholar 

  22. Chew, M., & Tygar, J. D. (2004). Image recognition CAPTCHAs. In K. Zhang & Y. Zheng (Eds.), Information Security, 7th International Conference, ISC 2004, Palo Alto, CA, USA, September 27–29, 2004, Proceedings (Vol. 3225, pp. 268–279)., Lecture notes in computer science. Berlin: Springer.

    Google Scholar 

  23. Chow, R., Golle, P., Jakobsson, M., Wang, L., & Wang, X. (2008). Making CAPTCHAs clickable. In M. Spasojevic & M. D. Corner (Eds.), Proceedings of the 9th Workshop on Mobile Computing Systems and Applications, HotMobile 2008, Napa Valley, California, USA, February 25–26, 2008 (pp. 91–94). ACM.

    Google Scholar 

  24. Chow, Y., & Susilo, W. (2011). AniCAP: An animated 3D CAPTCHA scheme based on motion parallax. In D. Lin, G. Tsudik, & X. Wang (Eds.), Cryptology and Network Security - 10th International Conference, CANS 2011, Sanya, China, December 10–12, 2011. Proceedings (Vol. 7092, pp. 255–271)., Lecture notes in computer science. Berlin: Springer.

    Chapter  Google Scholar 

  25. Chow, Y., Susilo, W., & Zhou, H. (2010). CAPTCHA challenges for massively multiplayer online games: Mini-game CAPTCHAs. In A. Sourin & O. Sourina (Eds.), 2010 International Conference on CyberWorlds, Singapore, October 20–22, 2010 (pp. 254–261). IEEE Computer Society.

    Google Scholar 

  26. Cruz-Perez, C., Starostenko, O., Uceda-Ponga, F., Aquino, V. A., & Reyes-Cabrera, L. (2012). Breaking reCAPTCHAs with unpredictable collapse: Heuristic character segmentation and recognition. In J. A. Carrasco-Ochoa, J. F. M. Trinidad, J. A. Olvera-López, & K. L. Boyer (Eds.), Pattern Recognition - 4th Mexican Conference, MCPR 2012, Huatulco, Mexico, June 27–30, 2012. Proceedings (Vol. 7329, pp. 155–165)., Lecture notes in computer science. Berlin: Springer.

    Google Scholar 

  27. Cui, J. S., Mei, J. T., Zhang, W. Z., Wang, X., & Zhang, D. (2010). A CAPTCHA implementation based on moving objects recognition problem. In 2010 International Conference on E-Business and E-Government (pp. 1277–1280).

    Google Scholar 

  28. Datta, R., Li, J., & Wang, J. Z. (2005). IMAGINATION: A robust image-based CAPTCHA generation system. In H. Zhang, T. Chua, R. Steinmetz, M. S. Kankanhalli, & L. Wilcox (Eds.), Proceedings of the 13th ACM International Conference on Multimedia, Singapore, November 6–11, 2005 (pp. 331–334). ACM.

    Google Scholar 

  29. Egele, M., Bilge, L., Kirda, E., & Kruegel, C. (2010). CAPTCHA smuggling: Hijacking web browsing sessions to create CAPTCHA farms. In S. Y. Shin, S. Ossowski, M. Schumacher, M. J. Palakal, & C. Hung (Eds.), Proceedings of the 2010 ACM Symposium on Applied Computing (SAC), Sierre, Switzerland, March 22–26, 2010 (pp. 1865–1870). ACM.

    Google Scholar 

  30. Elson, J., Douceur, J. R., Howell, J., & Saul, J. (2007). Asirra: A CAPTCHA that exploits interest-aligned manual image categorization. In P. Ning, S. D. C. di Vimercati, & P. F. Syverson (Eds.), Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, October 28–31, 2007 (pp. 366–374). ACM.

    Google Scholar 

  31. Fischer, I., & Herfet, T. (2006). Visual CAPTCHAs for document authentication. In 8th IEEE International Workshop on Multimedia Signal Processing (MMSP 2006) (pp. 471–474).

    Google Scholar 

  32. Gao, H., Tang, M., Liu, Y., Zhang, P., & Liu, X. (2017). Research on the security of Microsoft’s two-layer captcha. IEEE Transactions Information Forensics and Security, 12(7), 1671–1685.

    Article  Google Scholar 

  33. Gao, H., Wang, W., Qi, J., Wang, X., Liu, X., & Yan, J. (2013). The robustness of hollow captchas. In A. Sadeghi, V. D. Gligor, & M. Yung (Eds.), 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS’13, Berlin, Germany, November 4–8, 2013 (pp. 1075–1086). ACM.

    Google Scholar 

  34. Gao, H., Yan, J., Cao, F., Zhang, Z., Lei, L., Tang, M., Zhang, P., Zhou, X., Wang, X., & Li, J. (2016). A simple generic attack on text captchas. In 23nd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21–24, 2016. The Internet Society.

    Google Scholar 

  35. Geman, S., & Geman, D. (1984). Stochastic relaxation, Gibbs distributions, and the Bayesian restoration of images. IEEE Transactions on Pattern Analysis and Machine Intelligence, 6, 721–741.

    Article  Google Scholar 

  36. Golle, P. (2008). Machine learning attacks against the Asirra CAPTCHA. In P. Ning, P. F. Syverson, & S. Jha (Eds.), Proceedings of the 2008 ACM Conference on Computer and Communications Security, CCS 2008, Alexandria, Virginia, USA, October 27–31, 2008 (pp. 535–542). ACM.

    Google Scholar 

  37. Google Inc. Google Image Search. https://images.google.com/

  38. Gossweiler, R., Kamvar, M., & Baluja, S. (2009). What’s up CAPTCHA?: A CAPTCHA based on image orientation. In J. Quemada, G. León, Y. S. Maarek, & W. Nejdl, (Eds.), Proceedings of the 18th International Conference on World Wide Web, WWW 2009, Madrid, Spain, April 20–24, 2009 (pp. 841–850). ACM.

    Google Scholar 

  39. Goswami, G., Powell, B. M., Vatsa, M., Singh, R., & Noore, A. (2014). FaceDCAPTCHA: Face detection based color image CAPTCHA. Future Generation Computer Systems, 31, 59–68.

    Article  Google Scholar 

  40. Hernández-Castro, C. J., Moreno, M. D. R.-, Barrero, D. F., Gibson, S., & FunCAPTCHA case analysis. (2017). Using machine learning to identify common flaws in CAPTCHA design. Computers and Security, 70, 744–756.

    Article  Google Scholar 

  41. Hernández-Castro, C. J., & Ribagorda, A. (2010). Pitfalls in CAPTCHA design and implementation: The math CAPTCHA, a case study. Computers and Security, 29(1), 141–157.

    Article  Google Scholar 

  42. Hoque, M. E., Russomanno, D. J., & Yeasin, M. (2006). 2D captchas from 3D models. Proceedings of the IEEE SoutheastCon, 2006, 165–170.

    Google Scholar 

  43. Huang, S., Lee, Y., Bell, G., & Ou, Z. (2010). An efficient segmentation algorithm for CAPTCHAs with line cluttering and character warping. Multimedia Tools Applications, 48(2), 267–289.

    Article  Google Scholar 

  44. Imsamai, M., & Phimoltares, S. (2010). 3D CAPTCHA: A next generation of the CAPTCHA. In Proceedings of the International Conference on Information Science and Applications (ICISA 2010), Seoul, South Korea, 21-23 April, 2010 (pp. 1–8). IEEE Computer Society.

    Google Scholar 

  45. Kim, J., Chung, W., & Cho, H. (2010). A new image-based CAPTCHA using the orientation of the polygonally cropped sub-images. The Visual Computer, 26(6–8), 1135–1143.

    Article  Google Scholar 

  46. Kluever, K. A., & Zanibbi, R. (2009). Balancing usability and security in a video CAPTCHA. In L. F. Cranor (Ed.), Proceedings of the 5th Symposium on Usable Privacy and Security, SOUPS 2009, Mountain View, California, USA, July 15–17, 2009. ACM: ACM International Conference Proceeding Series.

    Google Scholar 

  47. Kochanski, G., Lopresti, D. P., & Shih, C. (2002). A reverse turing test using speech. In J. H. L. Hansen&B. L. Pellom (Eds.), 7th International Conference on Spoken Language Processing, ICSLP2002 - INTERSPEECH 2002, Denver, Colorado, USA, September 16–20, 2002. ISCA.

    Google Scholar 

  48. Li, S., Shah, S. A. H., Khan, M. A. U., Khayam, S. A., Sadeghi, A., & Schmitz, R. (2010). Breaking e-banking captchas. In C. Gates, M. Franz, & J. P. McDermott (Eds.), Twenty-Sixth Annual Computer Security Applications Conference, ACSAC 2010, Austin, Texas, USA, 6–10 December 2010 (pp. 171–180). ACM.

    Google Scholar 

  49. Lillibridge, M., Abadi, M., Bharat, K., & Broder, A. (2001). Method for selectively restricting access to computer systems, Feb. 27 2001. US Patent 6,195,698.

    Google Scholar 

  50. Macias, C. R., & Izquierdo, E. (2009). Visual word-based captcha using 3d characters. In 3rd International Conference on Imaging for Crime Detection and Prevention (ICDP 2009) (pp. 1–5).

    Google Scholar 

  51. Mitra, N. J., Chu, H., Lee, T., Wolf, L., Yeshurun, H., & Cohen-Or, D. (2009). Emerging images. ACM Transactions on Graphics, 28(5), 163:1–163:8.

    Google Scholar 

  52. Mohamed, M., Gao, S., Sachdeva, N., Saxena, N., Zhang, C., Kumaraguru, P., et al. (2017). On the security and usability of dynamic cognitive game CAPTCHAs. Journal of Computer Security, 25(3), 205–230.

    Article  Google Scholar 

  53. Mohamed, M., Sachdeva, N., Georgescu, M., Gao, S., Saxena, N., Zhang, C. et al. (2014). A three-way investigation of a game-captcha: automated attacks, relay attacks and usability. In S. Moriai, T. Jaeger, & K. Sakurai (Eds.), 9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS ’14, Kyoto, Japan - June 03–06, 2014 (pp. 195–206). ACM.

    Google Scholar 

  54. Mori, G., & Malik, J. (2003). Recognizing objects in adversarial clutter: Breaking a visual CAPTCHA. In 2003 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR 2003), 16–22 June 2003, Madison, WI, USA (pp. 134–144). IEEE Computer Society.

    Google Scholar 

  55. Motoyama, M., Levchenko, K., Kanich, C., McCoy, D., Voelker, G. M., & Savage, S. (2010). Re: CAPTCHAs-understanding CAPTCHA-solving services in an economic context. In 19th USENIX Security Symposium, Washington, DC, USA, August 11–13, 2010, Proceedings (pp. 435–462). USENIX Association

    Google Scholar 

  56. Moy, G., Jones, N., Harkless, C., & Potter, R. (2004). Distortion estimation techniques in solving visual captchas. In 2004 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR 2004), with CD-ROM, 27 June–2 July 2004, Washington, DC, USA (pp. 23–28). IEEE Computer Society.

    Google Scholar 

  57. Naor, M. (1996). Verification of a Human in the Loop or Identification via the Turing Test. http://www.wisdom.weizmann.ac.il/~naor/PAPERS/human.pdf

  58. Naumann, A. B., Franke, T., & Bauckhage, C. (2009). Investigating CAPTCHAs based on visual phenomena. In T. Gross, J. Gulliksen, P. Kotzé, L. Oestreicher, P. A. Palanque, R. O. Prates, & M. Winckler (Eds.), Human-Computer Interaction - INTERACT 2009, 12th IFIP TC 13 International Conference, Uppsala, Sweden, August 24–28, 2009, Proceedings, Part II, (Vol. 5727, pp. 745–748)., Lecture notes in computer science. Berlin: Springer.

    Google Scholar 

  59. Nguyen, V. D., Chow, Y., & Susilo, W. (2012). Attacking animated CAPTCHAs via character extraction. In J. Pieprzyk, A. Sadeghi, & M. Manulis (Eds.), Cryptology and Network Security, 11th International Conference, CANS 2012, Darmstadt, Germany, December 12–14, 2012. Proceedings (Vol. 7712, pp. 98–113). Berlin: Springer.

    Chapter  Google Scholar 

  60. Nguyen, V. D., Chow, Y., & Susilo, W. (2012). Breaking an animated CAPTCHA scheme. In F. Bao, P. Samarati, & J. Zhou (Eds.), Applied Cryptography and Network Security - 10th International Conference, ACNS 2012, Singapore, June 26–29, 2012. Proceedings (Vol. 7341, pp. 12–29)., Lecture notes in computer science. Berlin: Springer.

    Chapter  Google Scholar 

  61. Nguyen, V. D., Chow, Y., & Susilo, W. (2014). A CAPTCHA scheme based on the identification of character locations. In X. Huang & J. Zhou (Eds.), Information Security Practice and Experience - 10th International Conference, ISPEC 2014, Fuzhou, China, May 5–8, 2014. Proceedings (Vol. 8434, pp. 60–74)., Lecture notes in computer science. Berlin: Springer.

    Chapter  Google Scholar 

  62. Nguyen, V. D., Chow, Y., & Susilo, W. (2014). On the security of text-based 3D CAPTCHAs. Computers and Security, 45, 84–99.

    Article  Google Scholar 

  63. NuCaptcha Inc. NuCaptcha. http://www.nucaptcha.com/

  64. Petfinder. Petfinder. https://www.petfinder.com/

  65. Polakis, I., Ilia, P., Maggi, F., Lancini, M., Kontaxis, G., Zanero, S., Ioannidis, S., & Keromytis, A. D. (2014). Faces in the distorting mirror: Revisiting photo-based social authentication. In G. Ahn, M. Yung, & N. Li (Eds.), Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3–7, 2014 (pp. 501–512). ACM.

    Google Scholar 

  66. Polakis, I., Lancini, M., Kontaxis, G., Maggi, F., Ioannidis, S., Keromytis, A. D., & Zanero, S. (2012). All your face are belong to us: Breaking Facebook’s social authentication. In R. H. Zakon (Ed.), 28th Annual Computer Security Applications Conference, ACSAC 2012, Orlando, FL, USA, 3–7 December 2012 (pp. 399–408). ACM.

    Google Scholar 

  67. Ross, S. A., Halderman, J. A., & Finkelstein, A. (2010). Sketcha: A captcha based on line drawings of 3D models. In M. Rappa, P. Jones, J. Freire, & S. Chakrabarti (Eds.), Proceedings of the 19th International Conference on World Wide Web, WWW 2010, Raleigh, North Carolina, USA, April 26–30, 2010 (pp. 821–830). ACM.

    Google Scholar 

  68. Rui, Y., & Liu, Z. (2004). ARTiFACIAL: Automated reverse Turing test using FACIAL features. Multimedia System, 9(6), 493–502.

    Article  Google Scholar 

  69. Sano, S., Otsuka, T., Itoyama, K., & Okuno, H. G. (2015). HMM-based attacks on Google’s ReCAPTCHA with continuous visual and audio symbols. JIP, 23(6), 814–826.

    Google Scholar 

  70. Sivakorn, S., Polakis, I., & Keromytis, A. D. (2016). I am robot: (deep) learning to break semantic image CAPTCHAs. In IEEE European Symposium on Security and Privacy, EuroS&P 2016, Saarbrücken, Germany, March 21–24, 2016 (pp. 388–403). IEEE.

    Google Scholar 

  71. Solanki, S., Krishnan, G., Sampath, V., & Polakis, J. (2017). In (cyber)space bots can hear you speak: Breaking audio CAPTCHAs using OTS speech recognition. In B. M. Thuraisingham, B. Biggio, D. M. Freeman, B. Miller, & A. Sinha (Eds.), Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, AISec@CCS 2017, Dallas, TX, USA, November 3, 2017. ACM.

    Google Scholar 

  72. Soupionis, Y., & Gritzalis, D. (2010). Audio CAPTCHA: Existing solutions assessment and a new implementation for VoIP telephony. Computers and Security, 29(5), 603–618.

    Article  Google Scholar 

  73. Starostenko, O., Cruz-Perez, C., Uceda-Ponga, F., & Aquino, V. A. (2015). Breaking text-based captchas with variable word and character orientation. Pattern Recognition, 48(4), 1101–1112.

    Article  Google Scholar 

  74. Susilo, W., Chow, Y., & Zhou, H. (2010). STE3D-CAP: stereoscopic 3D CAPTCHA. In S. Heng, R. N. Wright, & B. Goi (Eds.), Cryptology and Network Security - 9th International Conference, CANS 2010, Kuala Lumpur, Malaysia, December 12–14, 2010. Proceedings (Vol. 6467, pp. 221–240)., Lecture notes in computer science. Berlin: Springer.

    Chapter  Google Scholar 

  75. Tam, J., Simsa, J., Hyde, S., & von Ahn, L. (2008). Breaking audio CAPTCHAs. In D. Koller, D. Schuurmans, Y. Bengio, & L. Bottou (Eds.), Advances in Neural Information Processing Systems 21, Proceedings of the Twenty-Second Annual Conference on Neural Information Processing Systems, Vancouver, British Columbia, Canada, December 8–11, 2008 (pp. 1625–1632). Curran Associates, Inc.

    Google Scholar 

  76. Turing, A. (1950). Computing machinery and intelligence. Mind, 59(236), 433–460.

    Article  MathSciNet  Google Scholar 

  77. von Ahn, L., Blum, M., Hopper, N. J., & Langford, J. (2003). CAPTCHA: Using hard AI problems for security. In E. Biham (Ed.), Advances in Cryptology - EUROCRYPT 2003, International Conference on the Theory and Applications of Cryptographic Techniques, Warsaw, Poland, May 4–8, 2003, Proceedings (Vol. 2656, pp. 294–311)., Lecture notes in computer science. Berlin: Springer.

    Google Scholar 

  78. von Ahn, L., & Dabbish, L. (2004). Labeling images with a computer game. In E. Dykstra-Erickson & M. Tscheligi (Eds.), Proceedings of the 2004 Conference on Human Factors in Computing Systems, CHI 2004, Vienna, Austria, April 24–29, 2004 (pp. 319–326). ACM.

    Google Scholar 

  79. von Ahn, L., Maurer, B., McMillen, C., Abraham, D., & Blum, M. (2008). reCAPTCHA: Human-based character recognition via web security measures. Science, 321(5895), 1465–1468.

    Article  MathSciNet  Google Scholar 

  80. Wang, S. -Y., Baird, H. S., & Bentley, J. L. (2006). Captcha challenge tradeoffs: Familiarity of strings versus degradation of images. In 18th International Conference on Pattern Recognition (ICPR’06) (Vol. 3, pp. 164–167).

    Google Scholar 

  81. Xu, Y., Reynaga, G., Chiasson, S., Frahm, J., Monrose, F., & van Oorschot, P. C. (2014). Security analysis and related usability of motion-based captchas: Decoding codewords in motion. IEEE Transactions on Dependable and Secure Computing, 11(5), 480–493.

    Article  Google Scholar 

  82. Yan, J., & Ahmad, A. S. E. (2007). Breaking visual captchas with naive pattern recognition algorithms. In 23rd Annual Computer Security Applications Conference (ACSAC 2007), December 10–14, 2007, Miami Beach, Florida, USA (pp. 279–291). IEEE Computer Society.

    Google Scholar 

  83. Yan, J., & Ahmad, A. S. E. (2008). A low-cost attack on a Microsoft captcha. In P. Ning, P. F. Syverson, & S. Jha (Eds.), Proceedings of the 2008 ACM Conference on Computer and Communications Security, CCS 2008, Alexandria, Virginia, USA, October 27–31, 2008 (pp. 543–554). ACM.

    Google Scholar 

  84. Yan, J., & Ahmad, A. S. E. (2008). Usability of captchas or usability issues in CAPTCHA design. In L. F. Cranor (Ed.), Proceedings of the 4th Symposium on Usable Privacy and Security, SOUPS 2008, Pittsburgh, Pennsylvania, USA, July 23–25, 2008 (pp. 44–52). ACM: ACM International Conference Proceeding Series.

    Google Scholar 

  85. Yardi, S., Feamster, N., & Bruckman, A. (2008). Photo-based authentication using social networks. In C. Faloutsos, T. Karagiannis, & P. Rodriguez (Eds.), Proceedings of the first Workshop on Online Social Networks, WOSN 2008, Seattle, WA, USA, August 17–22, 2008 (pp. 55–60). ACM.

    Google Scholar 

  86. Ye, Q., Chen, Y., & Zhu, B. (2014). The robustness of a new 3D CAPTCHA. In J. Ramel, M. Liwicki, J. Ogier, K. Kise, & R. Smith (Eds.), 11th IAPR International Workshop on Document Analysis Systems, DAS 2014, Tours, France, April 7–10, 2014 (pp. 319–323). IEEE Computer Society.

    Google Scholar 

  87. Zhu, B. B., Yan, J., Bao, G., Yang, M., & Xu, N. (2014). Captcha as graphical passwords - a new security primitive based on hard AI problems. IEEE Transactions on Information Forensics and Security, 9(6), 891–904.

    Article  Google Scholar 

  88. Zhu, B. B., Yan, J., Li, Q., Yang, C., Liu, J., Xu, N., Yi, M., & Cai, K. (2010). Attacks and design of image recognition CAPTCHAs. In E. Al-Shaer, A. D. Keromytis, & V. Shmatikov (Eds.), Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, October 4–8, 2010 (pp. 187–200). ACM.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Cybersecurity and Cryptology, School of Computing and Information Technology University of Wollongong, Wollongong, Australia

    Yang-Wai Chow, Willy Susilo & Pairat Thorncharoensri

Authors
  1. Yang-Wai Chow
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Willy Susilo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pairat Thorncharoensri
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yang-Wai Chow .

Editor information

Editors and Affiliations

  1. Department of Computer Science and Information Engineering, Providence University, Taichung, Taiwan

    Kuan-Ching Li

  2. School of Cyber Engineering, Xidian University, Xi'an, Shaanxi, China

    Xiaofeng Chen

  3. School of Computing and Information Technology, University of Wollongong, Wollongong, NSW, Australia

    Willy Susilo

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Chow, YW., Susilo, W., Thorncharoensri, P. (2019). CAPTCHA Design and Security Issues. In: Li, KC., Chen, X., Susilo, W. (eds) Advances in Cyber Security: Principles, Techniques, and Applications. Springer, Singapore. https://doi.org/10.1007/978-981-13-1483-4_4

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-1483-4_4

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-1482-7

  • Online ISBN: 978-981-13-1483-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation