Abstract:
Despite large-scale deployment of image CAPTCHAs with distorted texts, most of the deployed schemes are either too weak in terms of security or unacceptable in terms of usability. Balancing the delicate security-usability tradeoff of a CAPTCHA scheme remains an art rather than a science. This tradeoff can be balanced if we can quantitatively evaluate the security and usability of a given CAPTCHA. To bridge this gap, in this project we have developed a semi-automatic CAPTCHA security evaluation toolkit which quantitatively measures the strength of text-based CAPTCHA images.
This project comprises three modules:
Module 1: In this module we have implemented packing and morphing algorithms to distort and pack characters together to gain insights into the CAPTCHA generation process. This helps us in reverse engineering the process to de-morph other CAPTCHAs.
Module 2: In this module, we use image processing measures to quantify a CAPTCHA's security.
Module 3: We run a usability studies to correlate subjective user data with the quantitative measures.
