iCAPTCHA iCAPTCHA
iCAPTCHA
Nov 07, 2014
Semantic annotation or tagging of images can greatly improve the accuracy and they find the task of image annotation boring and laborious despites its benefits in terms of search and retrieval. In this paper, we introduce a novel approach of luring users into image annotation: by embedding image annotation into a CAPTCHA design. A CAPTCHA is a standard security mechanism used by popular commercial websites to prevent automated programs from abusing the online services. Millions of users solve CAPTCHA s daily in order to access web content and services. We aim to utilize human effort spent in solving the CAPTCHA into a productive work of image annotation. We introduce iCAPTCHA, a user friendly and productive CAPTCHA design. Our premise is based on the human ability to recognize images and label them in proper categories. Each time a user solves an iCAPTCHA, he/she is helping to label images in proper categories which will in turn improve image search and retrieval. using image processing to decode CAPTCHA tests, recently techniques have been developed for utilizing a 3rd party human user to break given CAPCHA s. This type of attack is particularly difficult to prevent, and our research shows that no effective solutions currently exist. One of the primary aims of this paper is to present a novel and effective method for
coping with this security challenge.
coping with this security challenge.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
iCAPTCHiCAPTCH
AA
CAPTCHA AND iCAPTCHA CAPTCHA AND iCAPTCHA TECHNOLOGYTECHNOLOGY
CAPTCHACAPTCHA (Completely Automated Public Turing Test to Tell Computers and
Humans Apart)
i. Standard security mechanism.
ii. Prevent attack of automatic scripts.
iCAPTCHA (Interactive Completely Automated Public Turing Test to Tell Computers and Humans Apart)
1. next generation of CAPTCHA2. against 3rd party human attacks( legitimate user or
not).
Welcome to the Welcome to the CAPTCHA worldCAPTCHA world
CAPTCHACAPTCHA
Simple test , easy for humans . But Simple test , easy for humans . But difficult for computers to solve.difficult for computers to solve.
Protect resource from attack by the Protect resource from attack by the use of timing values.use of timing values.
Unable to distinguish between human Unable to distinguish between human attacker and a legitimate user.attacker and a legitimate user.
ApplicationsApplications
face-book ,e-mail services.face-book ,e-mail services.
IMCA( Instant Messenger IMCA( Instant Messenger CAPTCHA Attack )CAPTCHA Attack )
System used in CAPTCHA.System used in CAPTCHA. Instant Messenger (IM) network .Instant Messenger (IM) network . IM allow communication between two IM allow communication between two
or more participants over a network .or more participants over a network . Data exchange .Data exchange . IMCA Components IMCA Components Attack script : custom made to attack Attack script : custom made to attack IM connector : send and receive IM connector : send and receive
instant messages instant messages
EXAMPLE FOR EXAMPLE FOR CAPTCHACAPTCHA
iCAPTCHA ( Interactive iCAPTCHA ( Interactive CAPTCHACAPTCHA))
Reliable technique.Reliable technique. Concept and implementation Concept and implementation
a)a) use sequence of mouse clicks.use sequence of mouse clicks.
b)b) first click -CAPTCHA image first click -CAPTCHA image creating.creating.
c)c) mouse click- iCAPTCHA input.mouse click- iCAPTCHA input.
d)d) correct – perform functions.correct – perform functions.
iCAPTCHA MechanismiCAPTCHA Mechanism
interactioninteraction
Legitimate Web Server
User
1..Download CAPTCHAChallenge
2.. Response toCAPTCHA
Fig. Legitimate user’s interaction with iCAPTCHA
CAPTCHA in different CAPTCHA in different search enginesearch engine
Security FeaturesSecurity Features
• CAPTCHA - time out value CAPTCHA - time out value measuring .measuring .
( not detect legitimate ( not detect legitimate user or not .)user or not .)
• iCAPTCHA - time out value iCAPTCHA - time out value measuring permeasuring per
character.character.
( detect legitimate user or ( detect legitimate user or not .)not .)
Attack Detection Attack Detection AlgorithmsAlgorithms
Algorithms:Algorithms:
1.1. single slow response detection single slow response detection algorithmalgorithm
2.2. two consecutive slow response two consecutive slow response algorithmalgorithm
3.3. dynamic detection threshold dynamic detection threshold algorithmalgorithm
LIMITATIONSLIMITATIONS
users with impaired vision or motor users with impaired vision or motor skills.skills.
iCAPTCHA performance against iCAPTCHA performance against
character recognition based attacks.character recognition based attacks.
CONCLUSIONCONCLUSION
protecting resources from attacks.protecting resources from attacks. provide statistical timing for provide statistical timing for
evaluating the mechanism.evaluating the mechanism. attack detection based on detection attack detection based on detection
algorithms.algorithms. we hope iCAPTCHA encourage we hope iCAPTCHA encourage
researches andresearches and
develop more secure and reliable develop more secure and reliable CAPTCHA.CAPTCHA.
THANK YOU...THANK YOU...