Breaking e-Banking CAPTCHAs

Cite This

Files in this item

Checksum: MD5:d2b09b3723effffee68a5b3d98aff013

LI, Shujun, Syed Amier Haider SHAH, Muhammad Asad Usman KHAN, Syed Ali KHAYAM, Ahmad-Reza SADEGHI, Roland SCHMITZ, 2010. Breaking e-Banking CAPTCHAs. The 26th Annual Computer Security Applications Conference on - ACSAC '10. Austin, Texas, Dec 6, 2010 - Dec 10, 2010. In: Proceedings of the 26th Annual Computer Security Applications Conference on - ACSAC '10. New York, New York, USA:ACM Press, pp. 171-180. ISBN 978-1-4503-0133-6. Available under: doi: 10.1145/1920261.1920288

@inproceedings{Li2010Break-6246, title={Breaking e-Banking CAPTCHAs}, year={2010}, doi={10.1145/1920261.1920288}, isbn={978-1-4503-0133-6}, address={New York, New York, USA}, publisher={ACM Press}, booktitle={Proceedings of the 26th Annual Computer Security Applications Conference on - ACSAC '10}, pages={171--180}, author={Li, Shujun and Shah, Syed Amier Haider and Khan, Muhammad Asad Usman and Khayam, Syed Ali and Sadeghi, Ahmad-Reza and Schmitz, Roland} }

<rdf:RDF xmlns:dcterms="" xmlns:dc="" xmlns:rdf="" xmlns:bibo="" xmlns:dspace="" xmlns:foaf="" xmlns:void="" xmlns:xsd="" > <rdf:Description rdf:about=""> <dc:creator>Li, Shujun</dc:creator> <dc:language>eng</dc:language> <dc:creator>Khan, Muhammad Asad Usman</dc:creator> <bibo:uri rdf:resource=""/> <dc:contributor>Khayam, Syed Ali</dc:contributor> <dcterms:isPartOf rdf:resource=""/> <dcterms:rights rdf:resource=""/> <dcterms:isPartOf rdf:resource=""/> <dcterms:issued>2010</dcterms:issued> <dcterms:bibliographicCitation>Also publ. in: ACSAC '10: Proceedings of the 26th Annual Computer Security Applications Conference, Dec. 6 - 10, 2010, Austin, Texas. New York, NY : ACM, 2010, pp. 171-180</dcterms:bibliographicCitation> <dc:creator>Khayam, Syed Ali</dc:creator> <dc:contributor>Schmitz, Roland</dc:contributor> <dc:contributor>Shah, Syed Amier Haider</dc:contributor> <dc:contributor>Li, Shujun</dc:contributor> <dcterms:title>Breaking e-Banking CAPTCHAs</dcterms:title> <foaf:homepage rdf:resource="http://localhost:8080/jspui"/> <void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/> <dc:contributor>Sadeghi, Ahmad-Reza</dc:contributor> <dc:rights>terms-of-use</dc:rights> <dc:format>application/pdf</dc:format> <dc:creator>Sadeghi, Ahmad-Reza</dc:creator> <dcterms:hasPart rdf:resource=""/> <dspace:hasBitstream rdf:resource=""/> <dc:date rdf:datatype="">2011-03-24T16:10:29Z</dc:date> <dc:creator>Shah, Syed Amier Haider</dc:creator> <dc:contributor>Khan, Muhammad Asad Usman</dc:contributor> <dcterms:available rdf:datatype="">2011-03-24T16:10:29Z</dcterms:available> <dcterms:abstract xml:lang="eng">Many financial institutions have deployed CAPTCHAs to protect their services (e.g., e-banking) from automated attacks. In addition to CAPTCHAs for login, CAPTCHAs are also used to prevent malicious manipulation of e-banking transactions by automated Man-in-the-Middle (MitM) attackers. Despite serious financial risks, security of e-banking CAPTCHAs is largely unexplored. In this paper, we report the first comprehensive study on e-banking CAPTCHAs deployed around the world. A new set of image processing and pattern recognition tech- niques is proposed to break all e-banking CAPTCHA schemes that we found over the Internet, including three e-banking CAPTCHA schemes for transaction verification and 41 schemes for login. These broken e-banking CAPTCHA schemes are used by thousands of financial institutions worldwide, which are serving hundreds of millions of e-banking customers. The success rate of our proposed attacks are either equal to or close to 100%. We also discuss possible improvements to these e-banking CAPTCHA schemes and show essential diffculties of designing e-banking CAPTCHAs that are both secure and usable. Based on our results we believe that currently CAPTCHAs are incapable of offering adequate security for high-value applications like e-banking.</dcterms:abstract> <dc:creator>Schmitz, Roland</dc:creator> <dspace:isPartOfCollection rdf:resource=""/> <dspace:isPartOfCollection rdf:resource=""/> </rdf:Description> </rdf:RDF>

Downloads since Oct 1, 2014 (Information about access statistics)

ACSAC2010_Full.pdf 2826

This item appears in the following Collection(s)

Search KOPS


My Account