PixelCAPTCHA - A Unicode Based CAPTCHA Scheme

Presented at ToorCon San Diego 17 (2015), Oct. 25, 2015, noon (20 minutes)

The presentation will discuss a new visual CAPTCHA scheme that leverages the 64K Unicode code points from the Basic Multilingual Plane (plane 0) to construct the CAPTCHAs that can be solved with 2 to 4 mouse clicks. We will discuss the design principles, the security mechanisms and its various features. There will be demonstrations for the various CAPTCHA configurations and the use cases. The proposed PixelCAPTCHA scheme will also be made available as an open source Java library and a demo website.

Presenters:

• Gursev Singh Kalra
  Gursev Singh Kalra is a Sr. Product Security Engineer at Salesforce.com. Earlier he was working with McAfee as a Senior Principal Consultant and led multiple software security service lines. He loves to write security tools and has authored free tools, like JMSDigger, TesserCap, Oyedata, SSLSmart and clipcaptcha. He has performed security research on CAPTCHAs schemes and implementations, JMS based enterprise messaging applications, OData protocol, mobile application security etc. He has written several security related whitepapers and the security community and experts have voted his research among the top ten web hacks of 2011 and 2012. He has spoken at conferences like Black Hat, OWASP AppSec, NullCon, Focus, ToorCon, and Infosec Southwest etc.

Similar Presentations:

• Black Hat Asia 2016 / I'm Not a Human: Breaking the Google reCAPTCHA
• DEF CON 16 (2008) / Deciphering Captcha
• The Eleventh HOPE (2016) / CAPTCHAs - Building and Breaking