suggested RQTF notes for APA CAPTCHA revision

To the RQTF

Firstly, thanks everyone in trying to help me find a path forward to edit information for the RQTF.  After giving it some thought, I think the best option in the long-term is to return to the W3C wiki approach. While I seem to mess up the formatting when I update wikis, I can at least put content in them in a way that is easier than using GitHub.

That said, thank you Jason for allowing me to provide my updates via e-mail in the short-term.

As such, below is my additions to the ¡®RQTF CAPTCHA findings¡¯ page relating to the issues of the current APA CAPTCHA note and suggested updates. I¡¯ve used bullet points for comments with the suggested text to follow.



¡¤         1.1 A false sense of security

¡¤         Current APA document discusses that CAPTCHAs can be bypassed through mechanisms such as paying someone to complete a CAPTCHA.  Perhaps the biggest change is that many of the references we¡¯ve found indicate that it¡¯s actually relatively easy for computer algorithms to crack CAPTCHAs after a certain number of attempts, and IMHO this should be highlighted.

¡¤         Traditional CAPTCHAs assume everyone can recognise English language text characters which is not the case and not really dealt with in the current CAPTCHA document

¡¤         Suggested RQTF recommendation text for this section follows

Current CAPTCHA methods that rely primarily on text-based or image-based problems can be largely cracked using both complex and simple computer algorithms.  Research suggests that approximately 20% of traditional CAPTHCAs can be broken using OCR algorithms (Hern¨¢ndez©\Castro, C. J., Barrero, D. F., & R©\Moreno, M. D., 2016)(Li, Q., 2015). In addition, pattern-matching algorithms in some instances can achieve an even higher success crate of cracking CAPTCHAs (Yan, J., & El Ahmad, A. S., 2009)(Sano, S., Otsuka, T., Itoyama, K., & Okuno, H. G., 2015). While efforts are being made to strengthen traditional CAPTCHA security, more robust security solutions run the risk of reducing the abilities for typical users to understand the CATPCHA that needs to be resolved (Nakaguro, Y., Dailey, M. N., Marukatat, S., & Makhanov, S. S., 2013).

In addition, there is currently a reliance on the assumption that all web users can understand the English character set which is not the case . Examples such as Arabic and Thai  demonstrate the barriers associated with CAPTCHAs based on written English and related language character sets (Tangmanee, C., 2016).


¡¤         3. Possible Solutions

¡¤         I¡¯ve listed a number of additional CAPTCHA solutions not currently listed int the APA note.  Some of these may fall into existing categories with tweaking but most are new

Google reCATPCHA ¡®I am not a robot¡¯ tick box

Anecdotal evidence suggests that the Google captcha which requires users to tick a box stating ¡®I am not a robot¡¯ is currently the most accessible CAPTCHA solution and can be completed with a variety of assistive technologies. However, there is little formalised research investigating if this is indeed the case. RQTF recommends that additional research is conducted to verify the accessibility of this solution.  There is also the additional concern that the inability of completing the reCATPCHA tends to default back to a traditional inaccessible CAPTCHA.

Multiple User Devices

The user of multiple devices such as a computer, smartphone, tablet and/or wearable could provide additional support for user authentication. This could assist in addressing accessibility issues by using assistive technologies on each device to confirm the user is a human and is a specific user (Cetin, C., 2015).

Video CAPTCHA

Some emerging CAPTCHA processes use video in which users can visually identify elements and respond in text. This poses some accessibility issues for users that cannot visually identify the elements contained in  video (Catuogno, L., & Galdi, C., 2014) (Kluever, K., 2008)

Visual comparison CAPTCHAs

There are a number of new techniques based on the identification of still images.  This can include identifying whether an image is a man or a woman, or whether an image is human-shaped or avatar-shaped among other comparison solutions (Conti, M., Guarisco, C., & Spolaor, R., 2015)( Kim, J., Kim, S., Yang, J., Ryu, J.-h., & Wohn, K., 2014)( Korayem, M., 2015).

While alternative audio comparison CAPTCHAs could be provided such as using similar or different tones for comparison, the reliance on visual comparison alone would be difficult for people with vision-related disabilities

Video Game CAPTCHA

This process suggests the completion of a basic video game as a CAPTCHA. The benefits include the removal of language barriers, and multiple interface methods could potentially make such a solution accessible (Yang, T.-I., Koong, C.-S., & Tseng, C.-C., 2015). It would also have the benefit of making CAPCHAs an enjoyable process, reducing the frustrations generally associated with traditional CAPTCHAs.

3D CAPTCHA

A 3D representation of letters and numbers can make it more difficult for OCR software to identify, in turn making it more secure (Nguyen, V. D., Chow, Y.-W., & Susilo, W., 2014). However this solution has similar accessibility issues to traditional CPATCHas.


¡¤         Recommendation: in addition to the current APA CAPTCHA note, I¡¯ve put here an additional recommendation that the accessibility of Google reCAPTCHA should be investigated by the relevant WAI working group.

Research into the accessibility of Google reCPATCHA should be explored by W3C WAI


¡¤         References below: would be good if someone could cross-check the references used based on our CAPTCHA page to make sure I haven¡¯t made a copy-and-paste error in putting an incorrect reference against a topic.

REFERENCES:

Catuogno, L., & Galdi, C. (2014). On user authentication by means of video events recognition. Journal of Ambient Intelligence and Humanized Computing, 5(6), 909-918. doi:10.1007/s12652-014-0248-5
Cetin, C. (2015). Design, Testing and Implementation of a New Authentication Method Using Multiple Devices. In J. Ligatti, D. Goldgof, & Y. Liu (Eds.): ProQuest Dissertations Publishing.
Conti, M., Guarisco, C., & Spolaor, R. (2015). CAPTCHaStar! A novel CAPTCHA based on interactive shape discovery.
Hern¨¢ndez©\Castro, C. J., Barrero, D. F., & R©\Moreno, M. D. (2016). Machine learning and empathy: the Civil Rights CAPTCHA. Concurrency and Computation: Practice and Experience, 28(4), 1310-1323. doi:10.1002/cpe.3632
Kim, J., Kim, S., Yang, J., Ryu, J.-h., & Wohn, K. (2014). FaceCAPTCHA: a CAPTCHA that identifies the gender of face images unrecognized by existing gender classifiers. An International Journal, 72(2), 1215-1237. doi:10.1007/s11042-013-1422-z
Kluever, K. (2008). Evaluating the usability and security of a video CAPTCHA. In R. Zanibbi, Z. Butler, & R. Canosa (Eds.): ProQuest Dissertations Publishing.
Korayem, M. (2015). Social and egocentric image classification for scientific and privacy applications. In D. Crandall, J. Bollen, A. Kapadia, & P. Radivojac (Eds.): ProQuest Dissertations Publishing.
Li, Q. (2015). A computer vision attack on the ARTiFACIAL CAPTCHA. An International Journal, 74(13), 4583-4597. doi:10.1007/s11042-013-1823-z
Nakaguro, Y., Dailey, M. N., Marukatat, S., & Makhanov, S. S. (2013). Defeating line-noise CAPTCHAs with multiple quadratic snakes. Computers & Security, 37, 91-110. doi:10.1016/j.cose.2013.05.003
Nguyen, V. D., Chow, Y.-W., & Susilo, W. (2014). On the security of text-based 3D CAPTCHAs. Computers & Security, 45, 84-99. doi:10.1016/j.cose.2014.05.004
Sano, S., Otsuka, T., Itoyama, K., & Okuno, H. G. (2015). HMM-based Attacks on Google's ReCAPTCHA with Continuous Visual and Audio Symbols. Journal of Information Processing, 23(6), 814-826. doi:10.2197/ipsjjip.23.814
Tangmanee, C. (2016). Effects of Text Rotation, String Length, and Letter Format on Text-based CAPTCHA Robustness. Journal of Applied Security Research, 11(3), 349-361. doi:10.1080/19361610.2016.1178553
Yan, J., & El Ahmad, A. S. (2009). CAPTCHA Security: A Case Study. Security & Privacy, IEEE, 7(4). doi:10.1109/MSP.2009.84
Yeh, H. T., Chen, B. C., & Wu, Y. C. (2013). Mobile user authentication system in cloud environment. Security and Communication Networks, 6(9), 1161-1168. doi:10.1002/sec.688
Yang, T.-I., Koong, C.-S., & Tseng, C.-C. (2015). Game-based image semantic CAPTCHA on handset devices. An International Journal, 74(14), 5141-5156. doi:10.1007/s11042-013-1666-7
-
[Scott Hollier logo]Dr Scott Hollier
Digital Access Specialist
Mobile: +61 (0)430 351 909
Web: www.hollier.info<http://www.hollier.info/>

Technology for everyone

Keep up-to-date with digital access news ¨C follow @scotthollier on Twitter<http://twitter.com/scotthollier> or e-mail newsletter@hollier.info<mailto:newsletter@hollier.info> with ¡®subscribe¡¯ in the subject line.

Received on Wednesday, 19 April 2017 09:50:59 UTC