Elie Bursztein : 2011 Security Workshop


Monday, April 11, 2011
Location: Fisher Conference Center, Arrillaga Alumni Center

"The Failure of Noise-Based Non-Continuous Audio Captchas"
10:30am - 11:00am


CAPTCHAs, which are automated tests intended to distinguish humans from programs, are used on many web sites to prevent bot-based account creation and spam. To avoid imposing undue user friction, CAPTCHAs must be easy for humans and difficult for machines. In this talk we examines the widely used class of audio CAPTCHAs based on distorting non-continuous speech with certain classes of noise and demonstrates that virtually all current schemes, including ones from Microsoft, Yahoo, and eBay, are easily broken. More generally, we describe a set of fundamental techniques, packaged together in our Decaptcha system, that effectively defeat a wide class of audio CAPTCHAs based on non-continuous speech. Decaptcha's performance on actual observed and synthetic CAPTCHAs indicates that such speech CAPTCHAs are inherently weak and, because of the importance of audio for various classes of users, alternative audio CAPTCHAs must be developed.


Elie Bursztein is a postdoctoral researcher at the Stanford Security Laboratory. His research is on computer security and applied cryptography with a specific attention to web, game and mobile security. He holds an engineering degree from EPITA and a Ph.D in computer science from the ENS-Cachan. Elie's research combines the advances in machine learning, cryptography, data mining and HCI to create more usable and secure systems. Lately, he has been working on improving CAPTCHA security and usability. He is also developing SaferChrome, a Chrome extension for safer and more private browsing.
Elie blogs at http://elie.im/blog and tweets at @elie