Abstract
CAPTCHAs are reverse Turing tests that aim to distinguish between human and non-human online participants. CAPTCHAs enable site administrators to determine if a particular user is a legitimate human or a bot, and grant or deny them access to resources accordingly, thus preventing abuse of resources. However, given the incentive to break or circumvent CAPTCHAs, they must also evolve alongside advances in machine learning tools and techniques to continue providing security for online services. In this paper, we present the essential design criteria for building robust CAPTCHAs and thus provide a general framework for evaluating a specific CAPTCHA design. We then develop several new CAPTCHA exemplars, and analyze them from this perspective to show how design decisions impact different evaluation parameters. We also provide an overview of a new security method that can be applied to any image CAPTCHA and present the results of the evaluation of one of the most promising image based CAPTCHAs with a comprehensive user study.
| Original language | English (US) |
|---|---|
| Pages (from-to) | 731-760 |
| Number of pages | 30 |
| Journal | Journal of Computer Security |
| Volume | 26 |
| Issue number | 6 |
| DOIs | |
| State | Published - 2018 |
All Science Journal Classification (ASJC) codes
- Software
- Safety, Risk, Reliability and Quality
- Hardware and Architecture
- Computer Networks and Communications
Keywords
- CAPTCHA
- authentication
- design requirements
- user study
- web security