31-08-2012, 12:21 PM
CAPTCHA SECURITY
[attachment=32992]
ABSTRACT
The project is a solution for improving the security of web forms from web bots (robots). This project delivers the best result than the existing system. The emphasis is on the CAPTCA (Completely Automated Public Turing test to tell Computers and Humans Apart) method that is most often used method. We are implementing a security method in java web programming.
INTRODUCTION
Completely Automated Public Turing Tests to Tell Computers and Humans Apart (CAPTCHAs) are now an almost standard security mechanisms for defending against undesirable and malicious bot programs on the Internet (especially those bots that can sign up for thousands of accounts a minute with free email service providers, send out thousands of spam messages in an instant, or post numerous comments in blogs pointing both readers and search engines to irrelevant sites). CAPTCHAs generate and grade tests that most humans can pass but current computer programs can’t.1 Such tests—often called CAPTCHA challenges—are based on hard, open artificial intelligence
problems.
To date, the most commonly used CAPTCHAs are text-based, in which the challenge appears as an image of distorted text that the user must decipher
and retype. These schemes typically exploit the difficulty for state-of-the-art computer programs to recognize distorted text. Well-known examples include
EZ-Gimpy, Gimpy, and Gimpy-r,1 all developed at Carnegie Mellon University; Google, Microsoft, and Yahoo have also developed and deployed their own
text CAPTCHAs. Many more schemes have been put into practice, but they’re less visible in the literature. The “Related Work in CAPTCHA Design and Security” sidebar highlights additional efforts in the research community.
Existing System
A. The Image Method:With this method the e-mail address is shown throughan image, mostly in gif format. To enable the sending of an email by a click on the image it is necessary to create a script on the server side which shows the contact form to enter the contents of the email. After entering the content the form is sent to the address which is fed on the server side, and by this, invisible to the client side, as well as not accessible for bots.
B. Method of replacing AT and DOT: The method is applied with captions on the screen,where the @ sign is replaced by the letters AT and the sign for a full stop is replaced by the word DOT. To make it more difficult to read the e-mail address, spaces are placed between the words. For example: something[at]something.com se is replaced by something AT something DOT com Bots which have more developed algorithms are capable of finding the email address which a great degree of exactness.
C. The JavaScript Method: There are several ways of hiding the address from JavaScript on screen, but the idea is the same, namely to break up the e-mail address to several parts which will be connected again from the JavaScript code. The lack of this method means that the e-mail address is available only to surfers who have the JavaScript supported within their web browsers.
Proposed System
Captcha is short for “Completely Automated Public Turing test to tell Computers and Humans Apart " – the acronym also reminds one of the term “to capture”. This term was defined in the year 2000 by the experts Luis von Ahn, Manuel Blum, Nicholas J. Hopper of the Carnegie Mellon University, and John Langford from IBM. The Captcha technology enables the differentiation between the user demands of humans and the computer generated demands on the web. This technique is a simple verification system
consisting of:
1. computer generated images with security codes of numbers and letters. In most cases the .png, .jpg and .gif image formats are used which have a background image. On the background image there are lines and circles. The signs in the image are distorted and show in different colors.
Problem Definition
Completely Automated Public Turing Tests to Tell Computers and Humans Apart (CAPTCHAs) are now an almost standard security mechanisms for defending against undesirable and malicious bot programs on the Internet (especially those bots that can sign up for thousands of accounts a minute with free email service providers, send out thousands of spam messages in an instant, or post numerous comments in blogs pointing both readers and search engines to irrelevant sites). CAPTCHAs generate and grade tests that most humans can pass but current computer programs can’t.
Overview of the Project
The first step in developing anything is to state the requirements. This applies just as much to leading edge research as to simple programs and to personal programs, as well as to large team efforts. Being vague about your objective only postpones decisions to a later stage where changes are much more costly.
The problem statement should state what is to be done and not how it is to be done. It should be a statement of needs, not a proposal for a solution. A user manual for the desired system is a good problem statement. The requestor should indicate which features are mandatory and which are optional, to avoid overly constraining design decisions. The requestor should avoid describing system internals, as this restricts implementation flexibility. Performance specifications and protocols for interaction with external systems are legitimate requirements. Software engineering standards, such as modular construction, design for testability, and provision for future extensions, are also proper.
[attachment=32992]
ABSTRACT
The project is a solution for improving the security of web forms from web bots (robots). This project delivers the best result than the existing system. The emphasis is on the CAPTCA (Completely Automated Public Turing test to tell Computers and Humans Apart) method that is most often used method. We are implementing a security method in java web programming.
INTRODUCTION
Completely Automated Public Turing Tests to Tell Computers and Humans Apart (CAPTCHAs) are now an almost standard security mechanisms for defending against undesirable and malicious bot programs on the Internet (especially those bots that can sign up for thousands of accounts a minute with free email service providers, send out thousands of spam messages in an instant, or post numerous comments in blogs pointing both readers and search engines to irrelevant sites). CAPTCHAs generate and grade tests that most humans can pass but current computer programs can’t.1 Such tests—often called CAPTCHA challenges—are based on hard, open artificial intelligence
problems.
To date, the most commonly used CAPTCHAs are text-based, in which the challenge appears as an image of distorted text that the user must decipher
and retype. These schemes typically exploit the difficulty for state-of-the-art computer programs to recognize distorted text. Well-known examples include
EZ-Gimpy, Gimpy, and Gimpy-r,1 all developed at Carnegie Mellon University; Google, Microsoft, and Yahoo have also developed and deployed their own
text CAPTCHAs. Many more schemes have been put into practice, but they’re less visible in the literature. The “Related Work in CAPTCHA Design and Security” sidebar highlights additional efforts in the research community.
Existing System
A. The Image Method:With this method the e-mail address is shown throughan image, mostly in gif format. To enable the sending of an email by a click on the image it is necessary to create a script on the server side which shows the contact form to enter the contents of the email. After entering the content the form is sent to the address which is fed on the server side, and by this, invisible to the client side, as well as not accessible for bots.
B. Method of replacing AT and DOT: The method is applied with captions on the screen,where the @ sign is replaced by the letters AT and the sign for a full stop is replaced by the word DOT. To make it more difficult to read the e-mail address, spaces are placed between the words. For example: something[at]something.com se is replaced by something AT something DOT com Bots which have more developed algorithms are capable of finding the email address which a great degree of exactness.
C. The JavaScript Method: There are several ways of hiding the address from JavaScript on screen, but the idea is the same, namely to break up the e-mail address to several parts which will be connected again from the JavaScript code. The lack of this method means that the e-mail address is available only to surfers who have the JavaScript supported within their web browsers.
Proposed System
Captcha is short for “Completely Automated Public Turing test to tell Computers and Humans Apart " – the acronym also reminds one of the term “to capture”. This term was defined in the year 2000 by the experts Luis von Ahn, Manuel Blum, Nicholas J. Hopper of the Carnegie Mellon University, and John Langford from IBM. The Captcha technology enables the differentiation between the user demands of humans and the computer generated demands on the web. This technique is a simple verification system
consisting of:
1. computer generated images with security codes of numbers and letters. In most cases the .png, .jpg and .gif image formats are used which have a background image. On the background image there are lines and circles. The signs in the image are distorted and show in different colors.
Problem Definition
Completely Automated Public Turing Tests to Tell Computers and Humans Apart (CAPTCHAs) are now an almost standard security mechanisms for defending against undesirable and malicious bot programs on the Internet (especially those bots that can sign up for thousands of accounts a minute with free email service providers, send out thousands of spam messages in an instant, or post numerous comments in blogs pointing both readers and search engines to irrelevant sites). CAPTCHAs generate and grade tests that most humans can pass but current computer programs can’t.
Overview of the Project
The first step in developing anything is to state the requirements. This applies just as much to leading edge research as to simple programs and to personal programs, as well as to large team efforts. Being vague about your objective only postpones decisions to a later stage where changes are much more costly.
The problem statement should state what is to be done and not how it is to be done. It should be a statement of needs, not a proposal for a solution. A user manual for the desired system is a good problem statement. The requestor should indicate which features are mandatory and which are optional, to avoid overly constraining design decisions. The requestor should avoid describing system internals, as this restricts implementation flexibility. Performance specifications and protocols for interaction with external systems are legitimate requirements. Software engineering standards, such as modular construction, design for testability, and provision for future extensions, are also proper.