CAPTCHA

Telling Humans and Computers Apart Automatically

Agenda

Definition
Why we use CAPTCHA
History
CAPTCHAS and the Turing test
Types of CAPTCHA
Constructing and Breaking CAPTCHA
Issues with CAPTCHA
Application of CAPTCHA
Reference

What is CAPTCHA??

CAPTCHA (Completely Automated Public Turing Test

To Tell Computers and Humans Apart).
The P for Public means that the code and the data
used by a CAPTCHA should be publicly available.
T for Turing Test to Tell is because CAPTCHAs are
like Turing Tests.

What is CAPTCHA??
Continues

CAPTCHA is a program that protects websites against

bots by generating and grading tests that humans can
pass but current computer programs cannot. For
example, humans can read distorted text as the one
shown below, but current computer programs can't.

Why we use Captcha?

There are situations like these where you need to distinguish whether user
is a machine or a computer. This is where we use CAPTCHAS.

History Behind CAPTCHA

CAPTCHA was first used by AltaVista in 1997.

# Reduced Spam by 95% for a small period of time.

Yahoo! Chat room problem.

# In September 2000, Udi Manber of Yahoo! described
this "chat room problem" to researchers at CMU

CMUs CAPTCHA research.

# The term CAPTCHA coined in 2000 by Luis von Ahn,
Manuel Blum, Nicholas Hopper and John Langford of
Carnegie Mellon University.

What is TURING TEST ?

Proposed by Alan Turing.
To test a machines level of intelligence.
Human judge asks questions to two
participants, one is a machine & the other
human.
The judge doesnt know which is which.
After listening to the answer, if the judge
fails to recognize which one is the
machine, then the machine passes the
test.

Contd
CAPTCHA employs a Reverse Turing
Test.
Judge = CAPTCHA program,
participant = user
If the user passes CAPTCHA, he is
human otherwise it is a machine.

Types of CAPTCHA

Text Based CAPTCHA

#
#
#
#

Gimpy
Ez-Gimpy
Baffle text
MSN Captcha

Graphics Based CAPTCHA

# Bongo
# PIX

Audio Based CAPTCHA

RECAPTCHA

Text Based CAPTCHA

GIMPY

Initially used by yahoo ,in this CAPTCHA two

steps are followed as:
a) Pick a word or words from a small
dictionary
b) Distort them and add noise and
background

Fig Gimpy CAPTCHA

Ez-GIMPY

Simplified version of Gimpy

Picks a single word and applies distortion

Fig 2.2 Yahoos Ez Gimpy

CAPTCHA

Text Based CAPTCHA

BAFFLE TEXT:

MSN CAPTCHA:

It does not contain dictionary words, but it

picks up random alphabets and distortions
are then added.

finans

It use 8 characters and digits and Warping

is used to distort the characters.

XTNM5YRE

Ourses
Fig BaffleText examples

L9D28229B
Fig MSN Passport CAPTCHA

Graphics Based CAPTCHA

Bongo:
Following steps are followed in BONGO CAPTCHAS
as:
a)Display two series of blocks
b)User must find the characteristic that sets the two
series apart
c)User is asked to determine which series each of
four single blocks belongs to.

To which side does the block on the bottom

belong?

Graphics Based CAPTCHA

PIX:

This is the second kind of graphics CAPTCHA

using distorted images. Steps followed in its
usage are as
a) Create a large database of labeled images
b) Pick a concrete object
c) Pick four images of the object from the
images database
d) Distort the images
e) Ask the user to pick the object for a list of
words

Audio Based CAPTCHA

The program picks a word or a sequence of numbers

at random, renders the word or the numbers into a
sound clip and distorts the sound clip.
It then presents the distorted sound clip to the user
and asks users to enter its contents.
This CAPTCHA is based on the difference in ability
between humans and computers in recognizing
spoken language.

reCAPTCHA (2007)
New form of CAPTCHA that also helps digitize books;
The words displayed to the user come directly from old
books that are being digitized;
Words that OCR could not identify;

reCAPTCHA

16

Constructing CAPTCHAs
Things to keep in mind : Dont store CAPTCHA solution in web pages
metadata.
A CAPTCHA is no good if it doesnt distort.
Need a large database of different
CAPTCHA questions.
Avoid repetition of question.

CAPTCHA logic
Generate the question
Persist the correct answer
Present the question to the user
Evaluate the answer, if incorrect start
again- Generate a different CAPTCHA
If correct allow the access to the user

Guidelines

Image Security
Script Level Security
Accessibility
Security Even After Wide-Spread Adoption

Breaking CAPTCHAs
Cracking CAPTCHAs through programs
Improving Character Recognition software
(OCR Optical Character Recognition )
Re-using the session ID of a known
CAPTCHA image

Issues with CAPTCHAs

Usability issue
W3C mandates web to be accessible to all people.
Some CAPTCHAs are in accessible to visually
impaired, cognitively challenged people.
Compatibility issue
Java script may be needed to be activated in
browsers.
Some may need Adobe Flash Plug-in.

Application of CAPTCHA

Preventing Comment Spam in Blogs.

Protecting website registration.
Protecting email addresses from scrapers.
Online Polls.
Preventing dictionary attacks.

CONCLUSION
CAPTCHAS are any software that distinguishes human
and machine.
Today Internet companies are making billions of
dollars every year, their security and services quality
matters and so does the advancement in CAPTCHA
technology. . .

References

Wikipedia(http://en.wikipedia.org/CAPTCHA)
Carnegie Mellon School of Computer Science Web
site (http://www.captcha.net)
Telling Humans and Computers Apart by Luis von
Ahn and colleagues.
Xerox Palo Alto Research Center
(http://www2.parc.com/ istl/projects/captcha/)