Presentation is loading. Please wait.

Presentation is loading. Please wait.

Separating man from machine since 2000….. ?. Agenda  Definition  History  Need  Types  Constructing CAPTCHAs  Breaking CAPTCHAs  Applications 

Published byAldous Boyd Modified over 8 years ago

Similar presentations

Presentation on theme: "Separating man from machine since 2000….. ?. Agenda  Definition  History  Need  Types  Constructing CAPTCHAs  Breaking CAPTCHAs  Applications "— Presentation transcript:

1 Separating man from machine since 2000….. ?

2 Agenda  Definition  History  Need  Types  Constructing CAPTCHAs  Breaking CAPTCHAs  Applications  Conclusion

3 Introduction  CAPTCHA  Completely Automated Public Turing test to tell Computers and Humans Apart CAPTCHA is a program that protect websites against bots by generating and grading test that- “ Humans can pass but Computer programs can’t “

4 History  First developed by Alta Vista in 1997  The term coined in 2000 at CMU by Luis Von, Manuel Blum And Nicholas Hopper of Carnegie Mellon university.  He decided to add a test to the submission page for protection against bots.  He reversed the Turing test.

5  What is a Turing test?  Proposed by Alan Turing  It is a test of a machine’s ability to exhibit intelligence equivalent to a human.  Human judge asks questions to two participants, one is a machine, one is human. He doesn’t know which is which If judge can’t tell which is the machine, the machine passes the test  CAPTCHA employs a reverse Turing test, judge = CAPTCHA program, participant = user if user passes CAPTCHA, he is human if user fails, it is a machine

6 captcha

7 Generic CAPTCHAs distort letters and numbers. Distorted characters are presented to user. User has to recognize the distorted letters If the letters are correct, the user is inferred to be a human & allowed access Else, user is a bot and denied access HOW CAPTCHA WORKS

8 Background  Why CAPTCHA was needed?  Sabotage of online polls (happened in 1999 in www.slashodot.org,CMU flooded the polls by automated generated program) www.slashodot.org  Abusing free online accounts by multiple registration( In 2000,Yahoo’s popular messenger chat service was hit by bots )

9 Types of CAPTCHAs  Text based:  Simple, normal language questions:  What is sum of three and thirty-five?  If today is Saturday, what is day after tomorrow?  Which of mango, table, water is a fruit?  Very effective, needs a large question bank  Cognitively challenged users find it hard

10  Gimpy:  Designed by Yahoo and CMU  Picks up 10 random words from dictionary and distorts, fills with noise  User has to recognize at least 3 words  If user is correct, he is admitted

11  EZ-Gimpy:  A modified version of Gimpy  Yahoo used this version in Messenger  Has only 1 random string of characters  Not a good implementation, already broken by OCRs

12  MSN’s Passport service CAPTCHAs:  Provided for Microsoft’s MSN services  Use 8 characters  Warping is used to distort  Very strong implementation, hasn’t been broken  It is segmentation-resistant

13  Graphic based CAPTCHAs:  BONGO:  After M.M.Bongard, pattern recognition expert  User has to solve a pattern recognition problem  Has to tell the distinct characteristic between two sets of figures  Then tell to which set a given figure belongs to

14  PIX  Uses a large database of labelled images  It shows a set of images, user has to recognize the common feature among those  E.g., Pick the common characteristic among the following four pictures-----”Aeroplane”

15  Image orientation captcha  CAPTCHA developed by Google, In 2009 which requires users to adjust randomly rotated images to their upright orientation.

16  Audio CAPTCHAs:  Consist of downloadable audio clip  User listens and enters the spoken word  Helps visually disabled users  Below is the Google’s audio enabled CAPTCHA  Not popular

17 Friend Recognition One of the more interesting CAPTCHA ideas appeared in January 2011 as a result of an effort by social-networking giant Facebook. The company is currently experimenting with social authentication in an effort to verify account authenticity. In the words of the experiment:social authentication “We will show you a few pictures of your friends and ask you to name the person in those photos. Hackers halfway across the world might know your password, but they don’t know who your friends are.” — Alex Rice, Facebook, A Continued Commitment to SecurityA Continued Commitment to Security

18 Constructing CAPTCHAs  Things to keep in mind:  Don’t store CAPTCHA solution in Web page’s metadata  A CAPTCHA is no good if it doesn't distort  Need a large database of different CAPTCHA questions  Avoid repetition of questions

19  Embeddable CAPTCHAs:  Available freely, just embed code into Web page’s HTML, from e.g., www.recaptcha.net  No maintenance  Custom CAPTCHAs:  Fits to the theme of the page  Better protected from spammers Can be written in any language– HTML,.NET, JavaScript

20 Breaking CAPTCHAs  Greg Mori and Jitendra Malik have broken text CAPTCHAs, e.g., Ez-Gimpy  To break this CAPTCHA  Preprocessing: Removal of background clutter and noise  Segmentation: Locate possible letters in the image  Classification : Identifying the character in each region

21  Social engineering to break CAPTCHAs:  Spammer encounters a CAPTCHA  That CAPTCHA is copied to another site  Humans are baited, e.g., free MP 3 s  To get those MP3s, users are told to solve the copied CAPTCHA  Solution is routed to the spammer  Solution: Fix a time-to-live period for a question  CAPTCHA cracking as a business:  Firms offer CAPTCHA cracking service in exchange for money

22 Applications  Preventing comment spam in blogs(stops the program that post bogus comments)  Prevent spam emails and protect online polls  RECAPTCHA  Advertisement Captcha

23  Verify digitized books: reCAPTCHA  Used in Google Books Project  Two words are shown, the program knows first word and second word is the fragment of that old book  If user enters first word correctly, it assumes that the second unknown word will also be entered correctly  Second word becomes “known”

24 20 Million words are being digitized every day!!!

25  Advertisement mode Advertisement based text CAPTCHA was introduced in late 2010 by Solve Media, whose solution was to replace text with an advertisement and a related question. It serves as an advantage.introduced

26 Summary  CAPTCHAs are an effective way to counter bots and reduce spam  Applications are varied– from stopping bots to character recognition & pattern matching.  Recaptcha is adding a lot to digitization of books. So next time if you are solving a captcha feel good as you are solving something which computers still can’t and preserving a part of history.

27

Download ppt "Separating man from machine since 2000….. ?. Agenda  Definition  History  Need  Types  Constructing CAPTCHAs  Breaking CAPTCHAs  Applications "

Similar presentations

Securing Passwords against Dictionary Attacks

Securing Passwords against Dictionary Attacks
COMPUTER MALWARE FINAL PROJECT PROPOSAL THE WAR AGAINST CAPTCHA WITH IMPLEMENTATION OF THE WORLDS MOST ACCURATE CAPTCHA BREAKER By Huy Truong & Kathleen.

COMPUTER MALWARE FINAL PROJECT PROPOSAL THE WAR AGAINST CAPTCHA WITH IMPLEMENTATION OF THE WORLDS MOST ACCURATE CAPTCHA BREAKER By Huy Truong & Kathleen.
CAPTCHA: Using Hard AI Problems for Security 12 Jun 2007 Ohad Barak (a.k.a. jo) Luis Von Ahn, EuroCrypt 2003.

CAPTCHA: Using Hard AI Problems for Security 12 Jun 2007 Ohad Barak (a.k.a. jo) Luis Von Ahn, EuroCrypt 2003.
CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart A Computer Program that can generate and grade test that: Most Humans.

CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart A Computer Program that can generate and grade test that: Most Humans.
A Low-cost Attack on a Microsoft CAPTCHA Yan Qiang, 2008-12-9.

A Low-cost Attack on a Microsoft CAPTCHA Yan Qiang,
563.10.3 CAPTCHA Presented by: Sari Louis SPAM Group: Marc Gagnon, Sari Louis, Steve White University of Illinois Spring 2006.

CAPTCHA Presented by: Sari Louis SPAM Group: Marc Gagnon, Sari Louis, Steve White University of Illinois Spring 2006.
AN IMPROVED AUDIO Jenn Tam Computer Science Dept. Carnegie Mellon University SOAPS 2008, Pittsburgh, PA.

AN IMPROVED AUDIO Jenn Tam Computer Science Dept. Carnegie Mellon University SOAPS 2008, Pittsburgh, PA.
Breaking an Animated CAPTCHA Scheme

Breaking an Animated CAPTCHA Scheme
CAPTCHA Presented By Sayani Chandra (Roll - 09127106017)

CAPTCHA Presented By Sayani Chandra (Roll )
Jeff Yan School of Computing Science Newcastle University, UK (Joint work with Ahmad Salah El Ahmad) Usability of CAPTCHAs Or “usability issues in CAPTCHA.

Jeff Yan School of Computing Science Newcastle University, UK (Joint work with Ahmad Salah El Ahmad) Usability of CAPTCHAs Or “usability issues in CAPTCHA.
Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Password Management for Multiple Accounts Some Security.

Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Password Management for Multiple Accounts Some Security.
Telling Humans and Computers Apart (Automatically) Or How Lazy Cryptographers do AI Luis von Ahn The Aladdin Center Carnegie Mellon University.

Telling Humans and Computers Apart (Automatically) Or How Lazy Cryptographers do AI Luis von Ahn The Aladdin Center Carnegie Mellon University.
CAPTCHA Prabhakar Verma “08MC30”.

CAPTCHA Prabhakar Verma “08MC30”.
CAPTCHA & THE ESP GAME SHAH JAYESH CS575SPRING 2008.

CAPTCHA & THE ESP GAME SHAH JAYESH CS575SPRING 2008.
Computer Vision Group University of California Berkeley Recognizing Objects in Adversarial Clutter: Breaking a Visual CAPTCHA Greg Mori and Jitendra Malik.

Computer Vision Group University of California Berkeley Recognizing Objects in Adversarial Clutter: Breaking a Visual CAPTCHA Greg Mori and Jitendra Malik.
Human Computation CSC4170 Web Intelligence and Social Computing Tutorial 7 Tutor: Tom Chao Zhou

Human Computation CSC4170 Web Intelligence and Social Computing Tutorial 7 Tutor: Tom Chao Zhou
1 Securing Passwords Against Dictionary Attacks Base on an article by Benny Pinkas & Tomas Sander 2002 Presented by Tomer Conforti.

1 Securing Passwords Against Dictionary Attacks Base on an article by Benny Pinkas & Tomas Sander 2002 Presented by Tomer Conforti.
August 15 click! 1 Email Basics Kitsap Regional Library.

August 15 click! 1 Basics Kitsap Regional Library.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
Every week: Sign in at the door If you are new: Fill in Registration Form Ask a Mentor how to get started Make sure you are on the Athenry Parents/Kids.

Every week: Sign in at the door If you are new: Fill in Registration Form Ask a Mentor how to get started Make sure you are on the Athenry Parents/Kids.

Similar presentations

Ads by Google