|![[Search]](https://talks.cam.ac.uk/images/search.gif?1209136071)
|![[A-Z Index]](https://talks.cam.ac.uk/images/az.gif?1209136071)
|![[Contact]](https://talks.cam.ac.uk/images/contact.gif?1209136071)
||![[University of Cambridge]](https://talks.cam.ac.uk/images/identifier2.gif?1209136071){kind=small} |
COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring. | ![[Talks.cam]](https://talks.cam.ac.uk/images/talkslogosmall.gif?1209136071) |
University of Cambridge > Talks.cam > Computer Laboratory Security Group meeting presentations > The robustness of CAPTCHAs
The robustness of CAPTCHAsAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Andrew Lewis. No matter whether you like or hate it, CAPTCHA has found widespread application on numerous commercial web sites – it is now almost a standard security mechanism for defending against undesirable or malicious Internet bot programs. This talk introduces our recent work on attacking numerous widely deployed CAPTCH As. I will present new techniques of general value to attack a number of text CAPTCH As, including the schemes designed and deployed by Microsoft, Yahoo and Google. In particular, the Microsoft CAPTCHA has been deployed since 2002 at many of their online services including Hotmail, MSN and Windows Live. Designed to be segmentation-resistant, this scheme has been studied and tuned by its designers over the years. However, our simple attack has achieved a segmentation success rate of higher than 90% against this scheme. It took on average ~80 ms for the attack to completely segment a challenge on an ordinary desktop computer. As a result, we estimate that this CAPTCHA could be instantly broken by a malicious bot with an overall (segmentation and then recognition) success rate of more than 60%. On the contrary, the design goal was that automated attacks should not achieve a success rate of higher than 0.01%. For the first time, our work shows that CAPTCH As that are carefully designed to be segmentation-resistant are vulnerable to novel but simple attacks. Our experience suggests that CAPTCHA will go through the same process of evolutionary development as cryptography, digital watermarking and the like, with an iterative process in which successful attacks lead to the development of more robust systems. This talk is part of the Computer Laboratory Security Group meeting presentations series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsCreative Research at Museum of Archaeology & Anthropology Milcho Manchevski in Cambridge Individual in the Labour Market Research GroupOther talksRecent developments and debates in East Asian monsoon palaeoclimatology Numerical solution of the radiative transfer equation with a posteriori error bounds New micro-machines, new materials Cafe Synthetique: Synthetic Biology Industry Night Advanced NMR applications The evolution of photosynthetic efficiency Immigration and Freedom Discovering regulators of insulin output with flies and human islets: implications for diabetes and pancreas cancer Dynamics of Phenotypic and Genomic Evolution in a Long-Term Experiment with E. coli The microenvironment in the myeloid malignancies |
Friday 21 November 2008, 16:00-17:00