Zhang´s CAPTCHA architecture based on intelligent interaction via RIA

To address the challenges in Web security based on CAPTCHA, we firstly analyze drawbacks, attack strategies and breaking methods of traditional CAPTCHAs, and propose a novel CAPTCHA architecture: Zhang´s CAPTCHA based on intelligent interaction via RIA. It includes two lines of defenses against various types of attacks. The first line is constructed on rich client side via Flex through intelligent interaction such as actions of drag-drop similar to computer games. The second line is constructed on the server side by comparing random state parameters such as Session-ID and Hidden-data between rich client-side and server-side in order to prevent automated programs to circumvent CAPTCHA and directly attack the server. We use the proposed Zhang´s CAPTCHA to develop two demos via Flex and JavaEE. The first demo requires user to drag specified one of five icons created randomly from the server and drop on a specified position according to a random question. The second demo requires user to select three of seven randomly numbered icons, drag them sequentially into a specified area. On the server side both of demos adopt the same comparison of random state parameters. The practice has shown that Zhang´s CAPTCHA is too difficult for automated programs, but too easy for human, and is effective against a variety of attacks.