Background :- :-
The need for CAPTCHAs rose to keep out
the website/Search Engine abuse
by bots. In 1997, AltaVista sought ways to block and discourage the automatic
submissions of URLs into their search engines. Andrei Broder, Chief Scientist
of AltaVista, and his colleagues developed a filter. Their method was to
generate a printed text randomly that only humans could read and not machine
readers. Their approach was so effective that in an year, “spam-add-ons’” were
reduced by 95% and a patent was issued in 2001.
About CAPTCHA
We
introduce CAPTCHA, an automated test that humans can pass, but current computer
programs can't pass: any program that has high success over a captcha can be
used to solve an unsolved Artifcial
Intelligence (AI) problem. We provide several novel constructions of
captchas. Since captchas have many applications in practical security, our
approach introduces a new class of hard problems that can be exploited for
security purposes. Much like research in Cryptography
has had a positive impact on algorithms for factoring and discrete log, we hope
that the use of hard AI problems for security purposes allows us to advance the
field of Artifcial Intelligence. We introduce two families of AI problems that
can be used to construct captchas and we show that solutions to such problems
can be used for steganographic communication. Captchas based on these AI
problem families, then, imply a win-win situation: either the problems remain
unsolved and there is always to differentiate humans from computers, or the
problems are solved and there is a way to Communicate
covertly on some channels.
Types of CAPTCHAs
1.
Text CAPTCHAs
1.1
Gimpy
1.2
Ez – Gimpy
1.3
BaffleText
1.4
MSN Captcha
2.
Graphic CAPTCHAs
The Audio CAPTCHA
Recent research is suggesting that
Google's audio capture is the latest in a string of CAPTCHA's to have been
defeated by software. t has been theorized that one cost-effective means of
breaking audio captures and image captures that have not yet had automated
systems developed is to use a mechanical turk and pay low rates for per-CAPTCHA
reading by humans, or provide another form of motivation such as access to
popular sites for reading the CAPTCHA. However, it always required a
significant level of resources to achieve. The development of software to
automatically interpret CAPTCHAs brings up a number of problems for site
operators. The problem, as discovered by Wintercore Labs and published at the
start of March is that there are repeatable patterns evident in the audio file
and by applying a set of complex but straight forward processes, a library can
be built of the basic signal for each possible character that can appear in the
CAPTCHA. Wintercore point to other audio CAPTCHAs that could be easily reversed
using this technique, including the one for Facebook. The wider impact of this work might take some time
to appear, but it provides an interesting proof of breaking audio CAPTCHAs. At
the least, it shows that both of Google's
CAPTCHA tools have now been defeated by software and it should only be a matter
of time until the same can be said for Microsoft
and Yahoo!'s offerings. Even with an effectiveness of only 90%, any failed
CAPTCHA can easily be reloaded for a second try.
Gimpy
Gimpy is a very reliable text CAPTCHA
built by CMU in collaboration with Yahoo for their Messenger service. Gimpy is
based on the human ability to read extremely distorted text and the inability
of computer programs to do the same. Gimpy works by choosing ten words randomly
from a dictionary, and displaying them in a distorted and overlapped manner.
Gimpy then asks the users to enter a subset of the words in the image. The
human user is capable of identifying the words correctly, whereas a computer
program cannot.
CAPTCHA Logic
1. The CAPTCHA image (or question) is
generated. There are different ways to do this. The classic approach is to
generate some random text, apply some random effects to it and convert it into
an image.
2. Step 2 is not really sequential. During
step 1, the original text (pre-altered) is persisted somewhere, as this is the
correct answer to the question. There are different ways to persist the answer,
as a server-side session variable, cookie, file, or database entry.
3. The generated CAPTCHA is presented to the
user, who is prompted to answer it.
Conclusion
It’s
believed that the fields of cryptography and artificial intelligence have much
to contribute to one another. Captchas represent a small example of this
possible symbiosis. Reductions, as they are used in Cryptography, can be extremely useful for the progress of
algorithmic development. So, security researchers to create captchas based on
different AI problems must be encouraged.
0 comments:
Post a Comment