• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
 
CAPTCHA: T
HE
S
ECURITY
T
HROUGH
O
BSCURITY
Reema Abdullah Al-abdullatif
College of Computer and Information sciences, King Saud University, KSAreema.ksu@gmail.com
A
BSTRACT
Forums, Blogs, Email addresses, video sharing sites and others have become a target to either commercial or non-commercial spam. Spammers use bots to crawl through websites and pick up email addresses, post spam or consume the accounts of them. Excessive server loads, illegal spam, theft of resources and many were all consequences of spamming. This paper talks about CAPTCHA as a solution to limit the spamming.
Keywords
CAPTCHA, security, spam.
1.I
NTRODUCTION
A CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) is a programthat generates and grades tests that are human solvable, but intends to be beyond the capabilities of currentcomputer programs [1].
The term "CAPTCHA" was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas Hopperand John Langford of Carnegie Mellon University. At the time, they developed the first CAPTCHA to be used by Yahoo.
[2]. This technology is now almost a standard security mechanism for defending against undesirable Internetbots programs, such as those spreading junk emails and those grabbing thousands of free email accountsinstantly. It has found widespread application on numerous commercial web sites including Google, Yahoo,and Microsoft’s MSN. [3]The most common use of CAPTCHA on the web today is to try preventing the repeatedly automaticsubmission of forms by bots, usually for the purpose of spam. By adding a CAPTCHA to form, it can cut downon the amount of spam received via a contact form or can prevent bots from signing up for accounts on thewebsite.Spamming is among the top few reasons, which today’s webmasters have to deal with. In the other hand,CAPTCHA is among a few successful techniques which used by almost all of the web sites to control theautomated spamming activitiesThe most widely used CAPTCHA is the text-based schemes, which rely on text images distortion to makethem unrecognizable to recognition programs. There are many other types covered up next
.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copiesare not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copyotherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission.The First Mini-Conference in Web Technologies and Trends (WTT)
 © 
2009 Information Technology Department, CCIS, King Saud University, Riyadh, Saudi Arabia
 
2.T
YPES
O
F
CAPTCHA
By far, the most common type of CAPTCHA involves the use of letters that are arranged randomly and aredistorted in some way with various background colors. These are the ones that you will most likely have seenwhen signing up for an e-mail account. But
actually, other alternatives do exist [4].
2.1Character-Based CAPTCHA
This category means that a string of characters is presented to the user. This string can contain either wordsor random alphanumeric characters (See Figure 1).
Figure1. Different kinds of character-based CAPTCHA with different level of distortion [5]
2.2 Image-Based CAPTCHA
Images or pictures are presented to the user. This is normally in the form of an identifiable real-world object,but can also be presented in the form of shapes. The task is to identify the object shown in the picture.The problem in this type of CAPTCHA is that it needs a large set of pictures to become effective which willlead to consume a large amount of server space.
2.3 Anomaly-Based CAPTCHA
Users are asked to determine which object, or character or shape does not belong in a set of imagesdisplayed on the screen. This type of CAPTCHA has the same disadvantage of the Image-based CAPTCHA..
 
2.4 Recognition-Based CAPTCHA
The users need to determine what is being presented to them. In the case of a character based andrecognition based CAPTCHA the user needs to identify and input the character string that is presented tothem.
2.5Sound-Based CAPTCHA
The user is presented with an audio version of a CAPTCHA. The user listens to the audio file and inputs theiranswer. A sound based CAPTCHA can be presented in two formats,1. Spoken words or numbers.2. Sounds related to an image.This CAPTCHA is effective for the people who have visual impairment. It is, probably
, the second mostcommon type of CAPTCHA
(Figure 2).
Figure 2.An example of Text/Audio CAPTCHA from ReCAPTCHA [6]
3. APPLICATIONS OF CAPTCHA
CAPTCHA has several applications for practical security, including [7]
:
3.1 Preventing Comment Spam in Blogs
Most bloggers are familiar with programs that submit bogus comments, usually for the purpose of raisingsearch engine ranks of some website . This is called comment spam. By using a CAPTCHA, only humanscan enter comments on a blog. There is no need to make users sign up before they enter a comment, and nolegitimate comments are ever lost.
3.2Protecting Website Registration
Several companies (Yahoo!, Microsoft, etc.) offer free email services. Up until a few years ago, most of theseservices suffered from a specific type of attack "bots" that would sign up for thousands of email accounts
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...