Development of authentication-based CAPTCHA mechanism on touch screen environment

Abstract

CAPTCHA is a simple security test that was introduced to distinguish among humans and bots for decades. CAPTCHAs have been widely used on commercial sites, such as email service, and social networking sites, for protecting the system from automated software attackers. However, various techniques have been invented to break CAPTCHA, and one of these techniques is the 3rd party attacks. So, the design of CAPTCHA is unable to distinguish between human users and illegitimate human attackers. Thus, this research proposed a new type of CAPTCHA that is individually generated for an individual user. The proposed technique merges between biometrics and the user’s profile to obtain the most suitable CAPTCHA that cannot easily be broken by all intruders, even the human in the CAPTCHA farm. Besides, this proposed CAPTCHA can be used as a temporary password for every user, every login time, because of its randomness and uniqueness. The performance evaluation of this proposed technique indicates that if a user knows the full CAPTCHA, the system can determine the true user with 100% accuracy, but for the intruders, only 51.0% of the intruders would be identified as if they were the true user. Nonetheless, the bots attack must spend a very long-time solving and more failed attempts, which, in real-life working, it could be interrupted by the time limit of the system. Therefore, all bots cannot gain access as required.