Automating the Bypass of Image-based CAPTCHA and Assessing Security

Sukhani, Krish; Sawant, Sahil; Maniar, Sarthak; Pawar, Renuka

doi:10.1109/icccnt51525.2021.9580020

Cited by 5 publications

(4 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Solving CAPTCHAs, however, is still error prone for humans [13,50], so achieving usable CAPTCHAs can be considered a challenge. Bots can also bypass them by proxying the CAPTCHA challenge to real humans [71] or machine learning algorithms [62]. These bypass methods are scalable in practice.…”

Section: Related Workmentioning

confidence: 99%

Pump Up Password Security! Evaluating and Enhancing Risk-Based Authentication on a Real-World Large-Scale Online Service

Wiefling

Jørgensen

Thunem

et al. 2022

ACM Trans. Priv. Secur.

View full text Add to dashboard Cite

Risk-based authentication (RBA) aims to protect users against attacks involving stolen passwords. RBA monitors features during login, and requests re-authentication when feature values widely differ from previously observed ones. It is recommended by various national security organizations, and users perceive it more usable and equally secure than equivalent two-factor authentication. Despite that, RBA is still only used by very few online services. Reasons for this include a lack of validated open resources on RBA properties, implementation, and configuration. This effectively hinders the RBA research, development, and adoption progress. To close this gap, we provide the first long-term RBA analysis on a real-world large-scale online service. We collected feature data of 3.3 million users and 31.3 million login attempts over more than one year. Based on the data, we provide (i) studies on RBA’s real-world characteristics, and its configurations and enhancements to balance usability, security, and privacy, (ii) a machine learning based RBA parameter optimization method to support administrators finding an optimal configuration for their own use case scenario, (iii) an evaluation of the round-trip time feature’s potential to replace the IP address for enhanced user privacy, and (iv) a synthesized RBA data set to reproduce this research and to foster future RBA research. Our results provide insights on selecting an optimized RBA configuration so that users profit from RBA after just a few logins. The open data set enables researchers to study, test, and improve RBA for widespread deployment in the wild.

show abstract

Section: Related Workmentioning

confidence: 99%

Pump Up Password Security! Evaluating and Enhancing Risk-Based Authentication on a Real-World Large-Scale Online Service

Wiefling

Jørgensen

Thunem

et al. 2022

ACM Trans. Priv. Secur.

View full text Add to dashboard Cite

show abstract

“…It may be an improvement to use a risk score to decide if a CAPTCHA should be solved, compared to, e.g., GOG, where a CAPTCHA is shown to all users. However, the security gain is insignificant since researchers have already demonstrated attacks against Google's widely known reCAPTCHA [21,32]. Moreover, this does not prevent targeted attacks.…”

Section: Rbarmentioning

confidence: 99%

Is It Really You Who Forgot the Password? When Account Recovery Meets Risk-Based Authentication

Büttner,

Pedersen,

Wiefling

et al. 2024

Communications in Computer and Information Science

View full text Add to dashboard Cite

show abstract

“…A brief review of the work already done in the field: K. Sukhani, S. Sawant, S. Maniar, and R. Pawar [12] discussed how to break the image so we were able to bypass the re-CAPTCHA v2.…”

Section: F Nlp Captchamentioning

confidence: 99%

Web Authentication Biometric 3D Animated CAPTCHA System Using Artificial Intelligence and Machine Learning Approach

Bora,

Dinesh Chandra Jain

2023

JAIT

View full text Add to dashboard Cite

The internet and web security are integral aspects of our daily lives. Many commercial firms provide clients with internet services. For web access, it is assumed that only the genuine user, who is a human, will register. Yet automated hacking programs can also do registrations with fake data that consume a lot of bandwidth, slowing down or occasionally even shutting down websites, leading to Distributed denial-of-service (DDOS) attacks. Completely Automated Public Turing test to tell Computers and Human Apart (CAPTCHA) is the solution. Complex CAPTCHA is challenging for humans to recognize, but simple CAPTCHA is simple for AI to decipher. With the developments in neural networks and machine learning bots are mimicking humans and it is becoming difficult to distinguish humans and bots apart. This generated a need to think of some more innovative and novel CAPTCHA. Now, utilizing the same AIML approach to increase the efficacy of CAPTCHA and make it stronger against the bot attack. Biometric 3D Animated (B3DA) Algorithm proposed in this research is a novel approach based on the Face Detection AI algorithm along with handwritten 3D animated characters selected randomly to create a string which makes CAPTCHA simple that humans can identify but very difficult for bots. The test results have proven this to be a very robust CAPTCHA. The machine learning algorithm employed will keep on increasing the efficacy of this CAPTCHA each time the bot tries to break this.

show abstract

Automating the Bypass of Image-based CAPTCHA and Assessing Security

Cited by 5 publications

References 7 publications

Pump Up Password Security! Evaluating and Enhancing Risk-Based Authentication on a Real-World Large-Scale Online Service

Pump Up Password Security! Evaluating and Enhancing Risk-Based Authentication on a Real-World Large-Scale Online Service

Is It Really You Who Forgot the Password? When Account Recovery Meets Risk-Based Authentication

Web Authentication Biometric 3D Animated CAPTCHA System Using Artificial Intelligence and Machine Learning Approach

Contact Info

Product

Resources

About