24-07-2012, 11:00 AM
Internet voting
Internet voting .docx (Size: 58.39 KB / Downloads: 26)
INTRODUCTION
Ensuring that a computer is virus free is virtually impossible. The constant battle between the anti-virus industry and programmers that write malware is well known.
Completely Automated Public Turing test to tell Computers and Humans Apart, or CAPTCHA, is basically a program that most humans can pass but computers cannot pass (Ahn, Blum, & Langford, 2004, p. 58). In addition, the computer which runs the program should not be able to pass the test also. Many people have seen CAPTCHAs while registering for an e-mail address, such as in Hotmail® or Yahoo!®. An example of a CAPTCHA
CAPTCHAs were developed to prevent robot programs, or bots, that create hundreds of thousands of e-mail accounts in order to send junk mail to many users . These bots are used by spammers who, for example, advertise lower mortgage interest rates, loans, and medicine to enhance parts of the body. Some of the programs that were developed in response to the prevention of the creation of e-mail spamming are Gimpy, EZ-Gimpy, Bongo, PIX, and Baffletext.
Types of CAPTCHAs
Visual-based
Visual based CAPTCHAs come in several varieties, where the most common ones being used are distorted text embedded in images and shape recognition. The CAPTCHAs which use distorted text in images are Gimpy, EZ-Gimpy (a variant of Gimpy), Pessimal Print, and Baffletext. Gimpy was originally developed by Luis von Ahn from Carnegie Mellon University as well as designing a simplified version of Gimpy, called EZ-Gimpy (“Attack,” 2002). EZ-Gimpy is currently being used by Yahoo! and a similar version is used by Hotmail (Bruno, 2003). The main difference between Gimpy and EZ-Gimpy is that Gimpy has three or more words distorted within an image, while EZ-Gimpy usually only has one distorted word in the image.
Pessimal Print was designed in 2000 by Baird from UC Berkeley/Palo Alto Research Center (PARC) and was one of the first visual based CAPTCHAs (Bruno, 2003; Chew & Baird, 2003). The test involves reading an word that was degraded and the test is passed if the word in the image was guessed correctly. However, the dictionary of the possible words that can be chosen is only 70 words, which makes it very susceptible to attacks, since it would be easy to have a brute-force attack break this CAPTCHA program.
Baffletext is the most recent visual based CAPTCHA which was developed in 2003 by Monica Chew and Henry Baird from UC Berkeley. This is a great improvement over EZ-Gimpy and Pessimal Print in that it prevents brute-force attacks and attacks from Optical Character Recognition (OCR) programs in that Baffletext provides a complex masking technique that completely mangles the image by inserting squares, circles, and ellipses, varying the length and width of the shape, and coloring the shape of different shades of black (Chew & Baird, 2003)
An example of a shape recognition CAPTCHA is Bongo. This test presents two groups of shapes in which the shapes in each group are related to each other in some way. Another shape is located below the two groups and the object of this test is to determine which group the shape belongs to (Ahn, Blum, & Langford, 2004). This program can be made into a CAPTCHA by distorting the images for the test.
Sound based
A sound-based CAPTCHA is used mostly to assist those who are deaf or have hearing problems. An example of a sound-based CAPTCHA is called Sounds. This CAPTCHA is used in Hotmail, Yahoo!, and Altavista in addition to the visual-based CAPTCHAs when registering for an account for each of these e-mail service
Applications of CAPTCHAs
Preventing Comment Spam in Blogs. Most bloggers are familiar with programs that submit bogus comments, usually for the purpose of raising search engine ranks of some website (e.g., "buy penny stocks here"). This is called comment spam. By using a CAPTCHA, only humans can enter comments on a blog.
Protecting Website Registration. Several companies (Yahoo!, Microsoft, etc.) offer free email services. Up until a few years ago, most of these services suffered from a specific type of attack: "bots" that would sign up for thousands of email accounts every minute.
• Online Polls. In November 1999, http://www.slashdot.org released an online poll asking which was the best graduate school in computer science (a dangerous question to ask over the web!). As is the case with most online polls, IP addresses of voters were recorded in order to prevent single users from voting more than once.
• Preventing Dictionary Attacks. CAPTCHAs can also be used to prevent dictionary attacks in password systems.
• Search Engine Bots. It is sometimes desirable to keep webpages unindexed to prevent others from finding them easily. There is an html tag to prevent search engine bots from reading web pages.
• Worms and Spam. CAPTCHAs also offer a plausible solution against email worms and spam: "I will only accept an email if I know there is a human behind the other computer."
GUIDELINES
If your website needs protection from abuse, it is recommended that you use a CAPTCHA. There are many CAPTCHA implementations, some better than others. The following guidelines are strongly recommended for any CAPTCHA:
• Accessibility. CAPTCHAs must be accessible. CAPTCHAs based solely on reading text — or other visual-perception tasks — prevent visually impaired users from accessing the protected resource. Such CAPTCHAs may make a site incompatible with Section 508 in the United States.
• Image Security. Images of text should be distorted randomly before being presented to the user. Many implementations of CAPTCHAs use undistorted text, or text with only minor distortions. These implementations are vulnerable to simple automated attacks. For example, the CAPTCHAs shown below can all be broken using image processing techniques, mainly because they use a consistent font.