• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • Research Projects
  • Publications
  • People
  • Teaching
  • Media Outreach
  • News Archive

SPIES Lab, Computer Science and Engineering

Texas A&M University College of Engineering

Emerging-Image Motion CAPTCHAs

Vulnerabilities of Existing Designs, and Countermeasures

Based on the notion of “emergence”, Xu et al. (Usenix Security 2012; TDSC 2013) developed the first concrete instantiation of emerging-image moving-object (EIMO) CAPTCHAs using 2D hollow objects (codewords), shown to be usable and believed to be secure. In this work, we highlight the hidden security weaknesses of such a 2D EIMO CAPTCHA design. A key vulnerability is that the camera projection on 2D objects is constant (unlike 3D objects), making it possible to reconstruct the underlying codewords by superimposing and aggregating the temporally scattered parts of the object extracted from consecutive frames. We design and implement an automated attack framework to defeat this design using image processing techniques, and show that its accuracy in recognizing moving codewords is up to 89.2%, under different parameterizations. Our framework can be broadly used to undermine the security of different instances of 2D EIMO CAPTCHAs (not just the current state-of-the-art by Xu et al.), given the generalized and robust back-end theories in our attack, namely the methods to locate a codeword, reduce noises and accumulate objects’ contour information from consecutive frames corresponding to multiple time periods. As a countermeasure, we propose a fundamentally different design of EIMO CAPTCHAs based on pseudo 3D objects, and examine its security as well as usability. We argue that this design can resist our attack against 2D EIMO CAPTCHAs, although at the cost of reduced usability compared to the – now insecure –2D EIMO CAPTCHAs.

Comparison between the original EI-Nu CAPTCHA and our design with codeword “KHZ”. (a) A single frame image. (b) A single binary mask after removing the background scene. (c) Superimposition of 2 consecutive binary masks. (d) Superimposition of 5 consecutive binary masks.

Comparison between the original EI-Nu CAPTCHA and our design with codeword “KHZ”. (a) A single frame image. (b) A single binary mask after removing the background scene. (c) Superimposition of 2 consecutive binary masks. (d) Superimposition of 5 consecutive binary masks.

People

Faculty

  • Nitesh Saxena
  • Chengcui Zhang

Student

  • Song Gao (@UAB; PhD 2014; now Software Engineer at Google)
  • Manar Mohamed (@UAB; PhD 2016; now Visiting Assistant Professor at Miami University)

Publication

  • Emerging-Image Motion CAPTCHAs: Vulnerabilities of Existing Designs, and Countermeasures
    Song Gao, Manar Mohamed, Nitesh Saxena, and Chengcui Zhang.
    In IEEE Transactions on Dependable and Secure Computing (TDSC), 2017.
    [pdf]

Recent News

  • “Neuro Security” work got a MURI award from AFOSR March 22, 2023
  • Paper accepted to Oakland 2023 March 14, 2023
  • Paper (conditionally) accepted to MobiSys 2023 February 27, 2023
  • Paper accepted to USENIX Security 2023 February 21, 2023
  • 2 full papers accepted to WiSec 2023 January 30, 2023
  • Cybersecurity Program Led By Dr. Saxena Ranks Best! January 26, 2023
  • EarSpy in Media January 26, 2023
  • Dr. Saxena is a Co-PI on Thematic AI Lab November 28, 2022
  • Paper accepted to PMC 2022 November 28, 2022
  • Paper accepted to ICISC 2022 November 28, 2022
  • A New Grant from NSA October 17, 2022
  • Dr. Saxena appointed as a Dean’s Research Fellow October 17, 2022
  • Dr. Saxena to lead a new SaTC Medium project on Election Security July 16, 2022
  • SPIES Lab’s 12th PhD Graduate — Anuradha Mandal July 16, 2022
  • SPIES Lab’s 11th PhD Graduate – Payton Walker July 6, 2022
  • Two papers accepted to PST 2022 June 9, 2022
  • Paper accepted to ICDCS 2022 April 4, 2022
  • Paper accepted CHIL 2022 March 19, 2022
  • 2 papers accepted to WiSec 2022 March 19, 2022
  • Paper accepted to EuroS&P 2022 February 12, 2022

© 2016–2023 SPIES Lab, Computer Science and Engineering Log in

Texas A&M Engineering Experiment Station Logo
  • College of Engineering
  • Facebook
  • Twitter
  • State of Texas
  • Open Records
  • Risk, Fraud & Misconduct Hotline
  • Statewide Search
  • Site Links & Policies
  • Accommodations
  • Environmental Health, Safety & Security
  • Employment