CAPTCHAs remain a critical defense against automated abuse, yet modern systems suffer from well-known limitations in usability, accessibility, and resistance to increasingly capable bots and low-cost CAPTCHA farms. Behavioral and puzzle-based mechanisms often impose cognitive burdens, collect extensive interaction data, or permit outsourcing to human solvers. In this paper, we present ThermoCAPTCHA, a novel privacy-preserving human verification system that uses real-time thermal imaging to detect live human presence without requiring users to solve challenges. A lightweight YOLOv4-tiny model identifies human heat signatures from a single thermal capture, while cryptographically bound traceable tokens prevent forwarding attacks by CAPTCHA farm workers. Our prototype achieves 96.70% detection accuracy with a 73.60 ms verification latency on a low-powered server. Comprehensive security evaluation, including MITM manipulation, spoofing attempts, adversarial perturbations, and misuse scenarios, shows that ThermoCAPTCHA withstands threats that commonly defeat behavioral CAPTCHAs. A user study with 50 participants, including visually challenged users, demonstrates improved accuracy, faster completion times, and higher perceived usability compared to reCAPTCHA v2.

翻译：验证码（CAPTCHA）仍然是防御自动化滥用的关键手段，然而现代系统在可用性、可访问性以及对日益强大的机器人和低成本验证码农场的抵抗能力方面存在众所周知的局限性。基于行为和谜题的机制通常会给用户带来认知负担、收集大量交互数据，或允许将任务外包给人工解答者。本文提出ThermoCAPTCHA，一种新颖的隐私保护人机验证系统，该系统利用实时热成像技术检测真实人体存在，而无需用户解答任何挑战。轻量级的YOLOv4-tiny模型通过单次热成像捕获识别人体热特征，同时密码学绑定的可追踪令牌可防止验证码农场工人的转发攻击。我们的原型系统在低功耗服务器上实现了96.70%的检测准确率，验证延迟为73.60毫秒。全面的安全评估（包括中间人攻击、欺骗尝试、对抗性扰动和滥用场景）表明，ThermoCAPTCHA能够抵御通常可击败行为验证码的威胁。一项包含50名参与者（包括视障用户）的用户研究表明，与reCAPTCHA v2相比，ThermoCAPTCHA在准确率、完成速度和感知可用性方面均有显著提升。