Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) is a reverse Turing test that is used to differentiate bots from humans. Text CAPTCHAs have been widely used in commercial applications, but most of the text CAPTCHAs have been successfully attacked. An alternative is to develop image CAPTCHAs to replace text CAPTCHAs. ARTiFACIAL (Automated Reverse Turing test using FACIAL features) Rui and Liu (2003) is an image CAPTCHA system based on detecting human face and facial features and claimed to be attack-resistant and user-friendly. This paper proposes a compute vision attack on ARTiFACIAL. By carefully analyzing the limitations of face and facial feature detectors that ARTiFACIAL exploits, tailor-made attacking algorithm is designed instead of using general face and facial feature detectors directly. When tested with the 800 ARTiFACIAL challenges, the overall success rate of the attacking algorithm is 18.0 %, which is significantly higher than the estimate of 0.0006 % given in Rui and Liu (2003) for computer vision attacks. It takes an average time 1.47s for a PC with 3.2GHz Intel P4 and 2GB memory to pass an ARTiFACIAL test, compared with 14s for a human subject given in Rui and Liu (2003). From the successful attack, useful lessons for guiding the design of image CAPTCHAs are derived to advance the current understanding of the design of image CAPTCHAs and lead to more secure design.

• 出版日期2015-6
• 单位南京林业大学