The user is presented with a garbled image on which some text is displayed. This image is generated by the server using random text.
The user must enter the same letters in the text into a text field that is displayed on the form to protect.
When the form is submitted, the server checks if the text entered by the user matches the initial generated text. If it does, the transaction continues. Otherwise, an error message is displayed and the user has to enter a new code.
EXAMPLE TYPE THE CHARACTERS THAT APPEAR IN THE IMAGE RENDERS IT INTO A DISTORTED IMAGE PICKS RANDOM STRING OF LETTERS oamg
Why CAPTCHA was needed?
Effects on online polls
Abusing free online accounts
Tampering with rankings on recommendation systems (like EBay, Amazon
What is a Turing test?
Proposed by Alan Turing
To test a machine’s level of intelligence
in standard Turing test questions are targeted to a machine by human and machine generates the answers.
CAPTCHA employs a Reverse Turing Test.
Judge = CAPTCHA program, participant = user
If the user passes CAPTCHA , he is human otherwise it is a machine
Types of CAPTCHAs
There are 3 types of CAPTCHA
These are simple to implement. This involves simple questions which is simple for humans to solve
Simple, normal language questions:
What is sum of three and thirty-five?
If today is Saturday, what is day after tomorrow?
Which of mango, table, water is a fruit?
Very effective, needs a large question bank
Types of text CAPTCHA
Designed by Yahoo and CMU
Picks up 10 random words from dictionary and distorts, fills with noise
User has to recognize at least 3 words
If user is correct, he is admitted
A modified version of Gimpy
Yahoo used this version in Messenger
Has only 1 from dictionary
Not a good implementation, already broken by OCRs
Baffle Text :
This was developed by Henry Baird. This is a variation of the Gimpy.
This doesn’t contain dictionary words, but it picks up random alphabets to create a nonsense but pronounceable text.
This technique overcomes the drawback of Gimpy CAPTCHA because, Gimpy uses dictionary words and hence, clever bots could be designed to check the dictionary for the matching word by brute-force.
MSN CAPTCHAs :
Provided for Microsoft’s MSN services
Use 8 characters(upper case & digits)
Warping is used to distort to produce a ripple effect
Very strong implementation, hasn’t been broken
Graphic CAPTCHAs are challenges that involve pictures or objects that have some sort of similarity that the users have to guess. They are visual puzzles.
Computer generates the puzzles and grades the answers, but is itself unable to solve it.
Types of Graphic CAPTCHA
After M.M.Bongard , pattern recognition expert
User has to solve a pattern recognition problem
Has to tell the distinct characteristic between two sets of figures
Then tell to which set a given figure belongs to
Uses a large database of labelled images
It shows a set of images, user has to recognize the common feature among those
E.g., Pick the common characteristic among the following four pictures-----” Aeroplane ”
Consist of downloadable audio clip
User listens and enters the spoken word
Helps visually disabled users
Below is the Google’s audio enabled CAPTCHA
Protecting Website Registration
Issues with CAPTCHAs
Distortion becomes a problem when it is done in a very haphazard way. Some characters like ‘d’ can be confused for ‘cl’ or ‘m’ with ‘rn’. It should also be easily understandable to those who are unfamiliar with the language.
Content is an issue when the string length becomes too long or when the string is not a dictionary word.
Presentation should be in such a way as to not confuse the users. The font and colour chosen should be user friendly.
Due to sound distortion, confusing characters can also occur in audio CAPTCHAs. For example ‘p’ and ‘b’; ‘g’ and ‘j’, and ‘a’ and ‘8’.
User should understand accent and pronunciation
The use of color is not an issue for audio CAPTCHAs, but the integration with web pages is still a concern. For example, there is no standard graphical symbol for representing an audio CAPTCHA on a web page, although many schemes such as Microsoft use a speaker symbol
Things to keep in mind :-
Don’t store CAPTCHA solution in web page’s
A CAPTCHA is no good if it doesn’t distort.
Need a large database of different CAPTCHA questions.
Avoid repetition of question.
CAPTCHAs is a program that is a challenge – response test to separate humans from computer programs
Applications are varied–Protect online polls etc..
Some issues with current implementations represent challenges for future improvements