We explore the robustness and usability of
moving-image object recognition (video) CAPTCHAs, designing and implementing
automated attacks based on computer vision techniques. Our approach is suitable
for broad classes of moving-image CAPTCHAs involving rigid objects. We first
present an attack that defeats instances of a state-of-the-art approach
involving dynamic text strings called code words. We then consider design
modifications to mitigate the attacks, and test if the designs modified for
greater robustness maintain usability. Our lab-based studies show that the
modified CAPTCHAs fail to offer viable usability, even when the CAPTCHA
strength is reduced below acceptable targets. Worse yet, our GPU-based
implementation shows that our automated approach can decode these captchas
faster than humans can, and we can do so at a relatively low cost of roughly 50
cents per 1000 captchas solved based on Amazon EC2 rates circa 2012. To further
demonstrate the challenges in designing usable captchas, we also implement and
test another variant of moving text strings using the known "emerging
images" concept. This variant is resilient to our attacks and also offers
similar usability to commercially available approaches. We explain why
fundamental elements of the emerging images idea resist our current attack
where others fail.
No comments:
Post a Comment