Separating man from machine since 2000….. ?
Agenda Definition History Need Types Constructing CAPTCHAs Breaking CAPTCHAs Applications Conclusion
Introduction CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart CAPTCHA is a program that protect websites against bots by generating and grading test that- “ Humans can pass but Computer programs can’t “
History First developed by Alta Vista in 1997 The term coined in 2000 at CMU by Luis Von, Manuel Blum And Nicholas Hopper of Carnegie Mellon university. He decided to add a test to the submission page for protection against bots. He reversed the Turing test.
What is a Turing test? Proposed by Alan Turing It is a test of a machine’s ability to exhibit intelligence equivalent to a human. Human judge asks questions to two participants, one is a machine, one is human. He doesn’t know which is which If judge can’t tell which is the machine, the machine passes the test CAPTCHA employs a reverse Turing test, judge = CAPTCHA program, participant = user if user passes CAPTCHA, he is human if user fails, it is a machine
captcha
Generic CAPTCHAs distort letters and numbers. Distorted characters are presented to user. User has to recognize the distorted letters If the letters are correct, the user is inferred to be a human & allowed access Else, user is a bot and denied access HOW CAPTCHA WORKS
Background Why CAPTCHA was needed? Sabotage of online polls (happened in 1999 in flooded the polls by automated generated program) Abusing free online accounts by multiple registration( In 2000,Yahoo’s popular messenger chat service was hit by bots )
Types of CAPTCHAs Text based: Simple, normal language questions: What is sum of three and thirty-five? If today is Saturday, what is day after tomorrow? Which of mango, table, water is a fruit? Very effective, needs a large question bank Cognitively challenged users find it hard
Gimpy: Designed by Yahoo and CMU Picks up 10 random words from dictionary and distorts, fills with noise User has to recognize at least 3 words If user is correct, he is admitted
EZ-Gimpy: A modified version of Gimpy Yahoo used this version in Messenger Has only 1 random string of characters Not a good implementation, already broken by OCRs
MSN’s Passport service CAPTCHAs: Provided for Microsoft’s MSN services Use 8 characters Warping is used to distort Very strong implementation, hasn’t been broken It is segmentation-resistant
Graphic based CAPTCHAs: BONGO: After M.M.Bongard, pattern recognition expert User has to solve a pattern recognition problem Has to tell the distinct characteristic between two sets of figures Then tell to which set a given figure belongs to
PIX Uses a large database of labelled images It shows a set of images, user has to recognize the common feature among those E.g., Pick the common characteristic among the following four pictures-----”Aeroplane”
Image orientation captcha CAPTCHA developed by Google, In 2009 which requires users to adjust randomly rotated images to their upright orientation.
Audio CAPTCHAs: Consist of downloadable audio clip User listens and enters the spoken word Helps visually disabled users Below is the Google’s audio enabled CAPTCHA Not popular
Friend Recognition One of the more interesting CAPTCHA ideas appeared in January 2011 as a result of an effort by social-networking giant Facebook. The company is currently experimenting with social authentication in an effort to verify account authenticity. In the words of the experiment:social authentication “We will show you a few pictures of your friends and ask you to name the person in those photos. Hackers halfway across the world might know your password, but they don’t know who your friends are.” — Alex Rice, Facebook, A Continued Commitment to SecurityA Continued Commitment to Security
Constructing CAPTCHAs Things to keep in mind: Don’t store CAPTCHA solution in Web page’s metadata A CAPTCHA is no good if it doesn't distort Need a large database of different CAPTCHA questions Avoid repetition of questions
Embeddable CAPTCHAs: Available freely, just embed code into Web page’s HTML, from e.g., No maintenance Custom CAPTCHAs: Fits to the theme of the page Better protected from spammers Can be written in any language– HTML,.NET, JavaScript
Breaking CAPTCHAs Greg Mori and Jitendra Malik have broken text CAPTCHAs, e.g., Ez-Gimpy To break this CAPTCHA Preprocessing: Removal of background clutter and noise Segmentation: Locate possible letters in the image Classification : Identifying the character in each region
Social engineering to break CAPTCHAs: Spammer encounters a CAPTCHA That CAPTCHA is copied to another site Humans are baited, e.g., free MP 3 s To get those MP3s, users are told to solve the copied CAPTCHA Solution is routed to the spammer Solution: Fix a time-to-live period for a question CAPTCHA cracking as a business: Firms offer CAPTCHA cracking service in exchange for money
Applications Preventing comment spam in blogs(stops the program that post bogus comments) Prevent spam s and protect online polls RECAPTCHA Advertisement Captcha
Verify digitized books: reCAPTCHA Used in Google Books Project Two words are shown, the program knows first word and second word is the fragment of that old book If user enters first word correctly, it assumes that the second unknown word will also be entered correctly Second word becomes “known”
20 Million words are being digitized every day!!!
Advertisement mode Advertisement based text CAPTCHA was introduced in late 2010 by Solve Media, whose solution was to replace text with an advertisement and a related question. It serves as an advantage.introduced
Summary CAPTCHAs are an effective way to counter bots and reduce spam Applications are varied– from stopping bots to character recognition & pattern matching. Recaptcha is adding a lot to digitization of books. So next time if you are solving a captcha feel good as you are solving something which computers still can’t and preserving a part of history.