The new system, which comes from the Georgia Institute of Technology, is a different approach to login authentication. The aim is to improve the security of standard biometric techniques – methods rely on video or images of users’ faces. The new approach is called ‘Real-Time Captcha’. This is based on posing a unique ‘challenge’ for each logon. The challenge is designed to be relatively easy for people, but impossible for attackers who a reliant upon seemingly more sophisticated methods to gain access to a system, like machine learning and image generation software.
The way the Real-Time Captcha works is by requiring a user to stare into their smartphone’s built-in camera and, at the same time, answering a randomly-selected question. The question appears within the Captcha on the screen of the device. For access to be granted, the response from the user needs to be provided within a limited period of time. This time is set to be too short for artificial intelligence or machine learning programs react.
In trials, performed using with 30 subjects, it was found that humans can respond to the Captcha challenges in one second or less. In contrast, the best machines needed between six and ten seconds to decode the question from the Captcha and respond with a faked video and audio. This mean the new system was attack proof.
The aim is for the Captcha to supplement image or audio based authentication techniques . Image and sound systems can be breached by many knowledgeable attackers, such as by modifying images, or video or audio of users; or by simply stealing such content directly from tablets and smartphones.
According to lead developer Erkam Uzun: “We are making the challenge harder by sending users unpredictable requests and limiting the response time to rule out machine interaction.”
The new method was presented at the February 2018 Network and Distributed Systems Security Symposium, which was held in San Diego, California. The major goal of the event is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
