Side-channel attack on labeling CAPTCHAs

We propose a new scheme of attack on the Microsoft's ASIRRA CAPTCHA which represents a significant shortcut to the intended attacking path, as it is not based in any advance in the state of the art on the field of image recognition. After studying the ASIRRA Public Corpus, we conclude that the...

Full description

Saved in:
Bibliographic Details
Published inarXiv.org
Main Authors Hernandez-Castro, Carlos Javier, Ribagorda, Arturo, Saez, Yago
Format Paper
LanguageEnglish
Published Ithaca Cornell University Library, arXiv.org 08.08.2009
Subjects
Algorithms
Labeling
Object recognition
Online AccessGet full text

Cover

More Information
Summary:We propose a new scheme of attack on the Microsoft's ASIRRA CAPTCHA which represents a significant shortcut to the intended attacking path, as it is not based in any advance in the state of the art on the field of image recognition. After studying the ASIRRA Public Corpus, we conclude that the security margin as stated by their authors seems to be quite optimistic. Then, we analyze which of the studied parameters for the image files seems to disclose the most valuable information for helping in correct classification, arriving at a surprising discovery. This represents a completely new approach to breaking CAPTCHAs that can be applied to many of the currently proposed image-labeling algorithms, and to prove this point we show how to use the very same approach against the HumanAuth CAPTCHA. Lastly, we investigate some measures that could be used to secure the ASIRRA and HumanAuth schemes, but conclude no easy solutions are at hand.
ISSN:2331-8422