MetaCAPTCHA: A Metamorphic Throttling Service for the Web

Author

Dua, Akshay ; Thai Bui ; Tien Le ; Nhan Huynh ; Wu-Chang Feng

Author_Institution

Dept. of Comput. Sci., Portland State Univ., Portland, OR, USA

fYear

2014

fDate

21-24 Oct. 2014

Firstpage

665

Lastpage

670

Abstract

Spam is a problem that refuses to go away. An immense amount of time and money is currently devoted to hiding spam, but not enough is devoted to effectively preventing it. CAPTCHAs are a prevalent spam prevention mechanism, but are getting harder for humans to solve and easier for programs to "break". CAPTCHAs also cannot prevent spam from hijacked accounts since they are mostly used during account creation. Proof-of-work approaches are gaining popularity, but current implementations are not effective enough and cannot be used by generic web applications. We present MetaCAPTCHA, an application-agnostic spam prevention service for web applications. MetaCAPTCHA dynamically issues CAPTCHAs and proof-of-work "puzzles" while ensuring that more malicious users solve "harder" puzzles. In order to support its operation, MetaCAPTCHA implements a novel secure protocol -- for authenticating web sites and validating proof-of-work solutions -- that allows for seamless integration across a variety of web applications.

Keywords

Internet; Web sites; authorisation; computer network security; protocols; unsolicited e-mail; MetaCAPTCHA; Web sites authentication; application-agnostic spam prevention service; generic Web applications; harder puzzles; metamorphic throttling service; prevalent spam prevention mechanism; proof-of-work puzzles; proof-of-work solution validation; secure protocol; Accuracy; Authentication; Browsers; CAPTCHAs; Electronic mail; Pricing; Protocols;

fLanguage

English

Publisher

ieee

Conference_Titel

Network Protocols (ICNP), 2014 IEEE 22nd International Conference on

Conference_Location

Raleigh, NC

Print_ISBN

978-1-4799-6203-7

Type

conf

DOI

10.1109/ICNP.2014.106

Filename

6980445