Professional Documents
Culture Documents
(Multi-Media Security)
Isa Muqattash
Agenda
• Introduction
• Creation techniques
• Breaking CAPTCHA
• Future expectations
Introduction
• CAPTCHA: Completely
Automated
Public
Turing test to tell
Computers and
Humans
Apart
History of CAPTCHA
• Reverse Turing Test
• Alta Vista (1997): URLs to Search Engines
– Solution by Andrei Broder, chief scientist.
– Reduced spam add-URL by 95%
• Yahoo! (2000): Chat room problem
– Solution by CMU: Gimpy, EZ-Gimpy
• PARC (2002): For research purposes
– Henry Baird & UC Berkeley
– Product: PessimalPrint
– First referenced technical publication
Properties of CAPTCHA
• The test's challenges can be automatically
generated and graded
• The test can be taken quickly and easily by
human users
• The test will accept virtually all human users with
high reliability while rejecting very few
• The test will reject virtually all machine users
• The test will resist automatic attack for many
years even as technology advances
Creating CAPTCHA
• Pessimal Print (Image Degradation):
– Pseudorandom sequences
– Blurring
– Skewing
– Scaling
– Dithering
– Fonts
– Resolution
More on Creating CAPTCHA
• Various objects:
– Animals
– Scenes
– Sports
Breaking CAPTCHA
• OCR based
– Difficult
– Non-uniform background
– SVM
– Some success, but not good enough…
• Non-OCR based
– PWNtcha (49%-100%)
– Puremango.co.uk (Scripting)
More CAPTCHA Attacks
• Anti-cluttering processing
– Remove small objects
– Standard dictionary attack
– Trivial network attacks
• Pattern recognition techniques
– Segmentation & Clustering pixels together
• By colored pixel density
• By distance:
Distance between pixels
– Eucledian distance
D=sqrt(dx^2 + dy^2 + dz^2)
www-users.cs.umn.edu/~sampra/8980project
www2.parc.com/istl/projects/captcha/captchas.htm
References
• http://www2.parc.com/istl/projects/captcha/
history.htm
• http://www.w3.org/TR/2005/NOTE-
turingtest-20051123/
• http://www2.parc.com/istl/projects/captcha/
docs/pessimalprint.pdf
• http://sam.zoy.org/pwntcha/