验证码:一种抵御在线密码猜测攻击的强大方法

2014 International Conference on Advances in Communication and Computing Technologies (ICACACT 2014) Pub Date : 2015-09-03 DOI:10.1109/EIC.2015.7230731

Rohini B. Varne, R. Mane

{"title":"验证码:一种抵御在线密码猜测攻击的强大方法","authors":"Rohini B. Varne, R. Mane","doi":"10.1109/EIC.2015.7230731","DOIUrl":null,"url":null,"abstract":"Brute force and Dictionary attacks have become an inevitable security threat to web applications today. Common measures taken to prevent online password guessing attacks like account locking mechanism are ineffective if an attacker has access to a number of compromised machines from a botnet. The main goal is to design a web application that restricts such attacks and at the same time enable convenient login to valid users. CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) is an effective challengeresponse test to achieve this goal because of its usability and robustness. These are the tests that cannot be solved by current computer programs or bots, but are easily solvable by humans. This ensures that the account is being accessed by a human and not by an automated program. The proposed system implements a secure CAPTCHA that withstands segmentation attacks and also provides various difficulty levels in CAPTCHA design. Classification of CAPTCHA and its robustness is discussed","PeriodicalId":101532,"journal":{"name":"2014 International Conference on Advances in Communication and Computing Technologies (ICACACT 2014)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"CAPTCHA: A robust approach to resist online password guessing attacks\",\"authors\":\"Rohini B. Varne, R. Mane\",\"doi\":\"10.1109/EIC.2015.7230731\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Brute force and Dictionary attacks have become an inevitable security threat to web applications today. Common measures taken to prevent online password guessing attacks like account locking mechanism are ineffective if an attacker has access to a number of compromised machines from a botnet. The main goal is to design a web application that restricts such attacks and at the same time enable convenient login to valid users. CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) is an effective challengeresponse test to achieve this goal because of its usability and robustness. These are the tests that cannot be solved by current computer programs or bots, but are easily solvable by humans. This ensures that the account is being accessed by a human and not by an automated program. The proposed system implements a secure CAPTCHA that withstands segmentation attacks and also provides various difficulty levels in CAPTCHA design. Classification of CAPTCHA and its robustness is discussed\",\"PeriodicalId\":101532,\"journal\":{\"name\":\"2014 International Conference on Advances in Communication and Computing Technologies (ICACACT 2014)\",\"volume\":\"35 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-09-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 International Conference on Advances in Communication and Computing Technologies (ICACACT 2014)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/EIC.2015.7230731\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 International Conference on Advances in Communication and Computing Technologies (ICACACT 2014)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EIC.2015.7230731","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

暴力破解和字典攻击已经成为当今web应用程序不可避免的安全威胁。如果攻击者可以从僵尸网络访问许多受感染的机器，通常采取的防止在线密码猜测攻击(如帐户锁定机制)的措施是无效的。主要目标是设计一个限制此类攻击的web应用程序，同时使有效用户能够方便地登录。CAPTCHA(完全自动化的公共图灵测试来区分计算机和人类)是一个有效的挑战响应测试，以实现这一目标，因为它的可用性和鲁棒性。这些测试是目前的计算机程序或机器人无法解决的，但人类很容易解决。这确保了该帐户是由人工而不是由自动程序访问的。该系统实现了一种安全的验证码，可以抵御分段攻击，并提供了不同难度的验证码设计。讨论了验证码的分类及其鲁棒性

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

CAPTCHA: A robust approach to resist online password guessing attacks

Brute force and Dictionary attacks have become an inevitable security threat to web applications today. Common measures taken to prevent online password guessing attacks like account locking mechanism are ineffective if an attacker has access to a number of compromised machines from a botnet. The main goal is to design a web application that restricts such attacks and at the same time enable convenient login to valid users. CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) is an effective challengeresponse test to achieve this goal because of its usability and robustness. These are the tests that cannot be solved by current computer programs or bots, but are easily solvable by humans. This ensures that the account is being accessed by a human and not by an automated program. The proposed system implements a secure CAPTCHA that withstands segmentation attacks and also provides various difficulty levels in CAPTCHA design. Classification of CAPTCHA and its robustness is discussed

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 International Conference on Advances in Communication and Computing Technologies (ICACACT 2014)

自引率

0.00%

发文量