Existing captcha solutions on the Internet are a major source of user frustration. Game captchas are an interesting and, to date, littlestudied approach claiming to make captcha solving a fun activity for the users. One broad form of such captchas-called Dynamic Cognitive Game (DCG) captchas-challenge the user to perform a game-like cognitive task interacting with a series of dynamic images. We pursue a comprehensive analysis of a representative category of DCG captchas. We formalize, design and implement such captchas, and dissect them across: (1) fully automated attacks, (2) humansolver relay attacks, and (3) usability. Our results suggest that the studied DCG captchas exhibit high usability and, unlike other known captchas, offer some resistance to relay attacks, but they are also vulnerable to our novel dictionary-based automated attack.

Additional Metadata
Persistent URL dx.doi.org/10.1145/2590296.2590298
Conference 9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2014
Citation
Mohamed, M. (Manar), Sachdeva, N. (Niharika), Georgescu, M. (Michael), Gao, S. (Song), Saxena, N. (Nitesh), Zhang, C. (Chengcui), … Chen, W.-B. (Wei-Bang). (2014). A three-way investigation of a game-CAPTCHA: Automated attacks, relay attacks and usability. In ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (pp. 195–206). doi:10.1145/2590296.2590298