The design and implementation of a secure CAPTCHA against man-in-the-middle attacks
Article first published online: 28 JUN 2013
Copyright © 2013 John Wiley & Sons, Ltd.
Security and Communication Networks
Volume 7, Issue 8, pages 1199–1209, August 2014
How to Cite
2014), A secure authentication scheme for session initiation protocol by using ECC on the basis of the Tang and Liu scheme, Security Comm. Networks, 7, 1199–1209. doi: 10.1002/sec.825, , and (
- Issue published online: 25 JUL 2014
- Article first published online: 28 JUN 2013
- Manuscript Accepted: 17 MAY 2013
- Manuscript Revised: 14 MAY 2013
- Manuscript Received: 1 OCT 2012
- European Commission. Grant Number: 216676 ECRYPT II
- cryptographic protocols;
- Internet technologies
In this paper, we propose a novel security protocol for the implementation of CAPTCHA tests that feature advance mechanisms against man-in-the-middle (MITM, for short) attacks. This type of attack is fulfilled by a malicious entity, the MITM, that leverages on unaware users to mass-solve CAPTCHA tests shielding the access to a service. The protocol that we propose uses collision-resistant hash functions modeled as random oracles to guarantee that the solution to a CAPTCHA test solved by an end user is valid only for the server to which the user is connected to. This will prevent MITM attacks because the user is not directly connected to the server. We developed a reference implementation for our protocol that has a low impact and is easy to use, featuring a software plug-in running in the Firefox web browser, on the client side, and a Java servlet-based application, on the server side. Copyright © 2013 John Wiley & Sons, Ltd.