Seminar Report Mine


Published on

nothing useful ,, only useful possible if u r n engineering student in india.

Published in: Education, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Seminar Report Mine

  1. 1. UE6858 “CAPTCHAS” “CAPTCHAS” Submitted in fulfillment of Seminar required for the Bachelor of Engineering (B.E) In Information Technology By Sachin Narang UE6858, 8th Semester Panjab University Under the Supervision Of Ms. Roopali Garg Associate Professor, UIET UE6858 Page 1
  2. 2. UE6858 “CAPTCHAS” Contents S.No Topic Page No. 1 Cover Page 1 2 Contents 2 3 Acknowledgment 3 4 Declaration 4 5 Certificate 5 4 Introduction 6 5 Why use CAPTCHAS 7 6 Definitions 8 7 Types of CAPTCHAS 9 8 Major Areas Of Applications 11 9 ReCAPTCHA 14 10 Breaking of CAPTCHAS 16 11 New Proposed Approaches 17 12 Conclusion 19 13 Bibliography 20 Acknowledgement UE6858 Page 2
  3. 3. UE6858 “CAPTCHAS” This is to thank all those who supported and helped me throughout the commencement of this seminar report. I would like to thank specially my teacher in-charge, Ms. Roopali Garg for her continuous guidance. I would also like to thank my friends for their encouragement. Also, each time they found a mistake and suggested a correction and led this seminar to perfection. Sachin Narang B.E, I.T, UE6858 U.I.E.T Declaration UE6858 Page 3
  4. 4. UE6858 “CAPTCHAS” I hereby declare that the work which is being presented in this seminar report on ‘CAPTCHAS’ submitted at U.I.E.T., Panjab University is an authentic work presented by Mr. Sachin Narang (UE6858) of B.E. (I.T.) 8th semester under the supervision of Ms. Roopali Garg. Sachin Narang B.E, I.T, UE6858 U.I.E.T Certificate UE6858 Page 4
  5. 5. UE6858 “CAPTCHAS” This is to certify that Mr. Sachin Narang, UE6858 , B.E. (I.T.) 8th Semester have completed seminar report, in accordance with the requirement for qualifying 8th semester, on CAPTCHAS under the guidance of Ms. Roopali Garg. Roopali Garg Associate Professor (Teacher In-Charge) Introduction UE6858 Page 5
  6. 6. UE6858 “CAPTCHAS” Use of INTERNET has remarkably increased Globally in the past 10-12 years and so is the need of the Security over it. Marketing and Advertisement over INTERNET has seen companies like GOOGLE being made, which at the moment is traded at 181 billion USD ie. Almost twice of General Motors, McDonalds combined. Well this presentation is about Security achieved over Internet using CAPTCHAS. CAPTCHAS are basically software programs which act as a test to any user over internet that the person (user) is a human or another machine. This concept is used by all the big companies over internet Google, yahoo or facebook (name any).So what are these CAPTCHAS? And what are their possible applications? This is what we cover in our presentation. UE6858 Page 6
  7. 7. UE6858 “CAPTCHAS” Why USE CAPTCHAS Well to completely understand its usage one can consider this story. Few years ago(November 99) popular site in US) conducted following poll on internet. Now students at CMU and MIT instantly wrote a program which increased their vote counts using software and ultimately the poll had to be taken down because both MIT and CMU had millions of votes while others struggled to reach thousands. There are situations like these where you need to distinguish whether user is a machine or a computer. This is where we use CAPTCHAS. UE6858 Page 7
  8. 8. UE6858 “CAPTCHAS” DEFINITIONS CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart A.K.A. Reverse Turing Test, Human Interaction Proof Turing Test: to conduct this test two people and a machine is needed here one person acts as an interrogator sitting in a separate room asking questions and receiving responses and goal of machine is to fool the interrogator. The challenge here: develop a software program that can create and grade challenges most humans can pass but computers cannot. UE6858 Page 8
  9. 9. UE6858 “CAPTCHAS” Types of CAPTCHAS There are basically 3 types of CAPTCHAS 1.Text Based: These are the most commonly used CAPTCHAS. It can be further be divided into 3 parts: GIMPY : Initially used by yahoo ,in this CAPTCHA two steps are followed as: a) Pick a word or words from a small dictionary b) Distort them and add noise and background GIMPY-R: This was used by google and was basically a simple advance over gimpy. Here instead of a complete word individual letters are noised instead of complete words. steps followed are as a) Pick random letters b) Distort them, add noise and background SIMARD’S: here further advances made and arcs being made into it ie. Curved geometrical shapes. Hence steps followed are as a)Pick random letters and numbers b)Distort them and add arcs UE6858 Page 9
  10. 10. UE6858 “CAPTCHAS” 2. Graphic Based CAPTCHAS :These are based on graphics ie. Images symbols and again is of two types: Bongo Following steps are followed in BONGO CAPTCHAS as: a)Display two series of blocks b)User must find the characteristic that sets the two series apart c)User is asked to determine which series each of four single blocks belongs to. PIX This is the second kind of graphics CAPTCHA using distorted images. Steps followed in its usage are as a) Create a large database of labeled images b) Pick a concrete object c) Pick four images of the object from the images database d) Distort the images e) Ask the user to pick the object for a list of words 3.Audio Based CAPTCHAS: These are based on humans ability to depict sounds that may be distorted, following algorithm is followed in using it: a) Pick a word or a sequence of numbers at random b) Render them into an audio clip using a TTS software UE6858 Page 10
  11. 11. UE6858 “CAPTCHAS” c) Distort the audio clip d) Ask the user to identify and type the word or numbers MAJOR AREAS OF APPLICATIONS: CAPTCHAs have several applications for practical security, including (but not limited to): • Preventing Comment Spam in Blogs. Most bloggers are familiar with programs that submit bogus comments, usually for the purpose of raising search engine ranks of some website (e.g., "buy penny stocks here"). This is called comment spam. By using a CAPTCHA, only humans can enter comments on a blog. There is no need to make users sign up before they enter a comment, and no legitimate comments are ever lost! • Protecting Website Registration. Several companies (Yahoo!, Microsoft, etc.) offer free email services. Up until a few years ago, most of these services suffered from a specific type of attack: "bots" that would sign up for thousands of email accounts every minute. The solution to this problem was to use CAPTCHAs to ensure that only humans obtain free accounts. In general, free services should be protected with a CAPTCHA in order to prevent abuse by automated scripts. • Protecting Email Addresses From Scrapers. Spammers crawl the Web in search of email addresses posted in clear text. CAPTCHAs provide an effective mechanism to hide your email address from Web scrapers. The idea is to require users to solve a CAPTCHA before showing your email address. A free and secure UE6858 Page 11
  12. 12. UE6858 “CAPTCHAS” implementation that uses CAPTCHAs to obfuscate an email address can be found at reCAPTCHA MailHide. • Online Polls. In November 1999, released an online poll asking which was the best graduate school in computer science (a dangerous question to ask over the web!). As is the case with most online polls, IP addresses of voters were recorded in order to prevent single users from voting more than once. However, students at Carnegie Mellon found a way to stuff the ballots using programs that voted for CMU thousands of times. CMU's score started growing rapidly. The next day, students at MIT wrote their own program and the poll became a contest between voting "bots." MIT finished with 21,156 votes, Carnegie Mellon with 21,032 and every other school with less than 1,000. Can the result of any online poll be trusted? Not unless the poll ensures that only humans can vote. • Preventing Dictionary Attacks. CAPTCHAs can also be used to prevent dictionary attacks in password systems. The idea is simple: prevent a computer from being able to iterate through the entire space of passwords by requiring it to solve a CAPTCHA after a certain number of unsuccessful logins. This is better than the classic approach of locking an account after a sequence of unsuccessful logins, since doing so allows an attacker to lock accounts at will. • Search Engine Bots. It is sometimes desirable to keep webpages unindexed to prevent others from finding them easily. There is an html tag to prevent search engine bots from reading web pages. The tag, however, doesn't guarantee that bots won't read a web page; it only serves to UE6858 Page 12
  13. 13. UE6858 “CAPTCHAS” say "no bots, please." Search engine bots, since they usually belong to large companies, respect web pages that don't want to allow them in. However, in order to truly guarantee that bots won't enter a web site, CAPTCHAs are needed. • Worms and Spam. CAPTCHAs also offer a plausible solution against email worms and spam: "I will only accept an email if I know there is a human behind the other computer." A few companies are already marketing this idea ReCAPTCHA UE6858 Page 13
  14. 14. UE6858 “CAPTCHAS” ReCAPTCHA is a free CAPTCHA service that helps to digitize books, newspapers and old time radio shows About 200 million CAPTCHAs are solved by humans around the world every day. In each case, roughly ten seconds of human time are being spent. Individually, that's not a lot of time, but in aggregate these little puzzles consume more than 150,000 hours of work each day. What if we could make positive use of this human effort? ReCAPTCHA does exactly that by channeling the effort spent solving CAPTCHAs online into "reading" books. To archive human knowledge and to make information more accessible to the world, multiple projects are currently digitizing physical books that were written before the computer age. The book pages are being photographically scanned, and then transformed into text using "Optical Character Recognition" (OCR). The transformation into text is useful because scanning a book produces images, which are difficult to store on small devices, expensive to download, and cannot be searched. The problem is that OCR is not perfect. ReCAPTCHA improves the process of digitizing books by sending words that cannot be read by computers to the Web in the form of CAPTCHAs for humans to decipher. More specifically, each word that cannot be read correctly by OCR is placed on an image and used as a CAPTCHA. This is possible because most OCR programs alert you when a word cannot be read correctly. But if a computer can't read such a CAPTCHA, how does the system know the correct answer to the puzzle? Here's how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct UE6858 Page 14
  15. 15. UE6858 “CAPTCHAS” BREAKING OF CAPTCHAS UE6858 Page 15
  16. 16. UE6858 “CAPTCHAS” There are two methods used till now to break these CAPTCHAS one uses decoding software’s which removes noise and other uses humans 1. Some text based CAPTCHAs have been broken by software which has 3 properties as : PreProcessing : Removal of background clutter and noise Segmentation : Splitting the image into regions which each contain a single character. Classification: Identifying the character in each region 2. Other CAPTCHAs can be broken by streaming the tests for unsuspecting users to solve. UE6858 Page 16
  17. 17. UE6858 “CAPTCHAS” New Proposed Approaches This new approach is Very similar to PIX CAPTCHAS as discussed earlier following are the steps followed in using it: • Pick a concrete object • Get 6 images at random from that match the object • Distort the images • Build a list of 100 words: 90 from a full dictionary, 10 from the objects dictionary • Prompt the user to pick the object from the list of words • Make an HTTP call to and search for the object • Screen scrape the result of 2-3 pages to get the list of images • Pick 6 images at random • Randomly distort both the images and their URLs before displaying them • Expire the CAPTCHA in 30-45 seconds UE6858 Page 17
  18. 18. UE6858 “CAPTCHAS” Benefits of this approach • The database already exists and is public • The database is constantly being updated and maintained • Adding “concrete objects” to the dictionary is virtually instantaneous • Distortion prevents caching hacks • Quick expiration limits streaming hacks Drawbacks of this approach: • Not accessible to people with disabilities (which is the case of most CAPTCHAs) • Relies on Google’s infrastructure • Unlike CAPTCHAs using random letters and numbers, the number of challenge words is limited. UE6858 Page 18
  19. 19. UE6858 “CAPTCHAS” Conclusion 1.CAPTCHAS are any software that distinguishes human and machine. 2.Research in CAPTCHAS implies advancement in AI making computers understand how human thinks. 3.Internet companies are making billions of dollars every year, their security and services quality matters and so does the advancement in CAPTCHA technology. 4.Different methods of CAPTCHAS are being studied but new ideas like ReCAPTCHA using human time on internet is amazing. UE6858 Page 19
  20. 20. UE6858 “CAPTCHAS” Bibliography [i] [ii] [iii] [iv]Research papers by Louis Ahn (Carmegie mellon university). UE6858 Page 20