Image Recognition CAPTCHAs
Web users should be very familiar with challenge-response CAPTCHA test which are also known as Human Interactive Proofs (HIPs).
A lot of time is spent devising CAPTCHAs and trying to break CAPTCHAs in an automated manner. They are used where website owners want to try to ensure a real person is undertaking a transaction such as logging in or submitting content. Now, most web sites don't need to use CAPTCHAs and there can be accessibility problems, but they are often needed for more high-profile sites or when targetted automated attacks are occurring.
A new paper Attacks and Design of Image Recognition CAPTCHAs examines image recognition CAPTCHAs (IRCs) and analyses the effectiveness and security of the schemes considering:
- ease of use by humans
- difficulty to automate
- universality
- reistance to no-effort attacks
- scalability
- use of a secret database.
The authors describe the lessons learned, some fundamental guidelines for IRCs and propose an alternative IRC which relies on recognising an object by exploiting its surrounding context. This requires the user (hopefully a human) to select an item from a set of objects detached from the original image, and then place it back at its original position in the image. Its usability, robustness and copyright issues are discussed.
Posted on: 15 October 2010 at 09:05 hrs
Comments are filtered automatically and should appear shortly after they been checked.