Published on

Published in: Technology
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. CAPTCHA Presented By :- SUMIT KUMAR GARG (CSE VI sem)
  2. 2. CAPTCHA Are you Human? (Sorry, I had to ask)
  3. 3. CAPTCHA INTRODUCTION  Completely  Automated  Public  Turing Test to Tell  Computers and  Humans  Apart Full Form
  4. 4. CAPTCHA CAPTCHA Invented by Luis von Ahn,Manuel Blum. It is a program that is a challenge response to test to separate humans from computer programs. A program that can tell whether its user is a human or a computer.
  5. 5. CAPTCHA Contd…..  Generic CAPTCHA distort letters and numbers: Distorted characters are presented to the user. User has to recognize the distorted letters. If the guessed letters are correct, the user is inferred to be a human & allowed access.
  6. 6. CAPTCHA Contd…..  Humans can read the distorted & noisy text.  Current OCRs (Optical Character Recognition) cannot read them.  CAPTCHA word comes from capture.  it is also known as reverse Turing test.  About 200 million CAPTCHA are solved by humans around the world every day.  First developed by Alta Vista in 1997.
  7. 7. CAPTCHA Fig. 1 Simple CAPTCHA images (fig 1)
  8. 8. CAPTCHA BACKGROUND Why CAPTCHA was needed ? Spam e-mails. Abusing free Online accounts. Tampering with rankings on recommendation systems (like EBay, Amazon). Sabotage of Online Polls.
  9. 9. CAPTCHA What is TURING TEST ?  Proposed by Alan Turing.  To test a machine’s level of intelligence.  Human judge asks questions to two participants, one is a machine & the other human.  The judge doesn’t know which is which.  After listening to the answer, if the judge fails to recognize which one is the machine, then the machine passes the test.
  10. 10. CAPTCHA Contd…  CAPTCHA employs a Reverse Turing Test.  Judge = CAPTCHA program  Participant = user  If the user passes CAPTCHA, he is human otherwise it is a machine.
  11. 11. CAPTCHA Internet User Authentication Server Challenge Response User authentication The user initiate the dialog and has to be authenticated by server Internet User Authentication Server Challenge Response User authentication The user initiate the dialog and has to be authenticated by server User Authentication Steps using CAPTCHA Fig. 2
  12. 12. CAPTCHA Types of CAPTCHA  Text Based CAPTCHA  Graphics Based CAPTCHA  Audio CATCHA  ReCAPTCHA
  13. 13. CAPTCHA Text Based CAPTCHA  Simple, normal questions like : What is the sum of three & thirty-five ? If today is Saturday, what is day after tomorrow ? Which of mango, table & water is a fruit ? Very effective, needs a large question bank.
  14. 14. CAPTCHA Types of Text Based CAPTCHA  Gimpy  E Z-Gimpy  MSN CAPTCHA  Baffle Text
  15. 15. CAPTCHA Gimpy  Designed by Yahoo & CMU(Carnegie Mellon University).  Picks up 10 random words from dictionary & distorts, fills with noise.  User has to recognize at least 3 words.  If the user is correct, then he is admitted. Fig. 3 Gimpy
  16. 16. CAPTCHA EZ-Gimpy  A modified version of Gimpy.  Yahoo used this version in Messenger.  Has only 1 random string of characters.  Not a dictionary word, so not prone to dictionary attack.  Not a good implementation , already broken by OCRs(Optical Character Recognition). Fig. 4 EZ-Gimpy
  17. 17. CAPTCHA MSN CAPTCHA Fig. 5 MSN CAPTCHA  Provided for Microsoft’s MSN services.  Use of 8 characters.  Warping is used to distort.  Very strong implementation, hasn’t been broken.  It is segmentation-resistant.
  18. 18. CAPTCHA Baffle Text  Developed by Henry Baird at University of California.  This is a variation of the Gimpy.  This doesn’t contain dictionary words, but it picks up random alphabets. finans ourses Fig. 6 Baffle Text
  19. 19. CAPTCHA Graphic based CAPTCHA Two Types:  BONGO  PIX
  20. 20. CAPTCHA BONGO Fig. 7 BONGO Then tell to which set a given figure belongs to.  After M.M.Bongard, pattern recognition expert.  User has to solve a pattern recognition problem.  Has to tell the distinct characteristic between two sets of figures.
  21. 21. CAPTCHA PIX(Vidoop) Fig. 8 vidoop CAPTCHA E.g. :- pick the common characteristic among the following 4 pictures = “pool”.  Uses a large database of labeled images.  It shows a set of images, user has to recognize the common feature among those.
  22. 22. CAPTCHA Audio CAPTCHA  Consists of downloadable audio clip.  User listens & enters the spoken word.  Helps visually disabled users.  Below is the Google’s audio enabled CAPTCHA, Fig. 9 Audio CAPTCHA
  23. 23. CAPTCHA ReCAPTCHA To counter various drawbacks of the existing implementations, researchers at CMU (Carnegie Mellon University) developed a redesigned CAPTCHA aptly called the reCAPTCHA. Fig. 10 reCAPTCHA
  24. 24. CAPTCHA 24 Other Types of CAPTCHA Fig. 11
  25. 25. CAPTCHA Applications  Protect Online polls.  Prevent web registration abuse, protect passwords from brute-force attack.  Prevent comment spam & spam e-mails.  E-ticketing, prevent scalping.
  26. 26. CAPTCHA Protecting Website Registration Fig. 12
  27. 27. CAPTCHA URLADDING Fig. 13
  28. 28. CAPTCHACAPTCHA image used in MAIL SIGNUP PAGE Fig. 14
  29. 29. CAPTCHA E-Mail ATTACKS Fig. 15
  30. 30. CAPTCHA Mathematical CAPTCHA Fig. 16
  31. 31. CAPTCHA 31 3D Object CAPTCHA You must enter them in the exact sequence listed:  The Head of the Walking Man,  The Vase,  The Back of the Chair, Fig. 17
  32. 32. CAPTCHA Constructing CAPTCHA  Things to keep in mind :- Don’t store CAPTCHA solution in web page’s metadata. A CAPTCHA is no good if it doesn’t distort. Need a large database of different CAPTCHA questions. Avoid repetition of question.
  33. 33. CAPTCHA CAPTCHA logic  Generate the question.  Persist the correct answer.  Present the question to the user.  Evaluate the answer, if incorrect start again generate a different CAPTCHA.  If correct allow the access to the user.
  34. 34. CAPTCHA Breaking CAPTCHA  Cracking CAPTCHA through programs Convert CAPTCHA into Grey scale. Detect patterns in the image corresponding to the characters.  Greg Mori & Jitendra Malik have broken text CAPTCHA. Ex:- Easy Gimpy,
  35. 35. CAPTCHA Contd…  To break this CAPTCHA  Segmentation Locate possible letters in the image. Construct graph of consisting letters. Find out the possible words from the graph, use scores to rank Roll = 11.94 ,Profit = 9.42 (better match) Fig. 18
  36. 36. CAPTCHA Contd…  Social engineering to break CAPTCHA – Spammer encounters a CAPTCHA That CAPTCHA is copied to another site Humans are baited, Ex:- free Songs, free wallpapers, etc. To get those Songs or wallpapers, users are told to solve the copied CAPTCHA. Then the solution is routed back to the spammer. Solution – Fix a time-to-live period for a question.
  37. 37. CAPTCHA Issues with CAPTCHA Usability issue W3C mandates web to be accessible to all people. Some CAPTCHA are in accessible to visually impaired, cognitively challenged people.  Compatibility issue Java script may be needed to be activated in browsers. Some may need Adobe Flash Plug-in.
  38. 38. Table- 1, A partial list of the success ratios of the CAPTCHA Sniper tool, for different CAPTCHA services.
  39. 39. CAPTCHA SUMMARY  CAPTCHA are an effective way to counter bots & reduce spam.  They help advance AI knowledge.  Some issues with current implementations represent challenges for future improvements.
  40. 40. CAPTCHA REFERENCES      (A CAPTCHA in the Rye, ADC Monthly Web Attacks Analysis, June 2012)  Jason Andress, “Reverse Turing Testing with CAPTCHA” , ISSA Journal,2009.
  41. 41. CAPTCHA