| Completely Automated Public Turing test to tell Computers and Humans Apart called CAPTCHAs,can prevent malicious acts of misuse of machine scripts.Robustness and usability have long been regarded as two important indicators for measuring CAPTCHAs.Robustness requires that the CAPTCHAs protects against computer attacks,and usability requires that humans can easily pass the challenge of CAPTCHAs.However,with the continuous development of pattern recognition,machine learning and other fields,the robustness of traditional character-based CAPTCHAs cannot be guaranteed.In addition to the bad user experience,websites are seeking new CAPTCHAs that can replace the original CAPTCHAs.With the booming development of computer science and technology,many new CAPTCHAs have emerged,such as picture-based CAPTCHAs,SMS-based CAPTCHAs,and so on.Among them,the slider-type CAPTCHAs gradually replace the position of the original character-type CAPTCHAs on many websites with a fast response time and excellent user experience both on computer and mobile ends.It's widely used.Researchers have done many researches on the traditional character-based CAPTCHAs,but there are few researches on the emerging slider-based CAPTCHAs.Previous researchers used gradient-elevation trees to study the validity of discriminating slider-based CAPTCHAs.However,no researchers have studied the robustness of the slider-based CAPTCHAs.Therefore,this paper focuses on the robustness of the slider-based CAPTCHAs,and analyzes whether there is a deficiency in the design and implementation of the CAPTCHAs.In this paper,the robustness of the CAPTCHAs is measured by the success rate of the computer attack and the average time of attack.When the computer attack success rate is greater than 0.6% and the average attack time is less than 30 s,the attack is considered effective.In order to find out the shortcoming of the slider-type CAPTCHAs,in the analysis process,this paper first analyzes the data packet and restores the verification process of the slide-type verification code(online version and offline version).Then,the core data in the verification process,the mouse trajectory generated during the sliding process was analyzed,and the human mouse movement trajectory was simulated using the direct calculation,the random regression forest and the back process neural network.Finally,based on the known verification process,it analyzes its existing security vulnerability.After the analysis,found that the slider-based CAPTCHAs is not safe in offline mode,and there is a problem that can be bypassed directly from the process.In addition,the slider-based CAPTCHAs also have a shortage of other security such as a small sample space of the CAPTCHAs.Next,constructing the data message and using the headless browser and automatic testing framework,exploiting vulnerability,and attacking the experiment respectively,the experiment successfully implements the decryption of the slider-based CAPTCHAs,and the result shows that even if the method of generating trajectory is calculated still has 34% machine pass rate.And it is still higher than the safety design requirement of 0.6%.This means that the slider-type verification code itself is not robust enough.Finally,the paper proposes some suggestions for improving the vulnerability of the slider-based CAPTCHAs. |
PDF Full Text Request