Jeff Yan School of Computing Science Newcastle University, UK (Joint work with Ahmad Salah El Ahmad) Usability of CAPTCHAs Or “usability issues in CAPTCHA.

Slides:



Advertisements
Similar presentations
COMPUTER MALWARE FINAL PROJECT PROPOSAL THE WAR AGAINST CAPTCHA WITH IMPLEMENTATION OF THE WORLDS MOST ACCURATE CAPTCHA BREAKER By Huy Truong & Kathleen.
Advertisements

Review of AI from Chapter 3. Journal May 13  What advantages and disadvantages do you see with using Expert Systems in real world applications like business,
OCR Nationals Level 3 Unit 3. March 2012 M Morison Know the different types of errors that can affect a study Understand why it is necessary to identify.
CAPTCHA: Using Hard AI Problems for Security 12 Jun 2007 Ohad Barak (a.k.a. jo) Luis Von Ahn, EuroCrypt 2003.
Pack Folder Research. This pack folder is good as it has a very simple yet effective colour scheme, which is appealing to the user without being too bright/overpowering.
Question 2 Aiming for Top Band.
CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart A Computer Program that can generate and grade test that: Most Humans.
A Low-cost Attack on a Microsoft CAPTCHA Yan Qiang,
Breaking CAPTCHA By Willer Travassos. What it is CAPTCHA? CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart.
CAPTCHA Presented by: Sari Louis SPAM Group: Marc Gagnon, Sari Louis, Steve White University of Illinois Spring 2006.
AN IMPROVED AUDIO Jenn Tam Computer Science Dept. Carnegie Mellon University SOAPS 2008, Pittsburgh, PA.
Breaking an Animated CAPTCHA Scheme
CAPTCHA Presented By Sayani Chandra (Roll )
Pattern Classification All materials in these slides were taken from Pattern Classification (2nd ed) by R. O. Duda, P. E. Hart and D. G. Stork, John.
Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Password Management for Multiple Accounts Some Security.
General Principles Navigation should be easy. A site map is helpful. Use graphics, images, and pictures to break up text, while bearing in mind that graphics.
Leveraging Personal Knowledge for Robust Authentication Systems Mentor: Danfeng Yao Anitra Babic Chestnut Hill College Computer Science Department.
CAPTCHA Prabhakar Verma “08MC30”.
1 CAPTCHA Challenges for Massively Multiplayer Online Games 2010 International Conference on Cyberworlds Authors: Yang-Wai Chow, Willy Susilo, Hua-Yu Zhou.
Genetically optimized face image CAPTCHA
Human Computation CSC4170 Web Intelligence and Social Computing Tutorial 7 Tutor: Tom Chao Zhou
Pattern Classification All materials in these slides were taken from Pattern Classification (2nd ed) by R. O. Duda, P. E. Hart and D. G. Stork, John Wiley.
Handwritten Character Recognition using Hidden Markov Models Quantifying the marginal benefit of exploiting correlations between adjacent characters and.
Cassandra Gadouas Screen ID: Screen tIntroduction Screen 1 of 17
Color Theory in Web Design Web Design – Sec 2-2. Objectives  The student will: –Have a better understanding of effective use of color on the web. –Be.
Looking Good Online Design and Presentation of Websites 1.
GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO Under the guidance of Mrs. Chinmayee Behera.
CAPTCHA 1 Are you Human? (Sorry, I had to ask). CAPTCHA 2 Agenda What is CAPTCHA? Types of CAPTCHA Where to use CAPTCHAs? Guidelines when making a CAPTCHA.
Recognizing some of the modern CAPTCHAs Dmitry Nikulin LCME, Saint-Petersburg, 2011.
Part 2  Access Control 1 CAPTCHA Part 2  Access Control 2 Turing Test Proposed by Alan Turing in 1950 Human asks questions to another human and a computer,
Multimedia Databases (MMDB)
Analyzing CAPTCHAs May 1, 2009 Kyle Anderson Michelle Krause Matthew Turner.
Abstract Many security primitives are based on hard math¬ematical problems. Using hard AI problems for security is emerging as an exciting new paradigm,
--Caesar Cai TEXT RECOGNITION SENIOR CAPSTONE 2012.
Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security.
Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen.
Captcha Breaker 技巧很強壯的大叔隊. Workflow Outline Segmentation – Human Visual System Segmentation – Color Filling Segmentation – Distortion Estimation Optical.
IMAGINATION: A Robust Image-based CAPTCHA Generation System Ritendra Datta, Jia Li, and James Z. Wang The Pennsylvania State University – University Park.
Preventing Automated Use of STMP Reservation System Using CAPTCHA.
In what ways does your media product use, develop or challenge forms and conventions of real media products? The Other Side Max Ardron Advanced Portfolio.
Grades: 6-8 Subject: Artificial Intelligence An Introduction to the Turing Test.
Presented By: Abirami Poonkundran Authors: Jeff Yan, Ahmad El Ahmad.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
What students really think of their reading lists: reading list software at the University of Huddersfield Alison Sharman 2015.
Question 1: In what ways does your media product use, develop or challenge forms and conventions of real media products?
Web Page Design The Key to a Successful Web Page by Judy Bogdanets.
8 th Semester, Batch 2009 Department Of Computer Science SSUET.
Extra! Extra! Read all about it!.  Reading is key to learning new vocabulary.  The more you read, the more words you become familiar with.  As you.
CAP Malware and Software Vulnerability Analysis Term Project Proposal - Spring 2009 Professor: Dr. Zou Team members: Andrew Mantel & Peter Matthews.
Peter Matthews, Cliff C. Zou University of Central Florida AsiaCCS 2010.
By: Steven Baker.  What is a CAPTCHA?  History of CAPTCHA  Applications of CAPTCHAs  Accessibility  Examples of CAPTCHAs  reCAPTCHA  Vulnerabilities.
Separating man from machine since 2000….. ?. Agenda  Definition  History  Need  Types  Constructing CAPTCHAs  Breaking CAPTCHAs  Applications 
CAPTCHA What humans can do, But computers can not.
Usability of CAPTCHAs Or usability issues in CAPTCHA design Authors: Jeff Yan and Ahmad Salah El Ahmad Presented By: Kim Giglia CSC /19/2008.
Portable Camera-Based Assistive Text and Product Label Reading From Hand-Held Objects for Blind Persons.
Artificial Intelligence
SUBMITTED TO:-SUBMITTED BY:- Ms.Kavita KhannaShruty Ahuja H.O.D(CSE DEPARTMENT)02/MT/10 PDM,BAHADURGARHCE(2 ND SEM)
CAPTCHA Presented by: Md.R ahim 08B21A Agenda Definition Background Motivation Applications Types of CAPTCHAs Breaking CAPTCHAs Proposed Approach.
مباني امنيت شبكه CAPTCHA)) به نام خدا مدرس: شهرزاد گلستانی Website:
SANDEEP MEHTA (ECE, IV Year). CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart Invented at CMU by Luis von Ahn, Manuel.
OCR Reading.
Are you Human?.
Breaking Visual CAPTCHAs with Naïve Pattern Recognition Algorithms
Web Programming Week 11 Old Dominion University
A novel probabilistic language-based CAPTCHA system
Pattern Classification All materials in these slides were taken from Pattern Classification (2nd ed) by R. O. Duda, P. E. Hart and D. G. Stork, John.
Analyzing CAPTCHAs.
Pattern Classification All materials in these slides were taken from Pattern Classification (2nd ed) by R. O. Duda, P. E. Hart and D. G. Stork, John.
Presented By Vibhute J.B. Class : M.Sc. (CS)
Presentation transcript:

Jeff Yan School of Computing Science Newcastle University, UK (Joint work with Ahmad Salah El Ahmad) Usability of CAPTCHAs Or “usability issues in CAPTCHA design”

SOUPS’08 (CMU, July 2008)(2) Apology  2 nd time to miss SOUPS …  n th (n > 2) time to be unable to present my paper …  All due to the same problem: A US visit visa! (started my application in April, I’ve not heard its result yet …)

SOUPS’08 (CMU, July 2008)(3) Does this man look like a terrorist?! ;-)

SOUPS’08 (CMU, July 2008)(4) CAPTCHA  Why was it invented? Ask any CMU people, or read the cartoon   Automated Turing tests that computers cannot pass, but human can  Almost standard security technology (e.g. for anti- spam) widespread application on commercial websites

SOUPS’08 (CMU, July 2008)(5) Main CAPTCHAs  Text-based schemes typically require users to solve a text recognition task the most widely deployed  Sound-based schemes typically require users to solve a speech recognition task.  Image-based schemes typically require users to perform an image recognition task Example: Microsoft’s Assira

This paper is about understanding how to design usable and robust CAPTCHAs, with a focus on usability

SOUPS’08 (CMU, July 2008)(7)  Isn’t that … CAPTCHAs with poor usability should not exist by definition? Yes, but … still many deployed CAPTCHAs, including famous ones, are not that usable …

SOUPS’08 (CMU, July 2008)(8)  How about robustness? When necessary, it will be covered However, our major attacks are discussed in somewhere else  Low-cost attacks on schemes by Microsoft, Yahoo and Google (CCS’08, to appear)  The pixel count attack (ACSAC’07) Breaking CAPTCHAs by counting the number of pixels!

SOUPS’08 (CMU, July 2008)(9) A framework for CAPTCHA usability  Distortion distortion techniques employed and their impact on usability.  Content content embedded in CAPTCHA challenges and their impact on usability  e.g. how the content should be organized?  Presentation the way that CAPTCHA challenges are presented and impact on usability.

SOUPS’08 (CMU, July 2008)(10) Distortion | confusing characters  Well-known that under common distortions, characters such as 1 and l, o and 0, 5 and s, would cause confusion  To be secure (or resistant to segmentation attacks), Google and Yahoo CAPTCHAs introduced new confusing characters vv or w? rm or nn? cl or d? cm or an? rn or m? nn or m? …

SOUPS’08 (CMU, July 2008)(11) Distortion | confusing characters  ~6% challenges in Google CAPTCHA, and ~10% in the latest Yahoo scheme (rolled out since Mar 2008) were observed to have such confusing characters.

SOUPS’08 (CMU, July 2008)(12) Content | string length  A design issue: string length predictable or not?  Case study: Microsoft CAPTCHA used a fixed length of 8 characters, which helped its usability The first object is “7”? The first object is “L”? With the length info, users can be pretty sure that the first objects in the above examples are noise.

SOUPS’08 (CMU, July 2008)(13) Content | string length  However, the length info also helped our automated segmentation attack (success rate: >92%) Our program knows when to stop! Start point Stop: identified 8 chars already 

SOUPS’08 (CMU, July 2008)(14) Presentation | the use of colour  Using colour is common practice in CAPTCHA design (for all sorts of reasons)  However, we have seen many cases in which the use of colour is unhelpful for usability has caused negative impact on security, or is problematic in terms of both usability and security

SOUPS’08 (CMU, July 2008)(15) Presentation | the use of colour  Case 1: Gimpy-r (a well-known early scheme) How human see it How machines see it

SOUPS’08 (CMU, July 2008)(16) Presentation | the use of colour  Dominant colour of distorted text (often black) is distinguishable: always the lowest intensity, and never appeared in the background  easy to extract the text  colour background: No much use in terms of security negative effect in usability (e.g. confusing people) Case 1: Gimpy-r

SOUPS’08 (CMU, July 2008)(17) Presentation | the use of colour  Case 2: BotBlock How human see it How machines see it

SOUPS’08 (CMU, July 2008)(18) Presentation | the use of colour Case 2: BotBlock  sophisticated colour management providing resistance to OCR  However, the misuse of colour: texts have distinguishable colour patterns  the same colour for foreground occurs repetitively. easy to extract text automatically  Negative effect on usability and false sense of security.

SOUPS’08 (CMU, July 2008)(19) Presentation | the use of colour  It seems that the “Las Vegas effect” also applies to CAPTCHA design No colour might be better than too much colour  Major CAPTCHAs started to avoid using fancy colour management, including Microsoft Yahoo Google reCAPTCHA

SOUPS’08 (CMU, July 2008)(20) The framework: applied to text CAPTCHAs CategoryUsability issue Distortion Distortion method and level Confusing characters Friendly to foreigners? Content Character set String length How long? Predictable or not? Random string or dictionary word? Offensive word Presentation Font type and size Image size Use of color Integration with web pages

SOUPS’08 (CMU, July 2008)(21) The framework  Inspired by text-based CAPTCHAs  Applicable to sound-based schemes Details see our paper  also applicable to image-based schemes (e.g. IMAGINATION) for schemes such as Assira and Bongo, in which distortion is absent, only the dimensions of content and presentation will apply.

SOUPS’08 (CMU, July 2008)(22) Summary  First attempt towards a systematic analysis of usability issues in CAPTCHA design (in particular, text- based schemes)  Proposed a simple but novel framework, which accommodates both novel issues we have identified, and known issues scattered in the literature  The framework is applicable to text, sound and (some) image based CAPTCHAs.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.