An audio CAPTCHA to distinguish humans from computers

TL;DR

This paper introduces a novel sound-based CAPTCHA that leverages differences between human and synthetic voices, achieving high human success rates and low attack success, thus enhancing security and accessibility.

Contribution

It presents a new audio CAPTCHA design that exploits voice differences, with detailed analysis, experimental validation, and security assessment.

Findings

Human success rate is approximately 97%.

Attack software pass rate is only 4%.

Average solving time is 7.8 seconds.

Abstract

CAPTCHAs are employed as a security measure to differentiate human users from bots. A new sound-based CAPTCHA is proposed in this paper, which exploits the gaps between human voice and synthetic voice rather than relays on the auditory perception of human. The user is required to read out a given sentence, which is selected randomly from a specified book. The generated audio file will be analyzed automatically to judge whether the user is a human or not. In this paper, the design of the new CAPTCHA, the analysis of the audio files, and the choice of the audio frame window function are described in detail. And also, some experiments are conducted to fix the critical threshold and the coefficients of three indicators to ensure the security. The proposed audio CAPTCHA is proved accessible to users. The user study has shown that the human success rate reaches approximately 97% and the pass rate of attack software using Microsoft SDK 5.1 is only 4%. The experiments also indicated that it could be solved by most human users in less than 14 seconds and the average time is only 7.8 seconds.