Abstract
-
CAPTCHAs have become a standard security mechanism that are used to deter automated
abuse of online services intended for humans. However, many existing CAPTCHA schemes
to date have been successfully broken. As such, a number of CAPTCHA developers have
explored alternative methods of designing CAPTCHAs. 3D CAPTCHAs is a design alternative
that has been proposed to overcome the limitations of traditional CAPTCHAs. These
CAPTCHAs are designed to capitalize on the human visual system's natural ability to
perceive 3D objects from an image. The underlying security assumption is that it is difficult
for a computer program to identify the 3D content. This paper investigates the robustness
of text-based 3D CAPTCHAs. In particular, we examine three existing text-based 3D
CAPTCHA schemes that are currently deployed on a number of websites. While the direct
use of Optical Character Recognition (OCR) software is unable to correctly solve these textbased
3D CAPTCHA challenges, we highlight certain patterns in the 3D CAPTCHAs can be
exploited to identify important information within the CAPTCHA. By extracting this information,
this paper demonstrates that automated attacks can be used to solve these 3D
CAPTCHAs with a high degree of success.