m
m

w mw

m
m c m
     
    
m
  


m
m 
   
     
      
  

 
  
A m
m or m
 is a type of challenge-
challenge-response test used
in computing to ensure that the response is not generated by a computer.
m
m requires that the user type letters or digits from a distorted
image that appears on the screen.
Any user entering a correct solution is presumed to be human else user is
bot and denied access.
It is sometimes described as a reverse Turing test.
OCRs(Optical Character Recognition) are not able to read CAPTCHAs
 w
w

!irst developed by Alta Vista in 1997.

The term coined in 2000 by Luis von Ahn , Manuel Blum and Nicholas J.
Hopper of Carnegie Mellon University and John Langford of IBM.

Primitive CAPTCHAs seem to have been developed in 1997 by Andrei

Broder, Martin Abadi, Krishna Bharat, and Mark Lillibridge to
prevent bots from adding URLs to their search engine.
 w


Proposed by 
..
To test a machine¶s level of intelligence Human judge asks
questions to two participants, one is a machine, he doesn¶t know
which is which, If judge can¶t tell which is the machine, the machine
passes the test.
CAPTCHA employs a reverse Turing test,
judge = CAPTCHA program,
participant = user
if user passes CAPTCHA, he is human

if user fails, it is a machine

 
m
m 

Text Based CAPTCHAS

Graphics Based CAPTCHAS
Audio or Sound Based CAPTCHAS
  !m
m 

Typically relay on sophisticated distortion of text images rendering them

unrecognizable to the state of the art of the pattern recognition programs
but recognizable by humans.
Examples:
£ 
" # $
(hat is sum of three and thirty-
thirty-five?
If today is Saturday, what is day after tomorrow?
Very effective, needs a large question bank
h Gimpy:
£ Originally designed by Yahoo and CMU.
£ Based on human ability to read heavily distorted and corrupted text.
£ works by choosing a certain number of words from a dictionary, and
then displaying them corrupted and distorted in an image; after that
Gimpy asks the user to type the words displayed in that image.
h EZ--Gimpy:
EZ
£ A modified version of Gimpy.
£ Used in Yahoo Messenger Service.
£ It contains only one random character string.
£ The word is random and not picked from the dictionary.
£ Its not a good implementation of CAPTCHA, and already broken
£ OCRs.
h MSN Passport service CAPTCHAs:
£ its provided for Microsoft MSN services.
£ uses 8 characters.
£ (arping is used to distort.
£ Its very strongly implemented and hasn¶t been broken.
hBONGO
After M.M.Bongard, pattern recognition expert
User has to solve a pattern recognition problem.
 %%m
m


!ree CAPTCHA service that helps to digitize books, newspapers and old
time radio shows.
reCAPTCHA improves the process of digitizing books by sending words that
cannot be read by computers to the (eb in the form of CAPTCHAs for
humans to decipher.
Each word that cannot be read correctly by OCR is placed on an image and
used as a CAPTCHA.
This is possible because most OCR programs alert you when a word cannot
.
be read correctly
(orking of reCAPTCHA:
Two words are shown, one word is known as Control (ord, and another
one is known a questionable word.
System assumes that if human types the control word correctly, the
questionable word is also correct.
The identification performed by each OCR program is given a value of 0.5
points, and each interpretation by a human is given a full point.

Once a given identification hits 2.5 votes, the word is considered called .


&wm w 

Preventing Comment Spam in Blogs

Protecting (ebsite Registration

Protecting Email Addresses !rom Scrapers

Online Polls

Preventing Dictionary Attacks

Search Engine Bots

(orms and Spam

 m  m
m 

£ Things to keep in mind:

£ Don¶t store CAPTCHA solution in (eb page¶s
metadata
£ A CAPTCHA is no good if it doesn't distort
£ Need a large database of different CAPTCHA
questions
£ Avoid repetition of questions
CAPTCHA Logic:
£ Generate the question
£ Persist the correct answer
£ Present the question to user
£ Evaluate answer, if incorrect, start again--
again-- Generate a different
CAPTCHA
£ If correct, allow access to user



£ Accessibility
£ Image security
£ Script security
£ Security after widespread adoption
£ Custom implementation or a general CAPTCHA?
 !'m
m 

£ Cracking CAPTCHAs through programs

£ Convert CAPTCHA into greyscale
£ Detect patterns in the image corresponding to characters
£ Or, read session files of that user and know the CAPTCHA word
 w m
m 

£  :
 :
£ ( C mandates (eb to be accessible to all people
£ Some CAPTCHAs are inaccessible to visually impaired, cognitively
challenged people
£ m
  ::
m
  
£ JavaScript may need to be activated in browsers
£ Some may need Adobe !lash plugin installed
(
 m

D CAPTCHAs are an effective way to counter bots and reduce spam

D They serve dual purpose±
purpose± help advance AI knowledge
D Applications are varied±
varied± from stopping bots to character recognition
& pattern matching
D Some issues with current implementations represent challenges for
future improvements
THANK YOU