University of Surrey

Test tubes in the lab Research in the ATI Dance Research

Breaking e-banking CAPTCHAs

Li, SJ, Shah, SAH, Khan, MAU, Khayam, SA, Sadeghi, A-R and Schmitz, R (2010) Breaking e-banking CAPTCHAs In: 26th Annual Computer Security Applications Conference (ACSAC 2010), 2010-12-06 - 2010-12-10, Austin, TX, USA.

[img] Text
ACSAC2010.pdf
Restricted to Repository staff only
Available under License : See the attached licence file.

Download (800kB)
[img] Text (licence)
SRI_deposit_agreement.pdf
Restricted to Repository staff only

Download (33kB)

Abstract

Many financial institutions have deployed CAPTCHAs to protect their e-banking systems from automated attacks. In addition to traditional CAPTCHAs for login, CAPTCHAs are also used to prevent malicious manipulation of e-banking transactions by automated Man-in-the-Middle (MitM) attackers. Despite serious financial risks, security of e-banking CAPTCHAs is largely unexplored. In this paper, we report the first comprehensive study on e-banking CAPTCHAs deployed around the world. A new set of image processing and pattern recognition techniques is proposed to break all e-banking CAPTCHA schemes that we have found over the Internet, including three e-banking CAPTCHA schemes for transaction verification and 41 schemes for login. These broken e-banking CAPTCHA schemes are used by a large number of financial institutions worldwide, which are serving hundreds of millions of e-banking customers. The success rate of our proposed attacks are either equal to or close to 100%. We also discuss possible enhancements to these e-banking CAPTCHA schemes and show some essential difficulties of designing e-banking CAPTCHAs that are both secure and usable.

Item Type: Conference or Workshop Item (UNSPECIFIED)
Authors :
NameEmailORCID
Li, SJUNSPECIFIEDUNSPECIFIED
Shah, SAHUNSPECIFIEDUNSPECIFIED
Khan, MAUUNSPECIFIEDUNSPECIFIED
Khayam, SAUNSPECIFIEDUNSPECIFIED
Sadeghi, A-RUNSPECIFIEDUNSPECIFIED
Schmitz, RUNSPECIFIEDUNSPECIFIED
Date : 2010
Identification Number : 10.1145/1920261.1920288
Contributors :
ContributionNameEmailORCID
http://www.loc.gov/loc.terms/relators/PBLACM, UNSPECIFIEDUNSPECIFIED
Related URLs :
Depositing User : Symplectic Elements
Date Deposited : 28 Mar 2017 14:42
Last Modified : 31 Oct 2017 14:35
URI: http://epubs.surrey.ac.uk/id/eprint/532434

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year


Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800