Dipartimento di Scienze Statistiche

In this paper we propose a novel architecture for the implementation of CAPTCHA tests that features advances mechanisms against man-in-the-middle (MITM, for short) attacks. This type of attack is ful lled by a malicious entity referred to as MITM, that leverages on unaware users in order to mass-solve CAPTCHA tests shielding the access to a service. The architecture that we propose uses collision-resistant hash functions modeled as random oracles in order to guarantee that the solution to a CAPTCHA test solved by an end user is valid only for the server to which the user is connected to. This will prevent MITM attacks since the user is not directly connected to the server. We developed a reference implementation for our protocol that focuses on usability and transparency, featuring a software plug-in running in the Firefox web browser, on the client side, and a set of Java servlet based application, on the server side.