A new technique for using video to gauge whether a website is being accessed by a human or a machine will be presented at a Google-hosted security symposium this week.
The 'Completely Automated Public Turing test to tell Computers and Humans Apart' (Captcha) is designed to prevent abuse of websites, and normally involves users being presented with obscured text that they must recognise and enter into a dialogue box.
However, this type of Captcha can discourage people from using a website, according to Google researcher Kurt Alfred Kluever, and Rochester Institute of Technology assistant professor Richard Zanibbi. Respondents in two user studies preferred video, the researchers wrote in a paper entitled Balancing Usability and Security in a Video Captcha.
"A majority of participants (60 percent) indicated that they found the video Captchas more enjoyable than traditional Captchas in which distorted text must be transcribed," wrote Kluever and Zanibbi. The combined studies had 327 participants.
The technology uses images from YouTube videos as a starting point for the authentication test. Users are presented with a video clip, and type words into a dialogue box that they associate with that clip. Word association is graded depending on how similar the responses are to the tags on the videos, and to tags on other YouTube videos.
The researchers said they were able to tweak their algorithms to gain a human success rate on video Captcha of around 90 percent, with a simulated-attack success rate of approximately 13 percent.
When they tweaked their challenge-generation algorithm further, they reduced the attack success rate to two percent, with a human success rate of roughly 70 percent.
The researchers simulated the frequency-based attack by automatically submitting tags that labelled the largest set of videos, while taking into account security measures they had built into the technology. These security measures prune the tags linked to the YouTube videos, to lower the number in the set of common tags that are accepted for use by the video Captcha.
MessageLabs warned of an increase in Captcha-breaking spam in May. Breaking Captchas allows malware authors and spammers to use websites to propagate spam.
Kluever and Zanibbi will present their paper on Friday at the Symposium On Usable Privacy and Security (Soups 09) conference in Mountain View.
An example of Kluever and Zanibbi's video Captcha