A CAPTCHA (a backronym for "Completely Automated Public Turing test to tell Computers and Humans Apart") is a type of challenge-response test used in computing to determine whether or not the user is human by Luis Von Ahn
6. Background
ïFirst used by Altavista in1997
⊠Reduced SPAM by over 95%
ïCMU/Yahoo!
⊠Automated the creating and grading of challenges
ïPARC
⊠Relies on document image degradation to prevent successful OCR
⊠Conducted user-focused studies to assess the effectiveness of CAPTCHAs
6
7. Types of CAPTCHAs
ï¶Text based
⊠Gimpy, ez-gimpy
⊠Gimpy-r, Google CAPTCHA
⊠Simardâs HIP (MSN)
ï¶Graphic based
⊠Bongo
⊠Pix
ï¶Audio based
7
8. Text Based CAPTCHAs
ï¶Gimpy, ez-gimpy
⊠Pick a word or words from a small dictionary
⊠Distort them and add noise and background
ï¶Gimpy-r, Googleâs CAPTCHA
⊠Pick random letters
⊠Distort them, add noise and background
ï¶Simardâs HIP
⊠Pick random letters and numbers
⊠Distort them and add arcs
8
10. Graphic Based CAPTCHAs
ï¶ Bongo
⊠Display two series of blocks
⊠User must find the characteristic that sets the two series apart
⊠User is asked to determine which series each of four single blocks belongs to
Difference? thick vs. thin lines
10
11. Graphic Based CAPTCHAs
ï¶PIX
⊠Create a large database of labeled images
⊠Pick a concrete object
⊠Pick four images of the object from the images database
⊠Distort the images
⊠Ask the user to pick the object for a list of words
11
13. Audio Based CAPTCHAs
ï¶Pick a word or a sequence of numbers at random
ï¶Render them into an audio clip using a TTS software
ï¶Distort the audio clip
ï¶Ask the user to identify
ï¶and type the word or numbers
13
14. Guidelines
⊠Accessibility
⊠Image security
⊠Script security
⊠Security after widespread adoption
⊠Custom implementation or a general CAPTCHA?
15. Applications
⊠Preventing Comment Spam in Blogs
⊠Protecting Website Registration
⊠Protecting Email Addresses From Scrapers
⊠Online Polls
⊠Preventing Dictionary Attacks
⊠Worms and Spam
16. 16
Breaking CAPTCHAs
⊠Most text based CAPTCHAs have been broken by software
⊠OCR
⊠Segmentation
⊠Several other softwares such as
⊠CIntruder - pentesting tool to bypass captchas.
22. References
1. en.wikipedia.org
2. âProtecting Websites with Reading Based CAPTCHAsâ by Henry S. Baird and Mark Luk, California
3. âTelling Humans And Computers Apart Automatically OR How Lazy Cryptographers Do AIâ by Luis
von Ahn, Manuel Blum, and JohnLangford.
4. âVisual Reverse Turing Tests: A False Sense of Securityâ by Miroslav Ponec in 7th Annual IEEE
Information Assurance Workshop, New York, 2006
5. âRecognizing Objects in Adversarial Clutter: Breaking a Visual CAPTCHAâ by Jitendra Malik And
Greg Mori
6. âEnhanced CAPTCHAs: Using Animation to Tell Humans and Computers Apartâ by Elias
Athanasopoulos and Spiros Antonatos.
7. areyouahuman.com