GeoCAPTCHA — A novel personalized CAPTCHA using geographic concept to defend against 3rd Party Human Attack

A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a scheme that can be used to distinguish human and robot such as malicious program. It has become the most widely used standard security technology to prevent automated computer program attacks, DoS attacks and Botnet. Thus, both Google and Microsoft use the text-based CAPTCHA for authenticated process. However, all text-based CAPTCHA has been broken due to the fact that it can´t prevent Optical Character Recognition (OCR) attack which can automatically identify the CAPTCHA´s words. Consequently, new kinds of CAPTCHAs have been proposed to solve this security hole. For example, image-based and audio-based CAPTCHA are new emerging schemes used to replace text-based CAPTCHA. However, a state-of-the-art attack called Human Attack could still defeat these CAPTCHA schemes. Human Attack means malicious industries hire the third party´s humans to collude with the attackers in order to pass the CAPTCHA tests. In this paper, we propose a novel CAPTCHA scheme (GeoCAPTCHA) which utilizes the personalized contents such as geographic information to prevent the 3^rd Party Human Attack. Then, we conduct a security analysis of the usability and security of GeoCAPTCHA. Our simulation demonstrate that GeoCAPTCHA can enhance the performance and security of the Google and Microsoft´s CATPCHA system with rotated 3D street-view image.