Abstract

Abstract: Text Captchas have been ubiquitous on the Internet, and breaking some of them is rarely news. But until very recently, it had remained an open problem outstanding for about 15 years: Is there a single but generic attack that breaks them all?

In this talk, I will introduce a surprisingly simple, but generic attack that breaks a wide variety of representative schemes, each with distinctive design features, including those deployed by Google, Microsoft, Yahoo!, Amazon and other Internet giants. As an interesting coincidence, our attack is deeply rooted in seminal research done for very different purposes by Cambridge academics John Daugman and David Field (now at Cornell).

Our attack probably pronounces a death sentence to the current common practice of Captcha designs. To make up for this sin, I will discuss how to design a game-changing scheme. Compared to the state of the art, our new design significantly increases both security and usability, simultaneously. It also offers other technical advantages and enables interesting commercial applications.

Bio: Jeff Yan did his PhD with Ross Anderson in the Lab, and has taught at Newcastle, and Chinese University of Hong Kong.