(Sorry, I had to ask)

CAPTCHA
By PANKAJ KUAMR /CS B1 0809710060

Completely Automated Public Turing test to tell Computers and Humans Apart First used by Altavista in1997 Used in 2000 for Yahoo to prevent automated e-mail account registration,
2

In 2000, formalized by Luis von Ahn, Manuel Blum & Nicholas J. Hopper of Carnegie Mellon; John Langford of IBM “A CAPTCHA is a cryptographic protocol whose underlying hardness assumption is based on an AI problem.” [1] www.captcha.net

3

Photograph by Mike McGregor 4 .

A program that can tell whether its user is a human or a computer. It uses a type of challenge-response test to determine that the response is not generated by a computer. 5 .

because it is administered by a machine and targeted to a human.A CAPTCHA is sometimes described as a reverse Turing test. 6 .

A program that can generate and grade tests that:   Most humans can pass. 7 . Current computer programs cannot pass.

Pick random string of characters (or words) Renders it into a distorted image ifhkfp 8 .

… and the program generates a test: Type the characters that appear in the image 9 .

language or motor control. a typical 5-year-old can outperform the most powerful computers easier for computers:  like medical diagnosis. In many simple tasks.  playing chess. hearing. 10 .  hard for computers:  operations requiring vision.

guess works 25%) Pix-.text distortion used by Yahoo! (routinely cracked & improved) Bongo-. or Google API) Sounds-. distortion 11 .voice synthesis.visual puzzle.photographic recognition (need large image DB. like Mensa tests (if 4 options.    Gimpy-.

12 . background pattern Overlapping words need no noise.     images of distorted text. distortion. Random placement. font. User identifies 3 words. 5 pairs of overlapped words. Frequently cracked and improved. In current version.

 Bongo  Display two series of blocks  User must find the characteristic that sets the two series apart  User is asked to determine which series each of four single blocks belongs to 13 .

 PIX  Create a large database of labeled images  Pick a concrete object  Pick four images of the object from the images database  Distort the images  Ask the user to pick the object for a list of words 14 .

    Pick a word or a sequence of numbers at random Render them into an audio clip using a software Distort the audio clip Ask the user to identify and type the word or numbers 15 .

  Generated by the EZ-Gimpy program. Used previously on Yahoo! 16 .

  rather than attempting to create a distorted background and high levels of warping on the text. focus on making segmentation difficult by adding an angled line. 17 .

 Animated CAPTCHAs    3D CAPTCHA ASCII art Reverse CAPTCHA blank" "Leave this field 18 .

      Distinguish pictures of dogs from cats Choose a word that relates to all the images Trivia questions Math and word problems 3D Object CAPTCHA Solve failed OCR inputs 19 .

The Vase.You must enter them in the exact sequence listed: • • • The Head of the Walking Man. The Back of the Chair. 20 .

   „Common Sense" questions: • „What is 3 + 5?“ • „What color is the sky?" Type the word 'orange'. . Require a valid email to approve. These attempts violate principles: • • 21 they cannot be automatically generated. they can be easily cracked given the state of AI.

Mechanism to hide your email address. 22 . require users to solve a CAPTCHA before showing your email address  Online Polls.  Preventing Comment Spam in Blogs. Protecting Email Addresses From Scrapers. You cannot trust the results of an online poll because anybody could just write a program to vote for their favorite option thousands of times.

23 . Microsoft.  Protecting Website Registration. Prevent a computer to iterate through the entire space of passwords by requiring it to solve a CAPTCHA after a certain number of unsuccessful logins. Google) Preventing Dictionary Attacks (in password systems).  Search Engine Bots. (E-mail services: Yahoo. It is sometimes desirable to keep webpages unindexed to prevent others from finding them easily.

24 . Script Level Security. Images of text should be distorted randomly before being presented to the user. Insecurities:  Systems that pass the answer in plain text.  Systems where a solution to the same CAPTCHA  can be used multiple times ("replay attacks"). Image Security.

 Accessibility. so when you reached an image. 25 . all it can do is to read the caption of that image. due to a disability or because it is difficult to read) from accessing the protected resource.  They use screen reader.  Solution: permitting users to opt for an audio or sound CAPTCHA.  CAPTCHAs prevent visually impaired users (for example.

26 .   Exploiting bugs in the implementation that allow the attacker to completely bypass the CAPTCHA. Using cheap human labor to process the tests (sweatshops). Improving Character Recognition software (OCR – Optical Character Recognition ).

Other implementations use only a small fixed pool of CAPTCHA images (Asirra – 3 millions). Often it is small enough size that it can be cracked.   Re-using the session ID of a known CAPTCHA image. Other CAPTCHA use a hash of the solution as a key passed to the client to validate. 27 .

splitting the image into regions each containing a single letter.  Segmentation.  Identifying the letter for each region. for example with color filters and detection of thin lines.e. 28 . i. Programs that have the following functions:  Extraction of the image from the web page  Removal of background clutter.

Attacks that uses humans to solve the puzzles. 29 .  copying the CAPTCHA images and using them as CAPTCHAs for a high-traffic site owned by the attacker. Approaches:  relaying the puzzles to a group of human operators who can solve CAPTCHAs.

     Video: Wired – „Human Computation“ (2007) Video: Google TechTalks – “Human Computation” (2006) Paper: „Games With a Purpose“ (2006) Paper: „How Lazy Cryptographers do AI“ (2004) Paper: „CAPTCHA: Using Hard AI Problems for Security“(2003) 30 .

    Article: “CAPTCHA is Dead. Long Live CAPTCHA!” (2008) Article: „Yahoo's CAPTCHA Security Reportedly Broken“ (2008) Article: „Anti-CAPTCHA operations on Microsoft Mail“ (2008) Article: „Google’s CAPTCHA busted in recent spammer tactics“ (2008) 31 .

      Paper: „Recognizing Objects in Adversarial Clutter“ (2002) Article: Wikipedia CAPTCHA (2008) Article: „CAPTCHA Effectiveness” (2006) Article: „Breaking a Visual CAPTCHA“ (2002) Article: „Human or Computer? Take This Test“ (2002) Site: XKCD (2008) 32 .

Thank you! 33 .

Sign up to vote on this title
UsefulNot useful