Interweaving Unicode, Color, and Human Interactions to Enhance CAPTCHA Security

  • Author / Creator
    Roshanbin, Narges
  • Web security has become a critical issue due to the rising reliance of people on diverse types of online transactions. A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a security mechanism that is widely used to maintain the security of web services by preventing malicious programs from accessing these resources automatically. Despite the existence of several types of CAPTCHAs, many of them have been compromised due to their inherent vulnerabilities and the development of strong artificial intelligence and image recognition algorithms. The vulnerabilities of existing CAPTCHAs coupled with the trend of heavier dependence on the Internet calls for the development of a new generation of CAPTCHAs that are substantially more complex for machines, and yet easy to understand and solve by human users. In this thesis, we propose, implement and test a new CAPTCHA, which shows resistance against various forms of segmentation and recognition attacks. The multi-layered security approach employed in this CAPTCHA mainly comes from its use of Unicode as an input space, a virtual keyboard as the input device, the use of homoglyphs, the correlated usage of color in the foreground and background, and solution submission through intelligent human interaction. Furthermore, several forms of randomization are employed within different elements of the CAPTCHA which minimize the formation of detectable patterns that can be exploited by machines and make the attacks computationally complex for attackers. Our analyses provide evidence for substantial resistance of the proposed CAPTCHA against major attack types. Our CAPTCHA’s game-like solution procedure is enjoyable and intuitive for human users despite its relatively longer solution time compared to existing CAPTCHAs which comes as the price for the higher level of security it affords. Our user studies indicate that the CAPTCHA’s solving accuracy is comparable to major CAPTCHAs in use today. The complexity of this CAPTCHA can be further modified based on the security requirements of the resource being protected. Additional security- and usability-enhancing modifications are proposed and tested, which can further improve the CAPTCHA’s security or usability as needed.

  • Subjects / Keywords
  • Graduation date
  • Type of Item
  • Degree
    Doctor of Philosophy
  • DOI
  • License
    This thesis is made available by the University of Alberta Libraries with permission of the copyright owner solely for non-commercial purposes. This thesis, or any portion thereof, may not otherwise be copied or reproduced without the written consent of the copyright owner, except to the extent permitted by Canadian copyright law.
  • Language
  • Institution
    University of Alberta
  • Degree level
  • Department
    • Department of Electrical and Computer Engineering
  • Specialization
    • Software Engineering and Intelligent Systems
  • Supervisor / co-supervisor and their department(s)
    • Miller, James (Electrical and Computer Engineering)
  • Examining committee members and their departments
    • Stroulia, Eleni (Computing Science)
    • Aycock, John (Computer Science, University of Calgary)
    • Salmon, John (Electrical and Computer Engineering)
    • Cockburn, Bruce (Electrical and Computer Engineering)