SAURAV GAUTAM 3608146 CSE(2) IIIrd Year

Agenda

Definition Background Types Process of CAPTCHAs Applications Constructing CAPTCHAs Conclusion

Intro

CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart

Invented at CMU by Luis von Ahn, Manuel Blum in 2000.

A program that is a challenge – response test to separate humans from computer programs

Generic CAPTCHAs distort letters and numbers .

Distorted characters are presented to user.

User has to recognize the distorted letters.

If the guessed letters are correct, the user is inferred to be a human and allowed access .

Else, user is a bot and denied access.

Humans can read the distorted and noisy text

Current OCRs cannot read them.

Background

Why CAPTCHA was needed?

Sabotage of online polls

Spam emails

Abusing free online accounts

Altavista first used a CAPTCHA in their sites.

Resulted in 95% spam reduction.

Yahoo partnered CMU to counter these threats in Messenger chat service.

Luis von Ahn and Manuel Blum of CMU trademarked CAPTCHA in 2000.

What is a Turing test? Proposed by Alan Turing To test a machine’s level of intelligence Human judge asks questions to two

participants, one is a machine, he doesn’t know which is which

If judge can’t tell which is the machine, the machine passes the test

CAPTCHA employs a reverse Turing test,judge = CAPTCHA program,

participant = user if user passes CAPTCHA, he is human

if user fails, it is a machine

Types of Captcha

Text based Captcha Gimpy Captcha E-Z Gimpy Captcha Pix Captcha Audio Captcha

Text based:

Simple, normal language questions: What is sum of three and thirty-five? If today is Saturday, what is day after

tomorrow? Which of mango, table, water is a fruit?

Very effective, needs a large question bank

Cognitively challenged users find it hard

Gimpy: Designed by Yahoo and CMU Picks up 10 random words from dictionary

and distorts, fills with noise User has to recognize at least 3 words If user is correct, he is admitted

EZ-Gimpy: A modified version of Gimpy Yahoo used this version in Messenger Has only 1 random string of characters Not a dictionary word, so not prone to

dictionary attack Not a good implementation, already

broken by OCRs

PIX: Uses a large database of labelled images It shows a set of images, user has to

recognize the common feature among those

E.g., Pick the common characteristic among the following four pictures-----”Aeroplane”

Example of Pix

Dog Pool

Audio CAPTCHAs: Consist of downloadable audio clip User listens and enters the spoken word Helps visually disabled users Below is the Google’s audio enabled

CAPTCHA Not popular

The Process

Generate CAPTCHA Align CAPTCHA Cut CAPTCHA Transform CAPTCHA Decode CAPTCHA

Generate CAPTCHA

CAPTCHA generated with our Mathematica code.

Align CAPTCHA

Remove gridlines.

Undo angle

of rotation.

Align CAPTCHA

Crop CAPTCHA.

Cut CAPTCHA

Cut CAPTCHA cut into 5 pieces.

Transform CAPTCHA

Perform the HWT on each of the 5 pieces.

Decode CAPTCHA

Constructing CAPTCHAs

Things to keep in mind: Don’t store CAPTCHA solution in Web

page’s metadata

A CAPTCHA is no good if it doesn't distort

Need a large database of different CAPTCHA questions

Avoid repetition of questions

CAPTCHA Logic:

Generate the question

Persist the correct answer

Present the question to user

Evaluate answer, if incorrect, start again-- Generate a different CAPTCHA

If correct, allow access to user

Applications

Preventing comment spam in blogs.

Prevent Web registration abuse, protect passwords from attack.

Online polls.

Preventing dictionary attack.

Conclusion

CAPTCHAs prove a good security measure if they are strong enough and more accessible.

There is still room for improvement in the non-visual type of CAPTCHAs.

A CAPTCHA implies a win-win situation: either the CAPTCHA is not broken and there is a way to differentiate humans from computers, or the CAPTCHA is broken and a useful AI problem is solved.