CAPTCHA

Presented By

Desai Chiranjeev

OUTLINE:
Introduction Turing test Types of CAPTCHA Construction of CAPTCHA Application Conclusion

WHAT IS CAPTCHA??
 Completely Automated Public Turing test to tell Computers and Humans Apart.  Created in 2000 for Yahoo to prevent automated e-mail

account registration,by Luis von Ahn, Manuel Blum,
Nicholas Hopper and John Langford, Carnegie Mellon University.

INTRODUCTION
         A program that can tell whether its user is a human or a computer. It uses a type of challenge-response test to determine that the response is not generated by a computer. Generic CAPTCHAs distort letters and numbers. Distorted characters are presented to user. User has to recognize the distorted letters. If the guessed letters are correct, the user is inferred to be a human and allowed access. Else, user is a bot and denied access. Humans can read the distorted and noisy text. Current OCRs cannot read them.

BACKGROUND
   In November 1999, slashdot.com released a poll to vote for the best CS College in the US. Students from the CMU and the MIT created bots that repeatedly voted

for their respective colleges.
This incident created the urge to use CAPTCHAs for such online polls to ensure that only human users are able to take part in the polls.


AltaVista first used a crud CAPTCHA in their sites.
Resulted in 95% spam reduction.

 Yahoo partnered CMU to counter these threats in Messenger chat service.  Luis von Ahn and Manuel Blum of CMU trademarked CAPTCHA in 2000.

Why CAPTCHA ??
 Sabotage of online polls.  Spam emails.  Abusing free online accounts.

 Tampering with rankings on recommendation
systems (like EBay, Amazon).

So, CAPTCHA is …
 A program that can generate and grade tests that:  Most humans can pass.  Current computer programs cannot pass.

Turing test is …
     Proposed by Alan Turing. To test a machine’s level of intelligence. Human judge asks questions to two participants, one is a machine, he doesn’t know which is which. If judge can’t tell which is the machine, the machine passes the test. CAPTCHA employs a reverse Turing test,     judge = CAPTCHA program, participant = user, if user passes CAPTCHA, he is human. if user fails, it is a machine.

TYPES OF CAPTCHA …

TEXT BASED CAPTCHA
 Simple, normal language questions:  What is sum of three and thirty-five?  If today is Saturday, what is day after tomorrow?  Which of mango, table, water is a fruit?  Very effective, needs a large question bank.  Cognitively challenged users find it hard.

Gimpy …
 Designed by Yahoo and CMU.  Picks up 10 random words from dictionary and distorts, fills with noise.  User has to recognize at least 3 words.  If user is correct, he is admitted.

EZ-Gimpy
 A modified version of Gimpy. Used in Yahoo Messenger Service. It contains only one random character string. The word is random and not picked from the dictionary. Its not a good implementation of CAPTCHA, and already broken OCRs.

MSN CAPTCHA
its provided for Microsoft MSN services. uses 8 characters. Warping is used to distort. Its very strongly implemented and hasn’t been broken. XTNM5YRE

L9D28229B

Graphic Based CAPTCHA
BONGO:  After M.M.Bongard, pattern recognition expert  User has to solve a pattern recognition problem  Has to tell the distinct characteristic between two sets of figures  Then tell to which set a given figure belongs to

PIX:

Uses a large database of labeled images  It shows a set of images, user has to recognize the common feature among those  E.g., Pick the common characteristic among the following four pictures-----”Aeroplane”

Audio CAPTCHA
 Require user to solve a speech recognition test.  In this version of captcha letters are read aloud instead of being displayed in an image.  Helps visually disabled users  Below is the Google’s audio enabled CAPTCHA.

reCAPTCHA and book digitization
 Free CAPTCHA service that helps to digitize books, newspapers and old time radio shows.  reCAPTCHA improves the process of digitizing books by sending words that cannot be read by computers to the Web in the form of CAPTCHAs for humans to decipher.  Each word that cannot be read correctly by OCR is placed on an image and used as a CAPTCHA.  This is possible because most OCR programs alert you when a word cannot be read correctly.

Working of reCAPTCHA:
 Two words are shown, one word is known as Control Word, and another one is known a questionable word.  System assumes that if human types the control word correctly, the questionable word is also correct.  That word given to many people to to determine, with higher confidence ,the answer is correct or not.

Construction of CAPTCHA
Things to keep in mind:  Don’t store CAPTCHA solution in Web page’s metadata
  

A CAPTCHA is no good if it doesn't distort Need a large database of different CAPTCHA questions Avoid repetition of questions

CAPTCHA Logic:
 Generate the question

 Persist the correct answer
 Present the question to user

 Evaluate answer, if incorrect, start again-- Generate a different CAPTCHA
 If correct, allow access to user

Guidelines:

Accessibility


 

Image security
Script security Security after widespread adoption implementation or a general CAPTCHA?

 Custom

 Online Polls  Protecting Website Registration  Preventing Comment Spam in Blogs  Search Engine Bots  E-Ticketing  Email spam  Preventing Dictionary Attacks

Conclusion
 CAPTCHAs are an effective way to counter bots and reduce spam  Applications are varied– from stopping bots to character recognition & pattern matching  Internet companies are making billions of dollars every year, their security and services quality matters and so does the advancement in CAPTCHA technology.

 .Different methods of CAPTCHAS are being studied but new ideas like ReCAPTCHA using human time on internet is amazing.

Sign up to vote on this title
UsefulNot useful