Team for Research in
Ubiquitous Secure Technology

Text-based CAPTCHA strengths and weaknesses
Elie Bursztein, Matthieu Martin, John C. Mitchell

Citation
Elie Bursztein, Matthieu Martin, John C. Mitchell. "Text-based CAPTCHA strengths and weaknesses". Proceedings of the 18th ACM conference on Computer and communications security, 2011.

Abstract
We carry out a systematic study of existing visual CAPTCHAs based on distorted characters that are augmented with anti-segmentation techniques. Applying a systematic evaluation methodology to 15 current CAPTCHA schemes from popular web sites, we find that 13 are vulnerable to automated attacks. Based on this evaluation, we identify a series of recommendations for CAPTCHA designers and attackers, and possible future directions for producing more reliable human/computer distinguishers.

Electronic downloads

Citation formats  
  • HTML
    Elie Bursztein, Matthieu Martin, John C. Mitchell. <a
    href="http://www.truststc.org/pubs/891.html"
    >Text-based CAPTCHA strengths and weaknesses</a>,
    Proceedings of the 18th ACM conference on Computer and
    communications security, 2011.
  • Plain text
    Elie Bursztein, Matthieu Martin, John C. Mitchell.
    "Text-based CAPTCHA strengths and weaknesses".
    Proceedings of the 18th ACM conference on Computer and
    communications security, 2011.
  • BibTeX
    @inproceedings{BurszteinMartinMitchell11_TextbasedCAPTCHAStrengthsWeaknesses,
        author = {Elie Bursztein and Matthieu Martin and John C.
                  Mitchell},
        title = {Text-based CAPTCHA strengths and weaknesses},
        booktitle = {Proceedings of the 18th ACM conference on Computer
                  and communications security},
        year = {2011},
        abstract = {We carry out a systematic study of existing visual
                  CAPTCHAs based on distorted characters that are
                  augmented with anti-segmentation techniques.
                  Applying a systematic evaluation methodology to 15
                  current CAPTCHA schemes from popular web sites, we
                  find that 13 are vulnerable to automated attacks.
                  Based on this evaluation, we identify a series of
                  recommendations for CAPTCHA designers and
                  attackers, and possible future directions for
                  producing more reliable human/computer
                  distinguishers.},
        URL = {http://www.truststc.org/pubs/891.html}
    }
    

Posted by Mary Stewart on 4 Apr 2012.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.