A Synopsis

On
“CAPTCHA SECURITY”
Submitted in partial fulfillment for the Bachelor of Technology in
Computer Science

Submitted to

Rajasthan Technical University, Kota (Raj.)

Submitted By
Naveen Kumar Garg
07EARCS060

Under the supervision of

Seminar Guide: Seminar Coordinator:

Sandeep Kumar
Lecturer

Session: 2010-2011

Department of Computer Science and Engineering

Arya College of Engineering & Information Technology
SP-42, RIICO Industrial Area, Kukas, Jaipur-302028
INTRODUCTION

A CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans
Apart) is a program that generates and grades tests that are human solvable, but beyond the
capabilities of current computer programs. CAPTCHAs are used in attempts to prevent
automated software from performing actions which degrade the quality of service of a given
system, whether due to abuse or resource expenditure. CAPTCHAs can be deployed to
protect systems vulnerable to e-mail spam, such as the webmail services of Gmail, Hotmail,
and Yahoo Mail.

CAPTCHAs are also used to minimize automated posting to blogs, forums and wikis,
whether as a result of commercial promotion, or harassment and vandalism. CAPTCHAs also
serve an important function in rate limiting. Automated usage of a service might be desirable
until such usage is done to excess and to the detriment of human users. In such cases,
administrators can use CAPTCHA to enforce automated usage policies based on given
thresholds. The article rating systems used by many news web sites are another example of an
online facility vulnerable to manipulation by automated software.

As of 2010, most CAPTCHAs display distorted text that is difficult to read by character
recognition software. The alternative implementations may include various tests, such as
identifying an object that does not belong in a particular set of objects, locating the center of a
distorted image, or identifying distorted shapes.

This technology is now almost a standard security mechanism for addressing undesirable or
malicious Internet boot programs (such as those spreading junk emails and grabbing
thousands of free email accounts instantly) and has found widespread application on
numerous commercial web sites including Google, Yahoo, and Microsoft’s MSN. It is widely
accepted that a good CAPTCHA must be both robust and usable. The robustness of a
CAPTCHA is its strength in resisting adversarial attacks, and this has
attracted considerable attention in the research community.
There are the following three main types of CAPTCHAs:
Text-based schemes – they typically rely on sophisticated distortion of text images.
Sound-based schemes (or audio schemes): - they typically require users to solve a speech
recognition task.
Image-based schemes - they typically require users to perform an image recognition task.

The most widely used CAPTCHAs are the text-based schemes, which rely on sophisticated
distortion of text images aimed at rendering them unrecognizable to the state of the art of
pattern recognition programs. Major web sites such as Google, Yahoo and Microsoft all have
their own text-based CAPTCHAs deployed for years. Second, text-based CAPTCHAs have
many advantages compared to other types of schemes, for example, being intuitive to users
world-wide (the user task performed being just character recognition), having little
localization issues (people in different countries all recognize Roman characters), and of
good potential to provide strong security (e.g. the space a brute force attack has to search can
be huge, if the scheme is properly designed). Third, it can have a large and positive impact
for the society to improve the usability of such popular and well-claimed CAPTCHAs by
identifying issues that should be addressed in these schemes.
The popularity of such schemes is due to the fact that they have many advantages , for
example good CAPTCHA must be not only human friendly, but also robust enough to resist
to computer programs that attackers write to automatically pass CAPTCHA tests (or
challenges).
CONCLUSION AND SCOPE

We have systematically examined usability issues that should be addressed in the design of
text-based CAPTCHAs, the most popular type of such schemes. In particular, for the first
time, we have observed the following issues:
• Contrary to the common belief, text-based CAPTCHAs can be difficult for foreigners.
• Whether the length of strings used in a scheme is predictable or not can have interesting
implications for both its security and usability.
• The use of color in a CAPTCHA can have an impact on its usability, security or both.
All this contributes to further our understanding of the design of usable and secure
CAPTCHAs, for which current collective knowledge is limited. Second, we have proposed a
simple framework for examining usability issues of CAPTCHAs, and showed that this
framework is applicable not only to text-based schemes, but also to other types of
CAPTCHAs. In particular, a lot more can be explored for sound-based and image-based
CAPTCHAs, which is our future work. Overall, the design of CAPTCHA is still an art, rather
than a science. It requires considerable study to evolve the design of secure and usable
CAPTCHAs into a science.

REFERENCES

1.Usability of CAPTCHAs By Jeff Yan (School of Computing Science Newcastle

University, UK) and Ahmad Salah El Ahmad (School of Computing Science Newcastle
University, UK)
ABSTRACT:-
CAPTCHA is now almost a standard security technology, and has found widespread
application in commercial websites. Usability and robustness are two fundamental issues with
CAPTCHA, and they often interconnect with each other. This paper discusses usability issues
that should be considered and addressed in the design of CAPTCHAs. Some of these issues
are intuitive, but some others have subtle implications for robustness (or security). A simple
but novel framework for examining CAPTCHA usability is also proposed.
2. A CAPTCHA Based On Image Orientation By Rich Gossweiler Google, Inc., Maryam
Kamvar Google, Inc. and Shumeet Baluja Google, Inc.
ABSTRACT:-
A new CAPTCHA which is based on identifying an image’s upright orientation. This task
requires analysis of the often complex contents of an image, a task which humans usually
perform well and machines generally do not. Given a large repository of images, such as
those from a web search result, we use a suite of automated orientation detectors to prune
those images that can be automatically set upright easily. We then apply a social feedback
mechanism to verify that the remaining images have a human-recognizable upright
orientation. The main advantages of our CAPTCHA technique over the traditional text
recognition techniques are that it is language-independent, does not require text-entry (e.g.
for a mobile device), and employs another domain for CAPTCHA generation beyond
character obfuscation. This CAPTCHA lends itself to rapid implementation and has an
almost limitless supply of images. We conducted extensive experiments to measure the
viability of this technique.