Post on 04-Mar-2015
SAURAV GAUTAM 3608146 CSE(2) IIIrd Year
Agenda
Definition Background Types Process of CAPTCHAs Applications Constructing CAPTCHAs Conclusion
Intro
CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart
Invented at CMU by Luis von Ahn, Manuel Blum in 2000.
A program that is a challenge – response test to separate humans from computer programs
Generic CAPTCHAs distort letters and numbers .
Distorted characters are presented to user.
User has to recognize the distorted letters.
If the guessed letters are correct, the user is inferred to be a human and allowed access .
Else, user is a bot and denied access.
Humans can read the distorted and noisy text
Current OCRs cannot read them.
Background
Why CAPTCHA was needed?
Sabotage of online polls
Spam emails
Abusing free online accounts
Altavista first used a CAPTCHA in their sites.
Resulted in 95% spam reduction.
Yahoo partnered CMU to counter these threats in Messenger chat service.
Luis von Ahn and Manuel Blum of CMU trademarked CAPTCHA in 2000.
What is a Turing test? Proposed by Alan Turing To test a machine’s level of intelligence Human judge asks questions to two
participants, one is a machine, he doesn’t know which is which
If judge can’t tell which is the machine, the machine passes the test
CAPTCHA employs a reverse Turing test,judge = CAPTCHA program,
participant = user if user passes CAPTCHA, he is human
if user fails, it is a machine
Types of Captcha
Text based Captcha Gimpy Captcha E-Z Gimpy Captcha Pix Captcha Audio Captcha
Text based:
Simple, normal language questions: What is sum of three and thirty-five? If today is Saturday, what is day after
tomorrow? Which of mango, table, water is a fruit?
Very effective, needs a large question bank
Cognitively challenged users find it hard
Gimpy: Designed by Yahoo and CMU Picks up 10 random words from dictionary
and distorts, fills with noise User has to recognize at least 3 words If user is correct, he is admitted
EZ-Gimpy: A modified version of Gimpy Yahoo used this version in Messenger Has only 1 random string of characters Not a dictionary word, so not prone to
dictionary attack Not a good implementation, already
broken by OCRs
PIX: Uses a large database of labelled images It shows a set of images, user has to
recognize the common feature among those
E.g., Pick the common characteristic among the following four pictures-----”Aeroplane”
Example of Pix
Dog Pool
Audio CAPTCHAs: Consist of downloadable audio clip User listens and enters the spoken word Helps visually disabled users Below is the Google’s audio enabled
CAPTCHA Not popular
The Process
Generate CAPTCHA Align CAPTCHA Cut CAPTCHA Transform CAPTCHA Decode CAPTCHA
Generate CAPTCHA
CAPTCHA generated with our Mathematica code.
Align CAPTCHA
Remove gridlines.
Undo angle
of rotation.
Align CAPTCHA
Crop CAPTCHA.
Cut CAPTCHA
Cut CAPTCHA cut into 5 pieces.
Transform CAPTCHA
Perform the HWT on each of the 5 pieces.
Decode CAPTCHA
Constructing CAPTCHAs
Things to keep in mind: Don’t store CAPTCHA solution in Web
page’s metadata
A CAPTCHA is no good if it doesn't distort
Need a large database of different CAPTCHA questions
Avoid repetition of questions
CAPTCHA Logic:
Generate the question
Persist the correct answer
Present the question to user
Evaluate answer, if incorrect, start again-- Generate a different CAPTCHA
If correct, allow access to user
Applications
Preventing comment spam in blogs.
Prevent Web registration abuse, protect passwords from attack.
Online polls.
Preventing dictionary attack.
Conclusion
CAPTCHAs prove a good security measure if they are strong enough and more accessible.
There is still room for improvement in the non-visual type of CAPTCHAs.
A CAPTCHA implies a win-win situation: either the CAPTCHA is not broken and there is a way to differentiate humans from computers, or the CAPTCHA is broken and a useful AI problem is solved.