Emerging-Image Motion CAPTCHAs: Vulnerabilities of Existing Designs, and Countermeasures

Academic Article

Abstract

  • IEEE Based on the notion of ?emergence?, Xu et al.(Usenix Security'2012;TDSC'2013)developed the first concrete instantiation of emerging-image moving-object(EIMO)CAPTCHAs using 2D-hollow objects(codewords), shown to be usable and believed to be secure. In this paper, we highlight the security weaknesses of such a 2D-EIMO CAPTCHA design. A key vulnerability is that the camera projection on 2D objects is constant, making it possible to reconstruct the underlying codewords by superimposing and aggregating the temporally scattered parts of the object extracted from consecutive frames. We design and implement an automated attack to defeat this design using image processing techniques, and show that its accuracy in recognizing moving codewords is up to 89.2%. Our framework can be broadly used to undermine the security of different instances of 2D-EIMO CAPTCHAs, given the generalized and robust back-end theories in our attack, namely the methods to locate a codeword, reduce noises and accumulate objects? contour information from consecutive frames corresponding to multiple time periods. As a countermeasure, we propose a fundamentally different design of EIMO CAPTCHAs based on pseudo 3D objects, and examine its security and usability. We argue that this design can resist our attack against 2D-EIMO, although at the cost of reduced usability compared to?-now insecure?-2D-EIMO CAPTCHAs.
  • Authors

    Digital Object Identifier (doi)

    Author List

  • Gao S; Mohamed M; Saxena N; Zhang C