28-04-2011, 03:04 PM
Presented by:
SANDEEP MEHTA
[attachment=13022]
IMPROVING AUDITORY CAPTCHA SECURITY
Introduction
CAPTCHA
A common type of CAPTCHA requires the user to type the letters of a distorted image sometimes with the addition of an obscured sequence of letters or digits appears on screen.
This string which the user has to type to submit a form .This is a simple problem for humans, but a very hard problem for computers which have to use character recognition, because the displayed string is alienated in a way, which makes it very hard for a computer to decode.
CAPTCHA
A program that can generate and grade tests that:
1. Most humans can pass
2. Current computer programs cannot pass
The concept of a CAPTCHA is motivated by real-world problems faced by internet companies such as Yahoo! and AltaVista.
These companies offer free email accounts, intended for use by humans.
However, they found that many online vendors were using "bots", computer programs that would sign up for thousands of email accounts, from which they could send out masses of junk email.
Text Based CAPTCHAs
Gimpy, ez-gimpy
Pick a word or words from a small dictionary
Distort them and add noise and background
Gimpy-r, Google’s CAPTCHA
Pick random letters
Distort them, add noise and background
Simard’s HIP
Pick random letters and numbers
Distort them and add arcs
Text Based CAPTCHAs
Graphic Based CAPTCHAs
Bongo
Display two series of blocks
User must find the characteristic that sets the two series apart
User is asked to determine which series each of four single blocks belongs to
Difference? thick vs. thin lines
Image CAPTCHA
Provide the user with a series of images
Ask the user to:
Identify a picture matching a description
Identify a common theme to the images
Requires huge databases of images with metadata to provides sets.
Graphic Based CAPTCHAs
Constructing CAPTCHAs
Breaking CAPTCHAs
Most text based CAPTCHAs have been broken by software
OCR
Other CAPTCHAs were broken by streaming the tests for unsuspecting users to solve.
Criticism
Exclusionary to Users with disabilities.
No official standards or ruling body for creation of CAPTCHA algorithms.
Difficult user interactions.
No published for proper implementation of algorithms
Security
Very hard to balance effectiveness of CAPTCHA and usability.
Difficult for programmer to identify bad CAPTCHA algorithms.
Researchers frequently break seemingly strong CAPTCHA.
Algorithms possibility protected under DMCA.
Summary
CAPTCHA do not provide individual authentication.
CAPTCHA cannot stop extravagant exploits that utilize humans.
In some situations user authentication is more suited.
CAPTCHA are difficult to design.
CAPTCHA are effective in reducing spam and automated attacks.
Principles
The principles behind CAPTCHA are as follows:
The user is presented with a garbled image on which some text is displayed. This image is generated by the server using random text.
The user must enter the same letters in the text into a text field that is displayed on the form to protect.
When the form is submitted, the server checks if the text entered by the user matches the initial generated text. If it does, the transaction continues. Otherwise, an error message is displayed and the user has to enter a new code.
Applications
Online polls
Protecting Website Registration
Preventing Comment Spam in Blogs.
Search Engine Bots
Worms and Spam
Prevent Dictionary attacks
SANDEEP MEHTA
[attachment=13022]
IMPROVING AUDITORY CAPTCHA SECURITY
Introduction
CAPTCHA
A common type of CAPTCHA requires the user to type the letters of a distorted image sometimes with the addition of an obscured sequence of letters or digits appears on screen.
This string which the user has to type to submit a form .This is a simple problem for humans, but a very hard problem for computers which have to use character recognition, because the displayed string is alienated in a way, which makes it very hard for a computer to decode.
CAPTCHA
A program that can generate and grade tests that:
1. Most humans can pass
2. Current computer programs cannot pass
The concept of a CAPTCHA is motivated by real-world problems faced by internet companies such as Yahoo! and AltaVista.
These companies offer free email accounts, intended for use by humans.
However, they found that many online vendors were using "bots", computer programs that would sign up for thousands of email accounts, from which they could send out masses of junk email.
Text Based CAPTCHAs
Gimpy, ez-gimpy
Pick a word or words from a small dictionary
Distort them and add noise and background
Gimpy-r, Google’s CAPTCHA
Pick random letters
Distort them, add noise and background
Simard’s HIP
Pick random letters and numbers
Distort them and add arcs
Text Based CAPTCHAs
Graphic Based CAPTCHAs
Bongo
Display two series of blocks
User must find the characteristic that sets the two series apart
User is asked to determine which series each of four single blocks belongs to
Difference? thick vs. thin lines
Image CAPTCHA
Provide the user with a series of images
Ask the user to:
Identify a picture matching a description
Identify a common theme to the images
Requires huge databases of images with metadata to provides sets.
Graphic Based CAPTCHAs
Constructing CAPTCHAs
Breaking CAPTCHAs
Most text based CAPTCHAs have been broken by software
OCR
Other CAPTCHAs were broken by streaming the tests for unsuspecting users to solve.
Criticism
Exclusionary to Users with disabilities.
No official standards or ruling body for creation of CAPTCHA algorithms.
Difficult user interactions.
No published for proper implementation of algorithms
Security
Very hard to balance effectiveness of CAPTCHA and usability.
Difficult for programmer to identify bad CAPTCHA algorithms.
Researchers frequently break seemingly strong CAPTCHA.
Algorithms possibility protected under DMCA.
Summary
CAPTCHA do not provide individual authentication.
CAPTCHA cannot stop extravagant exploits that utilize humans.
In some situations user authentication is more suited.
CAPTCHA are difficult to design.
CAPTCHA are effective in reducing spam and automated attacks.
Principles
The principles behind CAPTCHA are as follows:
The user is presented with a garbled image on which some text is displayed. This image is generated by the server using random text.
The user must enter the same letters in the text into a text field that is displayed on the form to protect.
When the form is submitted, the server checks if the text entered by the user matches the initial generated text. If it does, the transaction continues. Otherwise, an error message is displayed and the user has to enter a new code.
Applications
Online polls
Protecting Website Registration
Preventing Comment Spam in Blogs.
Search Engine Bots
Worms and Spam
Prevent Dictionary attacks