Three-Way Dissection of a Game-CAPTCHA: Automated Attacks, Relay Attacks, and Usability
Date: October 2013
Publication: arXiv 1310.1540
Source 1: http://arxiv.org/pdf/1310.1540v1
Abstract or Summary:
Existing captcha solutions on the Internet are a major source of user frustration. Game captchas are an interesting and, to date, little-studied approach claiming to make captcha solving a fun activity for the users. One broad form of such captchas -- called Dynamic Cognitive Game (DCG) captchas -- challenge the user to perform a game-like cognitive task interacting with a series of dynamic images. We pursue a comprehensive analysis of a representative category of DCG captchas. We formalize, design and implement such captchas, and dissect them across: (1) fully automated attacks, (2) human-solver relay attacks, and (3) usability. Our results suggest that the studied DCG captchas exhibit high usability and, unlike other known captchas, offer some resistance to relay attacks, but they are also vulnerable to our novel dictionary-based automated attack.
PasswordResearch.com Note: Additional unlisted authors: Ponnurangam Kumaraguru, Paul C. van Oorschot, Wei-Bang Chen
Do you have additional information to contribute regarding this research paper? If so, please email email@example.com with the details.