Usability of CAPTCHAs Or usability issues in CAPTCHA design Authors: Jeff Yan and Ahmad Salah El Ahmad Presented By: Kim Giglia CSC 682 11/19/2008.

Slides:

Advertisements

Similar presentations

COMPUTER MALWARE FINAL PROJECT PROPOSAL THE WAR AGAINST CAPTCHA WITH IMPLEMENTATION OF THE WORLDS MOST ACCURATE CAPTCHA BREAKER By Huy Truong & Kathleen.

Advertisements

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

CAPTCHA: Using Hard AI Problems for Security 12 Jun 2007 Ohad Barak (a.k.a. jo) Luis Von Ahn, EuroCrypt 2003.

CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart A Computer Program that can generate and grade test that: Most Humans.

Learning Objectives Explain similarities and differences among algorithms, programs, and heuristic solutions List the five essential properties of an algorithm.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

A Low-cost Attack on a Microsoft CAPTCHA Yan Qiang,

CAPTCHA Presented by: Sari Louis SPAM Group: Marc Gagnon, Sari Louis, Steve White University of Illinois Spring 2006.

Breaking an Animated CAPTCHA Scheme

CAPTCHA Presented By Sayani Chandra (Roll )

Jeff Yan School of Computing Science Newcastle University, UK (Joint work with Ahmad Salah El Ahmad) Usability of CAPTCHAs Or “usability issues in CAPTCHA.

Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.

IS 213 Presentation Healthy Communities Florance Gee, Ran Li, Nettie Ng April 29, 2004.

Telling Humans and Computers Apart (Automatically) Or How Lazy Cryptographers do AI Luis von Ahn The Aladdin Center Carnegie Mellon University.

CAPTCHA Prabhakar Verma “08MC30”.

Genetically optimized face image CAPTCHA

Human Computation CSC4170 Web Intelligence and Social Computing Tutorial 7 Tutor: Tom Chao Zhou

Words & Definitions By: Naftaly Garcia Birruete. Address Bar  The space provided on a web browser that shows the addresses of websites.

Web 2.0 Testing and Marketing E-engagement capacity enhancement for NGOs HKU ExCEL3.

Review an existing website Usability in Design. to begin with.. Meeting Organization’s objectives and your Usability goals Meeting User’s Needs Complying.

]. Website Must-Haves Know your audience Good design Clear navigation Clear messaging Web friendly content Good marketing strategy.

Usability & Visual Design Krystine Wetherill.  Usability measures the quality of a user's experience when interacting with a product or system—whether.

The Big Six Approach to Locating, Evaluating and Sharing the Information You Seek at Bristol Elementary School.

IOTA Improved Design and Implementation of a Modular and Extensible Website Framework Andrew Hamilton – TJHSST Computer Systems Lab Abstract.

System Analysis & Design Chapter VII: User Interface Design Providing interactive and easy to use interfaces is an important task of system designer using.

Mrs. Beth Cueni Carnegie Mellon

An Accessible CAPTCHA Chad Killingsworth Web Projects Coordinator.

CAPTCHA 1 Are you Human? (Sorry, I had to ask). CAPTCHA 2 Agenda What is CAPTCHA? Types of CAPTCHA Where to use CAPTCHAs? Guidelines when making a CAPTCHA.

Recognizing some of the modern CAPTCHAs Dmitry Nikulin LCME, Saint-Petersburg, 2011.

Part 2  Access Control 1 CAPTCHA Part 2  Access Control 2 Turing Test Proposed by Alan Turing in 1950 Human asks questions to another human and a computer,

SRS PRESENTATION Ronen Mendezitsky & Alon Weiss Website Protection System.

Analyzing CAPTCHAs May 1, 2009 Kyle Anderson Michelle Krause Matthew Turner.

CIS 450 – Network Security Chapter 8 – Password Security.

Human Factors in Web Design Mohsen Asgari. Contents WWW & Human Factors Relationship Human and Computer Interaction HCI & WWW Information Presentation.

Exploration Seminar 3 Human Computation Roy McElmurry.

Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen.

IOTA Improved Design and Implementation of a Modular and Extensible Course Management System Andrew Hamilton 5 th Period.

CAPTCHA solving Tianhui Cai Period 3. CAPTCHAs Completely Automated Public Turing tests to tell Computers and Humans Apart Determines whether a user is.

IMAGINATION: A Robust Image-based CAPTCHA Generation System Ritendra Datta, Jia Li, and James Z. Wang The Pennsylvania State University – University Park.

Preventing Automated Use of STMP Reservation System Using CAPTCHA.

REVISITING DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS Mansour Alsaleh,Mohammad Mannan and P.C van Oorschot.

Presented By: Abirami Poonkundran Authors: Jeff Yan, Ahmad El Ahmad.

Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.

Presenter: Tracy Wessler June 5, 2007 The Use of High Speed Data Processing to Capture Census Data U.S. Census Bureau Decennial Response Integration System.

 Password Fallback Authentication › Resource resorted to when users forget their passwords  Existing Tools › CAPTCHA › Pre-defined questions › User-defined.

Web Page Design The Key to a Successful Web Page by Judy Bogdanets.

CAP Malware and Software Vulnerability Analysis Term Project Proposal - Spring 2009 Professor: Dr. Zou Team members: Andrew Mantel & Peter Matthews.

Peter Matthews, Cliff C. Zou University of Central Florida AsiaCCS 2010.

By: Steven Baker.  What is a CAPTCHA?  History of CAPTCHA  Applications of CAPTCHAs  Accessibility  Examples of CAPTCHAs  reCAPTCHA  Vulnerabilities.

Separating man from machine since 2000….. ?. Agenda  Definition  History  Need  Types  Constructing CAPTCHAs  Breaking CAPTCHAs  Applications 

CAPTCHA What humans can do, But computers can not.

● The most common website platform ● User friendly-easy to edit ● Constantly improving-updates, plugins, themes Why WordPress?

SUBMITTED TO:-SUBMITTED BY:- Ms.Kavita KhannaShruty Ahuja H.O.D(CSE DEPARTMENT)02/MT/10 PDM,BAHADURGARHCE(2 ND SEM)

Billy Vivian Dr. Oblitey COSC  What is CAPTCHA?  History  Uses  Artificial Intelligence Relationship  reCAPTCHA  Works Cited.

CAPTCHA Presented by: Md.R ahim 08B21A Agenda Definition Background Motivation Applications Types of CAPTCHAs Breaking CAPTCHAs Proposed Approach.

مباني امنيت شبكه CAPTCHA)) به نام خدا مدرس: شهرزاد گلستانی Website:

SANDEEP MEHTA (ECE, IV Year). CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart Invented at CMU by Luis von Ahn, Manuel.

The Successful Website

Authentication Schemes for Session Passwords using Color and Images

3.6 Fundamentals of cyber security

Are you Human?.

Breaking Visual CAPTCHAs with Naïve Pattern Recognition Algorithms

Web Programming Week 11 Old Dominion University

Mrs. Beth Cueni Carnegie Mellon

A novel probabilistic language-based CAPTCHA system

Analyzing CAPTCHAs.

Inaccessible CAPTCHA: updating W3C advisory note

Information Systems 337 Prof. Harry Plantinga Usability.

Inaccessible CAPTCHA: updating W3C advisory note

Presented By Vibhute J.B. Class : M.Sc. (CS)

Presentation transcript:

Usability of CAPTCHAs Or usability issues in CAPTCHA design Authors: Jeff Yan and Ahmad Salah El Ahmad Presented By: Kim Giglia CSC /19/2008

Definitions  CAPTCHA – Completely Automated Public Turing Test to Tell Computers and Humans Apart  Three main types of CAPTCHAs:  Text-based schemes  Sound-based schemes  Image-based schemes (

Text-Based CAPTCHAs

Sound-Based CAPTCHAs

Image-Based CAPTCHAs  – requires users to perform some sort of image recognition task

Why CAPTCHAs?  Intuitive to users  Good security if deployed properly  Used for:  Preventing blogger spam  Protecting website registrations  Protecting addresses from scrapers  Securing Online Polls  Prevent dictionary password search attacks  Keep search engine bots out of certain web pages  Protect against worms and spam

Usability of CAPTCHAs  Robustness and usability  What issues are involved in designing usable CAPTCHAs: learnability, efficiency, memorability, errors, and satisfaction  Authors focus on framework for evaluating CAPTCHAs from an accuracy, response time, and satisfaction issues point of view

Framework for evaluating usability CategoryUsability Issue Distortion Distortion method and level Confusing characters Friendly to foreigners? Content Character Set String length – fixed or random Random chars or dictionary word Offensive word Presentation Font type and size Image size Use of Color Integration with web pages

Security issues and usability trade-offs with CAPTCHAs:  Size of a character set matters, but larger sets can present more confusing characters  String length matters, but longer or random strings may be harder for users  Suggest using a variable length string with the length info presented in the CAPTCHA  Random strings versus dictionary strings – authors state that emphasis is more on segmentation resistant design

Security issues and usability trade-offs with CAPTCHAs:  Offensive words have no security implication, but clearly affect a user’s experience  Misuse of color can actually make your CAPTCHA less secure and way more difficult to read

What is reCAPTCHA?  A free CAPTCHA service that helps to digitize books  Book pages are photographically scanned and then OCR is used to transform the images to text  Two words are given to a user: One answer is known and if user gets known text correct, other text answer is assumed correct  Note: about 60 million CAPTCHAs are solved daily, which is >150,000 hours of work daily

Authors’ Conclusions  Text based CAPTCHAs can be difficult for foreigners (study not truly large enough to conclude this)  Length of strings has security and usability implications  Use of color has security and usability implications  Have developed a framework for examining usability issues (true, but they did not provide data as to which items are most important)