We report a novel attack on two CAPTCHAs that have been
widely deployed on the Internet, one being Google's home design
and the other acquired by Google (i.e. reCAPTCHA). With a
minor change, our attack program also works well on the latest
ReCAPTCHA version, which uses a new defence mechanism that
was unknown to us when we designed our attack. This suggests
that our attack works in a fundamental level. Our attack appears
to be applicable to a whole family of text CAPTCHAs that build
on top of the popular segmentation-resistant mechanism of
"crowding character together" for security. Next, we propose a
novel framework that guides the application of our well-tested
security engineering methodology for evaluating CAPTCHA
robustness, and we propose a new general principle for
CAPTCHA design.
%0 Report
%1 elahmad2011robustness
%A El Ahmad, Ahmad S
%A Yan, Jeff
%A Tayara, Mohamad
%D 2011
%K captcha character google image ocr recognition segmentation
%T The Robustness of Google CAPTCHAs
%U http://homepages.cs.ncl.ac.uk/jeff.yan/google.pdf
%X We report a novel attack on two CAPTCHAs that have been
widely deployed on the Internet, one being Google's home design
and the other acquired by Google (i.e. reCAPTCHA). With a
minor change, our attack program also works well on the latest
ReCAPTCHA version, which uses a new defence mechanism that
was unknown to us when we designed our attack. This suggests
that our attack works in a fundamental level. Our attack appears
to be applicable to a whole family of text CAPTCHAs that build
on top of the popular segmentation-resistant mechanism of
"crowding character together" for security. Next, we propose a
novel framework that guides the application of our well-tested
security engineering methodology for evaluating CAPTCHA
robustness, and we propose a new general principle for
CAPTCHA design.
@techreport{elahmad2011robustness,
abstract = {We report a novel attack on two CAPTCHAs that have been
widely deployed on the Internet, one being Google's home design
and the other acquired by Google (i.e. reCAPTCHA). With a
minor change, our attack program also works well on the latest
ReCAPTCHA version, which uses a new defence mechanism that
was unknown to us when we designed our attack. This suggests
that our attack works in a fundamental level. Our attack appears
to be applicable to a whole family of text CAPTCHAs that build
on top of the popular segmentation-resistant mechanism of
"crowding character together" for security. Next, we propose a
novel framework that guides the application of our well-tested
security engineering methodology for evaluating CAPTCHA
robustness, and we propose a new general principle for
CAPTCHA design.
},
added-at = {2011-10-28T08:38:33.000+0200},
author = {El Ahmad, Ahmad S and Yan, Jeff and Tayara, Mohamad},
biburl = {https://www.bibsonomy.org/bibtex/23516bc8c24b04f63927808e82824004d/jaeschke},
institution = {School of Computer Science, Newcastle University, UK},
interhash = {2d6bb0b3bad1f6a01c15e1bbd8bd7158},
intrahash = {3516bc8c24b04f63927808e82824004d},
keywords = {captcha character google image ocr recognition segmentation},
month = may,
timestamp = {2014-07-28T15:57:31.000+0200},
title = {The Robustness of Google CAPTCHAs},
url = {http://homepages.cs.ncl.ac.uk/jeff.yan/google.pdf},
year = 2011
}