563.10.3 CAPTCHA
-
Upload
avinash-maurya -
Category
Documents
-
view
50 -
download
2
Transcript of 563.10.3 CAPTCHA
Presented by: AVINASH MAURYA
IT VI SEM 0829213008
Definition Background Applications Code in php Types of CAPTCHAs Breaking CAPTCHAs Proposed Approach Conclusion Reference
2
CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart
A program that can tell whether its user is a human or a computer.
The challenge: develop a software program that can create and grade challenges most humans can pass but computers cannot
3
First used by Altavista in1997• Reduced SPAM add-url by over 95%
CMU/Yahoo!• Automated the creating and grading of
challenges PARC
• Relies on document image degradation to prevent successful OCR
• Conducted user-focused studies to assess the effectiveness of CAPTCHAs
4
CAPTCHAs are based on open AI problems
Breaking CAPTCHAs help advance AI by solving these open problems
Improving CAPTCHAs help telling computers and human apart
Win-win situation
5
Pessimal Print: A Reverse Turing TestAllison L. Coates, Henry S. Baird, Richard J. Fateman
Telling Humans and Computer Apart AutomaticallyLuis von Ahn, Manuel Blum, and John Langford
CAPTCHA: Using Hard AI Problems for SecurityLuis von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford
Using Machine Learning to Break Visual Human Interaction Proofs (HIPs)Kumar Chellapilla, Patrice Y. Simard
6
Free email services Online polls Dictionary attacks Newsgroups, Blogs, etc… SPAM
7
8
i. Initializationii. Handwritten CAPTCHA Challengeiii. User Responseiv. Verification
Automatic Authentication Session for Web Services.
Internet
User
Authentication Server
Challenge
Response
User authentication
The user initiate the dialog and has to be authenticated by server
Internet
User
Authentication Server
Challenge
Response
User authentication
The user initiate the dialog and has to be authenticated by server
9
<?phpsession_start();$ranStr = md5(microtime());$ranStr = substr($ranStr, 0, 6);$_SESSION['cap_code'] = $ranStr;$newImage = imagecreatefromjpeg("cap_bg.jpg");$txtColor = imagecolorallocate($newImage, 0, 0, 0);imagestring($newImage, 5, 5, 5, $ranStr, $txtColor);header("Content-type: image/jpeg");imagejpeg($newImage);?>
Captcha.php
10
phpif ($_SERVER['REQUEST_METHOD'] == 'POST'){if ($_POST['captcha'] == $_SESSION['cap_code']) {// Captcha verification is Correct. Do something here!}else {// Captcha verification is wrong. Take other action}}?>
Verifying captcha code is equal or not
1-$_SESSION['cap_code'] - is having actual captcha code2-$_POST['captcha'] - user entered captcha code
11
Javascript<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script><script type="text/javascript">$(document).ready(function(){$('#submit').click(function(){var name = $('#name').val();var msg = $('#msg').val();var captcha = $('#captcha').val();if( name.length == 0){$('#name').addClass('error');}else{$('#name').removeClass('error');}if( msg.length == 0){$('#msg').addClass('error');}else{$('#msg').removeClass('error');}if( captcha.length == 0){$('#captcha').addClass('error');}else{$('#captcha').removeClass('error');}if(name.length != 0 && msg.length != 0 && captcha.length != 0){return true;}return false;});var capch = '<?php echo $cap; ?>';if(capch != 'notEq'){if(capch == 'Eq'){$('.cap_status').html("Your form is successfully Submitted ").fadeIn('slow').delay(3000).fadeOut('slow');}else{$('.cap_status').html("Human verification Wrong!").addClass('cap_status_error').fadeIn('slow');}}});</script>
Text based• Gimpy, ez-gimpy• Gimpy-r, Google CAPTCHA• Simard’s HIP (MSN)
Graphic based• Bongo• Pix
Audio based
12
Gimpy, ez-gimpy• Pick a word or words from a small dictionary• Distort them and add noise and background
Gimpy-r, Google’s CAPTCHA• Pick random letters• Distort them, add noise and background
Simard’s HIP• Pick random letters and numbers• Distort them and add arcs
13
14
Bongo• Display two series of blocks• User must find the characteristic that sets
the two series apart• User is asked to determine which series
each of four single blocks belongs to
Difference? thick vs. thin lines
15
PIX• Create a large database of labeled images• Pick a concrete object• Pick four images of the object from the
images database• Distort the images• Ask the user to pick the object for a list of
words
16
17
DogPool
Pick a word or a sequence of numbers at random
Render them into an audio clip using a TTS software
Distort the audio clip Ask the user to identify and type the
word or numbers
18
Most text based CAPTCHAs have been broken by software• OCR• Segmentation
Other CAPTCHAs were broken by streaming the tests for unsuspecting users to solve.
19
Very similar to PIX Pick a concrete object Get 6 images at random from
images.google.com that match the object Distort the images Build a list of 100 words: 90 from a full
dictionary, 10 from the objects dictionary Prompt the user to pick the object from
the list of words
20
Make an HTTP call to images.google.com and search for the object
Screen scrape the result of 2-3 pages to get the list of images
Pick 6 images at random Randomly distort both the images and
their URLs before displaying them Expire the CAPTCHA in 30-45 seconds
21
The database already exists and is public
The database is constantly being updated and maintained
Adding “concrete objects” to the dictionary is virtually instantaneous
Distortion prevents caching hacks Quick expiration limits streaming
hacks
22
Not accessible to people with disabilities (which is the case of most CAPTCHAs)
Relies on Google’s infrastructure Unlike CAPTCHAs using random
letters and numbers, the number of challenge words is limited
23
25
26