Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Systems Security

ICISS 2020: Information Systems Security pp 97–116Cite as

Revelio: A Lightweight Captcha Solver Using a Dictionary Based Approach

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12553))

Abstract

Captcha is an important security measure used by many websites to defend against malicious bot programs. However, with the advancement in the field of computer vision, seemingly complex Captcha schemes have been broken. Although Captcha solving techniques have improved significantly, we observed that many major banking and government websites are still relying on a relatively simple class of text Captchas to counter bot attacks. In this paper, we demonstrate that Captcha schemes deployed on State Bank of India (SBI), Axis bank and Indian Railways (IRCTC) websites can be easily broken using a repertoire of standard image processing techniques. We develop a Captcha solver tool called Revelio which is lightweight, automatic, efficient, and requires minimal labeled data and works in real-time. We evaluate the performance of our tool with the state-of-the-art CNN model on diverse Captcha schemes from 14 major Indian websites. The proposed solver achieves at least 90% accuracy on 10/14 Captcha schemes. Further, we found that for the targeted class of Captcha schemes and a given amount of labeled data, our solver outperforms the CNN based solver.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Service Plus Captchas are used on different government websites including CM Relief Fund websites of Chhattisgarh and Karnataka.

  2. 2.

    SBI Collect Captchas are used on various government websites including CM Relief Fund websites of Assam, Gujarat, Haryana, Goa and Tripura.

References

  1. BotDetect Audio CAPTCHA Samples. https://captcha.com/audio-captcha-examples.html. Accessed 8 Aug 2020

  2. CM Relief Fund. https://cmrf.maharashtra.gov.in/CMRFCitizen/showdonform.action. Accessed 8 Aug 2020

  3. CM Relief Fund. https://apcmrf.ap.gov.in. Accessed 8 Aug 2020

  4. CM Relief Fund. www.cmrf.bih.nic.in/users/quickdonate.aspx. Accessed 8 Aug 2020

  5. Deep-CAPTCHA. https://github.com/DrMahdiRezaei/Deep-CAPTCHA. Accessed 8 Aug 2020

  6. Login to Allahabad Netbanking. https://www.allbankonline.in/jsp/startnew.jsp. Accessed 8 Aug 2020

  7. Login to Axis. https://retail.axisbank.co.in. Accessed 8 Aug 2020

  8. Login to Fast tag HDFC. https://fastag.hdfcbank.com/RetailRoadUserLogin/Index. Accessed 8 Aug 2020

  9. Login to IRCTC. https://www.irctc.co.in/nget/train-search. Accessed 8 Aug 2020

  10. Login to Karnataka Bank. https://moneyclick.karnatakabank.co.in/BankAwayRetail/AuthenticationController?FORMSGROUP_ID__=AuthenticationFG&__START_TRAN_FLAG__=Y&__EVENT_ID__=LOAD&ACTION.LOAD=Y&__CALL_MODE__=52&AuthenticationFG.LOGIN_FLAG=1&BANK_ID=KBL. Accessed 8 Aug 2020

  11. Login to MSRTC. https://public.msrtcors.com/ticket_booking/index.php. Accessed 8 Aug 2020

  12. Login to OnlineSBI. https://retail.onlinesbi.com/retail/login.htm. Accessed 8 Aug 2020

  13. Login to Service Plus. https://serviceonline.gov.in/. Accessed 8 Aug 2020

  14. Registration on Vistara. https://www.airvistara.com/in/en/club-vistara/register. Accessed 8 Aug 2020

  15. SBI Collect Payment. https://www.onlinesbi.com/sbicollect/payment/showpaymentdetails.htm. Accessed 8 Aug 2020

  16. SimilarWeb. https://www.similarweb.com/. Accessed 8 Aug 2020

  17. VAHAN search. https://vahan.nic.in/nrservices/faces/user/searchstatus.xhtml. Accessed 8 Aug 2020

  18. von Ahn, L., Blum, M., Langford, J.: Telling humans and computers apart automatically. Commun. ACM 47(2), 56–60 (2004). https://doi.org/10.1145/966389.966390

    Article  Google Scholar 

  19. Brodić, D., Amelio, A.: Captcha programming. In: The CAPTCHA: Perspectives and Challenges, pp. 55–76. Springer (2020)

    Google Scholar 

  20. Bursztein, E.: How we broke the nucaptcha video scheme and what we propose to fix it. https://elie.net/blog/security/how-we-broke-the-nucaptcha-video-scheme-and-what-we-propose-to-fix-it. Accessed 08 Aug 2020

  21. Bursztein, E., Aigrain, J., Moscicki, A., Mitchell, J.C.: The end is nigh: generic solving of text-based CAPTCHAs. In: 8th USENIX Workshop on Offensive Technologies (WOOT 2014). USENIX Association, San Diego, CA (2014). https://www.usenix.org/conference/woot14/workshop-program/presentation/bursztein

  22. Bursztein, E., Bethard, S.: Decaptcha: breaking 75% of EBay audio CAPTCHAs. In: Proceedings of the 3rd USENIX Conference on Offensive Technologies (WOOT 2009). p. 8. USENIX Association, USA (2009)

    Google Scholar 

  23. Bursztein, E., Martin, M., Mitchell, J.: Text-based CAPTCHA strengths and weaknesses. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS 2011), pp. 125–138. Association for Computing Machinery, New York, NY, USA (2011). https://doi.org/10.1145/2046707.2046724

  24. Chow, Y.-W., Susilo, W., Thorncharoensri, P.: CAPTCHA design and security issues. In: Li, K.-C., Chen, X., Susilo, W. (eds.) Advances in Cyber Security: Principles, Techniques, and Applications, pp. 69–92. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-1483-4_4

    Chapter  Google Scholar 

  25. Dalal, N., Triggs, B.: Histograms of oriented gradients for human detection. In: 2005 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR 2005), vol. 1. pp. 886–893 (2005)

    Google Scholar 

  26. Foote, E.M.: More secure image-based “CAPTCHA” technique, US Patent 9,075,983 (2015)

    Google Scholar 

  27. Gao, H., et al.: A simple generic attack on text Captchas. In: 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21–24, 2016. The Internet Society (2016). http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2017/09/simple-generic-attack-text-captchas.pdf

  28. Google: reCAPTCHA protects your website from fraud and abuse. https://www.google.com/recaptcha/about/. Accessed 8 August 2020

  29. hCaptcha: Stop more bots. Start protecting user privacy. https://www.hcaptcha.com/. Accessed 8 Aug 2020

  30. Institute, M.G.: Digital India: technology to transform a connected nation, https://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/digital-india-technology-to-transform-a-connected-nation. Accessed 8 Aug 2020

  31. McConnell, R.K.: Method of and apparatus for pattern recognition (1986)

    Google Scholar 

  32. Nouri, Z., Rezaei, M.: Deep-CAPTCHA: a deep learning based CAPTCHA solver for vulnerability assessment. Available at SSRN 3633354 (2020)

    Google Scholar 

  33. NuCaptcha: How Much Is User Abandonment Costing Your Company?. https://www.nucaptcha.com. Accessed 8 Aug 2020

  34. Osadchy, M., Hernandez-Castro, J., Gibson, S., Dunkelman, O., Pérez-Cabo, D.: No bot expects the deepcaptcha! introducing immutable adversarial examples, with applications to captcha generation. IEEE Trans. Inf. Forensics Secur. 12(11), 2640–2653 (2017)

    Article  Google Scholar 

  35. Otsu, N.: A threshold selection method from gray-level histograms. IEEE Trans. Syst. Man Cybern. 9(1), 62–66 (1979)

    Article  Google Scholar 

  36. Roberts, E.: Bad Bot Report 2020: Bad Bots Strike Back. https://www.imperva.com/blog/bad-bot-report-2020-bad-bots-strike-back/. Accessed 8 Aug 2020

  37. Sivakorn, S., Polakis, I., Keromytis, A.D.: I am Robot: (Deep) learning to break semantic image CAPTCHAs. In: 2016 IEEE European Symposium on Security and Privacy (EuroS P), pp. 388–403 (2016)

    Google Scholar 

  38. Verma, N., Dawar, S.: Digital transformation in the indian government. Commun. ACM 62(11), 50–53 (2019). https://doi.org/10.1145/3349629

    Article  Google Scholar 

  39. Ye, G., et al.: Yet another text Captcha solver: a generative adversarial network based approach. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS 2018), pp. 332–348. Association for Computing Machinery, New York, NY, USA (2018). https://doi.org/10.1145/3243734.3243754

Download references

Author information

Authors and Affiliations

  1. TCS Research, Pune, India

    Abhijeet Chougule, Harshal Tupsamudre & Sachin Lodha

Authors
  1. Abhijeet Chougule
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Harshal Tupsamudre
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sachin Lodha
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Abhijeet Chougule .

Editor information

Editors and Affiliations

  1. UNSW Sydney, Sydney, NSW, Australia

    Salil Kanhere

  2. IIT Bombay, Mumbai, India

    Vishwas T Patil

  3. IIT Kharagpur, Kharagpur, West Bengal, India

    Shamik Sural

  4. IIT Jammu, Jammu, India

    Manoj S Gaur

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chougule, A., Tupsamudre, H., Lodha, S. (2020). Revelio: A Lightweight Captcha Solver Using a Dictionary Based Approach. In: Kanhere, S., Patil, V.T., Sural, S., Gaur, M.S. (eds) Information Systems Security. ICISS 2020. Lecture Notes in Computer Science(), vol 12553. Springer, Cham. https://doi.org/10.1007/978-3-030-65610-2_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-65610-2_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-65609-6

  • Online ISBN: 978-3-030-65610-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation