seminar on captcha

CAPTCHACAPTCHA

Presented by: ANANTA TYAGI B.Tech C.S. 3rd year 1135110012

OVERVIEWOVERVIEWDefinitionBackgroundApplicationsTypes of CAPTCHAsBreaking CAPTCHAsRecent Developments

2

Definition:Definition:CAPTCHA is an acronym which stands for

Completely Automated Public Turing test to tell Computers and Humans Apart.

A program that can tell whether its user is a human or a computer.

Invented by Luis von Ahn and Manuel BlumThe challenge: develop a software program

that can create and grade challenges most humans can pass but computers cannot.

3

Background:Background:First used by Altavista in1997

• Reduced SPAM add-url by over 95%CMU/Yahoo!

• Automated the creating and grading of challenges

PARC• Relies on document image degradation

to prevent successful OCR• Made its own meta-CAPTCHA.

4

Background:Background: Generic CAPTCHAs distort letters and

nos.

User has to recognize distorted letters.

5

Applications:Applications:Free email services.Online polls predictionPrevent dictionary attacks.Preventing SPAM.E-ticketing,prevention of scalping.Newsgroups,Blogs,..etc.

6

Turing Test:Turing Test:Proposed by Alan Turing to test a

machine’s level of intelligence.Human judge asks question to 2

participants.The judge does not know which is

which.After listening,if judge fails to

recognize machine,machine passes the test.

7

Turing Test contd…Turing Test contd…CAPTCHA employs REVERSE

TURING TEST.Here,Judge=Captcha,Participant=User.If user answers captcha correctly,he is

human else a machine.

8

Types of CAPTCHAs:Types of CAPTCHAs:Text based

• Gimpy• Ez-Gimpy • MSN Passport Service based• Google’s reCaptcha

Graphic based• Bongo• Pix

Audio based

9

Text Based CAPTCHAs:Text Based CAPTCHAs:Ordinary questions like:

• What is the sum of 72 and 35?• If today is Sunday,what is day after

tomorrow?Effective but requires a large question

bank.Cognitively challenged users may find

it difficult.

10

Gimpy:Gimpy:Designed by Yahoo and

CMU(Carnegie Mellon University.)Picks up 10 random words from the

dictionary,fills them with noise.User has to recognise atleast 3 words.If correct,user is admitted.Prone to dictionary attacks.

11

Ez-Gimpy:Ez-Gimpy:Modified version of GimpyYahoo used this version in

Messenger.A random string of characters is used.Not prone to dictionary attacks.Not very good,has been broken by

OCRs.

12

MSN Passport Service Based:MSN Passport Service Based:

Provided for MSN services.Use of 8 characters.Warping and arcs are used for

distortion.Very strong implementation.Broken by Newcastle University with

92% success.

13

Text Based CAPTCHAs:Text Based CAPTCHAs:

14

Graphic Based CAPTCHAs:Graphic Based CAPTCHAs:BONGO

• Display two series of blocks• User must find the characteristic that sets

the two series apart• User is asked to determine which series

each of four single blocks belongs to.

15

Graphic Based CAPTCHAs:Graphic Based CAPTCHAs:PIX

• Create a large database of labeled images.

• Pick a concrete object.• Pick four images of the object from the

images database.• Distort the images.• Ask the user to pick the object for a list of

words.

16

Graphic Based CAPTCHAs:Graphic Based CAPTCHAs:

17

Audio Based CAPTCHAs:Audio Based CAPTCHAs:Pick a word or a sequence of numbers

at random.Render them into an audio clip using a

TTS software.Distort the audio clip.Ask the user to identify and type the

word or numbers.

18

Google’s reCaptcha:Google’s reCaptcha:Used by Google to verify digitized

books.2 words are shownProgram knows one of the words.If user enters first word correctly,it

assumes that second word will also be entered correctly.

Also replays the word to many users to determine the answer.

19

Google’s reCaptcha:Google’s reCaptcha:

20

Breaking CAPTCHAs:Breaking CAPTCHAs:Most text based CAPTCHAs have

been broken by software• OCR• Segmentation

Greg Mori and Jitendra Malik have broken text captchas.

21

Breaking CAPTCHAs:Breaking CAPTCHAs:Social engineering is used for breaking

CAPTCHAs:Spammer encounters CAPTCHA.CAPTCHA is copied to another site.Humans are baited –free mp3 files, free

wallpapers etc.Users are told to solve copied

CAPTCHA.Solution is then routed back to spammer.

22

Recent Developments:Recent Developments:A site named “hellocaptcha.com” has

introduced a new generation of CAPTCHAs.

They make custom designed CAPTCHAs for various websites.

Highly secure,animated GIF images. Has prestigious clients like the

Austrian Government.

23

Examples:Examples:

24

25