Visual Reverse Turing Tests: A False Sense of Security

Author

Ponec, Miroslav

Author_Institution

Polytech. Univ. Brooklyn, NY

fYear

2006

fDate

21-23 June 2006

Firstpage

305

Lastpage

311

Abstract

Internet services are increasingly abused by malicious scripts that try to mimic human users. Reverse Turing tests are challenges used to differentiate humans from computers. Visual reverse Turing tests use visual challenges, such as distorted character recognition tasks, that are easily solved by humans, while remaining too hard for automatic scripts. We demonstrate that the computational and development cost of a script breaking through some currently deployed visual reverse Turing tests is low, thus making them ineffective in protecting these services. We present two case studies of successful attacks on character-based tests that are currently used to protect two public Web services. Our attacks utilize image processing techniques and also exploit flaws in the test deployment

Keywords

Internet; optical character recognition; security of data; testing; Internet services; distorted character recognition tasks; malicious scripts; public Web services; visual reverse Turing tests; Artificial intelligence; Automatic testing; Character recognition; Costs; Humans; Image processing; Optical character recognition software; Protection; Security; Web services;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Assurance Workshop, 2006 IEEE

Conference_Location

West Point, NY

Print_ISBN

1-4244-0130-5

Type

conf

DOI

10.1109/IAW.2006.1652110

Filename

1652110