A CAPTCHA or Captcha is a type type of cha challe llengenge-res respon ponse se tes testt used used in compu computing ting to ensure that that the response response is not generate generated d by a computer. computer. requires that the user type letters or digits from a disto rted image that appears on the screen. CAPTCHA
Any user entering a correct solution solution is presumed to be human else user is bot and denied denied acces access. s. It is sometimes described as a reverse Turing Turing test. OCRs(Optical Character Recognition) are are not able to read CAPTCHAs. CAPTC HAs.
A CAPTCHA is a means of automatically generating new challenges which: Current software is unable to solve accurately accurately.. Most humans can solve Does not rely on the t he type of CAPTCHA being new to the attacker att acker..
CAPTCHAs rely on difficult problems in artificial intelligence.
First
developed by Alta Vista in 1997.
The term coined in 2000 by Luis von Ahn , Manuel Blum and Nicholas J. Hopper of Carnegie Mellon University and John Langford Langf ord of IBM. Primitive CAPTCHAs seem to have been developed in 1997 by Andrei Primitive Broderr, Marti Brode Martin n Abadi, Abadi, Krish Krishna na Bharat, Bharat, and Mark Lillibridge Lillibridge to preve pr event nt bot botss fr from om ad addi ding ng URL URLss to th thei eirr se sear arch ch en engi gine ne..
Proposed by Alan Turing. To test a machine·s level of intelligence Human judge asks questions to two participants, one is a machine, he doesn·t know which w hich is which, If judge can·t tell which is the machine, the machine passes p asses the test. CAPTCHA employs a reverse Turing Turing test, judge = CAPTCHA CAPT CHA program, participant = user if user passes CAPTCHA, he is human if user fails, it is a machine
1. Text Ba Base sed d CAPTCH CAPTCHAs As 2. Gr Grap aphi hics cs Bas Based ed CAPT CAPTCH CHAs As 3. Au Audi dio o or Soun Sound d Base Based d CAPTCH CAPTCHAs As
Typically relay on sophisticated distortion of text images rendering them unrecognizable to the state of the art of the pattern recognition programs but recognizable by humans. Examples:
Simple,
normal language questions: What is sum of three and thirty-five? Saturday,, what is day after tomorrow? If today is Saturday Very effective, needs a large question bank Cognitively challenged users find it hard .
Gimpy: Originally
designed by Yahoo Yahoo and CMU. distorted istorted and corrupted Based on human ability to read heavily d text. dictionary, works by choosing a certain number of words from a dictionary, and then displaying them corrupted and distorted in an image; after that Gimpy asks the user to type the words displayed di splayed in that image.
EZ-Gimpy: A
modified version of Gimpy. Yahoo Messenger Service. Used in Yahoo It contains only one random character string. dictionary.. The word is random and not picked from the dictionary Its not a good implementation of CAPTCHA, and already broken OCRs.
MSN its
Passport service CAPTCHAs: Passport
provided for Microsoft MSN services. uses 8 characters. Warping is used to distort. Its very strongly implemented and hasn·t been broken.
Requires user to perform image recognition test. Examples:
IMAGINATION: CAPTCHA that
requires two steps to t o be passed. first step visitor clicks elsewhere on the picture that composed of a few images and selects in this way a single image. second step the selected image is loaded. It is enlarged but very distorted. Also variants of the th e answer are loaded on the client cl ient side. The visitor should select a correct answer from the set of the proposed words.
BONGO: After
M.M.Bongard, pattern recognition expert. M.M.Bongard, User has to solve a pattern recognition problem.
ASSIRA: Animal
Species Image Recognition for Restricting Access. It·ss a HIP that works by asking users to identify photographs p hotographs of It· cats and dogs. Difficult for computers but humans can accomplish it very quickly and accurately.
Require
user to solve a speech recognition test. In this version of captcha letters are read aloud instead of being displayed in an image. Helps visually disabled users Below is the Google·s audio enabled CAPTCHA.
3DCaptcha
is the "captcha "captcha nice to humans, bad to to machines". written n in PHP PHP.. It is writte A new approach to captchas, using human's spatial cognition abilities to differentiate humans from machines. It uses a markov-chain to generate words that resemble human language and are easy to type, yet avoid dictionary d ictionary lookups. It filters profane language. It's easy to deploy.
Free
CAPTCHA service that helps to digitize books, newspapers and old time radio shows. process of digitizing books by sending reCAPTCHA improves the process words that cannot be read by computers to the Web in the form of CAPTCHAs for humans to decipher. decipher. Each word that cannot be read correctly by OCR is placed on an image and used as a CAPTCHA. O CR programs alert you when a word This is possible because most OCR cannot be read correctly.
Working Two
of reCAPTCHA:
words are shown, one word is known as Control Word, and another one is known a questionable word. correctly, the System assumes that if human types the control word correctly, questionable word is also correct. The identification performed by each OCR program is given a value of 0.5 points, and each interpretation by a human is given a full point. wor d is considered Once a given identification hits 2.5 votes, the word called.. called
Called
Hard-AI problems. p roblems in artificial CAPTCHA tests are based on open problems intelligence (AI). A win-win scenario: either a CAPTCHA is not broken and there is a way to differentiate humans from computers. Or the CAPTCHA is broken and an AI problem is solved. Thus AI knowledge is advanced if CAPTCHAs CAP TCHAs are broken.
Things to keep in mind:
Don·t store CAPTCHA solution in metadata
Web
pa ge·ss page·
A CAPTCHA is no good if it doesn't distort Need a large database of different CAPTCHA questions Avoid repetition of questions
CAPTCHA Logic:
Generate the question
Persist the correct answer
Present the question to user
Evaluate answer answer,, if incorrect, start again-again-- Generate a different CAPTCHA If correct, allow access to user
Guidelines:
Accessibility
Image security
Script security
Security after widespread adoption
Custom implementation or a general CAPTCHA?
Cracking CAPTCHAs through programs
Convert CAPTCHA into greyscale
Detect patterns in the image corresponding to
characters
Or,, read session files of that user and know the CAPTCHA Or C APTCHA word
Solution: Only store a hash of the CAPTCHA word in session files
Usability
W3C
issues:
mandates
Web
to be accessible to all people
Some CAPTCHAs are inaccessible to visually impaired, cognitively challenged people
Compatibility issues:
JavaScript may need to be activated in browsers
Some may need Adobe Flas lash h plugin ins instal talled led
CAPTCHAs are an effective way to counter bots and reduce spam They serve dual dual purpose² purpose² help advance advance AI knowledge knowledge
Applications are varied² Applications varied² from stopping stopping bots to character character recognition & pattern matching
Some issues with current implemen i mplementations tations represent challenges for future improvements
