Professional Documents
Culture Documents
Seminar Report ON
CAPTCHA
Submitted in partial fulfillment of the requirements for the award of the degree of
CERTIFICATE
This is to certify that the Seminar titled CAPTCHA is a bonafide work carried out by following final year student
GUIDE
HEAD OF DEPARTMENT
[Mr.
JITENDRA SHARMA]
ACKNOWLEDGEMENT
Achieving a milestone for any person alone is extremely difficult. However there are some motivators who come across the curvaceous path like twinkling star in the sky and make our task much easier. It becomes our humble and foremost duty to acknowledge all of them. My ethical accountability is to be extremely indebted to Mr. Nimish Arvind (HOD) for his excellent guidance. I am highly obliged and thankful to my seminar guide Mr. Jitendra Sharma, who provided immense support as answer to my extreme queries that i kept firing at them during the preparation of the seminar. I would also like to thank Ms. (Deepika Sainani) whose support and cooperation helped in conducting the study smoothly. I owe my sincere thanks to Principal Dr.R.K.Khanna (BMIT,Jaipur), who provided me required guidance and facility. Last but not least, we pay our sincere thanks and gratitude to all the staff members of Baldev Ram Mirdha Institute of Technology, to provide excellent opportunity and environment throughout my preparation of the seminar. I am also thankful to all our colleagues and staff members for their co-operation and support.
PREFACE
Seminar Presentation forms an integral component of any professional course. The institute where we pursue our studies can not provide that practical knowledge on all aspects of learning. Often the study of a subject is said to be incomplete until the student has been exposed to its practical aspects. The theoretical studies provide the pools of knowledge whereas the practical application make agile and competent. As the important part of the engineering curriculum, each student has to undergo through the Seminar Presentation. This B.Tech. course Seminar helps a student in getting acquainted with the manner in which his/her knowledge is being practically, normally different from what he/she has learnt from books. Hence, when the student switches from the process of learning to that of implementing his/her knowledge, he/she finds an abrupt change. This is exactly why this seminar session during the B.E curriculum becomes all the more important. Seminar presentation is prescribed for the student of Technical College as a part of the four year degree course of engineering by the AICTE. We are required to give the presentation on any of the current topics or technology. As an engineering student, I had opportunity to study and present the seminar on CAPTCHA Abhishek kumar ghosh (08EBMIT003)
Contents
S.N o
1 2 3 4 5 4 5 6 7 8 Applications 9 10 11 12 13 ReCAPTCHA Breaking of CAPTCHAS New Proposed Approaches Conclusion Bibliography 14 16 17 19 20
Topic
Cover Page Certificate Acknowledgment Preface Contents Abstract Why use CAPTCHAS Definitions Types of CAPTCHAS Major Areas Of
Page No.
1 2 3 4 5 6 7 8 9 11
ABSTRACT
Use of INTERNET has remarkably increased Globally in the past 10-12 years and so is the need of the Security over it. Marketing and Advertisement over INTERNET has seen companies like GOOGLE being made, which at the moment is traded at 181 billion USD i.e. Almost twice of General Motors, McDonalds combined. Well this presentation is about Security achieved over Internet using CAPTCHAS. CAPTCHAS are basically software programs which act as a test to any user over internet that the person (user) is a human or another machine. This concept is used by all the big companies over internet Google, yahoo or facebook (name any).So what are these CAPTCHAS? And what are their possible applications? This is what we cover in our presentation.
Now students at CMU and MIT instantly wrote a program which increased their vote counts using software and ultimately the poll had to be taken down because both MIT and CMU had millions of votes while others struggled to reach thousands.
There are situations like these where youneedtodistinguishwhether user is a machine or a computer. This is where we use CAPTCHAS.
DEFINITIONS
Types of CAPTCHAS
There are basically 3 types of CAPTCHAS
These are based on humans ability to depict sounds that may be distorted, following algorithm is followed in using it: a) Pick a word or a sequence of numbers at random b) Render them into an audio clip using a TTS software c) Distort the audio clip d) Ask the user to identify and type the word or numbers
Preventing Comment Spam in Blogs. Most bloggers are familiar with programs that submit bogus comments, usually for the purpose of raising search engine ranks of some website (e.g., "buy penny stocks here"). This is called comment spam. By using a CAPTCHA, only humans can enter comments on a blog. There is no need to make users sign up before they enter a comment, and no legitimate comments are ever lost!
Protecting Website Registration. Several companies (Yahoo!, Microsoft, etc.) offer free email services. Up until
a few years ago, most of these services suffered from a specific type of attack: "bots" that would sign up for thousands of email accounts every minute. The solution to this problem was to use CAPTCHAs to ensure that only humans obtain free accounts. In general, free services should be protected with a CAPTCHA in order to prevent abuse by automated scripts.
Protecting Email Addresses From Scrapers. Spammers crawl the Web in search of email addresses posted in clear text. CAPTCHAs provide an effective mechanism to hide your email address from Web scrapers. The idea is to require users to solve a CAPTCHA before showing your email address. A free and secure implementation that uses CAPTCHAs to obfuscate an email address can be found at reCAPTCHA MailHide.
Online Polls. In November 1999, http://www.slashdot.org released an online poll asking which was the best graduate school in computer science (a dangerous question to ask over the web!). As is the case with most online polls, IP addresses of voters were recorded in order to prevent single users from voting more than once. However, students at Carnegie Mellon found a way to stuff the ballots using programs that voted for CMU thousands of times. CMU's score started growing rapidly. The next
day, students at MIT wrote their own program and the poll became a contest between voting "bots." MIT finished with 21,156 votes, Carnegie Mellon with 21,032 and every other school with less than 1,000. Can the result of any online poll be trusted? Not unless the poll ensures that only humans can vote.
Preventing Dictionary Attacks. CAPTCHAs can also be used to prevent dictionary attacks in password systems. The idea is simple: prevent a computer from being able to iterate through the entire space of passwords by requiring it to solve a CAPTCHA after a certain number of unsuccessful logins. This is better than the classic approach of locking an account after a sequence of unsuccessful logins, since doing so allows an attacker to lock accounts at will.
Search Engine Bots. It is sometimes desirable to keep webpages unindexed to prevent others from finding them easily. There is an html tag to prevent search engine bots from reading web pages. The tag, however, doesn't guarantee that bots won't read a web page; it only serves to say "no bots, please." Search engine bots, since they usually belong to large companies, respect web pages that don't want to allow them in. However, in order to truly
guarantee that bots won't enter a web site, CAPTCHAs are needed.
Worms and Spam. CAPTCHAs also offer a plausible solution against email worms and spam: "I will only accept an email if I know there is a human behind the other computer." A few companies are already marketing this idea
ReCAPTCHA
ReCAPTCHA is a free CAPTCHA service that helps to digitize books, newspapers and old time radio shows About 200 million CAPTCHAs are solved by humans around the world every day. In each case, roughly ten seconds of human time are being spent. Individually, that's not a lot of time, but in aggregate these little puzzles consume more than 150,000 hours of work each day. What if we could make positive use of this human effort? ReCAPTCHA does exactly that by channeling the effort spent solving CAPTCHAs online into "reading" books. To archive human knowledge and to make information more accessible to the world, multiple projects are currently digitizing physical books that were written before the computer age. The book pages are being photographically scanned, and then transformed into text using "Optical Character Recognition" (OCR). The transformation into text is useful because scanning a book produces images, which are difficult to store on small devices, expensive to download, and cannot be searched. The problem is that OCR is not perfect. ReCAPTCHA improves the process of digitizing books by sending words that cannot be read by computers to the Web in the form of CAPTCHAs for humans to decipher. More specifically, each word that cannot be read correctly by OCR is
placed on an image and used as a CAPTCHA. This is possible because most OCR programs alert you when a word cannot be read correctly. But if a computer can't read such a CAPTCHA, how does the system know the correct answer to the puzzle? Here's how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct
BREAKING OF CAPTCHAS
There are two methods used till now to break these CAPTCHAS one uses decoding softwares which removes noise and other uses humans
1.
Some text based CAPTCHAs have been broken by software which has 3 properties as :
PreProcessing : Removal of background clutter and noise Segmentation : Splitting the image into regions which each contain a single character. Classification: Identifying the character in each region
2.
Other CAPTCHAs can be broken by streaming the tests for unsuspecting users to solve.
Randomly distort both the images and their URLs before displaying them Expire the CAPTCHA in 30-45 seconds
The database already exists and is public The database is constantly being updated and maintained Adding concrete objects to the dictionary is virtually instantaneous Distortion prevents caching hacks Quick expiration limits streaming hacks
Unlike CAPTCHAs using random letters and numbers, the number of challenge words is limited.
Conclusion
1.CAPTCHAS are any software that distinguishes human and machine. 2.Research in CAPTCHAS implies advancement in AI making computers understand how human thinks. 3.Internet companies are making billions of dollars every year, their security and services quality matters and so does the advancement in CAPTCHA technology. 4.Different methods of CAPTCHAS are being studied but new ideas like ReCAPTCHA using human time on internet is amazing.
BIBLIOGRAPHY
[i] www.phpcaptcha.org [ii] www.captcha.net [iii] www.wikipedia.com [iv]Research papers by Louis Ahn (Carmegie mellon university).