Divide and Conquer: An Efficient Attack on Yahoo! CAPTCHA

Author

Gao, Haichang ; Wang, Wei ; Fan, Ye

Author_Institution

Software Eng. Inst., Xidian Univ., Xi´´an, China

fYear

2012

fDate

25-27 June 2012

Firstpage

9

Lastpage

16

Abstract

CAPTCHA is now almost a standard security technology to tell computers and humans apart. The most widely deployed CAPTCHAs are text-based schemes. In this paper, we document how we have broken such text-based scheme used by Yahoo!. Using "connecting characters together" principle, Yahoo! CAPTCHA is effectively resistant to segmentation and recognition in the early attacks. In contrast to early works that recognized the text after segmentation, we combined the recognition with segmentation to divide and conquer the CAPTCHA. In another word, we segment the text by extracting the recognized characters. The experiments show that our extraction and segmentation attack on Yahoo! CAPTCHA achieved a success rate of about 78% and an overall (individual character recognition with OCR) success rate of 54.7%.

Keywords

Internet; Web sites; divide and conquer methods; security of data; CAPTCHA; Internet security; Yahoo; character recognition; divide and conquer method; standard security technology; text-based schemes; Character recognition; Computers; Head; Humans; Image color analysis; Joining processes; Security; CAPTCHA; Human Interactive Proof; Internet security; Yahoo!; recognition attack; segmentation attack;

fLanguage

English

Publisher

ieee

Conference_Titel

Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on

Conference_Location

Liverpool

Print_ISBN

978-1-4673-2172-3

Type

conf

DOI

10.1109/TrustCom.2012.131

Filename

6295952