Skip to main content

Audio CAPTCHAs for Authenticating Human Users

Researcher: Luis von Ahn

Cross Cutting Thrusts: Usable Privacy and Security

Abstract

CAPTCHAs are automated tests that humans can pass but computer programs cannot, providing a method for securing web sites against attacks from bots. Unfortunately, visual CAPTCHAs can limit accessibility of web-based services to visually impaired users. Millions of blind people surf the web everyday and Internet use by those with disabilities grows at twice the rate of the none-disabled. Therefore, audio version of CAPTCHA's have been created which consist of spoken digits that the user must transcribe correctly. To make audio CAPTCHA's more difficult for automatic speech recognition programs to break, the spoken digits are often distorted, spoken by random people and/or altered with the addition of background noise. We propose to assess current audio CAPTCHA technology by conducting experiments to see if we can break them. We will then develop and test more robust audio CAPTCHA's to ensure that only humans receive access to web-based services.

We plan to test multiple audio CAPTCHA's, in particular those used by Facebook, Ticketmaster and MSN. The audio CAPTCHA's we will text consist of digits spoken by random people, plus other human voices playing throughout as "noise." The current human pass rate for this particular type of CAPTCHA is 70%. A CAPTCHA is considered broken when a computer can pass it at least 10% of the time. While many academic publications have attempted to visual CAPTCHAs, none to the best of our knowledge have investigated the security of audio-based CAPTCHAs.