23-09-2016, 03:38 PM
SURVEY on Secured Online Authentication and Defence Technique against 3rd Party Human Attacks Using CAPTCHA
1455936193-survey.docx (Size: 38.65 KB / Downloads: 3)
ABSTRACT
CAPTCHA (Completely Automated Public Turing Test to tell Computers and Humans Apart) is a test easier for humans but difficult for computers to solve. But many programs have been developed to brute force attack any secured website. In this review paper, an algorithm created to achieve an online verification in a secure way has been analysed. As a result, a secured social relevance to gain free internet services is provided and hence improves the usability of well-claimed CAPTCHA. Many websites using CAPTCHAs are vulnerable to 3rd party human attacks. In order to show this a new human-based CAPTCHA attack using Instant messenger technology is developed. Further an interactive CAPTCHA has been designed as a defence technique against such vulnerabilities. The performance and usability of the proposed scheme has also been studied.
KEYWORDS: CAPTCHA, online verification, secure, defence technique, Instant messenger
INTRODUCTION
In 1997 Alta Vista developed a human-user validation by means of randomly generated images with words or characters. The term CAPTCHA (Completely Automated Public Turing Test to tell Computers and Humans Apart) was given by Luis von Ahn, Manuel Blum, Nicholas J.Hopper and John Langford in 2000. CAPTCHAs were framed in order to distinguish humans from computers [8]. CAPTCHAs play a major role to defend several web-based services such as e-mail accounts [7].
Programs are created in view of stealing services and to execute fake transactions. Spammers can even create bots that could either increase the rating of a product on a wrong notion or otherwise. CAPTCHAs provide an extra layer of security for those websites which prevent e-mail, instant messaging and text message spam. Thus it is found often with account login systems. Though CAPTCHA has been providing security, usability features also play a major role [4].An Intelligence algorithm has also been developed in order to showcase the vulnerabilities that are present in them [3]. The existing CAPTCHAs can be categorised as (1) text-based (2) image-based (3) video and audio based. Visually challenged users are also benefitted by the audio CAPTCHAs developed later [6].Image-based CAPTCHAs have been developed based on several features to strengthen the CAPTCHA [5].
The idea of CAPTCHAs as an automated turing test that influenced hard AI problems was formalised by Luis von Ahn. EZ-Gimpy and the Gimpy CAPTCHAs have been broken using refined object recognition algorithms at a success rate of 92% and 33% respectively by Mori and Malik. A success rate from 4.89% to 66.2% has been achieved when Chellapilla and Simmard with the help of machine learning techniques attacked a number of visual CAPTCHAs.
The algorithm created for a secure authentication using CAPTCHA has been discussed in detail. In order to verify the strength, CAPTCHA has been solved. The outcomes have also been mentioned. The CAPTCHA designed in order to defend 3rd party human solver attack using Instant Messenger technology has also been discussed in this paper. A better attack detection performance has also been achieved.
SECURED ONLINE AUTHENTICATION USING CAPTCHA
In this paper [1], a secured authentication is provided by checking the strength of CAPTCHA which is done by solving it. There are 3 steps involved in solving a CAPTCHA. They are pre-processing (noise removal), segmentation of raw image and character recognition (using pattern matching technique). The main purpose of noise removal is to discard the unnecessary bit pattern that insignificant to the final output. CAPTCHA image consists of several colours. Since it is difficult to work on each colour it is converted into gray scale which means it is sufficient to work on 256 intensity values. In the proposed algorithm, the gray scale value for each RGB value is obtained using
G = (0.56*g+0.33*r+0.11*b)
where r,g,b are the red, green, blue colour components of the pixel in the image.
Pixel values can be obtained using grabPixel( )function. In the input image RGB value is replaced by gray scale value for each pixel and the algorithm stops. By thresholding a gray scale or colour image binary images are produced since it requires the separation of object in the image from the background. Segmentation is done where the letters are removed from the word and each segmented character is thinned and scaled to an identical size of 60*40 [1]. In the character recognition process, two matrices namely, I matrix in which the values 0 and 1 are assigned to white and black pixels respectively and M matrix where the zeroes are replaced by -1 are both calculated. The matching probability for each character is then found using these matrices. Hence the output is based on selecting the character with maximum matching probability. In order to measure how well the recognition system spots an input pattern as a correct match for one of its many learnt patterns the Recognition Quotient is calculated using
Recognition Quotient (Q) = (Candidate score) / (Ideal weight model score)
where Candidate scoreχ(k)=∑_(i=1)^x▒∑_(j=1)^y▒W_k (i,j)I(i,j) and Ideal weight model score given by μ(k)=μ(k)+W_k (i,j). The similarity of input pattern to the pattern already existing is more for greater values of Q.
The application was tested by collecting 180 CAPTCHA samples out of which 88% showed 100% accuracy and also the characters were identified appropriately.
iCAPTCHA DESIGNED TO DEFEND AGAINST 3RD PARTY HUMAN ATTACKS
In this paper, a more efficient human-based CAPTCHA attack is developed using Instant Messenger infrastructure. A new defence system [2] called Interactive CAPTCHA (iCAPTCHA) is created to face the serious threat. It requires a user to solve the CAPTCHA through a series of user interactions. As this involves a back and forth traffic between the client and server it increases the time difference between a genuine user and a human solver it enables in detecting the attack. A more efficient 3rd party human CAPTCHA attack system is developed to illustrate the human solver attack threat by making use of Instant Messenger network and server infrastructure referred to as Instant Messenger CAPTCHA Attack or IMCA. In order to detect a 3rd party human attack, timeout values are used for solving CAPTCHAs. But the use of Instant Messenger technology by IMCA permits the delivery of CAPTCHA images to 3rd party human solvers at very high speed that CAPTCHA timeout values fail to detect them. This results in developing a reliable defence technique iCAPTCHA. The iCAPTCHA input sequence begins when the user clicks on the CAPTCHA generated. Below the image several buttons appear with obfuscated characters, the corresponding button should be clicked to the first character in the image. After each click, a new set of characters is displayed and the sequence goes on until one click has been performed for each character. The indices of the correct responses and the user clicks are stored as the session information. The CAPTCHA has been decoded correctly if it matches. The time required to deliver a CAPTCHA image to a human solver is relatively small to the timeout value which is not sufficient resolution to detect whether the response is from a genuine user or a human solver. Hence iCAPTCHA measures the time taken for the response from a user based on each character. Thus a higher resolution is provided to determine human attacks since the relative time between each input and the time taken to deliver the CAPTCHA to a human solver is minute. Users are allowed to take their own time to decode the image initially before entering into the multi-step challenge. This results in clearing the interactive steps rapidly.
CONCLUSION
From the proposed algorithm [1] we can conclude that a more effective and secured CAPTCHA can be created and hence a secured online authentication is available.
The detection performance result for the proposed iCAPTCHA [2] reveals its effectiveness as a defence technique and in addition about its usability, half of the users prefer to use mouse to respond to CAPTCHA challenges. Thus it is a feasible replacement for the text-based CAPTCHA.