Captcha

PAPER PRESENTATIONPAPER PRESENTATION ON ON

‘CAPTCHA’ ‘CAPTCHA’

Presented By:Presented By:

EduTechLearnersEduTechLearnerswww.edutechlearners.com

OVERVIEWOVERVIEW

CAPTCHACAPTCHACompletely Automated Completely Automated

Public Turing Test to Public Turing Test to tell computers and tell computers and

Humans ApartHumans Apart

INTRODUCTIONINTRODUCTION Computers and Humans are apart , a technique used Computers and Humans are apart , a technique used

by a computer to tell if it is interacting with human or by a computer to tell if it is interacting with human or some other computer.some other computer.

It is needed because activities such as online It is needed because activities such as online commerce transactions, search engine submissions, commerce transactions, search engine submissions, Web polls, Web registrations, free e-mail service Web polls, Web registrations, free e-mail service registration and other automated services are subject registration and other automated services are subject to software programs, or bots, that mimic the to software programs, or bots, that mimic the behavior of humans in order to skew the results of the behavior of humans in order to skew the results of the automated task or perform malicious activities, such automated task or perform malicious activities, such as gathering e-mail addresses for spamming.as gathering e-mail addresses for spamming.

www.edutechlearners.cowww.edutechlearners.comm

BASCILLY WHAT A ‘CAPTCHA BASCILLY WHAT A ‘CAPTCHA DO ?DO ?

In order to validate the digital transaction, using the In order to validate the digital transaction, using the CAPTCHA system the user is presented with a distorted CAPTCHA system the user is presented with a distorted word typically placed on top of a distorted background. word typically placed on top of a distorted background. The user must type the word into a field in order to The user must type the word into a field in order to complete the process. Computers have a difficult time complete the process. Computers have a difficult time decoding the distorted words while humans can easily decoding the distorted words while humans can easily decipher the text. Some CAPTCHAs now use pictures decipher the text. Some CAPTCHAs now use pictures instead of words where the user is presented with a series instead of words where the user is presented with a series of pictures and asked what the common element among of pictures and asked what the common element among all of the pictures is. By entering that common element, all of the pictures is. By entering that common element, the user validates the transaction and the computer the user validates the transaction and the computer knows it is dealing with a human and not a bot. knows it is dealing with a human and not a bot.

A stack of images called from the A stack of images called from the CAPTCHA program on Yahoo CAPTCHA program on Yahoo

groups.groups.


BASIC TRMINOLOGYBASIC TRMINOLOGY Artificial intelligence.Artificial intelligence. Strong artificial intelligence.Strong artificial intelligence. Weak artificial intelligence.Weak artificial intelligence. Bot.Bot. Turing test.Turing test. Challenge response test.Challenge response test. Spam.Spam.


ARTIFICIAL INTELLIGENCEARTIFICIAL INTELLIGENCE

Artificial intelligence, also known as machine Artificial intelligence, also known as machine intelligence, is defined as intelligence intelligence, is defined as intelligence exhibited by anything manufactured by exhibited by anything manufactured by humans or systems .It is usually hypothetically humans or systems .It is usually hypothetically applied to general-purpose computers.applied to general-purpose computers.

It is concerned with systems that think like It is concerned with systems that think like humans, systems that act like humans, systems humans, systems that act like humans, systems that think rationally or systems that act that think rationally or systems that act rationally.rationally.


STRONG ARTIFICIAL STRONG ARTIFICIAL INTELLIGENCE INTELLIGENCE

Strong artificial intelligence research deals with the Strong artificial intelligence research deals with the creation of some form of computer-based artificial creation of some form of computer-based artificial intelligence that can truly reason and solve problems; intelligence that can truly reason and solve problems; a strong form of AI is said to be self-aware. In theory, a strong form of AI is said to be self-aware. In theory, there are two types of strong AI:there are two types of strong AI:

Human-like AI, in which the computer program Human-like AI, in which the computer program thinks and reasons much like a human mind. thinks and reasons much like a human mind.

Non-human-like AI, in which the computer program Non-human-like AI, in which the computer program develops a totally non-human sentience, and a non-develops a totally non-human sentience, and a non-human way of thinking and reasoning human way of thinking and reasoning


WEAK ARTIFICIAL WEAK ARTIFICIAL INTELLIGENCEINTELLIGENCE

Weak artificial intelligence research deals with the Weak artificial intelligence research deals with the creation of some form of computer-based artificial creation of some form of computer-based artificial intelligence that can reason and solve problems only intelligence that can reason and solve problems only in a limited domain.in a limited domain.

To date, much of the work in this field has been done To date, much of the work in this field has been done with computer simulations of intelligence based on with computer simulations of intelligence based on predefined sets of rules. Very little progress has been predefined sets of rules. Very little progress has been made in strong AI. Depending on how one defines made in strong AI. Depending on how one defines one's goals, a moderate amount of progress has been one's goals, a moderate amount of progress has been made in weak AI.made in weak AI.


BOTBOT A A botbot is common parlance on the Internet for a is common parlance on the Internet for a

software program that is a software agent. Bots software program that is a software agent. Bots interact with other network services intended for interact with other network services intended for people as if it was a real person. .people as if it was a real person. .

Some bots communicate with other users of Internet Some bots communicate with other users of Internet based services, for example via Instant Messenger or based services, for example via Instant Messenger or Internet Relay Chat. These chatterbots may allow Internet Relay Chat. These chatterbots may allow people to ask questions in plain Englishpeople to ask questions in plain English

The term bot is used frequently in videogames, The term bot is used frequently in videogames, referring to computer controlled enemies in a referring to computer controlled enemies in a multiplayer game that simulate the actions of a multiplayer game that simulate the actions of a human player. These bots are used in training, before human player. These bots are used in training, before playing over Internet.playing over Internet.


TURING TESTTURING TEST In 1950, the mathematician Alan Turing suggested that a In 1950, the mathematician Alan Turing suggested that a

computer could earn the label "intelligent" if it could fool a computer could earn the label "intelligent" if it could fool a person into thinking he or she was communicating with person into thinking he or she was communicating with another person instead of a machine. another person instead of a machine.

It's become a major problem on the Internet, as has the use of It's become a major problem on the Internet, as has the use of 'bots to register for e-mail addresses that are later used to 'bots to register for e-mail addresses that are later used to send unwanted advertisements, or spam, to e-mail users. send unwanted advertisements, or spam, to e-mail users.

In a 1950 paper, he described what he called the Imitation In a 1950 paper, he described what he called the Imitation game, now known as the Turing Test, in which a person tries game, now known as the Turing Test, in which a person tries to distinguish between human and computer test subjects by to distinguish between human and computer test subjects by asking them each a series of questions. If the person can't asking them each a series of questions. If the person can't distinguish between the computer and the human, the distinguish between the computer and the human, the computer is deemed to be intelligent. There is a prize of computer is deemed to be intelligent. There is a prize of $100,000 for a computer that can pass the Turing Test.$100,000 for a computer that can pass the Turing Test.


CHALLENGE RESPONSE TESTCHALLENGE RESPONSE TEST

A A challenge-response testchallenge-response test is a test involving a set of is a test involving a set of questions (or "challenges"), that the person or other questions (or "challenges"), that the person or other entity has to answer in order to pass the test. If the entity has to answer in order to pass the test. If the person or entity provides an adequate response to the person or entity provides an adequate response to the challenges, then it is seemed that this person or entity challenges, then it is seemed that this person or entity has passed the test.has passed the test.

The Turing test for artificial intelligence is a good The Turing test for artificial intelligence is a good example of challenge-responseexample of challenge-response

One real world example would be as in movies where One real world example would be as in movies where in order to gain access to a certain location the door-in order to gain access to a certain location the door-man says something and the person attempting to man says something and the person attempting to gain access has to say the adequate response.gain access has to say the adequate response.


SPAMSPAM Spamming is the act of sending unsolicited electronic Spamming is the act of sending unsolicited electronic

messages in bulk. In the popular eye, the most common messages in bulk. In the popular eye, the most common form of spam is that delivered in e-mail as a form of form of spam is that delivered in e-mail as a form of commercial advertising.commercial advertising.

One of the strengths of electronic communications media is One of the strengths of electronic communications media is that it costs virtually nothing to send a message. Electronic that it costs virtually nothing to send a message. Electronic messaging is cheap and fast. It is also easy to automate: messaging is cheap and fast. It is also easy to automate: computer programs can send out millions of messages via computer programs can send out millions of messages via e-mail, instant message (IM), in minutes or hours at nearly e-mail, instant message (IM), in minutes or hours at nearly no labour cost.no labour cost.

Sending bulk messages in this fashion, to recipients who Sending bulk messages in this fashion, to recipients who have not solicited them, has come to be known as have not solicited them, has come to be known as spamming, and the messages themselves as spam.spamming, and the messages themselves as spam.


DEFINITIONDEFINITION

A A CAPTCHACAPTCHA (an acronym for " (an acronym for "ccompletely ompletely aautomated utomated ppublic ublic tturing test to tell uring test to tell ccomputers omputers and and hhumans umans aapart") is a type of part") is a type of challenge-challenge-response testresponse test used in computing to determine used in computing to determine whether or not the user is human. whether or not the user is human.

A CAPTCHA is a program that can generate A CAPTCHA is a program that can generate and grade tests that: and grade tests that:

Most humans can pass, butMost humans can pass, but Current computer programs can't pass Current computer programs can't pass


HOW DOES A CAPTCHA HOW DOES A CAPTCHA WORKS?WORKS?

A CAPTCHA image A CAPTCHA image shows a random string shows a random string which the user has to type which the user has to type to submit a form. This is a to submit a form. This is a simple problem for simple problem for humans, but a very hard humans, but a very hard problem for computers problem for computers which have to use which have to use character recognition, character recognition, especially, because the especially, because the displayed string is displayed string is alienated in a way, which alienated in a way, which makes it very hard for a makes it very hard for a computer to decode.computer to decode.


HOW ARE IMAGES INTEGATEDHOW ARE IMAGES INTEGATED

Both your web server and our CAPTCHA server need Both your web server and our CAPTCHA server need a common secret key. The picture is integrated quite a common secret key. The picture is integrated quite similar to page counters. As a parameter you have to similar to page counters. As a parameter you have to send a random string within the link. The secret key send a random string within the link. The secret key and the random string are used to generate the and the random string are used to generate the password. Both strings are needed to compute the password. Both strings are needed to compute the password. The password is computed by the password. The password is computed by the CAPTCHA server to generate the image and by your CAPTCHA server to generate the image and by your server to validate itserver to validate it


CHARACTERISTICSCHARACTERISTICS

They are They are completely automatedcompletely automated. This avoids the . This avoids the necessity for human maintenance or intervention in necessity for human maintenance or intervention in the test, with obvious benefits in cost and reliability.the test, with obvious benefits in cost and reliability.

The algorithm used is made The algorithm used is made publicpublic, though it may be , though it may be encumbered by a patent. This is stipulated so as to encumbered by a patent. This is stipulated so as to require that breaking a captcha requires the solution require that breaking a captcha requires the solution of a hard problem in the field of artificial intelligence of a hard problem in the field of artificial intelligence (AI) rather than just the discovery of the (secret) (AI) rather than just the discovery of the (secret) algorithm, which could be obtained through other algorithm, which could be obtained through other techniques.techniques.


VARIOUS TEST OF VARIOUS TEST OF CAPTCHACAPTCHA

GIMPYGIMPY BONGOBONGO PIXPIX SOUNDSOUND


GIMPYGIMPY

GimpyGimpy is our most is our most reliable system. It was reliable system. It was originally built for (and originally built for (and in collaboration with) in collaboration with) Yahoo! Yahoo!


BONGOBONGO Bongo is a program that asks Bongo is a program that asks

the user to solve a visual the user to solve a visual pattern recognition problem. pattern recognition problem. In particular, Bongo displays In particular, Bongo displays two series of blocks, the left two series of blocks, the left and the right series. The and the right series. The blocks in the left series differ blocks in the left series differ from those in the right, and from those in the right, and the user must find the the user must find the characteristic that sets the characteristic that sets the two series apart two series apart


PIXPIXPixPix a program that has a a program that has a

large database of large database of labeled images. All of labeled images. All of these images are these images are pictures of concrete pictures of concrete objects (a horse, a table, objects (a horse, a table, a house, a flower, etc). a house, a flower, etc).


SOUNDSOUND

SoundsSounds can be thought of as a sound version can be thought of as a sound version

of Gimpy. The program picks a word orof Gimpy. The program picks a word or

a sequence of numbers at random, renders a sequence of numbers at random, renders

the word or the numbers into a sound clip the word or the numbers into a sound clip

and distorts the clip. It then presents and distorts the clip. It then presents

the distorted sound clip to its user and asks the the distorted sound clip to its user and asks the

user to type in the contents of the sound clip.user to type in the contents of the sound clip.


APPLICATIONSAPPLICATIONS

Online pollsOnline polls Free E-mail servicesFree E-mail services Search engine botsSearch engine bots Worms and spamsWorms and spams Preventing dictionary attacksPreventing dictionary attacks


ONLINE POLLSONLINE POLLS In November 1999, http://www.slashdot.com released an In November 1999, http://www.slashdot.com released an

online poll asking which was the best graduate school in online poll asking which was the best graduate school in computer science (a dangerous question to ask over the computer science (a dangerous question to ask over the web!). As is the case with most online polls, IP addresses of web!). As is the case with most online polls, IP addresses of voters were recorded in order to prevent single users from voters were recorded in order to prevent single users from voting more than once. However, students at Carnegie voting more than once. However, students at Carnegie Mellon found a way to stuff the ballots using programs that Mellon found a way to stuff the ballots using programs that voted for CMU thousands of times. CMU's score started voted for CMU thousands of times. CMU's score started growing rapidly. The next day, students at MIT wrote their growing rapidly. The next day, students at MIT wrote their own program and the poll became a contest between voting own program and the poll became a contest between voting "bots". MIT finished with 21,156 votes, Carnegie Mellon "bots". MIT finished with 21,156 votes, Carnegie Mellon with 21,032 and every other school with less than 1,000. Can with 21,032 and every other school with less than 1,000. Can the result of any online poll be trusted? Not unless the poll the result of any online poll be trusted? Not unless the poll requires that only humans can vote. requires that only humans can vote.


FREE E-MAIL SERVICESFREE E-MAIL SERVICES

Several companies (Yahoo!, Microsoft, etc.) Several companies (Yahoo!, Microsoft, etc.) offer free email services. Most of these suffer offer free email services. Most of these suffer from a specific type of attack: "bots" that sign from a specific type of attack: "bots" that sign up for thousands of email accounts every up for thousands of email accounts every minute. This situation can be improved by minute. This situation can be improved by requiring users to prove they are human before requiring users to prove they are human before they can get a free email account. Yahoo!, for they can get a free email account. Yahoo!, for instance, uses a CAPTCHA test of our design instance, uses a CAPTCHA test of our design to prevent bots from registering for accounts to prevent bots from registering for accounts


SEARCH ENGINE BOTSSEARCH ENGINE BOTS

It is sometimes desirable to keep web pages It is sometimes desirable to keep web pages unindexed to prevent others from finding them easily. unindexed to prevent others from finding them easily. There is an html tag to prevent search engine bots There is an html tag to prevent search engine bots from reading web pages. The tag, however, doesn't from reading web pages. The tag, however, doesn't guarantee that bots won't read a web page; it only guarantee that bots won't read a web page; it only serves to say "no bots, please". Search engine bots, serves to say "no bots, please". Search engine bots, since they usually belong to large companies, respect since they usually belong to large companies, respect web pages that don't want to allow them in. However, web pages that don't want to allow them in. However, in order to truly guarantee that bots won't enter a web in order to truly guarantee that bots won't enter a web site, CAPTCHA tests are needed. site, CAPTCHA tests are needed.


WORMS AND SPAMSWORMS AND SPAMS

Tests also offer a plausible solution against Tests also offer a plausible solution against email worms and spam. A few companies are email worms and spam. A few companies are already marketing this idea. already marketing this idea.


PREVENTING DICTIONARY PREVENTING DICTIONARY ATTACKSATTACKS

CAPTCHA tests are also used to prevent CAPTCHA tests are also used to prevent dictionary attacks in password systems. The dictionary attacks in password systems. The idea is simple: prevent a computer from idea is simple: prevent a computer from being able to iterate through the entire space being able to iterate through the entire space of passwords. of passwords.


Captcha

Education

strong artificial intelligence

weak artificial intelligence

common element

series of pictures andthe

computers andtell computers

humans aparthumans

thein order

behavior of humans