Think-an image based CAPTCHA mechanism (testifying human based on intelligence and knowledge)
23 Jan 2009-pp 421-424
TL;DR: This paper proposes a novel yet simple idea which can serve as a replacement to CAPTCHA, which is a real time image which will portray some action or show some object that the user is expected to identify the object and type the answer.
Abstract: There is a need for a CAPTCHA as a result of the abuse of automated 'bots' [6]. The problem of spamming resulted as the bots intruded into the internet [3]. However, there were many solutions provided for stopping these bots from entering the internet. The best and most feasible solution proposed till now has been the CAPTCHA or the fuzzy text recognition. But the latest news that hurt the organisations that use CAPTCHA is that the bots started recognizing these fuzzy texts. In this paper we propose a novel yet simple idea which can serve as a replacement to CAPTCHA. There have been several image based CAPTCHA's proposed and as well defeated [1]. But our Idea THINK is in the same lines yet is fool proof. In this paper we suggest that a real time image is used which will portray some action or show some object that the user is expected to identify the object and type the answer. No choices will be given to the user thereby eliminating the option of identifying the answer by probability.
Citations
More filters
26 Mar 2012
TL;DR: The proposed scheme, named Click spell, combined the features of text-based and image-based CAPTCHAs and showed that Click spell is practical in the aspects of security and usability.
Abstract: CAPTCHA has been widely used for preventing malicious programs to access web resources automatically. In this paper, a new type CAPTCHA system will be proposed. The proposed scheme, named Click spell, combined the features of text-based and image-based CAPTCHAs. Click spell asks users to spell a randomly chosen word by clicking distorted letters for passing the test. Users can learn the definition(s) of the chosen word. In addition, Click spell can add an advertisement image optionally. Thanks to the advertisement image, Click spell improved the capability of resistance to the attack by malicious programs. Our preliminary test showed that Click spell is practical in the aspects of security and usability.
21 citations
Cites methods from "Think-an image based CAPTCHA mechan..."
...There are many online OCR tools that were used in the experiments, and they are itemized from A to G as follows....
[...]
16 Jun 2017
TL;DR: The results presented in this paper not only present the pros and cons of the existing alternative authentication technologies, they also aide in the development of the YAAM prototype.
Abstract: We aim at creating ease in authentication process through non-password-based authentication scheme for the Dementia patients. The chronic neuro-degenerative disease leaves the patients with memory recall/loss issues. With ever growing rich list of assistive technologies, that bring ease in patient’s daily life i.e. remote Electrocardiography and peripheral capillary oxygen saturation monitoring, remote blood glucose level monitoring applications etc. These assistive technologies are ubiquitous, seamless, immersed in the background, often remotely monitored, and the most intimate applications that run very close to the patient’s physiology. In this paper, we investigate the existing technologies and discover the trends to build Yet Another Authentication Method (YAAM). The YAAM is going to extract a distinctive image from a patient’s viewfinder and securely transform it into authentication token that are supported by the Geo-location, relative proximity of surrounding smart objects etc. that we call security-context. The authentication tokens are only generated on the fly when token context is right for the image stream captured by the wearable camera. The results presented in this paper not only present the pros and cons of the existing alternative authentication technologies, they also aide in the development of the YAAM prototype.
4 citations
16 Dec 2013
TL;DR: It is shown how the functionality of these image based web services, used in conjunction with regular expressions, keyword ontologies and some statistical analysis/inference, can pose a dangerous attack that easily bypasses the hard AI problem used in challenges for typical image CAPTCHAs.
Abstract: CAPTCHAs provide protection from automated robot attacks against online forms and services. Image recognition CAPTCHAs, which require users to perform an image recognition task, have been proposed as a more robust alternative to character recognition CAPTCHAs. However, in recent years, a number of web services that deal with content based image retrieval and analysis have been developed and released for public consumption. These web services can be used in completely unexpected ways to attack image CAPTCHAs. Specifically, in this paper, we consider three specific kinds of web services: 1 Reverse Image Search RIS, 2 Image Similarity Search ISS, and 3 Automatic Linguistic Annotation ALA. We show how the functionality of these image based web services, used in conjunction with regular expressions, keyword ontologies and some statistical analysis/inference, can pose a dangerous attack that easily bypasses the hard AI problem used in challenges for typical image CAPTCHAs. We also discuss effective defensive measures that can be utilized to make CAPTCHAs more resistant to the attack vectors these web services provide.
4 citations
DOI•
01 Jan 2016
TL;DR: Of the Dissertation Title: Enhancing security and Usability from a Human Perspective on the World Wide Web from a human perspective on the world wide web is described.
Abstract: of the Dissertation Title: Enhancing Security and Usability from a Human Perspective on the World Wide Web
1 citations
01 Jan 2021
TL;DR: The aim is to make a natural interface between authentic user and web servers so that the communication between the entities will take place in a secured manner.
Abstract: Today, web security is the foremost concern due to the requirement of a validation and verification process that not only authenticates the end user but also prevents the data from various malicious programs. Due to the huge use of internet and electronic devices, the computer bots try to access the authentic data resided at the servers. The CAPTCHA is generally meant for authentication of the websites during login, for securing and getting access of data. A CAPTCHA challenge is kept for doing the conformation whether the process is initiated by an authentic user or by an attacker. If the challenge is successfully chased, it is signified as a human or else a computer bot, and the access will be provided to the right user. Our aim is to make a natural interface between authentic user and web servers so that the communication between the entities will take place in a secured manner. This paper presents a brief summary on CAPTCHA and its necessity in current scenarios. We have discussed a study on various types of CAPTCHAs available, along with their methodologies and the implementation details which help to secure the web data. The paper, moreover, presents some of the important advantages, disadvantages and applications of these techniques and technologies used in different research in addition to the different future scope of CAPTCHAs.
1 citations
References
More filters
04 May 2003
TL;DR: This work introduces captcha, an automated test that humans can pass, but current computer programs can't pass; any program that has high success over a captcha can be used to solve an unsolved Artificial Intelligence (AI) problem; and provides several novel constructions of captchas, which imply a win-win situation.
Abstract: We introduce captcha, an automated test that humans can pass, but current computer programs can't pass: any program that has high success over a captcha can be used to solve an unsolved Artificial Intelligence (AI) problem. We provide several novel constructions of captchas. Since captchas have many applications in practical security, our approach introduces a new class of hard problems that can be exploited for security purposes. Much like research in cryptography has had a positive impact on algorithms for factoring and discrete log, we hope that the use of hard AI problems for security purposes allows us to advance the field of Artificial Intelligence. We introduce two families of AI problems that can be used to construct captchas and we show that solutions to such problems can be used for steganographic communication. captchas based on these AI problem families, then, imply a win-win situation: either the problems remain unsolved and there is a way to differentiate humans from computers, or the problems are solved and there is a way to communicate covertly on some channels.
1,525 citations
TL;DR: In this paper, lazy cryptographers do AI and show how lazy they can be, and how they do it well, and why they do so poorly, and they are lazy.
Abstract: How lazy cryptographers do AI.
890 citations
Patent•
13 Apr 1998
TL;DR: In this paper, a computerized method selectively accepts access requests from a client computer connected to a server computer by a network is proposed, where the server computer receives an access request from the client computer and generates a predetermined number of random characters.
Abstract: A computerized method selectively accepts access requests from a client computer connected to a server computer by a network. The server computer receives an access request from the client computer. In response, the server computer generates a predetermined number of random characters. The random characters are used to form a string in the server computer. The string is randomly modified either visually or audibly to form a riddle. The original string becomes the correct answer to the riddle. The server computer renders the riddle on an output device of the client computer. In response, the client computer sends an answer to the server. Hopefully, the answer is a user's guess for the correct answer. The server determines if the guess is the correct answer, and if so, the access request is accepted. If the correct answer is not received within a predetermined amount of time, the connection between the client and server computer is terminated by the server on the assumption that an automated agent is operating in the client on behalf of the user.
281 citations
Proceedings Article•
01 Jan 2002TL;DR: This paper describes a Reverse Turing Test using speech and presents a test that depends on the fact that human recognition of distorted speech is far more robust than automatic speech recognition techniques.
Abstract: "Hackers" have written malicious programs to exploit online services intended for human users. As a result, service providers need a method to tell whether a web site is being accessed by a human or a machine. We expect a parallel scenario as spoken language interfaces become common. In this paper, we describe a Reverse Turing Test (i.e., an algorithm that can distinguish between humans and computers) using speech. We present a test that depends on the fact that human recognition of distorted speech is far more robust than automatic speech recognition techniques. Our analysis of 18 different sets of distortions demonstrates that there are a variety of ways to make the problem hard for machines. In addition, humans and speech recognition systems make different kinds of mistakes, and this difference can be employed to improve discrimination.
94 citations
Posted Content•
TL;DR: A user study is made to show problems of xed passwords, the signi cance of peeping attack and some design principles of human-computer identi cations, and a new prototype protocol is suggested as a possible solution to this problem.
Abstract: It is an interesting problem how a human can prove its identity to a trustworthy (local or remote) computer with untrustworthy input devices and via an insecure channel controlled by adversaries. Any input devices and auxiliary devices are untrustworthy under the following assumptions: the adversaries can record humans' operations on the devices, and can access the devices to replay the recorded operations. Strictly, only the common brain intelligence is available for the human. In this paper, such an identi cation system is called SecHCI as the abbreviation - Secure Human-Computer Identi cation (or Interface). In the real world, SecHCI means the peeping attacks to widely-used xed passwords: an adversary can observe your password via his own eyes or some hidden device (such as mini-camera) when your input them on your keyboard or with your mouse. Compared with human-computer identi cations with the aid of trustworthy hardware devices, only a few contributions have devoted to the design and analysis of SecHCI. The most systematic works are made by N. J. Hopper & M. Blum recently: some formal de nitions are given and the feasibility is shown by several SecHCI protocols with acceptable security (but usability is not very good because of their inherent limitations). In this paper, we give comprehensive investigations on SecHCI, from both theoretical and practical viewpoint, and with both system-oriented and user-centered methods. A user study is made to show problems of xed passwords, the signi cance of peeping attack and some design principles of human-computer identi cations. All currently known SecHCI protocols and some related works (such as visual/graphical passwords and CAPTCHAs) are surveyed in detail. In addition, we also give our opinions on future research and suggest a new prototype protocol as a possible solution to this problem.
48 citations
"Think-an image based CAPTCHA mechan..." refers background in this paper
...The problem of spamming resulted as the bots intruded into the internet [3]....
[...]