The Failure of Noise-Based Non-continuous Audio Captchas

@article{Bursztein2011TheFO,
  title={The Failure of Noise-Based Non-continuous Audio Captchas},
  author={Elie Bursztein and Romain Beauxis and Hristo S. Paskov and Daniele Perito and Celine Fabry and John C. Mitchell},
  journal={2011 IEEE Symposium on Security and Privacy},
  year={2011},
  pages={19-31}
}
CAPTCHAs, which are automated tests intended to distinguish humans from programs, are used on many web sites to prevent bot-based account creation and spam. To avoid imposing undue user friction, CAPTCHAs must be easy for humans and difficult for machines. However, the scientific basis for successful CAPTCHA design is still emerging. This paper examines the widely used class of audio CAPTCHAs based on distorting non-continuous speech with certain classes of noise and demonstrates that virtually… 
View on IEEE
theory.stanford.edu
85 Citations
Highly Influential Citations
10
Background Citations
34
Methods Citations
21
Results Citations
3

85 Citations

Citation Type

Citation Type

A non-speech audio CAPTCHA based on acoustic event detection and classification
TLDR
This work proposes a novel and universally usable type of audio CAPTCHA that is solely based on the classification of acoustic sound events, and shows that the proposedCAPTCHA leads to satisfactorily high human success rates, while being robust against recently proposed attacks, more than currently available speech-based CAPTCHAs.
Toward Improved Audio CAPTCHAs Based on Auditory Perception and Language Understanding
TLDR
Two different audio CAPTCHA schemes are proposed that systematically exploit differences between humans and computers in terms of auditory perception and language understanding, yielding a better trade-off between usability and security as compared to currently available schemes.
Attacks as Defenses: Designing Robust Audio CAPTCHAs Using Attacks on Automatic Speech Recognition Systems
TLDR
This work proposes a new mechanism that is both comparatively intelligible (evaluated through a user study) and hard to automatically transcribe (i.e., P(transcription) = 4× 10−5) and demonstrates a CAPTCHA that is approximately four orders of magnitude more difficult to crack.
Distinguishing Humans from Automated Programs by a novel Audio-based CAPTCHA
TLDR
A technique for telling the human beings and computer programs apart based on submitting the right colour name of the object announced by the speaker has been introduced and the main advantage of the proposed CAPTCHA is that users don't have to memorise a group of random digits and words, which stretches the limits of individuals‟ short-term mind.
Solving Google's Continuous Audio CAPTCHA with HMM-Based Automatic Speech Recognition
TLDR
This work investigates the security of overlapping audio CAPTCHAs by developing an audio reCAPTCHA solver that is constructed based on speech recognition techniques using hidden Markov models (HMMs) and implemented by using an off-the-shelf library HMM Toolkit.
Reducing the Cost of Breaking Audio CAPTCHAs by Active and Semi-supervised Learning
TLDR
This work utilizes active and semi-supervised learning methods for breaking audio CAPTCHAs and shows that these methods can reduce the labeling costs considerably, resulting in an increased vulnerability of audio CAPtCHAs as automated attacks are rendered even more worthwhile.
Using automatic speech recognition for attacking acoustic CAPTCHAs: the trade-off between usability and security
TLDR
This work presents and analyzes an alternative CAPTCHA design that exploits specific capabilities of the human auditory system, i.e., auditory streaming and tolerance to reverberation and shows a far better trade-off between usability and security than the current quasi-standard approach of reCAPTCHA.
Automatic Generation and Evaluation of Usable and Secure Audio reCAPTCHA
TLDR
This work proposes reCAPGen, a system that uses ASR for generating secure CAPTCHAs and finds that the proposed Last Two Words scheme was the most usable with success rate of >78.2% and low response time of <14.5s.
Audio-CAPTCHA with distinction between random phoneme sequences and words spoken by multi-speaker
TLDR
This paper utilizes the difficulty on speaker-independent recognition for ASR machines instead of distortion with statistical noise to release users from remembering and spelling words, so it improves the accuracy of humans and usability.
Contributions to Text-based CAPTCHA Security
TLDR
This research systematically investigates the security of existing text-based CAPTCHAs, focusing on animated, 3D and 4D types, and proposes a segmentation-resistant CAPTCHA scheme based on the concept of identifying character locations, rather than merely recognising characters.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 32 REFERENCES
Breaking Audio CAPTCHAs
TLDR
This work analyzed the security of current audio CAPTCHAs from popular Web sites by using AdaBoost, SVM, and k-NN, and achieved correct solutions for test samples with accuracy up to 71%.
Audio CAPTCHA: Existing solutions assessment and a new implementation for VoIP telephony
A low-cost attack on a Microsoft captcha
TLDR
It is shown that CAPTCHAs that are carefully designed to be segmentation-resistant are vulnerable to novel but simple attacks, including the schemes designed and deployed by Microsoft, Yahoo and Google.
How Good Are Humans at Solving CAPTCHAs? A Large Scale Evaluation
TLDR
Evidence from a week’s worth of eBay captchas suggests that the solving accuracies found in the study are close to real-world values, and that improving audioCaptchas should become a priority, as nearly 1% of all captchAs are delivered as audio rather than images.
A reverse turing test using speech
TLDR
This paper describes a Reverse Turing Test using speech and presents a test that depends on the fact that human recognition of distorted speech is far more robust than automatic speech recognition techniques.
Breaking Visual CAPTCHAs with Naive Pattern Recognition Algorithms
  • Jeff Yan, A. E. Ahmad
  • Computer Science
    Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)
  • 2007
TLDR
This paper document how most such visual CAPTCHAs provided at Captchaservice.org, a publicly available web service for CAPTCHA generation, were broken with a near 100% success rate by their novel attacks.
Decaptcha: breaking 75% of eBay audio CAPTCHAs
TLDR
This paper shows that the prototype Decaptcha is able to successfully break 75% of eBay audio captchas and compares its performance with the state of the art, readily available speech recognition system Sphinx and discusses the implications for eBay security.
CAPTCHA: Using Hard AI Problems for Security
TLDR
This work introduces captcha, an automated test that humans can pass, but current computer programs can't pass; any program that has high success over a captcha can be used to solve an unsolved Artificial Intelligence (AI) problem; and provides several novel constructions of captchas, which imply a win-win situation.
Machine learning attacks against the Asirra CAPTCHA
  • P. Golle
  • Computer Science
    IACR Cryptol. ePrint Arch.
  • 2008
TLDR
A classifier which is 82.7% accurate in telling apart the images of cats and dogs used in Asirra, which is significantly higher than the estimate of 0.2% given in [7] for machine vision attacks.
Recognizing objects in adversarial clutter: breaking a visual CAPTCHA
  • Greg Mori, Jitendra Malik
  • Computer Science
    2003 IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 2003. Proceedings.
  • 2003
TLDR
Efficient methods based on shape context matching are developed that can identify the word in an EZ-Gimpy image with a success rate of 92%, and the requisite 3 words in a Gimpy image 33% of the time.
...
1
2
3
4
...