2022 Early Hearing Detection & Intervention Virtual Conference
March 13 - 15, 2022
9/27/2017 | 1:05 PM - 1:50 PM | A Unicode Based CAPTCHA Scheme | Track 1 - Cyber Security
A Unicode Based CAPTCHA Scheme
The presentation will discuss a highly flexible visual CAPTCHA scheme that leverages the 64K Unicode code points from the Basic Multilingual Plane (plane 0) to construct the CAPTCHAs that can be solved with 2 to 4 mouse clicks. We will review the challenges faced via designing the CAPTCHA system, its design principles, the different security mechanisms implemented into the CAPTCHA, and its various features that allow the CAPTCHA to be configured for different device types, including mobile and desktop. There will be several demonstrations around different modes and configurations of its operation. We will discuss the pros and cons of the different configurations and the possible security implications. The attendees will also get to experiment with the CAPTCHA during or after the conference on a publicly hosted website, or on a desktop based Swing application, and explore its Java source code via a public github repo. We will also discuss the potential attack vectors on the proposed CAPTCHA scheme.
Source code: https://github.com/salesforce/pixel-captcha-project
Important: This paper was published in CrossTalk magazine
Presentation:
This presentation has not yet been uploaded.
Handouts:
Handout is not Available
Transcripts:
CART transcripts are NOT YET available, but will be posted shortly after the conference
Presenters/Authors
Gursev Singh Kalra
(), Salesforce.com, gursev.kalra@gmail.com;
Gursev Singh Kalra is a Product Security Director at Salesforce.com where he works with several product teams to build secure software. He worked with McAfee as a Senior Principal Consultant and led multiple software security service lines. He has authored free security tools like PixelCAPTCHA, JMSDigger, TesserCap, Oyedata, SSLSmart etc… He has written several security related whitepapers and his research has been voted among the top ten web hacking techniques of 2011 and 2012. He has spoken at conferences like BlackHat, OWASP AppSec, NullCon, Focus, ToorCon, and Infosec Southwest etc.
ASHA DISCLOSURE:
Financial -
Nonfinancial -