Mitigating CAPTCHA Relay Attacks Using Multiple Challenge-Response Mechanism

摘要

In an early work (Longe et al, 2009), we showed that existing CAPTCHA systems are majorly single challenge-response system, thus making it easy for bots and zombies to answer the test and consequently defeat the authentication mechanism. We introduced Double CAPTCHA Challenge-Response Systems (D-CRs) as a means of overcoming the inadequacies of the single challenge-response system and a viable tool in curbing internet masquerading. Since attackers such as spammers now use unsuspecting humans rather than automated script to solve CAPTCHAS, what is needed to break a CAPTCHA is to find human users willing to do the bidding of the hackers and fraudsters for a price. The consequence is the emergence of a new and challenging scenario commonly referred to as CAPTCHA relay attack. This paper describes how CAPTCHA relay attacks works in principle and how a Multiple challenge-response (M-CRs) system can be employed to mitigate CAPTCHA relay attacks using Multiple Challenge-Response mechanisms (M-CRs).