NuCaptcha


NuCaptcha is an early fraud detection service which utilises behavior analytics to provision threat appropriate, animated video CAPTCHAs. NuCaptcha is developed and operated by Canadian-based firm, NuData Security.
Static image-based CAPTCHAs are routinely used to prevent automated sign-ups to websites by using text or images of words disguised so that optical character recognition software has trouble reading them. However, in common CAPTCHA systems, users often fail to correctly solve the CAPTCHA 7% - 25% of the time. NuCaptcha uses animated video technology that it claims make puzzles easier for humans to solve, but harder for bots and hackers to decipher.

Technology

NuCaptcha attempts to solve usability of static image-based CAPTCHAS using two main technologies: 1) video animation to display CAPTCHA puzzles, and 2) a behaviour analysis system to monitor interactions with the platform.
  1. Video animation. CAPTCHAS are displayed as a video, and rendered in the web browser. A variety of technologies can be used to display the animated CAPTCHA, such as Flash video, HTML5, or GIF. Standard CAPTCHA techniques such as character crowding, once animated, are easier for humans to detect because of an innate motion-detecting ability.
  2. Behavior Analysis. Using machine-learning algorithms, NuCaptcha monitors platform interactions to tune the security of each CAPTCHA delivered to the user. Suspected attackers are given progressively more secure CAPTCHAS.

    Security

Security researcher Elie Bursztein demonstrated a practical attack against NuCaptcha's video CAPTCHA scheme by employing optical flow techniques to isolate individual CAPTCHA characters. The proposed attack is able to break the video CAPTCHAs in more than 90% of cases.
In response, NuCaptcha noted that Bursztein’s findings underscore the need for CAPTCHA puzzles to be part of a larger security construct, such as behavior monitoring to assess the risk of individual users. NuCaptcha also pointed out that the CAPTCHAS analyzed in Bursztein's blog post were middle-security puzzles focused on usability, and not the stronger puzzles presented to high-risk users. In addition to this, NuCaptcha noted that the optical flow technique relies on static non-animated features of the puzzle. Changes were made to NuCaptcha puzzles to remove the static non-animated features.

Application

NuCaptcha APIs are currently available in PHP,.NET, and Java. Plugins are available for WordPress, Drupal, Codelgniter, vBulletin, and phpBB. In October 2011, NuCaptcha announced its CAPTCHA solutions for mobile devices across all platforms, including Android and iOS.