Scribd Logo
Upload

Welcome to Scribd!

  • Breaking CAPTCHA: (Multi-Media Security)

    Uploaded by

    Abhi Kalla
    5 views14 pages
    The document discusses CAPTCHAs, including their history, creation techniques, and vulnerabilities to being broken. CAPTCHAs are designed to tell humans and computers apart, but various attacks have achieved success rates as high as 100% in breaking some CAPTCHAs. The future of CAPTCHAs is uncertain as generation techniques may not be truly random and some can be broken with basic pattern recognition. More complex object and scene recognition may be needed to improve security.

    Original Description:

    Original Title

    isaF

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses CAPTCHAs, including their history, creation techniques, and vulnerabilities to being broken. CAPTCHAs are designed to tell humans and computers apart, but various attacks have achieved success rates as high as 100% in breaking some CAPTCHAs. The future of CAPTCHAs is uncertain as generation techniques may not be truly random and some can be broken with basic pattern recognition. More complex object and scene recognition may be needed to improve security.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views14 pages

    Breaking CAPTCHA: (Multi-Media Security)

    Uploaded by

    Abhi Kalla
    The document discusses CAPTCHAs, including their history, creation techniques, and vulnerabilities to being broken. CAPTCHAs are designed to tell humans and computers apart, but various attacks have achieved success rates as high as 100% in breaking some CAPTCHAs. The future of CAPTCHAs is uncertain as generation techniques may not be truly random and some can be broken with basic pattern recognition. More complex object and scene recognition may be needed to improve security.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 14

    Breaking CAPTCHA

    (Multi-Media Security)

    Isa Muqattash
    Agenda
    • Introduction
    • Creation techniques
    • Breaking CAPTCHA
    • Future expectations
    Introduction
    • CAPTCHA: Completely
    Automated
    Public
    Turing test to tell
    Computers and
    Humans
    Apart
    History of CAPTCHA
    • Reverse Turing Test
    • Alta Vista (1997): URLs to Search Engines
    – Solution by Andrei Broder, chief scientist.
    – Reduced spam add-URL by 95%
    • Yahoo! (2000): Chat room problem
    – Solution by CMU: Gimpy, EZ-Gimpy
    • PARC (2002): For research purposes
    – Henry Baird & UC Berkeley
    – Product: PessimalPrint
    – First referenced technical publication
    Properties of CAPTCHA
    • The test's challenges can be automatically
    generated and graded 
    • The test can be taken quickly and easily by
    human users
    • The test will accept virtually all human users with
    high reliability while rejecting very few
    • The test will reject virtually all machine users
    • The test will resist automatic attack for many
    years even as technology advances
    Creating CAPTCHA
    • Pessimal Print (Image Degradation):
    – Pseudorandom sequences
    – Blurring
    – Skewing
    – Scaling
    – Dithering
    – Fonts
    – Resolution
    More on Creating CAPTCHA

    • More sound techniques:


    – Rotation
    – Segmented characters
    – Non-uniform background
    – Varied font thickness
    • Computationally hard problems (AI hard)

    • Various objects:
    – Animals
    – Scenes
    – Sports
    Breaking CAPTCHA
    • OCR based
    – Difficult
    – Non-uniform background
    – SVM
    – Some success, but not good enough…
    • Non-OCR based
    – PWNtcha (49%-100%)
    – Puremango.co.uk (Scripting)
    More CAPTCHA Attacks
    • Anti-cluttering processing
    – Remove small objects
    – Standard dictionary attack
    – Trivial network attacks
    • Pattern recognition techniques
    – Segmentation & Clustering pixels together
    • By colored pixel density
    • By distance:
    Distance between pixels
    – Eucledian distance
    D=sqrt(dx^2 + dy^2 + dz^2)

    – Adjusted human vision distance


    r_bar = (r1 + r2)/2
    D=sqrt ( dr^2 * (2 + r_bar/256) )
    (+ 4dg^2 )
    (+ db^2 * (2 + (255 – r_bar)/256) )
    Vulnerable CAPATCHA
    • http://linuxfr.org/user_new.html
    • http://www.gandi.net/whois?l=en
    • http://www.phpbb.com/phpBB/profile.php?
    mode=register&agreed=true
    The Future of CAPTCHA
    • Insecure
    – Attacks with success of 40% - 100%
    – As low as success of 10% is bad enough
    – Not enough for authentication
    – Are the generators really pseudorandom???
    • Not feasible for blind, weak sight, and disordered
    • More object and scene recognition (correct
    response not unique)
    • 3D CAPTCHA
    CAPTCHA SAMPLES

    www-users.cs.umn.edu/~sampra/8980project
    www2.parc.com/istl/projects/captcha/captchas.htm
    References
    • http://www2.parc.com/istl/projects/captcha/
    history.htm
    • http://www.w3.org/TR/2005/NOTE-
    turingtest-20051123/
    • http://www2.parc.com/istl/projects/captcha/
    docs/pessimalprint.pdf
    • http://sam.zoy.org/pwntcha/

    You might also like