In those early days before Google and Yahoo, there were two ways of getting a website or URL listed in Internet search engine databases; through web crawlers which automatically 'surfed' the net for URLs or through URL submission.
In order to prevent the search engine from being overloaded with URLs posted by automated systems, a means had to be found to ensure that the entity doing the listing was a human being, which led to the development of graphic puzzles as a test.
In 2000, Yahoo asked the Carnegie Mellon University to create a means to prevent bots from infiltrating its chat rooms. A team composed of Carnegie Mellon researchers developed a series of cognitive puzzles and called it 'CAPTCHA.' Although Yahoo was the first to make major use of CAPTCHA, others soon followed.
CAPTCHA stands for“ Completely Automated Turing Test To Tell Computers and Humans Apart”
It was given its name in the year 2000 in its birth place by Luis von Ahn, Manuel Blum, Nicholas Hopper and John Langford of Carnegie Mellon University.
CAPTCHA tests are dynamically generated by computers, in contrast to the standard Turing test which is administered by a human. This characteristic allows them to be widely used for practical security reasons.
The big fishes like Microsoft, Google, Yahoo use the CAPTCHA to ensure if the user performing the registration for a free e-mail id is a human and is not a bot.
When we talk about the world wide web consortium there are many insecurities prevailing there. The HTTP displays its vulnerability in not being able to distinguish among the human users and the machine users, better known as bots. The HTTP or the SSL (Secure Sockets Layer) cannot guarantee complete security to the client software. The SSL are cryptographic protocols which provide secure communications on the net for eg: chats, e-mail etc.
The malicious bots can be anonymous and are distributed on the internet. The sites which have exclusive data and which receive payments for sharing their data are the worst hit. Copyright infringement is an issue which is of mega concern on the internet.
Some of the applications of CAPTCHA’s are as follows:
Preventing Comment Spam in Blogs.
Most bloggers are familiar with programs that submit bogus comments, usually for the purpose of raising search engine ranks of some website (e.g., "buy penny stocks here"). This is called comment spam. By using a CAPTCHA, only humans can enter comments on a blog. There is no need to make users sign up before they enter a comment, and no legitimate comments are ever lost.
Protecting Website Registration.
Several companies (Yahoo!, Microsoft, etc.) offer free email services. Up until a few years ago, most of these services suffered from a specific type of attack: "bots" that would sign up for thousands of email accounts every minute. The solution to this problem was to use CAPTCHAs to ensure that only humans obtain free accounts. In general, free services should be protected with a CAPTCHA in order to prevent abuse by automated scripts.
Protecting Email Addresses From Scrapers.
Spammers crawl the Web in search of email addresses posted in clear text. CAPTCHAs provide an effective mechanism to hide your email address from Web scrapers. The idea is to require users to solve a CAPTCHA before showing your email address.
Online Polls.
In November 1999, http://www.slashdot.org released an online poll asking which was the best graduate school in computer science ( a dangerous question to ask over the web!). As is the case with most online polls, IP addresses of voters were recorded in order to prevent single users from voting more than once. However, students at Carnegie Mellon found a way to stuff the ballots using programs that voted for CMU thousands of times. CMU's score started growing rapidly. The next day, students at MIT wrote their own program and the poll became a contest between voting "bots." MIT finished with 21,156 votes, Carnegie Mellon with 21,032 and every other school with less than 1,000. Can the result of any online poll be trusted? Not unless the poll ensures that only humans can vote.
Preventing Dictionary Attacks
CAPTCHAs can also be used to prevent dictionary attacks in password systems. The idea is simple: prevent a computer from being able to iterate through the entire space of passwords by requiring it to solve a CAPTCHA after a certain number of unsuccessful logins. This is better than the classic approach of locking an account after a sequence of unsuccessful logins, since doing so allows an attacker to lock accounts at will.
Search Engine Bots.
It is sometimes desirable to keep web pages unindexed to prevent others from finding them easily. There is an html tag to prevent search engine bots from reading web pages. The tag, however, doesn't guarantee that bots won't read a web page; it only serves to say "no bots, please." Search engine bots, since they usually belong to large companies, respect web pages that don't want to allow them in. However, in order to truly guarantee that bots won't enter a web site, CAPTCHAs are needed.
Worms and Spam
CAPTCHAs also offer a plausible solution against email worms and spam: "I will only accept an email if I know there is a human behind the other computer." A few companies are already marketing this idea.
Thus CAPTCHA’s have found a very important role in the various internet applications. The CAPTCHA’s have enhanced the role of the Artificial Intelligence fraternity. It’s a win-win situation. Many hackers try and crack the CAPTCHA’s so it’s a constant combat between them. If the CAPTCHA is solved then the bots win then a very difficult problem pertaining to the artificial intelligence is solved and it advances a step further or else if it is not solved then stenographic cryptography wins. Thus the CAPTCHA’s have given the Artificial Intelligence fraternity a big boost.
There are certain types of CAPTCHA’s they are presented as follows:
GIMPY:
Gimpy gives the images of the distorted text. In the current version you can see five pairs of overlapping words , in which the user needs to identify three words.
Gimpy basically includes random placement, font distortion, background pattern.
BONGO:
It is a visual puzzle. Computer can generate and display but not solve it.
The bongo CAPTCHA is basically named after the M. M Bongard who published a book on pattern recognition. One of the disadvantages of Bongo puzzle is if the number of choices is more then there are chances that the human beings may get it wrong and if the number of choices are not sufficient then the computers can be effective in making random guesses.
PIX:
Pix CAPTCHA works on the principle of photo recognition.
In this instead of typing the letters you authenticate yourself as a human by recognizing what object is common in a set of images this was the first example of a CAPTCHA based on image recognition.
SPEECH CAPTCHA:
It usually spells out one-time passwords in synthesized or recorded voices. It is used with image CAPTCHA for increased accessibility.
BAFFLE TEXT:
Scientists at the Palo Alto Research Center have designed a new breed of CAPTCHA called Baffle ext that follows the same approach as GIMPY but distorts the image much more than GIMPY.
They put image and scan it back in or apply a technique called threshold—transferring the image from color to black and white and back again. This changes gray levels and adds random noise to the image. The image deteriorates until pattern recognition systems fail. Further, Baffle ext unlike the earlier GIMPY, uses only nonsense words.
MAPTCHA :
There have been various attempts at creating CAPTCHAs that are more accessible. Attempts include the use of JavaScript, mathematical questions ("what is 1+1" -- also known as a MAPTCHA, or Mathematical CAPTCHA), or "common sense" questions ("what color is the sky").
COMPUTER CHARACTER RECOGNITION:
A number of research projects have attempted (often with success) to beat visual CAPTCHAs by creating programs that contain the following functionality:
Removal of background clutter, for example with color filters and detection of thin lines Extraction of the image from the web page.
Segmentation, i.e. splitting the image into regions each containing a single letter.Identifying the letter for each region.
Steps 1, 2, and 4 are easy tasks for computers The only part where humans still outperform computers is segmentation. If the background clutter consists of shapes similar to letter shapes, and the letters are connected by this clutter, the segmentation becomes nearly impossible with current software. Hence, an effective CAPTCHA should focus on the segmentation.Several research projects have broken real world CAPTCHAs, including one of Yahoo's early CAPTCHAs called "EZ-Gimpy"and the CAPTCHA used by popular sites such as Paypal and LiveJournal as well as open source software such as phpBB. In January 2008 Network Security Research released their program for automated Yahoo! CAPTCHA recognition.In February 2008 it was reported that spammers had achieved a success rate of 30% to 35%, using a bot, in responding to CAPTCHAs for Microsoft's Live Mail service.
HUMAN SOLVERS:
CAPTCHA is vulnerable to a relay attack that uses humans to solve the puzzles. One approach involves relaying the puzzles to a sweatshop of human operators who can solve CAPTCHAs. In this scheme, a computer fills out a form and when it reaches a CAPTCHA, it gives the CAPTCHA to the human operator to solve. If the humans are dedicated employees who receive minimum wage this is not likely to be viableAnother variation of this technique involves copying the CAPTCHA images and using them as CAPTCHAs for a high-traffic site owned by the attacker. With enough traffic, the attacker can get a solution to the CAPTCHA puzzle in time to relay it back to the target site In October 2007, a piece of malware appeared in the wild which enticed users to solve CAPTCHAs in order to see progressively further into a series of "striptease" images.
3D:
A future generation of 3D captcha will be coming into picture.
SAPTCHA:
SAPTCHA stands for Semi Automatic Public Turing Test to Tell Computers and Humans Apart.SAPTCHA is proposed as more accessible alternative to CAPTCHA that may replace CAPTCHA in services such as most blogs and forums. SAPTCHA works as lightweight CAPTCHA.
The concept follows from observation that there is many cases where automated generation of unique test question or image does not add much to prevention of abuse - spammer do not need to pass test more than once on same forum or blog anyway. Often, there's no human spammer interacting with website at all [who wouldn't love to think that his site is so important that it is spammed personally :-)]; in such cases static question is not worse at stopping bot than dynamic. Human generated questions has much broader diversity and is thus harder for computer to answer. It must be also noted that CAPTCHA itself is not really "completely automatic" - human has to write and maintain test software, which will not change often but is costly to develop.
John had one thousand apples and five oranges. He ate as many of his apples as there is letters in word "apple". Also he ate two bananas :-). How many apples John have?
Your answer:
CONCLUSION:
CAPTCHA implies a win-win situation; either the CAPTCHA is not broken and there is a way to differentiate humans from computers, or the CAPTCHA is broken and an useful Artificial Intelligence problem is solved.This approach has the beneficial side effect of inducing security researchers, as well as otherwise malicious programmers, to advance the field of AI..
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment