Pitfalls in CAPTCHA design and implementation: the Math CAPTCHA, a case study Export

@article{citeulike:5240442, abstract = {We present a black-box attack against an already deployed CAPTCHA that aims to protect a free service delivered using the Internet. This CAPTCHA, referred to as ” Math CAPTCHA” or ” QRBGS CAPTCHA”, requests the user to solve a mathematical problem in order to prove human. We study significant problems both in its design and its implementation, and how those flaws can be used to completely solve this CAPTCHA using a low-cost attack. This attack requires no development in Artificial Intelligence or automatic character recognition, the intended path, thus becoming a side-channel attack, based on this CAPTCHAs flaws. We relate these flaws to common flaws found in other CAPTCHA proposals. We conclude with some tips for enhancing this CAPTCHA that can be considered as general guidelines.}, author = {Hernandez-Castro, Carlos J. and Ribagorda, Arturo}, citeulike-article-id = {5240442}, citeulike-linkout-0 = {http://dx.doi.org/10.1016/j.cose.2009.06.006}, citeulike-linkout-1 = {http://linkinghub.elsevier.com/retrieve/pii/S0167404809000728}, day = {04}, doi = {10.1016/j.cose.2009.06.006}, issn = {01674048}, journal = {Computers \& Security}, keywords = {captcha}, month = {July}, posted-at = {2009-08-26 05:34:30}, priority = {2}, title = {Pitfalls in CAPTCHA design and implementation: the Math CAPTCHA, a case study}, url = {http://dx.doi.org/10.1016/j.cose.2009.06.006}, year = {2009} }

TY - JOUR ID - citeulike:5240442 L3 - citeulike-article-id:5240442 N2 - We present a black-box attack against an already deployed CAPTCHA that aims to protect a free service delivered using the Internet. This CAPTCHA, referred to as “Math CAPTCHA” or “QRBGS CAPTCHA”, requests the user to solve a mathematical problem in order to prove human. We study significant problems both in its design and its implementation, and how those flaws can be used to completely solve this CAPTCHA using a low-cost attack. This attack requires no development in Artificial Intelligence or automatic character recognition, the intended path, thus becoming a side-channel attack, based on this CAPTCHAs flaws. We relate these flaws to common flaws found in other CAPTCHA proposals. We conclude with some tips for enhancing this CAPTCHA that can be considered as general guidelines. JF - Computers & Security SN - 01674048 TI - Pitfalls in CAPTCHA design and implementation: the Math CAPTCHA, a case study KW - captcha AU - Hernandez-Castro, Carlos AU - Ribagorda, Arturo PY - 2009/07/04/ UR - http://dx.doi.org/10.1016/j.cose.2009.06.006 ER -