This document discusses CAPTCHAs, which are programs that generate tests to distinguish humans from bots attempting to access websites. It defines CAPTCHAs and provides a brief history, describing the first CAPTCHA developed by AltaVista in 1997. The document outlines different types of CAPTCHAs, including text, graphics, and audio-based, and discusses some applications and how CAPTCHAs can be broken, along with benefits and drawbacks.

1. Telling Humans and Computers Apart
Automatically
Presented by:
Meghana Mudunuru
CAPTCHA

2. Agenda
 Definition
 History
 Types Of CAPTCHA
 Applications
 Breaking CAPTCHA
 Drawbacks
 Conclusion

3.  CAPTCHA (Completely Automated Public Turing
Test To Tell Computers and Humans Apart).
 The P for Public means that the code and the data
used by a CAPTCHA should be publicly available.
 T for “Turing Test to Tell” is because CAPTCHAs
are like Turing Tests. It is also known as reverse
turing test
What is CAPTCHA??

4. Captcha is a program that protect website against
bots by generating and grading test that humans can
pass but current computer programs cannot. For
example, humans can read distorted text as the one
shown below, but current computer programs can't
What is CAPTCHA??

5. Captcha requires that the user types letters
or digits from distorted image appears on
screen.
If correct solution is entered than system
assumes that response is generated
-by user
else
-by bots & access denied.
What is CAPTCHA??

6. First developed by Alta Vista in 1997.
Yahoo! Chat room problem.
The term coined in 2003 by Luis von Ahn,
Manuel Blum and Nicholas j. Hopper of
Carnegie Mellon university and john Langford
of IBM.
About 200 million CAPTCHAs are solved by
humans around the world every day.
History behind CAPTCHA

7. Text Based CAPTCHA
 Gimpy,ez-gimpy
 Gimpy-r, Google CAPTCHA
 Simard’s HIP
Graphics Based CAPTCHA
 Bongo
 Pix
Audio Based CAPTCHA
Types of CAPTCHA

8.  Gimpy:
Initially used by yahoo ,in this CAPTCHA two steps
are followed as:
a) Pick a word or words from a small dictionary
b) Distort them and add noise and background
Text Based CAPTCHA

9.  Gimpy-R
 This was used by google and was basically a simple advance
over gimpy. Here instead of a complete word individual letters
are noised instead of complete words. steps followed are as:
a) Pick random letters
b) Distort them, add noise and background
Type three words appearing in the image.
Text Based CAPTCHA

10.  Simcard’s
• Here further advances made and arcs being made
into it i.e.. Curved geometrical shapes. Hence steps
followed are as:
a)Pick random letters and numbers
b)Distort them and add arcs appearing in the image.
Text Based CAPTCHA

11. Graphics Based CAPTCHA
To which side does the
block on the bottom
belong?
BONGO:
a)Display two series of blocks
b)User must find the characteristic
that sets the two series apart
c)User is asked to determine which
series each of four single blocks
belongs to.

12. a) Create a large database of
labeled images
b) Pick a concrete object
c) Pick four images of the object
from the images database
d) Distort the images
e) Ask the user to pick the object
for a list of words
Graphics Based CAPTCHA
PIX:
What are these pictures of?
pool

13.  These are based on humans ability to depict sounds
that may be distorted, following algorithm is
followed in using it:
a) Pick a word or a sequence of numbers at random
b) Render them into an audio clip using a TTS software
c) Distort the audio clip
d) Ask the user to identify and type the word or numbers
Audio Based CAPTCHA

14.  Preventing Comment Spam in Blogs.
 Protecting website registration.
 Protecting email addresses from scrapers.
 Online Polls.
 Preventing dictionary attacks.
Applications

15.  Insecure implementation:
-exploiting bugs in the implementation that allow
the attacker to completely bypass the CAPTCHA
 Computer character recognition:
-improving character recognition software
 Human solvers:
- using cheap human labor to process the tests
How to Defeat CAPTCHA?

16.  Most text based CAPTCHAs have been broken by
software
-OCR(Optical Character Recognization)
-Segmentation
 Other CAPTCHAs were broken by streaming the tests
for unsuspecting users to solve.
Breaking CAPTCHA

17. The database already exists and is public.
The database is constantly being updated and
maintained.
Adding “concrete objects” to the dictionary is virtually
instantaneous.
Distortion prevents caching hacks.
Quick expiration limits streaming hacks
Benefits

18. Not accessible to people with disabilities (which is
the case of most CAPTCHAs).
Relies on Google’s infrastructure.
Unlike CAPTCHAs using random letters and numbers,
the number of challenge words is limited.
Drawbacks

19. THANK YOU