Date post: | 13-Mar-2016 |
Category: |
Documents |
Upload: | iserp-iserp |
View: | 214 times |
Download: | 1 times |
Implementation of Secure Multilayered
CAPTCHA
Ramesh Babu .A1 Praveen kumar .K2 Dr. Srinivasa Rao.V3 Student (M.Tech) Sr.Lecturer Professor & Head
Department of Computer Science and Engineering V R Siddhartha Engineering College
Vijayawada, A.P-520007 [email protected] [email protected] [email protected]
ABSTRACT
In order to avoid tremendous attack from
malicious computer programs, CAPTCHA
(Completely Automated Public Turing test
to tell Computers and Human Apart)
mechanism has been introduced to
distinguish humans and computers. They are
used to protect various kinds of online
services from advertising spam, brute
force attacks and denial of service by
automatic computer programs. In general
the present CAPTCHAS are 2D. Due to the
fast development of pattern recognition and
artificial intelligence technology, there are
increasing safety loopholes concerning
traditional 2D static CAPTCHAs, resulting
in that certain malicious computer programs
could launch serious program attack through
breaking such CAPTCHA.
So in our project we propose a practical and
safe 3-layer dynamic CAPTCHA which is
very hard to break and which prevent the
attack from malicious computer program.
The 3-layered dynamic CAPTCHA can be
implemented by using the “layered”
concept. Three layers are: Character Layer,
Background Interference Layer and
Foreground Interference Layer.
Keywords
CAPTCHA; 3-layer; dynamic; single-frame
zero knowledge theory; biological vision
theory; moving objects recognition
1. INTRODUCTION
CAPTCHA is a program that can tell
whether its user is a human or a computer. It
can also be defined as the program that can
generate and grade tests that:
a. Most humans can pass
b. Current computer programs cannot pass
IJA
EST
Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219
ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 200
Fig 1.1 Functionality of CAPTCHA
CAPTCHA is an acronym for
• Completely
• Automated
• Public
• Turing test to tell
• Computers and
• Humans
• Apart
CAPTCHA technology has its foundation in
an experiment called the Turing Test. Alan
Turing, sometimes called the father of
modern computing, proposed the test as a
way to examine whether or not machines
can think -- or appear to think -- like
humans. The classic test is a game of
imitation. In this game, an interrogator asks
two participants a series of questions. One of
the participants is a machine and the other is
a human. The interrogator can't see or hear
the participants and has no way of knowing
which is which. If the interrogator is unable
to figure out which participant is a machine
based on the responses, the machine passes
the Turing Test.Of course, with a
CAPTCHA, the goal is to create a test that
humans can pass easily but machines can't.
It's also important that the CAPTCHA
application is able to present different
CAPTCHAs to different users. If a visual
CAPTCHA presented a static image that was
the same for every user, it wouldn't take long
before a spammer spotted the form,
deciphered the letters, and programmed an
application to type in the correct answer
automatically.
One alternative to a visual test is an audible
one. An audio CAPTCHA usually presents
the user with a series of spoken letters or
numbers. It's not unusual for the program to
distort the speaker's voice, and it's also
common for the program to include
background noise in the recording. This
helps thwart voice recognition programs.
Another option is to create a CAPTCHA
that asks the reader to interpret a short
passage of text. A contextual CAPTCHA
quizzes the reader and tests comprehension
skills. While computer programs can pick
out key words in text passages, they aren't
very good at understanding what those
words actually mean.
IJAEST
Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219
ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 201
In 2007 nearly 95% of the mails
received by the world’s Internet users were
junk mails. Similar situations are registering
user accounts maliciously, cracking account
passwords with brute force, etc. All of these
bring a great threat to the network.
In order to prevent similar incidents from
happening again, CAPTCHA mechanism
comes into being, which is short for
Completely Automated Public Turing Test
to Tell Computers and Humans Apart. In
2000 Carnegie Mellon University set up the
first CAPTCHA group, followed by many
scholars studying CAPTCHA to find how to
better tell between humans and computers
apart. Currently, in order to prevent
malicious programs from issuing
advertisements or other useless information
recklessly, message boards of BBS, blog and
wiki have widely used CAPTCHA
mechanism, requiring that users must input
the correct letters to leave a message.
CAPTCHA also plays a significant role in
limiting usage rate. For example, the
automatic use of a particular service is
allowed unless such use goes beyond certain
1.1 TYPES OF CAPTCHAS
CAPTCHAs are classified based on what is
distorted and presented as a challenge to the
user. They are:
1.1.1 Text CAPTCHAs:
These are simple to implement. The simplest
yet novel approach is to present the user
with some questions which only a human
user can solve. Examples of such questions
are:
1. What is twenty minus three?
2. What is the third letter in UNIVERSITY?
3. Which of Yellow, Thursday and Richard
is a colour?
4. If yesterday was a Sunday, what is today?
Such questions are very easy for a
human user to solve, but it’s very difficult to
program a computer to solve them. These
are also friendly to people with visual
disability – such as those with colour
blindness. Other text CAPTCHAs involves
text distortions and the user is asked to
identify the text hidden. The various
implementations are:
1.1.1.1 Gimpy:
Gimpy is a very reliable text CAPTCHA
built by CMU in collaboration with Yahoo
for their Messenger service. Gimpy is based
on the human ability to read extremely
distorted text and the inability of computer
programs to do the same. Gimpy works by
choosing ten words randomly from a
dictionary, and displaying them in a
IJAEST
Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219
ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 202
distorted and overlapped manner. Gimpy
then asks the users to enter a subset of the
words in the image. The human user is
capable of identifying the words correctly,
whereas a computer program cannot.
Fig.1.2 Gimpy example
1.1.1.2 Ez-Gimpy:
This is a simplified version of the
Gimpy CAPTCHA, adopted by Yahoo in
their signup page. Ez – Gimpy randomly
picks a single word from a dictionary and
applies distortion to the text. The user is
then asked to identify the text correctly.
This was developed by Henry Baird
at University of California at Berkeley. This
is a variation of the Gimpy. This doesn’t
contain dictionary words, but it picks up
random alphabets to create a nonsense but
pronounceable text. Distortions are then
added to this text and the user is challenged
to guess the right word. This technique
overcomes the drawback of Gimpy
CAPTCHA because, Gimpy uses dictionary
words and hence, clever bots could be
designed to check the dictionary for the
matching word by brute-force.
Fig.1.3 Ez-Gimpy example
1.1.1.3 MSN CAPTCHA:
Microsoft uses a different
CAPTCHA for services provided under
MSN umbrella. These are popularly called
MSN Passport CAPTCHAs. They use eight
characters (upper case) and digits.
Foreground is dark blue, and background is
grey. Warping is used to distort the
characters, to produce a ripple effect, which
makes computer recognition very difficult. IJAEST
Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219
ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 203
Fig.1.4 MSN CAPTCHA example
1.1.2 Graphic CAPTCHAs:
Graphic CAPTCHAs are challenges
that involve pictures or objects that have
some sort of similarity that the users have to
guess. They are visual puzzles, similar to
Mensa tests. Computer generates the puzzles
and grades the answers, but is itself unable
to solve it.
1.1.2.1 Bongo:
Another example of a CAPTCHA is
the program we call BONGO [2]. BONGO
is named after M.M. Bongard, who
published a book of pattern recognition
problems in the 1970s [3]. BONGO asks the
user to solve a visual pattern recognition
problem. It displays two series of blocks, the
left and the right. The blocks in the left
series differ from those in the right, and the
user must find the characteristic that sets
them apart.
Fig.1.5 Bongo example
1.1.2.2 PIX:
PIX is a program that has a large database of
labeled images. All of these images are
pictures of concrete objects (a horse, a table,
a house, a flower). The program picks an
object at random, finds six images of that
object from its database, presents them to
the user and then asks the question “what are
these pictures of?” Current computer
programs should not be able to answer this
question, so PIX should be a CAPTCHA.
However, PIX, as stated, is not a
CAPTCHA: it is very easy to write a
program that can answer the question “what
are these pictures of?” Remember that all
the code and data of a CAPTCHA should be
publicly available; in particular, the image
database that PIX uses should be public.
Hence, writing a program that can answer
the question “what are these pictures of?” is
easy: search the database for the images
presented and find their label. Fortunately,
this can be fixed. One way for PIX to
become a CAPTCHA is to randomly distort
the images before presenting them to the
user, so that computer programs cannot
IJAEST
Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219
ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 204
easily search the database for the undistorted
image. Pick the common characteristic
among the following pictures-----
”Aeroplane”
Fig.1.6 PIX example
1.1.3 Audio CAPTCHA:
The final example we offer is based
on sound. The program picks a word or a
sequence of numbers at random, renders the
word or the numbers into a sound clip and
distorts the sound clip; it then presents the
distorted sound clip to the user and asks
users to enter its contents. This CAPTCHA
is based on the difference in ability between
humans and computers in recognizing
spoken language. Nancy Chan of the City
University in Hong Kong was the first to
implement a sound-based system of this
type. The idea is that a human is able to
efficiently disregard the distortion and
interpret the characters being read out while
software would struggle with the distortion
being applied, and need to be effective at
speech to text translation in order to be
successful. This is a crude way to filter
humans and it is not so popular because the
user has to understand the language and the
accent in which the sound clip is recorded.
Fig.1.7 example for Audio CAPTCHA
1.1.4 ReCAPTCHA and book
Digitization:
To counter various drawbacks of the
existing implementations, researchers at
CMU developed a redesigned CAPTCHA
aptly called the reCAPTCHA. About 200
million CAPTCHAs are solved by humans
around the world every day. In each case,
roughly ten seconds of human time are
IJAEST
Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219
ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 205
being spent. Individually, that's not a lot of
time, but in aggregate these little puzzles
consume more than 150,000 hours of work
each day. What if we could make positive
use of this human effort? reCAPTCHA does
exactly that by channeling the effort spent
solving CAPTCHAs online into "reading"
books.
To archive human knowledge and to
make information more accessible to the
world, multiple projects are currently
digitizing physical books that were written
before the computer age. The book pages are
being photographically scanned, and then
transformed into text using "Optical
Character Recognition" (OCR). The
transformation into text is useful because
scanning a book produces images, which are
difficult to store on small devices, expensive
to download, and cannot be searched. The
problem is that OCR is not perfect.
ReCAPTCHA improves the process of
digitizing books by sending words that
cannot be read by computers to the Web in
the form of CAPTCHAs for humans to
decipher. More specifically, each word that
cannot be read correctly by OCR is placed
on an image and used as a CAPTCHA. This
is possible because most OCR programs
alert you when a word cannot be read
correctly. But if a computer can't read such a
CAPTCHA, how does the system know the
correct answer to the puzzle? Here's how:
Each new word that cannot be read correctly
by OCR is given to a user in conjunction
with another word for which the answer is
already known. The user is then asked to
read both words. If they solve the one for
which the answer is known, the system
assumes their answer is correct for the new
one. The system then gives the new image to
a number of other people to determine, with
higher confidence, whether the original
answer was correct. Currently, reCAPTCHA
is employed in digitizing books as part of
the Google Books Project.
First line shows scanned text,
second line shows text read by OCR
Fig.1.8 examples for reCAPTCHA and
Book digitization
IJAEST
Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219
ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 206
1.2 APPLICATIONS:
CAPTCHA s have several applications for
practical security, including
Preventing Comment Spam in Blogs:
Most bloggers are familiar with programs
that submit bogus comments, usually for the
purpose of raising search engine ranks of
some website (e.g., "buy penny stocks
here"). This is called comment spam. By
using a CAPTCHA, only humans can enter
comments on a blog. There is no need to
make users sign up before they enter a
comment, and no legitimate comments are
ever lost!
Protecting Website Registration: Several
companies (Yahoo!, Microsoft, etc.) offer
free email services. Up until a few years
ago, most of these services suffered from a
specific type of attack: "bots" that would
sign up for thousands of email accounts
every minute. The solution to this problem
was to use CAPTCHAs to ensure that only
humans obtain free accounts. In general, free
services should be protected with a
CAPTCHA in order to prevent abuse by
automated scripts.
Fig.1.9 example showing website
registration
Protecting Email Addresses From
Scrapers: Spammers crawl the Web
in search of email addresses posted
in clear text. CAPTCHAs provide
an effective mechanism to hide your
email address from Web scrapers.
The idea is to require users to solve
a CAPTCHA before showing your
email address. A free and secure
implementation that uses
CAPTCHAs to obfuscate an email
address can be found at
reCAPTCHA MailHide.
Online Polls: In November 1999,
http://www.slashdot.org released an
online poll asking which was the
best graduate school in computer
science (a dangerous question to ask
over the web!). As is the case with
IJAEST
Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219
ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 207
most online polls, IP addresses of
voters were recorded in order to
prevent single users from voting
more than once. However, students
at Carnegie Mellon found a way to
stuff the ballots using programs that
voted for CMU thousands of times.
CMU's score started growing
rapidly. The next day, students at
MIT wrote their own program and
the poll became a contest between
voting "bots." MIT finished with
21,156 votes, Carnegie Mellon with
21,032 and every other school with
less than 1,000. Can the result of
any online poll be trusted? Not
unless the poll ensures that only
humans can vote.
Fig.1.10 example for online polling
Preventing Dictionary Attacks:
CAPTCHAs can also be used to
prevent dictionary attacks in
password systems. The idea is
simple: prevent a computer from
being able to iterate through the
entire space of passwords by
requiring it to solve a CAPTCHA
after a certain number of
unsuccessful logins. This is better
than the classic approach of locking
an account after a sequence of
unsuccessful logins, since doing so
allows an attacker to lock accounts
at will.
Search Engine Bots: It is
sometimes desirable to keep
webpage’s unindexed to prevent
others from finding them easily.
There is an html tag to prevent
search engine bots from reading
web pages. The tag, however,
doesn't guarantee that bots won't
read a web page; it only serves to
say "no bots, please." Search engine
bots, since they usually belong to
large companies, respect web pages
that don't want to allow them in.
However, in order to truly guarantee
that bots won't enter a web site,
CAPTCHAs are needed.
Worms and Spam: CAPTCHAs
also offer a plausible solution
against email worms and spam: "I
will only accept an email if I know
there is a human behind the other
computer." A few companies are
already marketing this idea.
IJAEST
Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219
ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 208
Preventing Unauthorized Access:
The CAPTCHA mechanism
prevents a hacker who tries to crack
a password using Brute force
method or any other password
cracking method.
1.3 BREAKING CAPTCHA
The challenge in breaking a CAPTCHA isn't
figuring out what a message says -- after all,
humans should have at least an 80 percent
success rate. The really hard task is teaching
a computer how to process information in a
way similar to how humans think. In many
cases, people who break CAPTCHAs
concentrate not on making computers
smarter, but reducing the complexity of the
problem posed by the CAPTCHA. Let's
assume you've protected an online form
using a CAPTCHA that displays English
words. The application warps the font
slightly, stretching and bending the letters in
unpredictable ways. In addition, the
CAPTCHA includes a randomly generated
background behind the word.
A programmer wishing to break this
CAPTCHA could approach the problem in
phases. He or she would need to write an
algorithm -- a set of instructions that directs
a machine to follow a certain series of steps.
In this scenario, one step might be to convert
the image in grayscale. That means the
application removes all the color from the
image, taking away one of the levels of
obfuscation the CAPTCHA employs. Next,
the algorithm might tell the computer to
detect patterns in the black and white image.
The program compares each pattern to a
normal letter, looking for matches. If the
program can only match a few of the letters,
it might cross reference those letters with a
database of English words. Then it would
plug in likely candidates into the submit
field. This approach can be surprisingly
effective. It might not work 100 percent of
the time, but it can work often enough to be
worthwhile to spammers. What about more
complex CAPTCHAs? TheGimpy
CAPTCHA displays 10 English words with
warped fonts across an irregular
background. The CAPTCHA arranges the
words in pairs and the words of each pair
overlap one another. Users have to type in
three correct words in order to move
forward. How reliable is this approach? As it
turns out, with the right CAPTCHA-
cracking algorithm, it's not terribly reliable.
Greg Mori and Jitendra Malik published a
paper detailing their approach to cracking
the Gimpy version of CAPTCHA
1.3.1 Breaking CAPTCHAs
without OCR:
Most CAPTCHAs don't destroy the session
when the correct phrase is entered. So by
reusing the session id of a known
CAPTCHA image, it is possible to automate
IJAEST
Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219
ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 209
requests to a CAPTCHA-protected page.
Manual steps: Connect to CAPTCHA page
Record session ID and CAPTCHA plaintext
Automated steps: Resend session ID and
CAPTCHA plaintext any number of times,
changing the user data. The other user data
can change on each request. We can then
automate hundreds, if not thousands of
requests, until the session expires, at which
point we just repeat the manual steps and
then reconnect with a new session ID and
CAPTCHA text. Traditional CAPTCA-
breaking software involves using image
recognition routines to decode CAPTCHA
images. This approach bypasses the need to
do any of that, making it easy to hack
CAPTCHA images.
2. AIM AND SCOPE OF THE
PROJECT
2.1 AIM:
The mainstay of this project is to avoid
tremendous attack from malicious computer
programs, CAPTCHA (Completely
Automated Public Turing test to tell
Computers and Human Apart) mechanism
has been introduced to distinguish humans
and computers.
2.2 SCOPE OF THE PROJECT:
2.2.1 Existing System:
Currently, there are mainly three kinds of
methods to implement the CAPTCHA
mechanism: OCR (Optical character
recognition) visual method, non-OCR visual
method and non-visual method.
The 2D static CAPTCHA based on OCR
visual method takes advantage of superiority
in language barrier, security and easy use,
becoming the most widely used CAPTCHA.
Commonly seen CAPTCHAs are: Gimpy
series CAPTCHA designed by Carnegie
Mellon University in 2000, Pessimal Print
CAPTCHA designed by Henry Baird from
PARC(Palo Alto Research Center) in 2000,
and Baffle Text CAPTCHA designed by
Baird in cooperation with Monica Chew
from California Berkeley in 2003. However,
with the fast development of OCR
technology based on neural network, as well
as the emergence of a variety of character
segmentation technology, CAPTCHAs of
lots of websites have been attacked. A
Russian programmer has ever cracked the
CAPTCHA mechanism of Yahoo with 35%
success rate. Also, the CAPTCHA
mechanism of Microsoft live mail has been
bothered by junk mails many times. Given
facts like these, newly designed CAPTCHAs
have become increasingly complex, so that
some of those are extremely difficult to
identify.
Though there are many different kinds of
specific implementations for non-OCR
visual method, it eventually comes down to
IJAEST
Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219
ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 210
the OCR problem in general, requiring users
to identify images. It is not so widely used.
Up to now, except some research sites,
commercial sites rarely use it. Specific
implementation algorithms are: CAPTCHA
algorithm based on real object image
identification and designed by R. Datta, etc,
CAPTCHA algorithm based on image
similarity judgment and designed by J.
Elson, etc and so forth. Non-OCR visual
method is designed for special occasions and
certain user groups, thus it has very limited
applications.
Examples are: voice-based CAPTCHA
algorithm intended for visually disabled
people and designed by G. Kochanski, etc,
CAPTCHA algorithm based on
collaborative filtering and designed by M.
Chew and so forth. In conclusion, the OCR-
based 2D static visual method is the main
way to implement current CAPTCHA
mechanism. However, it could no longer
strike a balance between security and easy
use, calling for a new kind of CAPTCHA to
address this increasingly prominent
problem.
2.2.2 Proposed System :
Dynamic CAPTCHA can make it not only
extremely hard to crack for computer
programs using multiple frames, but also
easy for humans to identify. According to
anatomical, physiological and functional
characteristics of the visual system, there are
two visual pathways in the brain, the ventral
pathway, which function is to identify
objects, and the dorsal pathway, which
function is to identify spatial location and
movement of objects. Both the identifiability
and contrast ratio of images will affect
moving objects. In the right hemisphere, 3D
movement shows stronger brain activity
than 2D movement. The biological vision
theory says that the perception ability of
moving objects far exceeds that of static
objects for biological vision. For example,
we can easily recognize a running cheetah in
a jungle while could hardly notice a
stationary cheetah in the jungle. The reason
is that the human visual system can easily
reconstruct the overall shape merely from
vague displacements of parts of the moving
object.
IJAEST
Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219
ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 211
3. DESIGN
3.1 ARCHITECTURE:
3-Layer Dynamic
CAPTCHA
Fig 3.1 Architecture of 3-Layer Dynamic CAPTCHA
Character Layer (A-Z|a-z|0-9)
Background Interference Layer (Image, Noise)
Foreground Interference Layer (Special Characters)
IJAEST
Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219
ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 212
4. IMPLEMENTATION
4.1 MODULES:
1. Character Layer
2. Background Interference Layer
3. Foreground Layer
4.1.1 Character layer
Implementation of Character Layer is very
simple, as described below:
1. Determination of the number of
characters. CAPTCHA often
consists of 4-7 characters, and we
choose the minimum length 4.
2. Random selection of characters. Our
program randomly chooses 4
characters from a total of 62
characters consisting of 26
lowercase letters, 26 uppercase
letters and 10 Arabic numerals.
3. Determination of character
attributes. Optional character
attributes are size, font, color, tilt,
twist, spin, etc. In the same
CAPTCHA, a variety of fonts or
different sizes can easily increase
the difficulty of attack
Fig.4.1 Example for Character
layer module
4.1.2 Background Interference layer:
The background interference of this
design can include not only background
color transformation and messy pixels or
characters, etc, traditional interference
sources used in 2D static images, but also
light, smoke and texture rendering, etc, new
interference sources used in 3D dynamic
videos. In this case, we combine the
interference point and the interference
character, randomly selecting some regions
IJAEST
Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219
ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 213
and generating a lot of interference points as
well as an interference character.
4.2 Example for Background
interference layer
4.1.3 Foreground Interference layer:
Different with the background interference
layer, the foreground interference is to make
the identifying characters in the character
layer incomplete, further increasing
difficulty of attack whether using single
frame or multiple frames. Foreground
interference involves character interference,
line interference and point interference. In
this case we combine all three together.
Fig.4.3 Example for foreground interference
layer
5. RESULTS
5.1 Module 1: Character layer
Unit Testing
Module Tested : Character Layer
Test Type : Unit Testing
Purpose : To verify the person
is legal user or not
Expected Behavior: Valid or invalid
user
Input : CAPTCHA code
Observed Behavior: Valid or invalid
user
Priority : High.
Integration Testing
Name : Character Layer
Test type : Integration testing
Modules involved : Carousel, Carouseldata Input : CAPTCHA code
Expected Results : Valid or invalid
user
Observed Results : Valid or invalid user
Black box testing
Input : CAPTCHA code
Process :verify whether the
entered code is correct or not
Action : blocked or verified
IJAEST
Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219
ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 214
Module 1: Character layer
screen shots
For Valid Input:
Fig.5.1 Character layer screenshot for valid input Actually the code L7W5 will be in motion
which here in the figure is not visible. When
the user enters the correct CAPTCHA code
i.e “L7W5” he is considered as a valid or
authorized user as shown in the above
figure.
For Invalid Input:
Fig.5.2 character layer screenshot for invalid input Here the CAPTCHA code is “qTod” will be in motion and the user entered the code “qT “ so the code that is entered doesn’t match with CAPTCHA code. So, the user is considered as invalid user.
5.2. Module: 2
Background Interference layer
Unit Testing
Module Tested : Background Interference Layer Test Type : Unit Testing Purpose : to verify whether user is authorized or not Expected Behavior: valid or invalid user Input : CAPTCHA code
Observed Behavior: valid or invalid user Priority : High.
Integration Testing
Name : Background Interference Layer Test type : Integration testing Modules involved : Character Layer, Background Interference Layer.. Input : CAPTCHA code Expected Results : valid or invalid user Observed Results : valid or invalid user
IJAEST
Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219
ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 215
Black box testing
Input : CAPTCHA code Process : checks whether the user is authorized or not Action : valid or invalid user Background Interfernce layer
screen shots:
For Valid Input:
Fig.5.3 Background Interference layer
for valid input
Here the CAPTCHA code “1JUj” will be in
motion. In the second module these
characters are displayed along with noise. If
the user can enter the correct code he is
considered as valid user as shown in the
above figure.
For Invalid Input:
Fig.5.4 Background Interference layer
for Invalid Input
Here the CAPTCHA code is “Y5Dn” but
the user entered “yndn“ . So ,the code
that is entered doesn’t match with
CAPTCHA code. So, the user is
considered as invalid or unauthorized
user.
5.3 MODULE 3: FOREROUND
INTERFERENCE LAYER
Unit Testing
Module Tested : Foreground Interference Layer Test Type : Unit Testing Purpose : to verify whether user is authorized or not Expected Behavior : valid or invalid user Input : CAPTCHA code Observed Behavior : valid or invalid user Priority : High.
Integration Testing
IJAEST
Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219
ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 216
Name : Background Interference Layer Test type : Integration testing Modules involved : Character, BackGroundInterference, ForeGroundInterference Layer Input : CAPTCHA code Expected Results : valid or invalid user Observed Results : valid or invalid user
Black box testing
Input : CAPTCHA code Process : checks whether the user is authorized or not Action : valid or invalid user Foreground Interference layer
screen shots:
For Valid Input:
Fig.5.5 foreground interference layer for
valid input
Here the code is “DNF4” the user enters
the same code so he is an authorized
user.
For Invalid Input:
Fig.5.6 Foreground interference layer screenshot for valid input Here the user enters the code
which isn’t correct so he is considered as
an unauthorized or invalid user
6. SUMMARY AND CONCLUSION
6.1 SUMMARY:
CAPTCHA is Completely
Automated Public Turing Test to tell
Computers and Human Apart. CAPTCHA is
a mechanism which protects, the website
registration, Email addresses from scrapers,
and prevents unauthorised access, dictionary
attacks, and also helps in proper functioning
IJAEST
Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219
ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 217
of online polling. Of late the breaking of
these CAPTCHA’s has become a major
concern. These breaking of CAPTCHAs are
possible because of the advancements in
pattern recognition tasks and Artificial
Intelligence. So, there is a need for the
development of CAPTCHA which is very
hard to break. In our project we
implemented a practical 3-Layer Dynamic
CAPTCHA which is very hard to break. We
used the disadvantages of computers in
recognising moving objects. Our
CAPTCHA consists of a code which will be
in motion making it hard for the computer to
recognise the code at the same time it’s easy
for humans to recognise it. As there are 3-
Layers the complexity of image is also more
which makes it even harder for the
computers to recognise the CAPTCHA
code. We have provided authenticity feature
using this 3-Layer Dynamic CAPTCHA.
6.2 CONCLUSION AND FUTURE
SCOPE:
In this project we implemented a practical
and safe 3-Layer Dynamic CAPTCHA
originally bonding the biological vision
theory with the single-frame zero-
knowledge theory, ensuring it not only
extremely hard to recognize every single
frame, but easy to identify for humans as
well. It also makes full use of disadvantages
of computers in recognizing numerous
moving objects from a complicated
background, making it still very difficult for
computer programs to break even using
several frames. Moreover, the 3-layer
structure makes the design of CAPTCHA
more distinct, taking on high expansibility
as well as plenty of room for sustainable
optimization.
The security analysis shows that this new
design can prevent attacks efficiently from
existing algorithms as well as possible ones
using multiple frames. Furthermore,
transformation from 2D to 3D optimizes the
visual effects, providing a new idea for the
design of CAPTCHA. In short, this project
will be a good guide for the design of next
generation CAPTCHA. Our future research
will be on how to design a more practical
and safer 3-layer dynamic CAPTCHA and
the improvement in performance of the
websites when these CAPTCHAs are
used(Generally when these type of
CAPTCHAs are used the performance
decreases as the generation requires time for
execution) .
REFERENCES
[1]. JIN Hai-kun, DU Wen-jie SHA Li-min.
Research on security model with Chinese
CAPTCHA Computer Engineering and
Design, 2006.
IJAEST
Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219
ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 218
[2]. Luis von Ahn, Manuel Blum, Nicholas
J, Hopper and John Langford,The
CAPTCHA
Web Page: http://www.captcha.net, 2000.
[3]. Luis von Ahn, Manuel Blum and John
Langford, Telling Humans and Computers
Apart Automatically: How Lazy
Cryptographers do AI, In Communications
of the ACM, 2004.
[4]. L. von Ahn, M. Blum, N. Hopper, and J.
Langford. CAPTCHA: Using hard AI
problems for security. In Proceedings of
Eurocrypt, 2003, 2003.
[5]. HU Jin-rong, WANG Ling. Technique
of randomized question reading CAPTCHA
based on character feature . Computer
Engineering and Design, 2008.
[6]. R. Datta, J. Li, and J. Z. Wang.
IMAGINATION: a robust image-based
CAPTCHA generation system. Proc. of 13th
ACM Int. Conf. on Multimedia
(MULTIMEDIA 05), pp. 331–334,
November 2005.
[7]. J. Elson, J. R. Douceur, J. Howell, and J.
Saul. ASIRRA: a CAPTCHA that exploits
interest-aligned manual image
categorization. Proc. of 14th ACM Conf. on
Computer and Communications Security
(CCS 2007),pp. 366–374, October –
November 2007.
[8]. G. Kochanski, D. Lopresti, and C. Shih.
A Reverse Turing Test Using Speech. Proc.
of 7th Int. Conf. on Spoken Language
Processing, pp.1357–1360, September 2002.
[9]. M. Chew and J. Tygar. Collaborative
filtering CAPTCHAs. Proc. Of 2nd Int.
Workshop on Human Interactive Proofs ,
vol. 3517 of Lecture Notes in Computer
Science, pp. 66–81, May 2005.
[10]. Lin Hongwen, Tu Dan, and Li Guohui.
Moving Objects Detection Method Based on
Statistical Background Model. Computer
Engineering,Vol.29, No.16, p97-99,
September 2003 (in Chinese).
IJAEST
Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219
ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 219