This article is on seminar topic captcha.
A CAPTCHA is a program that can generate and grade tests that:
Most humans can pass, but Current computer programs can’t pass.
Such a program can be used to differentiate humans from computers.
CAPTCHA tests are dynamically generated by computers , in contrast to the standard Turing test which is administered by a human.
This characteristic allows them to be widely used for practical security reasons.
ORIGIN OF CAPTCHAS
First developed by Alta Vista in 1997.
The term coined in 2000 by Luis von Ahn , Manuel Blum and Nicholas J. Hopper of Carnegie Mellon University and John Langford of IBM.
A.K.A. Reverse Turing Test, Human Interaction Proof.
The challenge: develop a software program that can create and grade challenges most humans can pass but computers cannot.
TYPES OF CAPTCHA
MSN’s Passport service CAPTCHA
Graphic based CAPTCHA
Simple, normal language questions:-
What is sum of three and thirty-five?
If today is Saturday, what is day after tomorrow?
Which of mango, table, water is a fruit?
Very effective, needs a large question bank
Cognitively challenged users find it hard
Designed by Yahoo and CMU
Picks up 10 random words from dictionary and distorts, fills with noise
User has to recognize at least 3 words
If user is correct, he is admitted
A modified version of Gimpy
Yahoo used this version in Messenger
Has only 1 random string of characters
Not a dictionary word, so not prone to dictionary attack
Not a good implementation, already broken by OCRs
MSN PASSPORT SERVICE
Provided for Microsoft’s MSN services
Use 8 characters
Warping is used to distort
Very strong implementation, hasn’t been broken
It is segmentation-resistant
GRAPHIC BASED CAPTCHA
After M.M.Bongard, pattern recognition expert
User has to solve a pattern recognition problem
Has to tell the distinct characteristic between two sets of figures
Then tell to which set a given figure belongs to
Uses a large database of labelled images
It shows a set of images, user has to recognize the common feature among those
E.g., Pick the common characteristic among the following four pictures-----”Aeroplane”.
Consist of downloadable audio clip
User listens and enters the spoken word
Helps visually disabled users
Below is the Google’s audio enabled CAPTCHA
SEARCH ENGINE BOTS.
EXAMPLES OF CAPTCHAs
1.Based on difficulty of reading distorted text e.g.1:
Selects 7-10 words out of a dictionary and renders a distorted image of the words. The test can be passed by recognizing any 3 of the words.
(contd..) Based on difficulty of reading distorted text e.g.2:
Simplified version of Gimpy where the test can be passed by recognizing the distorted image of a single word.
2. Based on pattern recognition
Two series of blocks with different patterns are presented. The test is passed by recognizing which one of the two series a given block belongs to.
3. Based on sound recognition
The program picks a word or a sequence of numbers at random, renders the word or the numbers into sound clip and distorts the sound clip.
It then presents the distorted sound clip to its user and asks them to enter the contents of the sound clip.
CHALLENGES IN CAPTCHAS
Reading-based CAPTCHAS challenges typically comprise:
Fully automated requiring little human maintenance or intervention in administering the test.
Algorithms used to create CAPTCHAs are made public.
Discovery of the algorithm cannot be used to break it.
P stands for PUBLIC.WHY?
Hackers : Once a hacker breaks into the system and finds this secret data , the captcha ceases to be secure forever.
Reverse Engineering and Analysis: If the code weren’t public, The Adversary could still earn how a captcha works by simply taking many of the tests generated by it.
We’re doing AI:. If a captcha is broken, then a previously unsolved AI problem is solved.
1. Visually impaired people may not be able to pass the test even though they are eligible users.
2. Accessibility is greatly reduced as the CAPTCHAs become more complex.
3. Some CAPTCHAs lose their readability.
4. In the case of using logic puzzles, users with cognitive disabilities may have trouble.
5. In heuristic methods, if pattern-matching algorithms can't find good heuristics, then this is not a good solution.
Proposed by Alan Turing
To test a machine’s level of intelligence
Human judge asks questions to twon participants, one is a machine, he doesn’t know which is which.
If judge can’t tell which is the machine, the machine passes the test
CAPTCHA employs a reverse Turing test,
judge = CAPTCHA program,
participant = user
if user passes CAPTCHA, he is human. if user fails, it is a machine
A laundry attack takes advantage of unsuspected users who will eventually solve a CAPTCHA in favor of the attacker, while they think that the CAPTCHA is solved for their own service.
The laundering of a CAPTCHA can be implemented by using the bots as intermediates.
SOLUTION TO LAUNDRY ATTACKS
Current forms of CAPTCHAs are subject to laundry attacks because of their static nature. They are pictures that contain the puzzle and the user has to complete the answer to a text field outside the puzzle .That is the solution of the CAPTCHA is static and can be transferred between nodes.
What we need to take is to transform a CAPTCHA test from a static picture to a dynamic application. That is, the answer must be completed inside the puzzle.
CAPTCHAs prove a good security measure if they are strong enough and more accessible. There is still room for improvement in the non-visual type of CAPTCHAs.
A CAPTCHA implies a win-win situation: either the CAPTCHA is not broken and there is a way to differentiate humans from computers, or the CAPTCHA is broken and a useful AI problem is solved.