iCAPTCHA iCAPTCHA
Nov 07, 2014
iCAPTCHiCAPTCH
AA
CAPTCHA AND iCAPTCHA CAPTCHA AND iCAPTCHA TECHNOLOGYTECHNOLOGY
CAPTCHACAPTCHA (Completely Automated Public Turing Test to Tell Computers and
Humans Apart)
i. Standard security mechanism.
ii. Prevent attack of automatic scripts.
iCAPTCHA (Interactive Completely Automated Public Turing Test to Tell Computers and Humans Apart)
1. next generation of CAPTCHA2. against 3rd party human attacks( legitimate user or
not).
Welcome to the Welcome to the CAPTCHA worldCAPTCHA world
CAPTCHACAPTCHA
Simple test , easy for humans . But Simple test , easy for humans . But difficult for computers to solve.difficult for computers to solve.
Protect resource from attack by the Protect resource from attack by the use of timing values.use of timing values.
Unable to distinguish between human Unable to distinguish between human attacker and a legitimate user.attacker and a legitimate user.
ApplicationsApplications
face-book ,e-mail services.face-book ,e-mail services.
IMCA( Instant Messenger IMCA( Instant Messenger CAPTCHA Attack )CAPTCHA Attack )
System used in CAPTCHA.System used in CAPTCHA. Instant Messenger (IM) network .Instant Messenger (IM) network . IM allow communication between two IM allow communication between two
or more participants over a network .or more participants over a network . Data exchange .Data exchange . IMCA Components IMCA Components Attack script : custom made to attack Attack script : custom made to attack IM connector : send and receive IM connector : send and receive
instant messages instant messages
EXAMPLE FOR EXAMPLE FOR CAPTCHACAPTCHA
iCAPTCHA ( Interactive iCAPTCHA ( Interactive CAPTCHACAPTCHA))
Reliable technique.Reliable technique. Concept and implementation Concept and implementation
a)a) use sequence of mouse clicks.use sequence of mouse clicks.
b)b) first click -CAPTCHA image first click -CAPTCHA image creating.creating.
c)c) mouse click- iCAPTCHA input.mouse click- iCAPTCHA input.
d)d) correct – perform functions.correct – perform functions.
iCAPTCHA MechanismiCAPTCHA Mechanism
interactioninteraction
Legitimate Web Server
User
1..Download CAPTCHAChallenge
2.. Response toCAPTCHA
Fig. Legitimate user’s interaction with iCAPTCHA
CAPTCHA in different CAPTCHA in different search enginesearch engine
Security FeaturesSecurity Features
• CAPTCHA - time out value CAPTCHA - time out value measuring .measuring .
( not detect legitimate ( not detect legitimate user or not .)user or not .)
• iCAPTCHA - time out value iCAPTCHA - time out value measuring permeasuring per
character.character.
( detect legitimate user or ( detect legitimate user or not .)not .)
Attack Detection Attack Detection AlgorithmsAlgorithms
Algorithms:Algorithms:
1.1. single slow response detection single slow response detection algorithmalgorithm
2.2. two consecutive slow response two consecutive slow response algorithmalgorithm
3.3. dynamic detection threshold dynamic detection threshold algorithmalgorithm
LIMITATIONSLIMITATIONS
users with impaired vision or motor users with impaired vision or motor skills.skills.
iCAPTCHA performance against iCAPTCHA performance against
character recognition based attacks.character recognition based attacks.
CONCLUSIONCONCLUSION
protecting resources from attacks.protecting resources from attacks. provide statistical timing for provide statistical timing for
evaluating the mechanism.evaluating the mechanism. attack detection based on detection attack detection based on detection
algorithms.algorithms. we hope iCAPTCHA encourage we hope iCAPTCHA encourage
researches andresearches and
develop more secure and reliable develop more secure and reliable CAPTCHA.CAPTCHA.
THANK YOU...THANK YOU...