An Examination of CAPTCHA for Tolerance of Relay Attacks and Automated Attacks

CAPTCHA is a type of challenge response test used to distinguish human users from malicious computer programs such as bots, and is used to protect email, blogs, and other web services from bot attacks. So far, research on enhance of CAPTCHA's resistance to bot attacks has been proceeded to counter advanced automated attacks method. However, an attack technique known as a relay attack has been devised to circumvent CAPTCHA. In this attack, since human solves CAPTCHA, the existing measures assuming bots have no effect on this attack. We designed a new CAPTCHA scheme for relay attacks tolerance and automated attacks tolerance. In this paper, we tested the robustness of the proposed method against several types of automated attacks. We constructed an experimental environment in which a relay attack can be simulated, and designed a series of experiments to evaluate the performance of the proposed method. As a result, we found that the proposed CAPTCHA scheme offers some of level of resistance to automated attacks and relay attacks.