Your search keyword '"Hernández Castro, Carlos"' showing total 4 results

1. Remotely Telling Humans and Computers Apart: An Unsolved Problem

Author

Hernandez-Castro, Carlos Javier, Ribagorda, Arturo, Camenisch, Jan, editor, and Kesdogan, Dogan, editor

Published

2009

2. Breaking CaptchaStar Using the BASECASS Methodology.

Author

HERNÁNDEZ-CASTRO, CARLOS, BARRERO, DAVID F., and DOLORES R-MORENO, MARIA

Subjects

MACHINE learning

Abstract

In this article, we present fundamental design flaws of CaptchaStar. We also present a full analysis using the BASECASS methodology that employs machine learning techniques. By means of this methodology, we find an attack that bypasses CaptchaStar with almost 100% accuracy. [ABSTRACT FROM AUTHOR]

Published

2023

3. Machine learning and empathy: the Civil Rights CAPTCHA.

Author

Hernández ‐ Castro, Carlos Javier, Barrero, David F., and R ‐ Moreno, María D.

Subjects

MACHINE learning, EMPATHY, COMPUTER security, CIVIL rights, CYBERTERRORISM, COMPUTER algorithms

Abstract

Human interactive proofs (HIPs) are a basic security measure on the Internet to avoid automatic attacks. There is an ongoing effort to find a HIP that is secure enough yet easy for humans. Recently, a new HIP has been designed aiming at higher security: the Civil Rights Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA). It employs the empathy capacity of humans to further strengthen Securimage, a well-known text CAPTCHA. In this paper, we analyze it from a security perspective, finding fundamental design flaws. Using several well-known machine learning (ML) algorithms, we analyze to what extent these flaws affect its security. We discover that thanks to them, we can create a successful side-channel attack. This attack is able to correctly solve the HIP on 20.7 % of occasions, much more than enough to consider it broken. Thus, we show that there is no need to solve the problem of optical character recognition nor empathy analysis for computers to break this particular HIP. ML can be successfully used to break a HIP that uses both with a side-channel attack. This security analysis can be applied to other HIPs. It will allow to test whether they are leaking too much information by unexpected ways, given non-evident design flaws. Copyright © 2015 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

4. BASECASS: A methodology for CAPTCHAs security assurance.

Author

Hernández-Castro, Carlos Javier, Barrero, David F., and R-Moreno, María D.

Subjects

*CAPTCHA (Challenge-response test), *INTERNET, *METHODOLOGY, *MACHINE learning, *COMPUTER security

Abstract

Today, much of the interaction between clients and providers has moved to the Internet. Some tricksters have also learned to benefit from this new situation. New improved cons, tricks and deceptions can be found on-line. Many of these deceptions are only profitable if they are done at a large scale. In order to achieve these large numbers of interactions, these attacks require automation. CAPTCHAs/HIPs are a relatively new security mechanism against automated attacks. They try to detect when the other end of the interaction is a human or a computer program (a bot). However, CAPTCHA/HIP design is still in its initial conception as the stream of successful attacks highlight it. This paper focuses on the design of CAPTCHAs and if there is a way in which to assess a basic level of security for new CAPTCHA designs. To do so, we first review main attacks to different types of CAPTCHAs and then, we describe BASECASS, a methodology that can help in avoiding some of these design pitfalls. The application of the methodology is exemplified in three attacks to CAPTCHAs and how following the methodology designers could have avoided them. [ABSTRACT FROM AUTHOR]

Published

2021