Carlos Javier Hernández-Castro

Learn More
The ability to tell humans and computers apart is imperative to protect many services from misuse and abuse. For this purpose, tests called CAPTCHAs or HIPs have been designed and put into production. Recent history shows that most (if not all) can be broken given enough time and commercial interest: CAPTCHA design seems to be a much more difficult problem(More)
We present a black-box attack against an already deployed CAPTCHA that aims to protect a free service delivered using the Internet. This CAPTCHA, referred to as ‘‘Math CAPTCHA’’ or ‘‘QRBGS CAPTCHA’’, requests the user to solve a mathematical problem in order to prove human. We study significant problems both in its design and its implementation, and how(More)
We propose a new scheme of attack on the Microsoft’s ASIRRA CAPTCHA which represents a significant shortcut to the intended attacking path, as it is not based in any advance in the state of the art on the field of image recognition. After studying the ASIRRA Public Corpus, we conclude that the security margin as stated by their authors seems to be quite(More)
We propose a new scheme of attack on the HumanAuth CAPTCHA which represents a significant shortcut to the intended attacking path, as it is not based in any advance in the state of the art on the field of image recognition. After analyzing the HumanAuth image database with a new approach based on statistical analysis and machine learning, we conclude that(More)
One of the first approaches to proposed to prevent automated attacks on Internet were the Human Interactive Proofs(HIPs). Since their invention, a variety of designs have been proposed, yet most of them have been successfully attacked. In this paper we focus on a new HIP, based on a puzzle solving scheme, created to increase both security and usability: the(More)
Human interactive proofs (HIPs) are a basic security measure on the Internet to avoid several types of automatic attacks. A variety of designs have been proposed. Here, the authors focus on a new type of HIP, based on a puzzle completion scheme that has been created to increase security and usability: the Capy CAPTCHA (Completely Automated Public Turing(More)
CAPTCHAs or HIPs are tests able to tell humans and computers apart, remotely and over an untrustworthy channel. They rely on abilities that are though to be hard for algorithms, yet easy for humans. General logic reasoning, based on common sense knowledge, is one of the areas that are still considered hard for AI. On the other hand, logic reasoning(More)
MARS’s s-boxes were generated using a new algorithm developed by the IBM team, which was supposedly able of producing secure s-boxes against both differential and linear cryptanalysis. In this paper we show this is not the case, because their strength against linear cryptanalysis is not better (in fact, it seems to be worse) that what could be expected if(More)