Breaking an Animated CAPTCHA Scheme

Slides:

Advertisements

Similar presentations

COMPUTER MALWARE FINAL PROJECT PROPOSAL THE WAR AGAINST CAPTCHA WITH IMPLEMENTATION OF THE WORLDS MOST ACCURATE CAPTCHA BREAKER By Huy Truong & Kathleen.

Advertisements

Michele Merler Jacquilene Jacob.  Applications online are inherently insecure  Growing rate of hackers  Confidentiality of online systems should be.

Advanced Image Processing Student Seminar: Lipreading Method using color extraction method and eigenspace technique ( Yasuyuki Nakata and Moritoshi Ando.

Iframes & Images Using HTML.

Multimedia Production

Evaluating Color Descriptors for Object and Scene Recognition Koen E.A. van de Sande, Student Member, IEEE, Theo Gevers, Member, IEEE, and Cees G.M. Snoek,

A Low-cost Attack on a Microsoft CAPTCHA Yan Qiang,

CAPTCHA Presented by: Sari Louis SPAM Group: Marc Gagnon, Sari Louis, Steve White University of Illinois Spring 2006.

Chapter 11 Beyond Bag of Words. Question Answering n Providing answers instead of ranked lists of documents n Older QA systems generated answers n Current.

CAPTCHA Presented By Sayani Chandra (Roll )

Text Detection in Video Min Cai Background  Video OCR: Text detection, extraction and recognition  Detection Target: Artificial text  Text.

Jeff Yan School of Computing Science Newcastle University, UK (Joint work with Ahmad Salah El Ahmad) Usability of CAPTCHAs Or “usability issues in CAPTCHA.

Providing Trusted Paths Using Untrusted Components Andre L. M. dos Santos Georgia Institute of Technology

CAPTCHA Prabhakar Verma “08MC30”.

1 CAPTCHA Challenges for Massively Multiplayer Online Games 2010 International Conference on Cyberworlds Authors: Yang-Wai Chow, Willy Susilo, Hua-Yu Zhou.

California Car License Plate Recognition System ZhengHui Hu Advisor: Dr. Kang.

Computer Vision Group University of California Berkeley Recognizing Objects in Adversarial Clutter: Breaking a Visual CAPTCHA Greg Mori and Jitendra Malik.

Genetically optimized face image CAPTCHA

Human Computation CSC4170 Web Intelligence and Social Computing Tutorial 7 Tutor: Tom Chao Zhou

Web Design, 3 rd Edition 3 Planning a Successful Web Site: Part 1.

1 Flash and Animation Presented by : Behzad Sajed Khosrowshahi.

Guilford County SciVis V106.01

V Obtained from a Guildford County workshop-Summer, 2014.

Handwritten Character Recognition using Hidden Markov Models Quantifying the marginal benefit of exploiting correlations between adjacent characters and.

A Brief Glimpse of Web Design By: Samantha Beckett.

Photoshop Backgrounds, Buttons, Banners & Animation In PowerPoint Presentations.

IOTA Improved Design and Implementation of a Modular and Extensible Website Framework Andrew Hamilton – TJHSST Computer Systems Lab Abstract.

1 Template-Based Classification Method for Chinese Character Recognition Presenter: Tienwei Tsai Department of Informaiton Management, Chihlee Institute.

Research paper: Web Mining Research: A survey SIGKDD Explorations, June Volume 2, Issue 1 Author: R. Kosala and H. Blockeel.

CAPTCHA 1 Are you Human? (Sorry, I had to ask). CAPTCHA 2 Agenda What is CAPTCHA? Types of CAPTCHA Where to use CAPTCHAs? Guidelines when making a CAPTCHA.

Recognizing some of the modern CAPTCHAs Dmitry Nikulin LCME, Saint-Petersburg, 2011.

Part 2  Access Control 1 CAPTCHA Part 2  Access Control 2 Turing Test Proposed by Alan Turing in 1950 Human asks questions to another human and a computer,

Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.

Information Extraction from Cricket Videos Syed Ahsan Ishtiaque Kumar Srijan.

Analyzing CAPTCHAs May 1, 2009 Kyle Anderson Michelle Krause Matthew Turner.

Basic Knowledge of Web creation. Computer graphic knowledge Graphic file has 2 types Raster Graphic A bitmap or raster image are comprised of pixels in.

1 Recognition of Multi-Fonts Character in Early-Modern Printed Books Chisato Ishikawa(1), Naomi Ashida(1)*, Yurie Enomoto(1), Masami Takata(1), Tsukasa.

Learning Models for Object Recognition from Natural Language Descriptions Presenters: Sagardeep Mahapatra – Keerti Korrapati

Digital Image Processing & Analysis Spring Definitions Image Processing Image Analysis (Image Understanding) Computer Vision Low Level Processes:

Video Based Palmprint Recognition Chhaya Methani and Anoop M. Namboodiri Center for Visual Information Technology International Institute of Information.

CAPTCHA solving Tianhui Cai Period 3. CAPTCHAs Completely Automated Public Turing tests to tell Computers and Humans Apart Determines whether a user is.

Web Design, 3 rd Edition 3 Planning a Successful Web Site: Part 1.

IMAGINATION: A Robust Image-based CAPTCHA Generation System Ritendra Datta, Jia Li, and James Z. Wang The Pennsylvania State University – University Park.

Preventing Automated Use of STMP Reservation System Using CAPTCHA.

7 elements of remote sensing process 1.Energy Source (A) 2.Radiation & Atmosphere (B) 3.Interaction with Targets (C) 4.Recording of Energy by Sensor (D)

Presented By: Abirami Poonkundran Authors: Jeff Yan, Ahmad El Ahmad.

2005/12/021 Fast Image Retrieval Using Low Frequency DCT Coefficients Dept. of Computer Engineering Tatung University Presenter: Yo-Ping Huang ( 黃有評 )

Web Design, 3 rd Edition 3 Planning a Successful Web Site: Part 1.

Designing Human Friendly Human Interaction Proofs (HIPs) Kumar Chellapilla, Kevin Larson, Patrice Simard and Mary Czerwinski Microsoft Research Presented.

Chapter 1 Background 1. In this lecture, you will find answers to these questions Computers store and transmit information using digital data. What exactly.

CISC 110 Day 3 Introduction to Computer Graphics.

PART TWO Electronic Color & RGB values 1. Electronic Color Computer Monitors: Use light in 3 colors to create images on the screen Monitors use RED, GREEN,

Web Design, 5 th Edition 3 Planning a Successful Website: Part 1.

CAPTCHA solving Tianhui Cai Period 3. CAPTCHAs Completely Automated Public Turing tests to tell Computers and Humans Apart User is human or machine? Prevents.

CAP Malware and Software Vulnerability Analysis Term Project Proposal - Spring 2009 Professor: Dr. Zou Team members: Andrew Mantel & Peter Matthews.

Peter Matthews, Cliff C. Zou University of Central Florida AsiaCCS 2010.

By: Steven Baker.  What is a CAPTCHA?  History of CAPTCHA  Applications of CAPTCHAs  Accessibility  Examples of CAPTCHAs  reCAPTCHA  Vulnerabilities.

CAPTCHA What humans can do, But computers can not.

Usability of CAPTCHAs Or usability issues in CAPTCHA design Authors: Jeff Yan and Ahmad Salah El Ahmad Presented By: Kim Giglia CSC /19/2008.

CAPTCHA Presented by: Md.R ahim 08B21A Agenda Definition Background Motivation Applications Types of CAPTCHAs Breaking CAPTCHAs Proposed Approach.

SANDEEP MEHTA (ECE, IV Year). CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart Invented at CMU by Luis von Ahn, Manuel.

ROBUST FACE NAME GRAPH MATCHING FOR MOVIE CHARACTER IDENTIFICATION

Creating Complex Animations

Are you Human?.

Web Programming Week 11 Old Dominion University

Real-Time Human Pose Recognition in Parts from Single Depth Image

Fighting the WebBots A webbot is a program that visits web sites for all kinds of purposes. For example, Google webbots make copies of all web sites for.

Presented By Vibhute J.B. Class : M.Sc. (CS)

Presentation transcript:

Breaking an Animated CAPTCHA Scheme Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo University of Wollongong

About CAPTCHA CAPTCHA: Completely Automated Public Turing test to Tell Computers and Humans Apart. Other name: Human Interaction Proofs (HIPs). Easily solvable by humans. Cannot be solved by current computer programs. Existing CAPTCHAs are mainly text-based on a static image. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

About CAPTCHA Most of traditional text-based CAPTCHAs are known to be vulnerable against attacks. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

About CAPTCHA Increase the security: distorting, blurring, rotation the text, overlaying of visual noise. But Easy for humans hard for computers? Not guaranteed to exist. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

Animated CAPTCHA Static vs. Animation: Animated CAPTCHAs has been proposed. Assumption : More usability: Animation makes increasing legibility for humans. More security: Distributing the information required to solve the CAPTCHA challenge over multiple animation frames. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

Our questions Animated CAPTCHAs really provide more security ? How to break animated CAPTCHA and design secure one ? Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

Breaking HelloCaptcha Breaking a representative animated CAPTCHAs: HelloCaptcha CAPTCHA provider: Affects many customer’s web sites if broken. A variety of 84 different variations of 12 categories. Flitter H-Mover Mass Flood Noisy Mosaic Pop Up Roller Search light Smarties Spread Fade Spring Swapper Text Flood Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

Outline Breaking HelloCaptcha. Results and Lessons learned. Type Distinction. Single Image Extraction. By Pixel Delay Map (PDM). By Catching Line (CL). By Color Selection (CS). Pre-Processing and Character Recognition. Results and Lessons learned. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

Breaking HelloCaptcha Type Distinction: Number of frames 175 55-107 Number of blank frames 2 8 Maximum frame delay 4 ms 6ms Background color RGB(255,255,255) RGB(92, 31, 92) Results: Most of 84 types can correctly be distinguished 100%. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

Pixel Delay Map (PDM) Feature: To get the human user’s attention, the text characters are displayed at certain fixed locations for longer periods of time The PDM is an image resulting from the accumulation of the total amount of time that a pixel gets displayed in a color that is different from the background color. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

Pixel Delay Map (PDM) PDM and extracted static image. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

Pixel Delay Map (PDM) PDM on all frames. PDMs constructed from consecutive 1/6 of the frames. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

Catching Line (CL) Character moving areas. Selected frames and characters by “Catching line”. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

Color Selection (CS) Characters separated based on color. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

Pre-Processing on extracted single image Noise removal. Refine by filling. Shape removal. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

Character Recognition by OCR program Use ABBYY FineReader 11. Use existing embedded training database and/or own training set . Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

Experimental Results 8,400 animated CAPTCHA samples were collected from the HelloCaptcha website. Accuracy of breaking (i.e. correctly recognizing all characters in the animated CAPTCHA challenges) ranges between 16% −100% of the time (wide accepted that more than 1% of the time is essentially broken). Attacking time: 4 secs/challenge. Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

Lessons learned Delay periods: The number of frames. Frame 45 Frame 82 40ms 40ms 1000ms Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

Lessons learned Character positions: The important information is emphasized by displaying it for longer. That can be exploited using the PDM method. PDM was used to break 61 of the 84 different types and can be affected types from other sources: Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

Lessons learned Moving direction : Only move or scale in the vertical direction can vulnerable to attacks. Use of color or luminance: Less is best Method of delivery: Gif, Flash or Video ? Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme

Question ? Vu Duc Nguyen, Yang-Wai Chow and Willy Susilo Breaking an Animated CAPTCHA Scheme