Captcha seminar

22,435 views

Published on

ALL THE w'S RELATED WITH CAPTCHA

Published in: Technology
1 Comment
21 Likes
Statistics
Notes
No Downloads
Views
Total views
22,435
On SlideShare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
2,581
Comments
1
Likes
21
Embeds 0
No embeds

No notes for slide

Captcha seminar

  1. 1. CAPTCHA<br />BY- AUROBINDO NAYAK<br />0701288307<br />
  2. 2. AGENDA<br />DEFINITION<br />BACKGROUND<br />TYPES<br />APPLICATIONS<br />CONSTRUCTING CAPTCHA<br />BREAKING CAPTCHA<br />ISSUES WITH CAPTCHA<br />CONCLUSION<br />
  3. 3. INTRODUCTION<br />CAPTCHA – Completely Automated Public Turing test to tell Computers & Humans Apart.<br />Invented at CMU by Luis von Ahn, Manuel Blum, et.al.<br />It is a program that is a challenge response to test to separate humans from computer programs.<br />
  4. 4. Generic CAPTCHAs distort letters & numbers - <br />Distorted characters are presented to the user.<br />User has to recognize the distorted letters.<br />If the guessed letters are correct, the user is inferred to be a human & allowed access.<br />
  5. 5. Contd…<br />Humans can read the distorted & noisy text.<br />Current OCRs(Optical Character Recognition) cannot read them.<br />
  6. 6. BACKGROUND<br />Why CAPTCHA was needed ?<br /><ul><li>Sabotage of Online Polls.
  7. 7. Spam e-mails.
  8. 8. Abusing free Online accounts.
  9. 9. Tampering with rankings on recommendation systems (like Ebay, Amazon)</li></li></ul><li>What is TURING TEST ?<br />Proposed by Alan Turing.<br />To test a machine’s level of intelligence.<br />Human judge asks questions to two participants, one is a machine & the other human.<br />The judge doesn’t know which is which.<br />After listening to the answer, if the judge fails to recognize which one is the machine, then the machine passes the test. <br />
  10. 10. Contd…<br />CAPTCHA employs a Reverse Turing Test.<br />Judge = CAPTCHA program, participant = user <br />If the user passes CAPTCHA, he is human otherwise it is a machine.<br />
  11. 11. Types of CAPTCHAs<br />
  12. 12. 1. Text Based-<br />simple, normal questions :-<br />What is the sum of three & thirty-five ?<br />If today is Saturday, what is day after tomorrow ?<br />Which of mango, table & water is a fruit ?<br />Very effective, needs a large question bank.<br />Congnitively challenged users find it hard.<br />
  13. 13. 2. Gimpy-<br />Designed by Yahoo & CMU(Carnegie Mellon University)<br />Picks up 10 random words from dictionary & distorts, fills with noise.<br />User has to recognize at least 3 words.<br />If the user is correct, then he is admitted.<br />
  14. 14. 3. EZ-Gimpy-<br />A modified version of Gimpy.<br />Yahoo used this version in Messenger.<br />Has only 1 random string of characters.<br />Not a dictionary word, so not prone to dictionary attack.<br />Not a good implimentation , already broken by OCRs(Optical Character Recognition).<br />
  15. 15. 4. MSNs passport service CAPATCHAs-<br />Provided for Microsoft’s MSN services.<br />Use of 8 characters.<br />Warping is used to distort.<br />Very strong implementation, hasn’t been broken.<br />It is segmentation-resistant.<br />
  16. 16. 5. Graphic based CAPTCHAs-<br />1. BONGO-<br />After M.M.Bongard, pattern recognition expert.<br />User has to solve a pattern recognition problem.<br />Has to tell the distinct characteristic between two sets of figures.<br />Then tell to which set a given figure belongs to.<br />
  17. 17. Contd…<br />2. PIX-<br />Uses a large database of labelled images.<br />It shows a set of images, user has to recognize the common feature among those.<br />Eg :- pick the common characteristic among the following 4 pictures = “aeroplane”.<br />
  18. 18. 6. Audio CAPTCHAs-<br />Consists of downloadable audio clip.<br />User listens & enters the spoken word.<br />Helps visually disabled users.<br />Below is the Google’s audio enabled CAPTCHA-<br />
  19. 19. 7. Applications-<br />Protect Online polls.<br />Prevent web registration abuse, protect passwords from brute-force attack.<br />Prevent comment spam & spam e-mails.<br />E-ticketing, prevent scalping.<br />
  20. 20. Contd…<br />Verify digitized books : “RE-CAPTCHA”<br />Used in Google books project.<br />Two words are shown, the program knows the first word.<br />If the user enter the first word correctly, it assumes that the second unknown word will also be entered correctly.<br />Second word becomes “known”.<br />
  21. 21. Constructing CAPTCHAs<br />Things to keep in mind :-<br />Don’t store CAPTCHA solution in web page’s metadata.<br />A CAPTCHA is no good if it doesn’t distort.<br />Need a large database of different CAPTCHA questions.<br />Avoid repetition of question.<br />
  22. 22. CAPTCHA logic<br />Generate the question<br />Persist the correct answer<br />Present the question to the user<br />Evaluate the answer, if incorrect start again- Generate a different CAPTCHA<br />If correct allow the access to the user<br />
  23. 23. Breaking CAPTCHAs<br />Cracking CAPTCHAs through programs – <br />Convert CAPTCHA into Grey scale.<br />Detect patterns in the image corresponding to the characters<br />Greg Mori & JitendraMalik have broken text CAPTCHAs <br />Ex:- Easy Gimpy <br />
  24. 24. Contd…<br />To break this CAPTCHA – <br />Segmentation –<br />Locate possible letters in the image – <br />Construct graph of consisting letters – <br />Find out the possible words from the graph, use scores to rank<br />Roll = 11.94<br />Profit = 9.42 (better match) <br />
  25. 25. Contd…<br />Social engineering to break CAPTCHAs –<br />Spammer encounters a CAPTCHA<br />That CAPTCHA is copied to another site<br />Humans are baited, Ex:- free MP3s, free wallpapers, etc.<br />To get those MP3s or wallpapers, users are told to solve the copied CAPTCHA.<br />Then the solution is routed back to the spammer.<br />Solution – Fix a time-to-live period for a question.<br />
  26. 26. Issues with CAPTCHAs<br />Usability issue –<br />W3C mandates web to be accessible to all people.<br />Some CAPTCHAs are in accessible to visually impaired, cognitively challenged people.<br /> Compatibility issue –<br />Java script may be needed to be activated in browsers.<br />Some may need Adobe Flash Plugin.<br />
  27. 27. SUMMARY<br />CAPTCHAs are an effective way to counter bots & reduce spam.<br />They help advance AI knowledge.<br />Some issues with current implementations represent challenges for future improvements.<br />
  28. 28. ANY QUESTIONS -<br />
  29. 29. THANK YOU <br />

×