Professional Documents
Culture Documents
http://powerpointpresentationon.blogspot.com
Agenda
Definition Background Types Applications Constructing CAPTCHAs Breaking CAPTCHAs Issues with CAPTCHAs Conclusion
Intro
CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart Invented at CMU by Luis von Ahn, Manuel Blum, et. al A program that is a challenge response test to separate humans from computer programs
Generic CAPTCHAs distort letters and numbers Distorted characters are presented to user User has to recognize the distorted letters If the guessed letters are correct, the user is inferred to be a human and allowed access Else, user is a bot and denied access
Humans can read the distorted and noisy text Current OCRs cannot read them
Background
Why CAPTCHA was needed?
Sabotage of online polls Spam emails Abusing free online accounts Tampering with rankings on recommendation systems (like EBay, Amazon)
Altavista first used a crude CAPTCHA in their sites Resulted in 95% spam reduction Yahoo partnered CMU to counter these threats in Messenger chat service. Luis von Ahn and Manuel Blum of CMU trademarked CAPTCHA in 2000
Types of CAPTCHAs
Text based:
Simple, normal language questions:
What is sum of three and thirty-five? If today is Saturday, what is day after tomorrow? Which of mango, table, water is a fruit?
o o
Very effective, needs a large question bank Cognitively challenged users find it hard
Gimpy:
Designed by Yahoo and CMU Picks up 10 random words from dictionary and distorts, fills with noise o User has to recognize at least 3 words o If user is correct, he is admitted
o o
EZ-Gimpy:
A modified version of Gimpy Yahoo used this version in Messenger Has only 1 random string of characters Not a dictionary word, so not prone to dictionary attack o Not a good implementation, already broken by OCRs
o o o o
Provided for Microsofts MSN services Use 8 characters Warping is used to distort Very strong implementation, hasnt been broken It is segmentation-resistant
PIX:
Uses a large database of labelled images It shows a set of images, user has to recognize the common feature among those o E.g., Pick the common characteristic among the following four pictures-----Aeroplane
o o
Audio CAPTCHAs:
Consist of downloadable audio clip User listens and enters the spoken word Helps visually disabled users Below is the Googles audio enabled CAPTCHA o Not popular
o o o o
Applications
Protect online polls Prevent Web registration abuse, protect passwords from brute-force attack Prevent comment spam and spam emails E-Ticketing, prevent scalping
Constructing CAPTCHAs
Things to keep in mind:
o
Dont store CAPTCHA solution in Web pages metadata A CAPTCHA is no good if it doesn't distort Need a large database of different CAPTCHA questions Avoid repetition of questions
o o
CAPTCHA Logic:
Generate the question Persist the correct answer Present the question to user Evaluate answer, if incorrect, start again-Generate a different CAPTCHA If correct, allow access to user
Embeddable CAPTCHAs:
Available freely, just embed code into Web pages HTML, from e.g., www.recaptcha.net o No maintenance
o
Custom CAPTCHAs:
o o
Fits to the theme of the page Better protected from spammers Can be written in any language Perl, .NET, ASP, JavaScript
Guidelines:
o o o o o
Accessibility Image security Script security Security after widespread adoption Custom implementation or a general CAPTCHA?
Breaking CAPTCHAs
Cracking CAPTCHAs through programs
Convert CAPTCHA into greyscale Detect patterns in the image corresponding to characters o Or, read session files of that user and know the CAPTCHA word
o o
Greg Mori and Jitendra Malik have broken text CAPTCHAs, e.g., Ez-Gimpy
o
Compatibility issues:
JavaScript may need to be activated in browsers o Some may need Adobe Flash plugin installed
o
Summary
CAPTCHAs are an effective way to counter bots and reduce spam They serve dual purpose help advance AI knowledge Applications are varied from stopping bots to character recognition & pattern matching Some issues with current implementations represent challenges for future improvements