Presentation on theme: "CAPTCHA: Using Hard AI Problems for Security 12 Jun 2007 Ohad Barak (a.k.a. jo) Luis Von Ahn, EuroCrypt 2003."— Presentation transcript:
CAPTCHA: Using Hard AI Problems for Security 12 Jun 2007 Ohad Barak (a.k.a. jo) Luis Von Ahn, EuroCrypt 2003
Nov 99, slashdot.com: “Which is the best graduate school in computer science?” CMU MIT Conclusion: Quality of a computer science graduate school is measured by the effectiveness of voting bots its student may build.
CAPTCHA:Completely Automated Public Turing-test to tell Computers and Humans Apart A CAPTCHA : a program that generates and grade a test that: (1) most humans can pass, but (2) current computer programs can't
Why do we need CAPTCHA? Online polls Free email service sign-up Search engine bots Worms and spams Dictionary attacks
Example of CAPTCHA From: Bezeq-bill From: Yahoo!
Questions of interest What’s between Turing Test and CAPTCHA? Can one prove that machine can’t pass a test? On the analogy between cryptography and AI Who is a CAPTCHA? How big does the gap have to be? Why do we need to find new CAPTCHAs?
Definitions and proofs in the field One cannot prove that a machine cannot pass a certain test that humans can (α, β)-human executable AI : P (S, D, f) is ( δ, τ )-solved or ( δ, τ ) -hard CAPTCHA : (α, β, η)
AI & Cryptography “Hard” = the community agrees on it Assumption: adversary cannot surpass state- of-the-art algorithms known to researchers
AI & Cryptography – cont. Cryptographic assumptions usually clearer and more accurate. Time can be limited. Defense from programs that run forever, or from future programs. Win-Win. Adversaries (hackers and researchers) are encouraged to advance the field of AI.
What does it take to be a CAPTCHA? Humans may solve the test easily Humans may solve it quickly Machines cannot Can be generated automatically by a machine Test code should be publicly available A useful AI problem
Does the size (of gap) matter? Gap amplification: Any positive gap between the success of humans and current computer programs against a CAPTCHA can be amplified to a gap arbitrarily close to 1, e.g. by serial repetition
The problems of finding a new CAPTCHA Considering text-related and logic tests: generation is more or less as hard as understanding All suggested CAPTCHAs are based on sensory processing – where some human populations fail. Finding other ones is an open problem. Old ones get solved
Win - Win “I always win!” “Breaking a visual CAPTCHA” Mori and Malik, 2002
Thank you! Don’t remember my details… … just Google my name Ohad Barak