Research on the Security of Microsoft’s Two-Layer Captcha

Haichang Gao; Mengyun Tang; Yi Liu; Ping Zhang; Xiyang Liu

首页> 外文期刊>Information Forensics and Security, IEEE Transactions on >Research on the Security of Microsoft’s Two-Layer Captcha

【24h】

Research on the Security of Microsoft’s Two-Layer Captcha

机译：微软两层验证码安全性研究

获取原文

获取原文并翻译 | 示例

获取外文期刊封面封底 >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Captcha is a security mechanism designed to differentiate between computers and humans, and is used to defend against malicious bot programs. Text-based Captchas are the most widely deployed differentiation mechanism, and almost all text-based Captchas are single layered. Numerous successful attacks on the single-layer text-based Captchas deployed by Google, Yahoo!, and Amazon have been reported. In 2015, Microsoft deployed a new two-layer Captcha scheme. This appears to be the first application of two-layer Captchas. It is, therefore, natural to ask a fundamental question: is the two-layer Captcha as secure as its designers expected? Intrigued by this question, we have for the first time systematically analyzed the security of the two-layer Captcha in this paper. We propose a simple but an effective method to attack the two-layer Captcha deployed by Microsoft, and achieve a success rate of 44.6% with an average speed of 9.05 s on a standard desktop computer (with a 3.3-GHz Intel Core i3 CPU and 2-GB RAM), thus demonstrating clear security issues. We also discuss the originality and applicability of our attack, and offer guidelines for designing Captchas with better security and usability.

机译：Captcha是一种旨在区分计算机和人类的安全机制，用于防御恶意的bot程序。基于文本的验证码是部署最广泛的区分机制，几乎所有基于文本的验证码都是单层的。据报道，对Google，Yahoo！和Amazon部署的单层基于文本的Captcha进行了许多成功的攻击。 2015年，Microsoft部署了新的两层验证码方案。这似乎是两层验证码的第一个应用程序。因此，自然会提出一个基本问题：两层验证码是否像设计人员所期望的那样安全？对此问题引起了我们的兴趣，这是我们首次系统地分析了两层验证码的安全性。我们提出一种简单但有效的方法来攻击Microsoft部署的两层验证码，并在标准台式计算机（配备3.3 GHz Intel Core i3 CPU和2 GB RAM），从而证明了明确的安全问题。我们还将讨论攻击的独创性和适用性，并为设计具有更好安全性和可用性的验证码提供指导。

著录项

来源
《Information Forensics and Security, IEEE Transactions on》 |2017年第7期|1671-1685|共15页
作者
Haichang Gao; Mengyun Tang; Yi Liu; Ping Zhang; Xiyang Liu;
展开▼
作者单位

Institute of Software Engineering, Xidian University, Xi’an, China;

Institute of Software Engineering, Xidian University, Xi’an, China;

Institute of Software Engineering, Xidian University, Xi’an, China;

Institute of Software Engineering, Xidian University, Xi’an, China;

Institute of Software Engineering, Xidian University, Xi’an, China;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
CAPTCHAs; Security; Computers; Image segmentation; Guidelines; Usability; Robustness;

机译：验证码;安全性;计算机;图像分割;指南;可用性;稳健性;

相似文献

外文文献
中文文献
专利

1. Towards understanding the security of modern image captchas and underground captcha-solving services [J] . Haiqin Weng, Binbin Zhao, Shouling Ji, Big Data Mining and Analytics . 2019,第2期

机译：理解现代图像验证码和地下验证码服务的安全性
2. Towards Understanding the Security of Modern Image Captchas and Underground Captcha-Solving Services [J] . Haiqin Weng1, Binbin Zhao1, Shouling Ji1, 大数据挖掘与分析(英文) . 2019,第002期

机译：理解现代图像验证码和地下验证码服务的安全性
3. CAPTCHA in Security ECIS: Depress Phishing by CAPTCHA with OTP [J] . LEUNG Chun Ming The HKIE Transactions . 2011,第4期

机译：安全性ECIS中的CAPTCHA：使用OTP抑制CAPTCHA的网络钓鱼
4. A low-cost attack on a Microsoft captcha [C] . Jeff Yan, Ahmad Salah El Ahmad ACM conference on Computer and communications security . 2008

机译：对Microsoft验证码的低成本攻击
5. Enhancing Online Security with Image-based Captchas [D] . Powell, Brian M. 2018

机译：通过基于图像的验证码增强在线安全性
6. FR-CAPTCHA: CAPTCHA Based on Recognizing Human Faces [O] . Gaurav Goswami, Brian M. Powell, Mayank Vatsa, -1

机译：FR-CAPTCHA：基于识别人脸的验证码
7. A low-cost attack on a Microsoft captcha [O] . Yan Jeff, El Ahmad Ahmad Salah 2008

机译：对Microsoft验证码的低成本攻击
8. Low-Cost Attack on a Microsoft CAPTCHA [R] . Yan, J., El Ahmad, A. S. 2008

机译：对microsoft CapTCHa的低成本攻击

Research on the Security of Microsoft’s Two-Layer Captcha

摘要

著录项

相似文献

相关主题

期刊订阅