Summary of the technology
A research group from the Computer Engineering Department of the University of Alcalá proposes a security analysis expertise to those individuals and companies that are developing their own CAPTCHA/HIP proposals or want to test the security of their current proposals. The group can also work towards the improvement of the security of current CAPTCHA/HIP proposals whenever that target is attainable.
Moreover, the group has a few CAPTCHA proposals that could be implemented at a grand scale level. These proposals though, need to undergo a security analysis previous to being put into production. It could be possible to share part of the IP with the companies wanting to implement these proposals if they assist the group economically in their initial implementation and security analysis.
The group is seeking for individual clients and companies to achieve collaboration and commercial agreements with technical assistance.
New and innovative aspects
Increase the security against external attacks
Automatic attacks to test the security of the implementation
Main advantages of its use
Having a secured CAPTCHA implementation can help a company to protect its on-line assets from various types of automated abuse. This can prevent the loss of revenue to the company, and also allow it to confidently offer more on-line services knowing that their automated abuse is difficult.
We have some possible ideas for new CAPTCHA/HIP paradigms that can offer better security levels and usability than the actual CAPTCHAS in the market. These proposals need to undergo a security analysis previous to being put into production. We can share part of the IP with the companies wanting to implement these proposals if they assist us economically in their initial implementation and security analysis.
If successful, we can licence the idea and/or offer together this CAPTCHA services to third companies, getting revenue from high-volume users and advertisers.
The group has an extensive knowledge and experience in IT Security, in particular, in the field of the security of CAPTCHA/HIP. It has also performed several successful security analyses of very different CAPTCHAs/HIPs currently in production.
They can assist in:
- Developing a threat model covering their proposal. This would allow our customers to better understand the security ecosystem in which their proposal is working and better conduct Risk Management strategies.
- Assessing the security of their current CAPTCHA proposal or implementation. This would allow the customers to understand if their CAPTCHA/HIP proposal or implementation passes a minimum security level without which it should not be put into production.
- Study of improvements. This service is orientated towards allowing the customers to improve their CAPTCHA/HIP security without affecting much the user interaction. This study might or not reach an improvement, depending on the proposal. After the results of this study, a new security assessment should be run.
- Improvement of Resilience. This service would allow us to cooperate with our customers towards implementing additional measures to increase their CAPTCHA/HIP security under attack. This would possibly include attack detection and mitigation mechanisms.
This possible technical assistance can cover:
- Security Analysis of the initial design. Strengthen any found vulnerability.
- Assistance during design and implementation.
- Assistance during usability tests.
- Vulnerability analysis of the implementation.
Intellectual property status
The group has the secret know how of the technology
Current development status
Desired business relationship
The group seeks to achieve collaboration or commercial agreements with technical assistance with companies providing IT Security services, in particular anti-abuse protection, to third parties.