AuthenticationReal-time Captcha technique bolsters biometric authentication
A new login authentication approach could improve the security of current biometric techniques that rely on video or images of users’ faces. Known as Real-Time Captcha, the technique uses a unique challenge that’s easy for humans — but difficult for attackers who may be using machine learning and image generation software to spoof legitimate users.
A new login authentication approach could improve the security of current biometric techniques that rely on video or images of users’ faces. Known as Real-Time Captcha, the technique uses a unique challenge that’s easy for humans — but difficult for attackers who may be using machine learning and image generation software to spoof legitimate users.
The Real-Time Captcha requires users to look into their mobile phone’s built-in camera while answering a randomly-selected question that appears within a Captcha on the screens of the devices. The response must be given within a limited period of time that’s too short for artificial intelligence or machine learning programs to respond. GaTech says that the Captcha would supplement image- and audio-based authentication techniques that can be spoofed by attackers who may be able to find and modify images, video and audio of users — or steal them from mobile devices.
The technique was described 19 February at the Network and Distributed Systems Security (NDSS) Symposium 2018 in San Diego, Calif. Supported by the Office of Naval Research (ONR) and the Defense Advanced Research Projects Agency (DARPA), the research was conducted by cyber security specialists at the Georgia Institute of Technology.
“The attackers now know what to expect with authentication that asks them to smile or blink, so they can produce a blinking model or smiling face in real time relatively easily,” said Erkam Uzun, a graduate research assistant in Georgia Tech’s School of Computer Science and the paper’s first author. “We are making the challenge harder by sending users unpredictable requests and limiting the response time to rule out machine interaction.”
As part of efforts to eliminate traditional passwords for logins, mobile devices and online services are moving to biometric techniques that utilize a human face, retina or other biological attribute to verify who is attempting to log in. The iPhone X is designed to unlock with the user’s face, for instance, while other systems utilize short video segments of a user nodding, blinking or smiling.
In the cat-and-mouse game of cybersecurity, those biometrics can be spoofed or stolen, which will force companies to find better approaches, said Wenke Lee, a professor in Georgia Tech’s
