• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • Research Projects
  • Publications
  • People
  • Teaching
  • Media Outreach
  • News Archive

SPIES Lab, Computer Science and Engineering

Texas A&M University College of Engineering

DCG

Investigation of Dynamic Cognitive Game CAPTCHAs

Existing captcha solutions on the Internet are a major source of user frustration. Game captchas are an interesting and, to date, little studied approach claiming to make captcha solving a fun activity for the users. One broad form of such captchas – called Dynamic Cognitive Game (DCG) captchas – challenge the user to perform a game-like cognitive task interacting with a series of dynamic images. We pursue a comprehensive analysis of a representative category of DCG captchas. We formalize, design and implement such captchas, and dissect them across: (1) fully automated attacks, (2) human-solver relay attacks, and (3) usability. Our results suggest that the studied DCG captchas exhibit high usability and, unlike other known captchas, offer some resistance to relay attacks, but they are also vulnerable to our novel dictionary-based automated attack.

Dynamic Cognitive Game (DCG) CAPTCHAs are a promising new generation of interactive CAPTCHAs aiming to provide improved security against automated and human-solver relay attacks. Unlike existing CAPTCHAs, defeating DCG CAPTCHAs using pure automated attacks or pure relay attacks may be challenging in practice due to the fundamental limitations of computer algorithms (semantic gap) and synchronization issues with solvers. To overcome this barrier, we propose two hybrid attack frameworks, which carefully combine the strengths of an automated program and offline/online human intelligence. These hybrid attacks require maintaining the synchronization only between the game and the bot similar to a pure automated attack, while solving the static AI problem (i.e., bridging the semantic gap) behind the game challenge similar to a pure relay attack. As a crucial component of our framework, we design a new DCG object tracking algorithm, based on color code histogram, and show that it is simpler, more efficient and more robust compared to several known tracking approaches. We demonstrate that both frameworks can effectively defeat a wide range of DCG CAPTCHAs.

Static snapshots of 4 game instances of a representative DCG captcha analysed in the study (targets are static;  objects are mobile)

Static snapshots of 4 game instances of a representative DCG captcha analysed in the study (targets are static; objects are mobile)

People

Faculty

  • Nitesh Saxena
  • Chengcui Zhang

Student

  • Manar Mohamed (@UAB; PhD 2016; now Visiting Assistant Professor at Miami University)
  • Song Gao (@UAB; PhD 2014; now Software Engineer at Google)
  • Michael Georgescu (@UAB; BS 2014)

External Collaborators:

  • Paul C. van Oorschot (@Carleton University; Professor)
  • Wei-Bang Chen (@Virginia State University; Assistant Professor)
  • Ponnurangam Kumaraguru (@Indraprastha Institute of Information Technology, India; Assistant Professor)
  • Niharika Sachdeva (@Indraprastha Institute of Information Technology, India; PhD student)

Publication

  • A Three-Way Investigation of a Game-CAPTCHA: Automated Attacks, Relay Attacks and Usability.
    Manar Mohamed, Niharika Sachdeva, Michael Georgescu, Song Gao, Nitesh Saxena, Chengcui Zhang, Ponnurangam Kumaraguru, Paul C. Van Oorschot and Wei-Bang Chen
    In ACM Symposium on Information, Computer and Communications Security (ASIACCS), June 2014.
    [pdf]
  • Dynamic Cognitive Game CAPTCHA Usability and Detection of Streaming-Based Farming
    Manar Mohamed, Song Gao, Nitesh Saxena, and Chengcui Zhang
    In the Workshop on Usable Security (USEC), co-located with NDSS, February 2014.
    [pdf]
  • Gaming the Game: Defeating a Game CAPTCHA with Efficient and Robust Hybrid Attacks
    Song Gao, Manar Mohamed, Nitesh Saxena, and Chengcui Zhang
    In Security and Forensics Track, IEEE International Conference on Multimedia and Expo (ICME), July 2014
    [pdf]

Recent News

  • “Neuro Security” work got a MURI award from AFOSR March 22, 2023
  • Paper accepted to Oakland 2023 March 14, 2023
  • Paper (conditionally) accepted to MobiSys 2023 February 27, 2023
  • Paper accepted to USENIX Security 2023 February 21, 2023
  • 2 full papers accepted to WiSec 2023 January 30, 2023
  • Cybersecurity Program Led By Dr. Saxena Ranks Best! January 26, 2023
  • EarSpy in Media January 26, 2023
  • Dr. Saxena is a Co-PI on Thematic AI Lab November 28, 2022
  • Paper accepted to PMC 2022 November 28, 2022
  • Paper accepted to ICISC 2022 November 28, 2022
  • A New Grant from NSA October 17, 2022
  • Dr. Saxena appointed as a Dean’s Research Fellow October 17, 2022
  • Dr. Saxena to lead a new SaTC Medium project on Election Security July 16, 2022
  • SPIES Lab’s 12th PhD Graduate — Anuradha Mandal July 16, 2022
  • SPIES Lab’s 11th PhD Graduate – Payton Walker July 6, 2022
  • Two papers accepted to PST 2022 June 9, 2022
  • Paper accepted to ICDCS 2022 April 4, 2022
  • Paper accepted CHIL 2022 March 19, 2022
  • 2 papers accepted to WiSec 2022 March 19, 2022
  • Paper accepted to EuroS&P 2022 February 12, 2022

© 2016–2023 SPIES Lab, Computer Science and Engineering Log in

Texas A&M Engineering Experiment Station Logo
  • College of Engineering
  • Facebook
  • Twitter
  • State of Texas
  • Open Records
  • Risk, Fraud & Misconduct Hotline
  • Statewide Search
  • Site Links & Policies
  • Accommodations
  • Environmental Health, Safety & Security
  • Employment