For my Computer Security class I researched the history of CAPTCHAS, their flaws and benefits. I also propose an alternative to text based CAPTCHAS.
CAPTCHAs are commonly used security measures on the internet that prevent automated programs from abusing online services. They do so by asking humans to perform a task that computers cannot yet perform, such as recognizing shapes, deciphering distorted characters, discerning objects or animals in images or solving puzzles. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. As we will see, many attacks have been attempted to break or beat CAPTCHAS with some success. We will look at these unique, creative and even resourceful attempts and subsequent countermeasures and propose a new system of our own, building on some recent successes.
In order to build on current progress and remove limitations in image recognition CAPTCHAS we propose a system which greatly increases the image library size while decreasing the likelihood of machine learning type attacks. Also, we must maintain the ease of use inherent in the ASIRRA interface. Quite probably, it would be more difficult to produce the kind of results that were achieved in the machine learning study if the task was to distinguish male faces from female faces (rather than cats from dogs). This is not a proven fact but a conjecture based on the relative similarities of human faces (when compared to those of cats and dogs). Obviously, this would need to be tested, but this assumption is no less tested than the assumptions made by KittenAuth or ASIRRA early on.
Searching Google Images for “women” or “men” (using the advanced search feature to specify “faces” as criteria) returns millions of results that could be made into a very reliable library for our CAPTCHAS.
Here is the paper: egen_project_comp_sec_captcha