Abstract

Attacks from automated Web clients are a significant problem on the Internet. Web sites often employ Turing tests known as CAPTCHAs to combat automated agents. Unfortunately, such defenses require frequent human user input, are becoming less effective as computer vision techniques improve, and can be subverted by adversaries willing to hire humans to solve challenges. Several alternative defenses based upon cryptographic methods rather than human input have been proposed to achieve the same goals. Such "proof-of-work" techniques prioritize clients based on their willingness to solve computational challenges of client-specific difficulty set by the server. Unfortunately, few proof-of-work schemes have been deployed since they require wide-scale adoption of special client software to operate properly. To address these problems we present mocLkaPoW, a novel system that has the efficiency and human-transparency of proof-of-work schemes as well as the software backwards-compatibility of CAPTCHA schemes. The system leverages common Web technologies to deliver a challenge, solve it, and submit the client response, while providing accessibility for legacy clients. This paper describes and evaluates a prototype of this system.