Cyberspace of Shujun LI

Shortcuts

What is CAPTCHA?

It is a technique used to prevent bots (web robots) from abusing web resources. The core of this technique is a computer program running at the server side which tries to distinguish human users from bots. CAPTCHAs have been widely used on user registration page and sometimes on login and message posting web pages. If you had never heard about this term, the examples below should remind your memory.

Examples

BotDetect Captcha Google reCAPTCHA NLPCaptcha @ Simpli5d

The Name of the Game

The History before CAPTCHA

Here I list previous work done by others before the term "CAPTCHA" appeared in late 2000 and early 2001. Some papers were published after 2000 but they were not influenced by the work on CAPTCHA done by CMU researchers.

A Brief History of CAPTCHA

Surveys

Shujun's Work

Oracle-based Attacks

In 2020, Shujun and his collaborators published a paper showing a new CAPTCHA protection mechanism against learning-based oracle attacks cannot actually prevent such attacks, due to some information about true labels from some statistical differences of images belonging to different classes. This work also led to a new general principle about checking any statistical imbalance in future CAPTCHA designs.

Breaking e-Banking CAPTCHAs

In 2010, Shujun and his collaborators analyzed a large number of CAPTCHA schemes deployed by many financial institutions all over the world and found out that none of them is secure. Three CAPTCHA schemes are used by the affected financial institutions for securing online banking transactions against automated man-in-the-middle attacks.

Captchæcker

Since 2011, Shujun and his collaborators have been developing the idea of automating the security and usability evaluation of CAPTCHAs. Some preliminary work has been published (see below), but a complete system is still to be developed.

Pass-CAPTCHA

Since 2009, Shujun has been thinking about how to combine passwords and CAPTCHAs to improve the usability of both systems when they have to appear on the same page. He calls such a combined system "Pass-CAPTCHA". Some ideas have been proposed and one prototype system has been tested in 2011-2012. More prototype systems are to be developed and tested. This is still an ongoing line of research, so no any result has been published so far.

Note that combining passwords and CAPTCHAs itself is not a new idea. Some human user authentication schemes have been designed to incorporate CAPTCHA to reduce the risk of automated attacks. One of such systems called PAS was cryptanalyzed by us in the following paper:

Audio CAPTCHAs

Shujun also did some work on audio CAPTCHAs. The main focus is how to improve usability and accessibility to the disabled.

Web Resources

General: T. Pavlidis's Tutorial on CAPTCHA W3C - Inaccessibility of CAPTCHA An ASP.NET Framework for Human Interactive Proofs Top 10 Worst Captchas emotion icon DevilTyper: A Game for CAPTCHA Usability Evaluation (Paper)

CAPTCHA Designs

Text CAPTCHAs: Egglue Semantic CAPTCHA textCAPTCHA Accessible Captcha for ExpressionEngine 2.x SI CAPTCHA Anti-Spam for WordPress SMARTCHA (SeMi Automated Reverse Turing test to tell Computer and Human Apart)
Recognition Based CAPTCHAs: emotion icon JCAPTCHA Web Wiz CAPTCHA KeyCAPTCHA - Social WordPress CAPTCHA HELLOCAPTCHA captchas.net (address-protector.com) Securimage: an open-source free PHP CAPTCHA script HKCaptcha CAPTCHA Service @ ProtectWebForm.com Horst Nogajski's PHP Class hn_captcha bot-check 1.2: WordPress anti-spam comment plugin CAPTCHA @ WebSpamProtect.com CAPTCHA Image @ codeproject.com
Image Understanding Based CAPTCHAs: Uncertainty-based CAPTCHA FaceDCAPTCHA Picatcha GigoIts HumanAuth (Implementation @ Uni-Regensburg) IMAGINATION: Image-based Authentication MosaHIP Peoplesign CAPTCHA
Interactive CAPTCHAs: are you a human FunCaptcha Draggable Captcha for Drupal MotionCAPTCHA Stickman CAPTCHA + CAPTCHA ROCK Sliceya CAPTCHA
2-D+ CAPTCHAs: Moving-Object CAPTCHAs (including Emerging Images based CAPTCHA) emotion icon Sketcha: A Captcha Based on Line Drawings of 3D Models (demo) Juraj Rolko's 3D CAPTCHA Ironclad CAPTCHA (3D) CAPTCHAs based on depth perception: AniCAP + STE3D-CAP + STE3D-CAP-e Michael G. Kaplan's 3-D CAPTCHA emotion icon Vappic 4D CAPTCHA
Other CAPTCHAs: SenCAPTCHA GEETEST极验 emotion icon CAPTCHA @ Arkose Labs emotion icon Advanced Math CAPTCHA @ Quantum Random Bit Generator Service, Ruđer Bošković Institute, Croatia Heyes Captcha (demo) Codetcha (demo) Sliding CAPTCHA @ TheyMakeApps.com GeoLang's Second Generation CAPTCHA System Project

CAPTCHAs for Advertising: Solve Media NuCaptcha NLPCaptcha @ Simpli5d Confident AdCAPTCHA™ KoolCaptcha Cubecaptcha

CAPTCHA Solvers (Cracker)

PWNtcha The Captchacker Project: Captcha Breaking using Support Vector Machines Stiltwalker: Nucaptcha, Paypal, SecurImage, Slashdot, Davids Summer Communication DeepCaptcha.com Breaking EZ-Gimpy Megaupload Captcha Decoder aiCaptcha decaptcha@github.com 12306-decaptcha TextCaptchaBreaker JavaTextCaptchaBreaker emotion icon Death by Captcha Captcha Sniper GSA Captcha Breaker Antigate.Com BypassCaptcha.com decaptcha.info De-Captcher.com 2Captcha

More CAPTCHA-like Stuff

GOTCHA Hidden CAPTCHA WP Captcha-Free POSHes @ puzzles.mit.edu emotion icon Duolingo

Footer


PRchecker.info
Valid XHTML 1.0 Transitional

China

Germany (CET)