A Securityenhanced Circular Text CAPTCHA

Abstract

Abstract: To counteract malicious activities and automated programs attempting to infiltrate and attack websites or systems, a secure circular textbased CAPTCHA is designed based on a multisecret visual cryptography. In this approach, multiple circular secret images are randomly generated by the serverside and encrypted into two circular share images, one of the share images is saved while the other is distributed to the user. When the server receives a login request from the user, the shared image submitted by the user and the circular share image saved on the server are rotated and overlapped to recover the secret image. Random characters are then dynamically selected from each secret image to generate a circular CAPTCHA, enhancing the authentication function for legitimate users and providing more effective resistance to phishing attacks. Following CAPTCHA image quality assessment and recognition situation consideration, the circular textbased CAPTCHA ensures usability while significantly enhancing security, offering strong support for website and system protection.

Key words: CAPTCHA, secret sharing, multisecret visual cryptography, CAPTCHA recognition, Web pishing

摘要： 为了抵御恶意行为和自动化程序对网站或系统的侵入和攻击，采用了多秘密视觉密码方案设计一种安全性增强的环形文本验证码，即通过服务器端随机生成多个环形秘密图像，将它们加密成2个环形分享图像，并保存其中的一个分享图像，将另一个分享图像分发给用户.服务器收到用户的登录请求后，将用户提交的分享图像和其保存的环形分享图像进行旋转和叠加后恢复出秘密图像，并从每个秘密图像中随机选取字符动态生成环形验证码，增强了对合法用户的身份认证功能，能够更有效地抵御钓鱼攻击.经过验证码图像质量评估和识别情况的考量，环形文本验证码在确保可用性的同时也显著提升了安全性，为网站和系统的保护提供了有力支持.

关键词: 验证码, 秘密共享, 多秘密视觉密码, 验证码识别, 网站钓鱼

CLC Number:

TP393

郜佳华, 任亚唯, 叶铭, . 一种安全性增强的环形文本验证码[J]. 信息安全研究, 2024, 10(12): 1128-.

References

［1］Von Ahn L, Blum M, Langford J. Telling humans and computers apart automatically［J］. Communications of the ACM, 2004, 47(2): 5660［2］Zhang Y, Gao H, Pei G, et al. A survey of research on captcha designing and breaking techniques［C］ Proc of the 18th IEEE Int Conf on Trust, Security and Privacy in Computing and Communications13th IEEE Int Conf on Big Data Science and Engineering (TrustComBigDataSE). Piscataway, NJ: IEEE, 2019: 7584［3］Zi Y, Gao H, Cheng Z, et al. An endtoend attack on text captchas［J］. IEEE Trans on Information Forensics and Security, 2019, 15: 753766［4］Zhang N, Ebrahimi M, Li W, et al. A generative adversarial learning framework for breaking textbased CAPTCHA in the dark Web［C］ Proc of 2020 IEEE Int Conf Intelligence and Security Informatics (ISI). Piscataway, NJ: IEEE, 2020: 16［5］Kehar A, Arain R H, Shaikh R. Deciphering complex textbased CAPTCHAs with deep learning［J］. Indian Journal of Science and Technology, 2020, 13(13): 13901400［6］Tang M, Gao H, Zhang Y, et al. Research on deep learning techniques in breaking textbased captchas and designing imagebased captcha［J］. IEEE Trans on Information Forensics and Security, 2018, 13(10): 25222537［7］Nian J, Liang Z, Wang X, et al. A feature matchingbased attack on text CAPTCHAs［C］ SPIE 12290: Proc of Int Conf on Computer Network Security and Software Engineering (CNSSE 2022). Bellingham, WA: SPIE, 2022: 9297［8］Yusuf M O, Srivastava D, Singh D, et al. Multiview deep learningbased attack to break textCAPTCHAs［J］. International Journal of Machine Learning and Cybernetics, 2023, 14(3): 959972［9］Gogineni S, Suryanarayana G, Swapna N. Machine learning based encoderdecoder for captcha recognition［C］ Proc of 2020 Int Conf on Smart Electronics and Communication (ICOSEC). Piscataway, NJ: IEEE, 2020: 222227［10］Ding Y, Tang Z, Wang F. Singlesample face recognition based on shared generative adversarial network［J］. Mathematics, 2022, 10(5): 120［11］Jimale A O, Noor M H M. Fully connected generative adversarial network for human activity recognition［J］. IEEE Access, 2022, 10: 100257100266［12］Shi C, Xu X, Ji S, et al. Adversarial captchas［J］. IEEE Trans on Cybernetics, 2021, 52(7): 60956108［13］Qian Y, Hu H, Tan T. Data augmentation using generative adversarial networks for robust speech recognition［J］. Speech Communication, 2019, 114: 19［14］张郅, 李欣, 叶乃夫, 等. 融合多重风格迁移和对抗样本技术的验证码安全性增强方法［J］. 信息网络安全, 2022, 22(10): 129135［15］Naor M, Shamir A. Visual cryptography［C］ Proc of Advances in Cryptology—EUROCRYPT’94: Workshop on the Theory and Application of Cryptographic Techniques Perugia. Berlin: Springer, 1995: 112［16］Wang B, Wang W, Zhao P. A zerowatermark algorithm for multiple images based on visual cryptography and image fusion［J］. Journal of Visual Communication and Image Representation, 2022, 87: 103569［17］Chen T H, Chang C C, Wu C S, et al. On the security of a copyright protection scheme based on visual cryptography［J］. Computer Standards & Interfaces, 2009, 31(1): 15［18］Ren L, Zhang D. Toward privacy protection of sensed biometric features with extended visual cryptography［J］. Microprocessors and Microsystems, 2022, 91: 104540［19］Yan X, Liu F, Yan W Q, et al. Applying visual cryptography to enhance text captchas［J］. Mathematics, 2020, 8(3): 332［20］Alsuihabany S A, Alquraishi M. Usability andsecurity of arabic textbased CAPTCHA using visual cryptography［JOL］. Computer Systems Science & Engineering, 2022, 40(2) ［20241120］. https:sc.panda985.comscholar?q=.+Usability+and+security+of+arabic+textbased+CAPTCHA+using+visual+cryptography&lucky=%E8%B0%B7%E6%AD%8C%E5%AD%A6%E6%9C%AF［21］Mankhair S, Raut A, Mohimkar M, et al. Secured CAPTCHA password verification using visual cryptography［J］. International Journal of Engineering Science and Computing, 2016, 6(5): 52475251［22］Arora A, Garg H, Shivani S. Antiphishing technique based on dynamic image captcha using multi secret sharing scheme［J］. Journal of Visual Communication and Image Representation, 2022, 88: 103624［23］Naor M, Pinkas B. Threshold visual cryptography［C］ Proc of ACM SIGSAC Symp on Information, Computer and Communications Security. New York: ACM, 2001: 200208［24］Wu H C, Chang C C. Sharing visual multisecrets using circle shares［J］. Computer Standards & Interfaces, 2005, 28(1): 123135［25］Gannon M. HTML附件在恶意网络钓鱼活动中的使用［EBOL］. 2023 ［20240218］. https:cofense.combloghtmlattachmentsusedinmaliciousphishingcampaigns［26］Arndt J. Cofense Intelligence战略分析［EBOL］. 2023 ［20240218］. https:cofense.comblogcofenseintelligencestrategicanalysis2

[1]	. Research on Data Security Sharing Technology Based on Blockchain and Proxy Re-encryption [J]. Journal of Information Security Reserach, 2024, 10(8): 719-.
[2]	. Multi-party Shuffling Protocol Based on Elastic Secret Sharing [J]. Journal of Information Security Reserach, 2024, 10(4): 347-.
[3]	. Consortium Blockchain Identity Privacy Protection Scheme Based on Hierarchical Group Signature#br# [J]. Journal of Information Security Reserach, 2024, 10(12): 1160-.
[4]	. An Anonymous E-voting System for Large Scale Scenarios [J]. Journal of Information Security Reserach, 2022, 8(10): 990-.
[5]	. The Research of Secure CAPTCHA Generation and Verification Scheme Based on Behavior [J]. Journal of Information Security Research, 2020, 6(2): 139-144.
[6]	. AI Security—Research and Application on Adversarial Example [J]. Journal of Information Security Research, 2019, 5(11): 1000-1007.
[7]	. A Dynamic and Verified Rational Secret Sharing over an Asynchronous Channel [J]. Journal of Information Security Research, 2017, 3(7): 610-616.