Breaking e-Banking CAPTCHAs

Zitieren

Dateien zu dieser Ressource

Prüfsumme: MD5:d2b09b3723effffee68a5b3d98aff013

LI, Shujun, Syed Amier Haider SHAH, Muhammad Asad Usman KHAN, Syed Ali KHAYAM, Ahmad-Reza SADEGHI, Roland SCHMITZ, 2010. Breaking e-Banking CAPTCHAs. the 26th Annual Computer Security Applications Conference. Austin, Texas, 6. Dez 2010 - 10. Dez 2010. In: Proceedings of the 26th Annual Computer Security Applications Conference on - ACSAC '10. the 26th Annual Computer Security Applications Conference. Austin, Texas, 6. Dez 2010 - 10. Dez 2010. New York, New York, USA:ACM Press, pp. 171. ISBN 978-1-4503-0133-6. Available under: doi: 10.1145/1920261.1920288

@inproceedings{Li2010Break-6246, title={Breaking e-Banking CAPTCHAs}, year={2010}, doi={10.1145/1920261.1920288}, isbn={978-1-4503-0133-6}, address={New York, New York, USA}, publisher={ACM Press}, booktitle={Proceedings of the 26th Annual Computer Security Applications Conference on - ACSAC '10}, author={Li, Shujun and Shah, Syed Amier Haider and Khan, Muhammad Asad Usman and Khayam, Syed Ali and Sadeghi, Ahmad-Reza and Schmitz, Roland} }

<rdf:RDF xmlns:dcterms="http://purl.org/dc/terms/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:bibo="http://purl.org/ontology/bibo/" xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:void="http://rdfs.org/ns/void#" xmlns:xsd="http://www.w3.org/2001/XMLSchema#" > <rdf:Description rdf:about="https://kops.uni-konstanz.de/rdf/resource/123456789/6246"> <dc:creator>Li, Shujun</dc:creator> <dc:language>eng</dc:language> <dc:creator>Khan, Muhammad Asad Usman</dc:creator> <bibo:uri rdf:resource="http://kops.uni-konstanz.de/handle/123456789/6246"/> <dc:contributor>Khayam, Syed Ali</dc:contributor> <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/rdf/resource/123456789/36"/> <dcterms:issued>2010</dcterms:issued> <dcterms:bibliographicCitation>Also publ. in: ACSAC '10: Proceedings of the 26th Annual Computer Security Applications Conference, Dec. 6 - 10, 2010, Austin, Texas. New York, NY : ACM, 2010, pp. 171-180</dcterms:bibliographicCitation> <dc:creator>Khayam, Syed Ali</dc:creator> <dc:contributor>Schmitz, Roland</dc:contributor> <dc:contributor>Shah, Syed Amier Haider</dc:contributor> <dc:contributor>Li, Shujun</dc:contributor> <dcterms:title>Breaking e-Banking CAPTCHAs</dcterms:title> <foaf:homepage rdf:resource="http://localhost:8080/jspui"/> <void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/> <dc:contributor>Sadeghi, Ahmad-Reza</dc:contributor> <dc:format>application/pdf</dc:format> <dc:creator>Sadeghi, Ahmad-Reza</dc:creator> <dcterms:hasPart rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/6246/1/ACSAC2010_Full.pdf"/> <dspace:hasBitstream rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/6246/1/ACSAC2010_Full.pdf"/> <dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T16:10:29Z</dc:date> <dc:creator>Shah, Syed Amier Haider</dc:creator> <dc:contributor>Khan, Muhammad Asad Usman</dc:contributor> <dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T16:10:29Z</dcterms:available> <dcterms:abstract xml:lang="eng">Many financial institutions have deployed CAPTCHAs to protect their services (e.g., e-banking) from automated attacks. In addition to CAPTCHAs for login, CAPTCHAs are also used to prevent malicious manipulation of e-banking transactions by automated Man-in-the-Middle (MitM) attackers. Despite serious financial risks, security of e-banking CAPTCHAs is largely unexplored. In this paper, we report the first comprehensive study on e-banking CAPTCHAs deployed around the world. A new set of image processing and pattern recognition tech- niques is proposed to break all e-banking CAPTCHA schemes that we found over the Internet, including three e-banking CAPTCHA schemes for transaction verification and 41 schemes for login. These broken e-banking CAPTCHA schemes are used by thousands of financial institutions worldwide, which are serving hundreds of millions of e-banking customers. The success rate of our proposed attacks are either equal to or close to 100%. We also discuss possible improvements to these e-banking CAPTCHA schemes and show essential diffculties of designing e-banking CAPTCHAs that are both secure and usable. Based on our results we believe that currently CAPTCHAs are incapable of offering adequate security for high-value applications like e-banking.</dcterms:abstract> <dc:creator>Schmitz, Roland</dc:creator> <dc:rights>deposit-license</dc:rights> <dcterms:rights rdf:resource="http://nbn-resolving.org/urn:nbn:de:bsz:352-20140905103416863-3868037-7"/> <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/rdf/resource/123456789/36"/> </rdf:Description> </rdf:RDF>

Dateiabrufe seit 01.10.2014 (Informationen über die Zugriffsstatistik)

ACSAC2010_Full.pdf 1033

Das Dokument erscheint in:

KOPS Suche


Stöbern

Mein Benutzerkonto