Presentation is loading. Please wait.

Presentation is loading. Please wait.

Breaking an Animated CAPTCHA Scheme

Published byChristine Welch Modified over 9 years ago

Similar presentations

Presentation on theme: "Breaking an Animated CAPTCHA Scheme"— Presentation transcript:

1 Breaking an Animated CAPTCHA Scheme
Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo University of Wollongong

2 About CAPTCHA CAPTCHA: Completely Automated Public Turing test to Tell Computers and Humans Apart. Other name: Human Interaction Proofs (HIPs). Easily solvable by humans. Cannot be solved by current computer programs. Existing CAPTCHAs are mainly text-based on a static image. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

3 About CAPTCHA Most of traditional text-based CAPTCHAs are known to be vulnerable against attacks. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

4 About CAPTCHA Increase the security: distorting, blurring, rotation the text, overlaying of visual noise. But Easy for humans hard for computers? Not guaranteed to exist. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

5 Animated CAPTCHA Static vs. Animation:
Animated CAPTCHAs has been proposed. Assumption : More usability: Animation makes increasing legibility for humans. More security: Distributing the information required to solve the CAPTCHA challenge over multiple animation frames. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

6 Our questions Animated CAPTCHAs really provide more security ?
How to break animated CAPTCHA and design secure one ? Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

7 Breaking HelloCaptcha
Breaking a representative animated CAPTCHAs: HelloCaptcha CAPTCHA provider: Affects many customer’s web sites if broken. A variety of 84 different variations of 12 categories. Flitter H-Mover Mass Flood Noisy Mosaic Pop Up Roller Search light Smarties Spread Fade Spring Swapper Text Flood Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

8 Outline Breaking HelloCaptcha. Results and Lessons learned.
Type Distinction. Single Image Extraction. By Pixel Delay Map (PDM). By Catching Line (CL). By Color Selection (CS). Pre-Processing and Character Recognition. Results and Lessons learned. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

9 Breaking HelloCaptcha
Type Distinction: Number of frames 175 55-107 Number of blank frames 2 8 Maximum frame delay 4 ms 6ms Background color RGB(255,255,255) RGB(92, 31, 92) Results: Most of 84 types can correctly be distinguished 100%. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

10 Pixel Delay Map (PDM) Feature: To get the human user’s attention, the text characters are displayed at certain fixed locations for longer periods of time The PDM is an image resulting from the accumulation of the total amount of time that a pixel gets displayed in a color that is different from the background color. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

11 Pixel Delay Map (PDM) PDM and extracted static image.
Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

12 Pixel Delay Map (PDM) PDM on all frames.
PDMs constructed from consecutive 1/6 of the frames. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

13 Catching Line (CL) Character moving areas.
Selected frames and characters by “Catching line”. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

14 Color Selection (CS) Characters separated based on color.
Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

15 Pre-Processing on extracted single image
Noise removal. Refine by filling. Shape removal. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

16 Character Recognition by OCR program
Use ABBYY FineReader 11. Use existing embedded training database and/or own training set . Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

17 Experimental Results 8,400 animated CAPTCHA samples were collected from the HelloCaptcha website. Accuracy of breaking (i.e. correctly recognizing all characters in the animated CAPTCHA challenges) ranges between 16% −100% of the time (wide accepted that more than 1% of the time is essentially broken). Attacking time: 4 secs/challenge. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

18 Lessons learned Delay periods: The number of frames. Frame 45 Frame 82
40ms ms ms Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

19 Lessons learned Character positions:
The important information is emphasized by displaying it for longer. That can be exploited using the PDM method. PDM was used to break 61 of the 84 different types and can be affected types from other sources: Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

20 Lessons learned Moving direction : Only move or scale in the vertical direction can vulnerable to attacks. Use of color or luminance:  Less is best Method of delivery: Gif, Flash or Video ? Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

21 Question ? Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

Download ppt "Breaking an Animated CAPTCHA Scheme"

Similar presentations

COMPUTER MALWARE FINAL PROJECT PROPOSAL THE WAR AGAINST CAPTCHA WITH IMPLEMENTATION OF THE WORLDS MOST ACCURATE CAPTCHA BREAKER By Huy Truong & Kathleen.

COMPUTER MALWARE FINAL PROJECT PROPOSAL THE WAR AGAINST CAPTCHA WITH IMPLEMENTATION OF THE WORLDS MOST ACCURATE CAPTCHA BREAKER By Huy Truong & Kathleen.
Michele Merler Jacquilene Jacob.  Applications online are inherently insecure  Growing rate of hackers  Confidentiality of online systems should be.

Michele Merler Jacquilene Jacob.  Applications online are inherently insecure  Growing rate of hackers  Confidentiality of online systems should be.
Advanced Image Processing Student Seminar: Lipreading Method using color extraction method and eigenspace technique ( Yasuyuki Nakata and Moritoshi Ando.

Advanced Image Processing Student Seminar: Lipreading Method using color extraction method and eigenspace technique ( Yasuyuki Nakata and Moritoshi Ando.
Iframes & Images Using HTML.

Iframes & Images Using HTML.
Multimedia Production

Multimedia Production
Evaluating Color Descriptors for Object and Scene Recognition Koen E.A. van de Sande, Student Member, IEEE, Theo Gevers, Member, IEEE, and Cees G.M. Snoek,

Evaluating Color Descriptors for Object and Scene Recognition Koen E.A. van de Sande, Student Member, IEEE, Theo Gevers, Member, IEEE, and Cees G.M. Snoek,
A Low-cost Attack on a Microsoft CAPTCHA Yan Qiang, 2008-12-9.

A Low-cost Attack on a Microsoft CAPTCHA Yan Qiang,
563.10.3 CAPTCHA Presented by: Sari Louis SPAM Group: Marc Gagnon, Sari Louis, Steve White University of Illinois Spring 2006.

CAPTCHA Presented by: Sari Louis SPAM Group: Marc Gagnon, Sari Louis, Steve White University of Illinois Spring 2006.
Chapter 11 Beyond Bag of Words. Question Answering n Providing answers instead of ranked lists of documents n Older QA systems generated answers n Current.

Chapter 11 Beyond Bag of Words. Question Answering n Providing answers instead of ranked lists of documents n Older QA systems generated answers n Current.
CAPTCHA Presented By Sayani Chandra (Roll - 09127106017)

CAPTCHA Presented By Sayani Chandra (Roll )
Text Detection in Video Min Cai 2002.3.13. Background  Video OCR: Text detection, extraction and recognition  Detection Target: Artificial text  Text.

Text Detection in Video Min Cai Background  Video OCR: Text detection, extraction and recognition  Detection Target: Artificial text  Text.
Jeff Yan School of Computing Science Newcastle University, UK (Joint work with Ahmad Salah El Ahmad) Usability of CAPTCHAs Or “usability issues in CAPTCHA.

Jeff Yan School of Computing Science Newcastle University, UK (Joint work with Ahmad Salah El Ahmad) Usability of CAPTCHAs Or “usability issues in CAPTCHA.
Providing Trusted Paths Using Untrusted Components Andre L. M. dos Santos Georgia Institute of Technology

Providing Trusted Paths Using Untrusted Components Andre L. M. dos Santos Georgia Institute of Technology
CAPTCHA Prabhakar Verma “08MC30”.

CAPTCHA Prabhakar Verma “08MC30”.
1 CAPTCHA Challenges for Massively Multiplayer Online Games 2010 International Conference on Cyberworlds Authors: Yang-Wai Chow, Willy Susilo, Hua-Yu Zhou.

1 CAPTCHA Challenges for Massively Multiplayer Online Games 2010 International Conference on Cyberworlds Authors: Yang-Wai Chow, Willy Susilo, Hua-Yu Zhou.
California Car License Plate Recognition System ZhengHui Hu Advisor: Dr. Kang.

California Car License Plate Recognition System ZhengHui Hu Advisor: Dr. Kang.
Computer Vision Group University of California Berkeley Recognizing Objects in Adversarial Clutter: Breaking a Visual CAPTCHA Greg Mori and Jitendra Malik.

Computer Vision Group University of California Berkeley Recognizing Objects in Adversarial Clutter: Breaking a Visual CAPTCHA Greg Mori and Jitendra Malik.
Genetically optimized face image CAPTCHA

Genetically optimized face image CAPTCHA
Human Computation CSC4170 Web Intelligence and Social Computing Tutorial 7 Tutor: Tom Chao Zhou

Human Computation CSC4170 Web Intelligence and Social Computing Tutorial 7 Tutor: Tom Chao Zhou
Web Design, 3 rd Edition 3 Planning a Successful Web Site: Part 1.

Web Design, 3 rd Edition 3 Planning a Successful Web Site: Part 1.

Similar presentations

Ads by Google