Kurt Alfred Kluever
Kurt Alfred Kluever graduated from the Rochester Institute of Technology in 2008, where he received both a BS and MS in Computer Science. He is currently a Software Engineer at Google New York. His research interests include CAPTCHAs, web security, pattern recognition, and machine learning.
Research Areas
Authored Publications
Sort By
Balancing Usability and Security in a Video CAPTCHA
Richard Zanibbi
Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS '09), ACM Press(2009)
Preview abstract
We present a technique for using a content-based video labeling task as a CAPTCHA. Our video CAPTCHAs are generated from YouTube videos, which contain labels (tags) supplied by the person that uploaded the video. They are graded using a video's tags, as well as tags from related videos. In a user study involving 184 participants, we were able to increase the average human success rate on our video CAPTCHA from roughly 70% to 90%, while keeping the average success rate of a tag frequency-based attack fixed at around 13%. Through a different parameterization of the challenge generation and grading algorithms, we were able to reduce the success rate of the same attack to 2%, while still increasing the human success rate from 70% to 75%. The usability and security of our video CAPTCHA appears to be comparable to existing CAPTCHAs, and a majority of participants (60%) indicated that they found the video CAPTCHAs more enjoyable than traditional CAPTCHAs in which distorted text must be transcribed.
View details
Video CAPTCHAs: Usability vs. Security
Richard Zanibbi
Proceedings of the IEEE Western New York Image Processing Workshop (WNYIP '08), IEEE Press(2008)
Preview abstract
A CAPTCHA is a variation of the Turing test, in which a challenge is used to distinguish humans from computers (”bots”) on the internet. They are commonly used to prevent the abuse of online services. CAPTCHAs discriminate using hard artificial intelligence problems: the most common type requires a user to transcribe distorted characters displayed within a noisy image. Unfortunately, many users find them frustrating and break rates as high as 60% have been reported (for Microsoft’s Hotmail).
We present a new CAPTCHA in which users provide three words (”tags”) that describe a video. A challenge is passed if a user’s tag belongs to a set of automatically generated ground-truth tags. In an experiment, we were able to increase human pass rates for our video CAPTCHAs from 69.7% to 90.2% (184 participants over 20 videos). Under the same conditions, the pass rate for an attack submitting the three most frequent tags (estimated over 86,368 videos) remained nearly constant (5% over the 20 videos, roughly 12.9% over a separate sample of 5146 videos). Challenge videos were taken from YouTube.com. For each video, 90 tags were added from related videos to the ground-truth set; security was maintained by pruning all tags with a frequency ≥ 0.6%. Tag stemming and approximate matching were also used to increase human pass rates. Only 20.1% of participants preferred text-based CAPTCHAs, while 58.2% preferred our video-based alternative.
Finally, we demonstrate how our technique for extending the ground truth tags allows for different usability/security trade-offs, and discuss how it can be applied to other types of CAPTCHAs.
View details
