Publikation: Breaking e-Banking CAPTCHAs
Lade...
Dateien
Datum
2010
Autor:innen
Shah, Syed Amier Haider
Khan, Muhammad Asad Usman
Khayam, Syed Ali
Sadeghi, Ahmad-Reza
Schmitz, Roland
Herausgeber:innen
ISSN der Zeitschrift
Electronic ISSN
ISBN
Bibliografische Daten
Verlag
Schriftenreihe
Auflagebezeichnung
URI (zitierfähiger Link)
DOI (zitierfähiger Link)
Internationale Patentnummer
Link zur Lizenz
Angaben zur Forschungsförderung
Projekt
Open Access-Veröffentlichung
Open Access Green
Core Facility der Universität Konstanz
Titel in einer weiteren Sprache
Publikationstyp
Beitrag zu einem Konferenzband
Publikationsstatus
Published
Erschienen in
Proceedings of the 26th Annual Computer Security Applications Conference on - ACSAC '10. New York, New York, USA: ACM Press, 2010, pp. 171-180. ISBN 978-1-4503-0133-6. Available under: doi: 10.1145/1920261.1920288
Zusammenfassung
Many financial institutions have deployed CAPTCHAs to protect their services (e.g., e-banking) from automated attacks. In addition to CAPTCHAs for login, CAPTCHAs are also used to prevent malicious manipulation of e-banking transactions by automated Man-in-the-Middle (MitM) attackers. Despite serious financial risks, security of e-banking CAPTCHAs is largely unexplored. In this paper, we report the first comprehensive study on e-banking CAPTCHAs deployed around the world. A new set of image processing and pattern recognition tech- niques is proposed to break all e-banking CAPTCHA schemes that we found over the Internet, including three e-banking CAPTCHA schemes for transaction verification and 41 schemes for login. These broken e-banking CAPTCHA schemes are used by thousands of financial institutions worldwide, which are serving hundreds of millions of e-banking customers. The success rate of our proposed attacks are either equal to or close to 100%. We also discuss possible improvements to these e-banking CAPTCHA schemes and show essential diffculties of designing e-banking CAPTCHAs that are both secure and usable. Based on our results we believe that currently CAPTCHAs are incapable of offering adequate security for high-value applications like e-banking.
Zusammenfassung in einer weiteren Sprache
Fachgebiet (DDC)
004 Informatik
Schlagwörter
Konferenz
The 26th Annual Computer Security Applications Conference on - ACSAC '10, 6. Dez. 2010 - 10. Dez. 2010, Austin, Texas
Rezension
undefined / . - undefined, undefined
Zitieren
ISO 690
LI, Shujun, Syed Amier Haider SHAH, Muhammad Asad Usman KHAN, Syed Ali KHAYAM, Ahmad-Reza SADEGHI, Roland SCHMITZ, 2010. Breaking e-Banking CAPTCHAs. The 26th Annual Computer Security Applications Conference on - ACSAC '10. Austin, Texas, 6. Dez. 2010 - 10. Dez. 2010. In: Proceedings of the 26th Annual Computer Security Applications Conference on - ACSAC '10. New York, New York, USA: ACM Press, 2010, pp. 171-180. ISBN 978-1-4503-0133-6. Available under: doi: 10.1145/1920261.1920288BibTex
@inproceedings{Li2010Break-6246,
year={2010},
doi={10.1145/1920261.1920288},
title={Breaking e-Banking CAPTCHAs},
isbn={978-1-4503-0133-6},
publisher={ACM Press},
address={New York, New York, USA},
booktitle={Proceedings of the 26th Annual Computer Security Applications Conference on - ACSAC '10},
pages={171--180},
author={Li, Shujun and Shah, Syed Amier Haider and Khan, Muhammad Asad Usman and Khayam, Syed Ali and Sadeghi, Ahmad-Reza and Schmitz, Roland}
}RDF
<rdf:RDF
xmlns:dcterms="http://purl.org/dc/terms/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:bibo="http://purl.org/ontology/bibo/"
xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#"
xmlns:foaf="http://xmlns.com/foaf/0.1/"
xmlns:void="http://rdfs.org/ns/void#"
xmlns:xsd="http://www.w3.org/2001/XMLSchema#" >
<rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/6246">
<dcterms:abstract xml:lang="eng">Many financial institutions have deployed CAPTCHAs to protect their services (e.g., e-banking) from automated attacks. In addition to CAPTCHAs for login, CAPTCHAs are also used to prevent malicious manipulation of e-banking transactions by automated Man-in-the-Middle (MitM) attackers. Despite serious financial risks, security of e-banking CAPTCHAs is largely unexplored. In this paper, we report the first comprehensive study on e-banking CAPTCHAs deployed around the world. A new set of image processing and pattern recognition tech- niques is proposed to break all e-banking CAPTCHA schemes that we found over the Internet, including three e-banking CAPTCHA schemes for transaction verification and 41 schemes for login. These broken e-banking CAPTCHA schemes are used by thousands of financial institutions worldwide, which are serving hundreds of millions of e-banking customers. The success rate of our proposed attacks are either equal to or close to 100%. We also discuss possible improvements to these e-banking CAPTCHA schemes and show essential diffculties of designing e-banking CAPTCHAs that are both secure and usable. Based on our results we believe that currently CAPTCHAs are incapable of offering adequate security for high-value applications like e-banking.</dcterms:abstract>
<dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
<dc:creator>Shah, Syed Amier Haider</dc:creator>
<dc:creator>Khayam, Syed Ali</dc:creator>
<dc:contributor>Shah, Syed Amier Haider</dc:contributor>
<dc:creator>Sadeghi, Ahmad-Reza</dc:creator>
<dc:contributor>Sadeghi, Ahmad-Reza</dc:contributor>
<dc:rights>terms-of-use</dc:rights>
<dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
<dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/52"/>
<bibo:uri rdf:resource="http://kops.uni-konstanz.de/handle/123456789/6246"/>
<dcterms:bibliographicCitation>Also publ. in: ACSAC '10: Proceedings of the 26th Annual Computer Security Applications Conference, Dec. 6 - 10, 2010, Austin, Texas. New York, NY : ACM, 2010, pp. 171-180</dcterms:bibliographicCitation>
<dc:format>application/pdf</dc:format>
<dc:contributor>Li, Shujun</dc:contributor>
<dc:contributor>Khan, Muhammad Asad Usman</dc:contributor>
<dc:contributor>Schmitz, Roland</dc:contributor>
<dc:creator>Schmitz, Roland</dc:creator>
<foaf:homepage rdf:resource="http://localhost:8080/"/>
<dcterms:title>Breaking e-Banking CAPTCHAs</dcterms:title>
<dc:creator>Li, Shujun</dc:creator>
<dc:creator>Khan, Muhammad Asad Usman</dc:creator>
<void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/>
<dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T16:10:29Z</dcterms:available>
<dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/52"/>
<dcterms:rights rdf:resource="https://rightsstatements.org/page/InC/1.0/"/>
<dcterms:hasPart rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/6246/1/ACSAC2010_Full.pdf"/>
<dspace:hasBitstream rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/6246/1/ACSAC2010_Full.pdf"/>
<dcterms:issued>2010</dcterms:issued>
<dc:language>eng</dc:language>
<dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T16:10:29Z</dc:date>
<dc:contributor>Khayam, Syed Ali</dc:contributor>
</rdf:Description>
</rdf:RDF>Interner Vermerk
xmlui.Submission.submit.DescribeStep.inputForms.label.kops_note_fromSubmitter
Prüfungsdatum der Dissertation
Finanzierungsart
Kommentar zur Publikation
Allianzlizenz
Corresponding Authors der Uni Konstanz vorhanden
Internationale Co-Autor:innen
Universitätsbibliographie
Ja
