BASECASS: A methodology for CAPTCHAs security assurance
Identifiers
Permanent link (URI): http://hdl.handle.net/10017/49828DOI: 10.1016/j.jisa.2021.103018
ISSN: 2214-2126
Publisher
Elsevier
Date
2021-12-01Funders
Junta de Comunidades de Castilla-La Mancha
Ministerio de Ciencia e Innovación
Agencia Estatal de Investigación
Bibliographic citation
Hernandez-Castro, C.J., Barrero, D.F. & Moreno, M.D.R. 2021, "BASECASS: A methodology for CAPTCHAs security assurance", Journal of Information Security and Applications, vol. 63, art. no. 103018.
Keywords
CAPTCHA
Methodology
Machine Learning
Statistical analysis
Security assurance
Project
info:eu-repo/grantAgreement/JCCM//SBPLY%2F19%2F180501%2F000024/ES/MEJORA DE LA GESTIÓN DE RECURSOS HOSPITALARIOS MEDIANTE LA PREDICCIÓN DE LA DEMANDA CON APRENDIZAJE AUTOMÁTICO Y PLANIFICACIÓN
info:eu-repo/grantAgreement/AEI/Plan Estatal de Investigación Científica y Técnica y de Innovación 2017-2020/PID2019-109891RB-I00/ES/MEJORA DE LA GESTION DE RECURSOS HOSPITALARIOS MEDIANTE LA PREDICCION DE LA DEMANDA CON APRENDIZAJE AUTOMATICO Y PLANIFICACION/
info:eu-repo/grantAgreement/MICIN//PRX18%2F00563/ES//
Document type
info:eu-repo/semantics/article
Version
info:eu-repo/semantics/publishedVersion
Publisher's version
https://doi.org/10.1016/j.jisa.2021.103018Rights
Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)
Access rights
info:eu-repo/semantics/openAccess
Abstract
Today, much of the interaction between clients and providers has moved to the Internet. Some tricksters havealso learned to benefit from this new situation. New improved cons, tricks and deceptions can be found on-line.Many of these deceptions are only profitable if they are done at a large scale. In order to achieve these largenumbers of interactions, these attacks require automation.CAPTCHAs/HIPs are a relatively new security mechanism against automated attacks. They try to detectwhen the other end of the interaction is a human or a computer program (abot). However, CAPTCHA/HIPdesign is still in its initial conception as the stream of successful attacks highlight it.This paper focuses on the design of CAPTCHAs and if there is a way in which to assess a basic level ofsecurity for new CAPTCHA designs. To do so, we first review main attacks to different types of CAPTCHAsand then, we describe BASECASS, a methodology that can help in avoiding some of these design pitfalls.The application of the methodology is exemplified in three attacks to CAPTCHAs and how following themethodology designers could have avoided them.
Files in this item
Files | Size | Format |
|
---|---|---|---|
BASECASS_Hernandez_J_Inf_Secur ... | 2.338Mb |
|
Files | Size | Format |
|
---|---|---|---|
BASECASS_Hernandez_J_Inf_Secur ... | 2.338Mb |
|
Collections
- AUTOMATIC - Artículos [144]