Drag and DropA Better Approach to
CAPTCHA
A.D.PATEL INSTITUTE OF TECHNOLOGY
By: Arpan Desai & Pragnesh Patadia
Presented At: IEEE Indicon 2009, DAIICT
{ arpanvdesai , prpatadia } [at] gmail [dot] com
CAPTCHA???..
CAPTCHA
A PROGRAM THAT CAN TELL WHETHER ITS USER IS A HUMAN OR A COMPUTER
Courtesy By: The Newyorker
CAPTCHA
A. MOST HUMANS CAN PASS
B. CURRENT COMPUTER
PROGRAMS CANNOT PASS
A PROGRAM THAT CAN GENERATE AND GRADE TESTS THAT:
CAPTCHA•COMPLETELY
•AUTOMATED
•PUBLIC
•TURING test to tell
•COMPUTERS and
•HUMANS
•APART
HUMAN JUDGE
TURING MACHINE CAPTCHA
Turing Test Vs. CAPTCHA
• FREE E-MAIL SERVICES
• DATA COLLECTION
• PREVENTING WORMS AND SPAM
• PREVENTING DICTIONARY ATTACKS
• PREVENT FAKE ONLINE POLLS
• PREVENT DOS ATTACKS
APPLICATIONS
MAIL SIGNUP
URL ADDING
(FROM WWW.SLASHDOT.ORG)
QUICKVOTE
Which is the best Computer Science Grad School in the US?
CMU
MIT
vote
Berkeley
StanfordCornell
Washington
ONLINE POLLS
POLL RESULTS…
• CMU – ABOVE 21500• MIT – ABOVE 20000 TO 21000• REST – LESS THAN 1500
Reason For This Surprising Results ??
BOTS AND SPIDERS
DOS ATTACKS
TYPES OF CAPTCHA
• BAFFLE TEXT• GIMPY / EZ-GIMPY• GIMPY-r• TICKET MASTER• BONGO• PIX• MAILBLOCK etc…
TEXT BASED CAPTCHA
CAPTCHA CAN BE BROKEN!!!!
BUT…..
STILL, WHY CAPTCHA?..
• We believe that precisely stating unsolved AI problems can accelerate the development of Artificial Intelligence: most AI problems that have been precisely stated and publicized have eventually been solved (take chess as an example).
• If the underlying AI problem is useful, a CAPTCHA implies a WIN-WIN situation: either the CAPTCHA is not broken and there is a way to differentiate humans from computers, or the CAPTCHA is broken and a useful AI problem is solved.
Animated CAPTCHA
Implicit CAPTCHA
rot CAPTCHA
Q & AThanks
CAPTCHA ANNOYANCE
Q & AThanks
AUDIO CAPTCHA
CAPTCHA ANNOYANCE
DRAG AND DROP CAPTCHA
• Here the user will be given a standard CAPTCHA image.
• Here the user needs to drag and drop the correct alphabets or numbers in correct sequence, instead of typing them. (Continue….)
DRAG AND DROP
Drag and Drop Objectives
• Operational ease• Easy for Humans• Difficult for Computers• Bandwidth Criteria• Implementation • Maintenance
DRAG AND DROP- Model
Algorithm
Algorithm: DnD CAPTCHA
•input: IC1...i, DC1...j, DB1...i
output: Done
•Four actions: •1. Place upward.•2. Bring back•3. Exchange•4. Submit
CAPTCHA THREATS
•Optical Character Recognition•Laundry Attacks•CAPTCHA Redirection
OCR
CAPTCHA SWEAT SHOPS
SPAM COMPANIES HIRE HUMANS TO SOLVE CAPTCHAS ALL DAY LONG
$2.50 PER HOUR FOR EACH HUMAN720 CAPTCHAS PER HOUR PER HUMAN
1/3 CENT PER ACCOUNT
LAUNDRY ATTACKS
CAPTCHA REDIRECTION
Type the word in the box if you want to see the next picture
Free Nude Photos
CAPTCHA REDIRECTION
DIFFICULTY VARIANCE & THREAT SOLUTIONS
• How DnD demolish CAPTCHA threats?• Can it be the replacement to current
approaches?
DnD and Smartphone
• How DnD demolish CAPTCHA • ‘I’, ‘l’, ‘1’ distinction• Language independent
FEEDBACK
CONCLUSION
• Intellectual independent• Language independent• Solution for possible threats• Definite way for distinguish
Computer and Human
REFERENCES
[1]. en.wikipedia.org[2]. “Protecting Websites with Reading Based CAPTCHAs” by Henry S. Baird and Mark Luk, California[3]. “Telling Humans And Computers Apart Automatically OR How Lazy Cryptographers Do AI” by Luis von Ahn, Manuel Blum, and JohnLangford.[4]. “Visual Reverse Turing Tests: A False Sense of Security” by Miroslav Ponec in 7th Annual IEEE Information Assurance Workshop, New York, 2006 5]. “Using Machine Learning to Break Visual Human Interaction Proofs” by Kumar Chellapilla and Patrice Y. Simard.[6]. “Recognizing Objects in Adversarial Clutter: Breaking a Visual CAPTCHA” by Jitendra Malik And Greg Mori [7]. “Enhanced CAPTCHAs: Using Animation to Tell Humans and Computers Apart” by Elias Athanasopoulos and Spiros Antonatos.
CONTACT
arpanvdesai at hotmail dot com
IMAGE FILE
Questions
?
