Threat Modeling for Breaking of CAPTCHA System

Abstract

The online websites are accessed by millions of people and the information present on it holds value. To secure them from attacker, one such mechanism is “Completely Automated Public Turing Test to keep the Computers and Humans Apart”. They are used to ensure that internet user’s activity is performed by humans only and not the bots. CAPTCHAs are solved by people every day to prevent Denial of Service attack and online spam attack. But unfortunately, it is now possible to break them by using Machine Learning. This paper presents, the Vulnerabilities related to Text-based CAPTCHA System, compromised system using Machine Learning and proposed Algorithm. A Threat Modeling was performed on the website using a Text-based CAPTCHA System in order to discover various Attack Vectors with the help of a Tool and performs detailed analysis on affected areas. Lastly, a solution is provided to the website service provider to overcome the exsisting system flaws and also to make them even more strong and secure.