CAPTCHA are programs that generate and grade tests that can tell humans and computers apart in order to prevent spam and online abuse. They distort letters and numbers for users to recognize or present image pattern recognition problems that are currently difficult for computers to solve but easy for humans. While effective, some CAPTCHA have usability and accessibility issues that represent challenges for future improvements.

1. CAPTCHA
Presented By :-
SUMIT KUMAR GARG
(CSE VI sem)

2. CAPTCHA
Are you Human?
(Sorry, I had to ask)

3. CAPTCHA
INTRODUCTION
 Completely
 Automated
 Public
 Turing Test to Tell
 Computers and
 Humans
 Apart
Full Form

4. CAPTCHA
CAPTCHA
Invented by Luis von Ahn,Manuel Blum.
It is a program that is a challenge response
to test to separate humans from computer
programs.
A program that can tell whether its user is a
human or a computer.

5. CAPTCHA
Contd…..
 Generic CAPTCHA distort letters and
numbers:
Distorted characters are presented to the
user.
User has to recognize the distorted letters.
If the guessed letters are correct, the user is
inferred to be a human & allowed access.

6. CAPTCHA
Contd…..
 Humans can read the distorted & noisy text.
 Current OCRs (Optical Character Recognition)
cannot read them.
 CAPTCHA word comes from capture.
 it is also known as reverse Turing test.
 About 200 million CAPTCHA are solved by
humans around the world every day.
 First developed by Alta Vista in 1997.

7. CAPTCHA
Fig. 1
Simple
CAPTCHA
images
(fig 1)

8. CAPTCHA
BACKGROUND
Why CAPTCHA was needed ?
Spam e-mails.
Abusing free Online accounts.
Tampering with rankings on recommendation
systems (like EBay, Amazon).
Sabotage of Online Polls.

9. CAPTCHA
What is TURING TEST ?
 Proposed by Alan Turing.
 To test a machine’s level of intelligence.
 Human judge asks questions to two
participants, one is a machine & the other
human.
 The judge doesn’t know which is which.
 After listening to the answer, if the judge fails
to recognize which one is the machine, then
the machine passes the test.

10. CAPTCHA
Contd…
 CAPTCHA employs a Reverse Turing Test.
 Judge = CAPTCHA program
 Participant = user
 If the user passes CAPTCHA, he is human
otherwise it is a machine.

11. CAPTCHA
Internet
User
Authentication Server
Challenge
Response
User authentication
The user initiate the
dialog and has to be
authenticated by server
Internet
User
Authentication Server
Challenge
Response
User authentication
The user initiate the
dialog and has to be
authenticated by server
User Authentication Steps
using CAPTCHA
Fig. 2

12. CAPTCHA
Types of CAPTCHA
 Text Based CAPTCHA
 Graphics Based CAPTCHA
 Audio CATCHA
 ReCAPTCHA

13. CAPTCHA
Text Based CAPTCHA
 Simple, normal questions like :
What is the sum of three & thirty-five ?
If today is Saturday, what is day after
tomorrow ?
Which of mango, table & water is a fruit ?
Very effective, needs a large question bank.

14. CAPTCHA
Types of Text Based
CAPTCHA
 Gimpy
 E Z-Gimpy
 MSN CAPTCHA
 Baffle Text

15. CAPTCHA
Gimpy
 Designed by Yahoo & CMU(Carnegie Mellon
University).
 Picks up 10 random words from dictionary &
distorts, fills with noise.
 User has to recognize at least 3 words.
 If the user is correct, then he is admitted.
Fig. 3 Gimpy

16. CAPTCHA
EZ-Gimpy
 A modified version of Gimpy.
 Yahoo used this version in Messenger.
 Has only 1 random string of characters.
 Not a dictionary word, so not prone to
dictionary attack.
 Not a good implementation , already broken by
OCRs(Optical Character Recognition).
Fig. 4 EZ-Gimpy

17. CAPTCHA
MSN CAPTCHA
Fig. 5 MSN CAPTCHA
 Provided for Microsoft’s MSN services.
 Use of 8 characters.
 Warping is used to distort.
 Very strong implementation, hasn’t been
broken.
 It is segmentation-resistant.

18. CAPTCHA
Baffle Text
 Developed by Henry Baird at University of
California.
 This is a variation of the Gimpy.
 This doesn’t contain dictionary words, but
it picks up random alphabets.
finans ourses
Fig. 6 Baffle Text

19. CAPTCHA
Graphic based CAPTCHA
Two Types:
 BONGO
 PIX

20. CAPTCHA
BONGO
Fig. 7 BONGO
Then tell to which set a
given figure belongs to.
 After M.M.Bongard, pattern recognition
expert.
 User has to solve a pattern recognition
problem.
 Has to tell the distinct characteristic between
two sets of figures.

21. CAPTCHA
PIX(Vidoop)
Fig. 8 vidoop CAPTCHA
E.g. :- pick the
common characteristic
among the following 4
pictures = “pool”.
 Uses a large database of labeled images.
 It shows a set of images, user has to recognize
the common feature among those.

22. CAPTCHA
Audio CAPTCHA
 Consists of downloadable audio clip.
 User listens & enters the spoken word.
 Helps visually disabled users.
 Below is the Google’s audio enabled CAPTCHA,
Fig. 9 Audio CAPTCHA

23. CAPTCHA
ReCAPTCHA
To counter various drawbacks of the existing
implementations, researchers at CMU
(Carnegie Mellon University) developed a
redesigned CAPTCHA aptly called the
reCAPTCHA.
Fig. 10 reCAPTCHA

24. CAPTCHA
24
Other Types of CAPTCHA
Fig. 11

25. CAPTCHA
Applications
 Protect Online polls.
 Prevent web registration abuse, protect
passwords from brute-force attack.
 Prevent comment spam & spam e-mails.
 E-ticketing, prevent scalping.

26. CAPTCHA
Protecting Website Registration
Fig. 12

27. CAPTCHA
URLADDING
Fig. 13

28. CAPTCHACAPTCHA image used in
MAIL SIGNUP PAGE
Fig. 14

29. CAPTCHA
E-Mail ATTACKS
Fig. 15

30. CAPTCHA
Mathematical CAPTCHA
Fig. 16

31. CAPTCHA
31
3D Object CAPTCHA
You must enter them
in the exact sequence
listed:
 The Head of the
Walking Man,
 The Vase,
 The Back of the
Chair,
Fig. 17

32. CAPTCHA
Constructing CAPTCHA
 Things to keep in mind :-
Don’t store CAPTCHA solution in web page’s
metadata.
A CAPTCHA is no good if it doesn’t distort.
Need a large database of different CAPTCHA
questions.
Avoid repetition of question.

33. CAPTCHA
CAPTCHA logic
 Generate the question.
 Persist the correct answer.
 Present the question to the user.
 Evaluate the answer, if incorrect start again
generate a different CAPTCHA.
 If correct allow the access to the user.

34. CAPTCHA
Breaking CAPTCHA
 Cracking CAPTCHA through programs
Convert CAPTCHA into Grey scale.
Detect patterns in the image corresponding to
the characters.
 Greg Mori & Jitendra Malik have broken text
CAPTCHA.
Ex:- Easy Gimpy,

35. CAPTCHA
Contd…
 To break this CAPTCHA
 Segmentation
Locate possible letters in the image.
Construct graph of consisting letters.
Find out the possible words from the graph,
use scores to rank
Roll = 11.94 ,Profit = 9.42 (better match)
Fig. 18

36. CAPTCHA
Contd…
 Social engineering to break CAPTCHA –
Spammer encounters a CAPTCHA
That CAPTCHA is copied to another site
Humans are baited, Ex:- free Songs, free
wallpapers, etc.
To get those Songs or wallpapers, users are told
to solve the copied CAPTCHA.
Then the solution is routed back to the spammer.
Solution – Fix a time-to-live period for a
question.

37. CAPTCHA
Issues with CAPTCHA
Usability issue
W3C mandates web to be accessible to all
people.
Some CAPTCHA are in accessible to visually
impaired, cognitively challenged people.
 Compatibility issue
Java script may be needed to be activated in
browsers.
Some may need Adobe Flash Plug-in.

38. Table- 1, A partial list of the success ratios of the CAPTCHA Sniper tool, for different CAPTCHA services.

39. CAPTCHA
SUMMARY
 CAPTCHA are an effective way to counter bots
& reduce spam.
 They help advance AI knowledge.
 Some issues with current implementations
represent challenges for future improvements.

40. CAPTCHA
REFERENCES
 http://www.whereisdoc.com
 http://www.seminarsonly.com/computerscience/captcha
 http://www.phpcaptcha.org
 http://www.wikipedia.com
 http://www.imperva.com (A CAPTCHA in the Rye,
ADC Monthly Web Attacks Analysis, June 2012)
 Jason Andress, “Reverse Turing Testing with
CAPTCHA” , ISSA Journal,2009.

41. CAPTCHA