Drag and DropA Better Approach to

CAPTCHA

A.D.PATEL INSTITUTE OF TECHNOLOGY

By: Arpan Desai & Pragnesh Patadia

Presented At: IEEE Indicon 2009, DAIICT

{ arpanvdesai , prpatadia } [at] gmail [dot] com

CAPTCHA???..

CAPTCHA

A PROGRAM THAT CAN TELL WHETHER ITS USER IS A HUMAN OR A COMPUTER

Courtesy By: The Newyorker

CAPTCHA

A. MOST HUMANS CAN PASS

B. CURRENT COMPUTER

PROGRAMS CANNOT PASS

A PROGRAM THAT CAN GENERATE AND GRADE TESTS THAT:

CAPTCHA•COMPLETELY

•AUTOMATED

•PUBLIC

•TURING test to tell

•COMPUTERS and

•HUMANS

•APART

HUMAN JUDGE

TURING MACHINE CAPTCHA

Turing Test Vs. CAPTCHA

• FREE E-MAIL SERVICES

• DATA COLLECTION

• PREVENTING WORMS AND SPAM

• PREVENTING DICTIONARY ATTACKS

• PREVENT FAKE ONLINE POLLS

• PREVENT DOS ATTACKS

APPLICATIONS

MAIL SIGNUP

URL ADDING

(FROM WWW.SLASHDOT.ORG)

QUICKVOTE

Which is the best Computer Science Grad School in the US?

CMU

MIT

vote

Berkeley

StanfordCornell

Washington

ONLINE POLLS

POLL RESULTS…

• CMU – ABOVE 21500• MIT – ABOVE 20000 TO 21000• REST – LESS THAN 1500

Reason For This Surprising Results ??

BOTS AND SPIDERS

DOS ATTACKS

TYPES OF CAPTCHA

• BAFFLE TEXT• GIMPY / EZ-GIMPY• GIMPY-r• TICKET MASTER• BONGO• PIX• MAILBLOCK etc…

TEXT BASED CAPTCHA

CAPTCHA CAN BE BROKEN!!!!

BUT…..

STILL, WHY CAPTCHA?..

• We believe that precisely stating unsolved AI problems can accelerate the development of Artificial Intelligence: most AI problems that have been precisely stated and publicized have eventually been solved (take chess as an example).

• If the underlying AI problem is useful, a CAPTCHA implies a WIN-WIN situation: either the CAPTCHA is not broken and there is a way to differentiate humans from computers, or the CAPTCHA is broken and a useful AI problem is solved.

Animated CAPTCHA

Implicit CAPTCHA

rot CAPTCHA

Q & AThanks

CAPTCHA ANNOYANCE

Q & AThanks

AUDIO CAPTCHA

CAPTCHA ANNOYANCE

DRAG AND DROP CAPTCHA

• Here the user will be given a standard CAPTCHA image.

• Here the user needs to drag and drop the correct alphabets or numbers in correct sequence, instead of typing them. (Continue….)

DRAG AND DROP

Drag and Drop Objectives

• Operational ease• Easy for Humans• Difficult for Computers• Bandwidth Criteria• Implementation • Maintenance

DRAG AND DROP- Model

Algorithm

Algorithm: DnD CAPTCHA

•input: IC1...i, DC1...j, DB1...i

output: Done

•Four actions: •1. Place upward.•2. Bring back•3. Exchange•4. Submit

CAPTCHA THREATS

•Optical Character Recognition•Laundry Attacks•CAPTCHA Redirection

OCR

CAPTCHA SWEAT SHOPS

SPAM COMPANIES HIRE HUMANS TO SOLVE CAPTCHAS ALL DAY LONG

$2.50 PER HOUR FOR EACH HUMAN720 CAPTCHAS PER HOUR PER HUMAN

1/3 CENT PER ACCOUNT

LAUNDRY ATTACKS

CAPTCHA REDIRECTION

Type the word in the box if you want to see the next picture

Free Nude Photos

CAPTCHA REDIRECTION

DIFFICULTY VARIANCE & THREAT SOLUTIONS

• How DnD demolish CAPTCHA threats?• Can it be the replacement to current

approaches?

DnD and Smartphone

• How DnD demolish CAPTCHA • ‘I’, ‘l’, ‘1’ distinction• Language independent

DEMO

FEEDBACK

CONCLUSION

• Intellectual independent• Language independent• Solution for possible threats• Definite way for distinguish

Computer and Human

REFERENCES

[1]. en.wikipedia.org[2]. “Protecting Websites with Reading Based CAPTCHAs” by Henry S. Baird and Mark Luk, California[3]. “Telling Humans And Computers Apart Automatically OR How Lazy Cryptographers Do AI” by Luis von Ahn, Manuel Blum, and JohnLangford.[4]. “Visual Reverse Turing Tests: A False Sense of Security” by Miroslav Ponec in 7th Annual IEEE Information Assurance Workshop, New York, 2006 5]. “Using Machine Learning to Break Visual Human Interaction Proofs” by Kumar Chellapilla and Patrice Y. Simard.[6]. “Recognizing Objects in Adversarial Clutter: Breaking a Visual CAPTCHA” by Jitendra Malik And Greg Mori [7]. “Enhanced CAPTCHAs: Using Animation to Tell Humans and Computers Apart” by Elias Athanasopoulos and Spiros Antonatos.

CONTACT

arpanvdesai at hotmail dot com

IMAGE FILE

Questions

?