• DocumentCode
    2665489
  • Title

    Zhang´s CAPTCHA architecture based on intelligent interaction via RIA

  • Author

    Zhang, Wenjun

  • Author_Institution
    Res. Inst. of Appl. Comput. Technol., China Women´´s Univ., Beijing, China
  • Volume
    6
  • fYear
    2010
  • fDate
    16-18 April 2010
  • Abstract
    To address the challenges in Web security based on CAPTCHA, we firstly analyze drawbacks, attack strategies and breaking methods of traditional CAPTCHAs, and propose a novel CAPTCHA architecture: Zhang´s CAPTCHA based on intelligent interaction via RIA. It includes two lines of defenses against various types of attacks. The first line is constructed on rich client side via Flex through intelligent interaction such as actions of drag-drop similar to computer games. The second line is constructed on the server side by comparing random state parameters such as Session-ID and Hidden-data between rich client-side and server-side in order to prevent automated programs to circumvent CAPTCHA and directly attack the server. We use the proposed Zhang´s CAPTCHA to develop two demos via Flex and JavaEE. The first demo requires user to drag specified one of five icons created randomly from the server and drop on a specified position according to a random question. The second demo requires user to select three of seven randomly numbered icons, drag them sequentially into a specified area. On the server side both of demos adopt the same comparison of random state parameters. The practice has shown that Zhang´s CAPTCHA is too difficult for automated programs, but too easy for human, and is effective against a variety of attacks.
  • Keywords
    Internet; Java; human computer interaction; security of data; Flex; JavaEE; RIA; Web security; Zhang CAPTCHA architecture; attack strategy; computer games; data hiding; intelligent interaction; random state parameters; session-ID; Application software; Character recognition; Computer architecture; Computer security; Humans; Intelligent agent; Optical character recognition software; Optical distortion; Protection; Service oriented architecture; CAPTCHA; Flex; RIA; Zhang´s CAPTCHA; web security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Engineering and Technology (ICCET), 2010 2nd International Conference on
  • Conference_Location
    Chengdu
  • Print_ISBN
    978-1-4244-6347-3
  • Type

    conf

  • DOI
    10.1109/ICCET.2010.5486295
  • Filename
    5486295