NuCaptcha
NuCaptcha is an early fraud detection service which utilises behavior analytics to provision threat appropriate, animated video CAPTCHA's. NuCaptcha is developed and operated by Canadian-based firm, NuData Security.[1][2][3][4]
Static image-based CAPTCHAs are routinely used to prevent automated sign-ups to websites by using text or images of words disguised so that optical character recognition (OCR) software has trouble reading them.[1] However, in common CAPTCHA systems, users often fail to correctly solve the CAPTCHA 7% - 25% of the time.[5] NuCaptcha uses animated video technology that it claims make puzzles easier for humans to solve, but harder for bots and hackers to decipher.[1]
Technology
NuCaptcha attempts to solve usability of static image-based CAPTCHAS using two main technologies: 1) video animation to display CAPTCHA puzzles, and 2) a behaviour analysis system to monitor interactions with the platform.
- Video animation. CAPTCHAS are displayed as a video, and rendered in the web browser. A variety of technologies can be used to display the animated CAPTCHA, such as Flash video, HTML5, or GIF. Standard CAPTCHA techniques such as character crowding, once animated, are easier for humans to detect because of an innate motion-detecting ability.
- Behavior Analysis. Using machine-learning algorithms, NuCaptcha monitors platform interactions to tune the security of each CAPTCHA delivered to the user. Suspected attackers are given progressively more secure CAPTCHAS.[6]
Security
Security researcher Elie Bursztein demonstrated a practical attack against NuCaptcha's video CAPTCHA scheme by employing optical flow techniques to isolate individual CAPTCHA characters. The proposed attack is able to break the video CAPTCHAs in more than 90% of cases.[7]
In response, NuCaptcha noted that Bursztein’s findings underscore the need for CAPTCHA puzzles to be part of a larger security construct, such as behavior monitoring to assess the risk of individual users. NuCaptcha also pointed out that the CAPTCHAS analyzed in Bursztein's blog post were middle-security puzzles focused on usability, and not the stronger puzzles presented to high-risk users. In addition to this, NuCaptcha noted that the optical flow technique relies on static non-animated features of the puzzle. Changes were made to NuCaptcha puzzles to remove the static non-animated features.[8]
Application
NuCaptcha APIs are currently available in PHP, .NET, and Java. Plugins are available for WordPress, Drupal, Codelgniter, vBulletin, and phpBB.[9] In October 2011, NuCaptcha announced its CAPTCHA solutions for mobile devices across all platforms, including Android and iOS.[10]
References
- 1 2 3 "Animated CAPTCHA tech aims to fox spambots". The Register. Retrieved 14 July 2010.
- ↑ "NuCaptcha Flash CAPTCHAs to combat spambots". Retrieved 14 July 2010.
- ↑ "Spammers to Face Video CAPTCHA Technology - Security from eWeek". eWeek. Retrieved 14 July 2010.
- ↑ "Gartner Security & Risk Management Summit". Gartner. Retrieved 18 June 2013.
- ↑ Bursztein, Elie; Bethard, Steven; Fabry, Celine; Mitchell, John C.; Jurafsky, Dan (March 2010). "How Good are Humans at Solving CAPTCHAS? A Large Scale Evaluation" (PDF). Stanford University. Retrieved 2012-02-25.
- ↑ "Video CAPTCHAs Promise Better Security, Less Frustration". Read, Write, Web. Retrieved 30 June 2010.
- ↑ Bursztein, Elie. "How we broke the NuCaptcha video scheme and what we propose to fix it". Retrieved 20 February 2012.
- ↑ "NuCaptcha's Thoughts on Elie Bursztein's Document". Retrieved 7 February 2012.
- ↑ "NuCaptcha Docs". NuCaptcha. Retrieved 25 February 2012.
- ↑ "NuCaptcha Extends User-Friendly Captchas to Mobile Phones, Tablets and other Connected Devices". Press Release. Retrieved 5 October 2011.