Scribd
Upload
78 views14 pages

Breaking CAPTCHA: (Multi-Media Security)

The document discusses CAPTCHAs, including their history, creation techniques, and vulnerabilities to being broken. CAPTCHAs are designed to tell humans and computers apart, but various attacks have achieved success rates as high as 100% in breaking some CAPTCHAs. The future of CAPTCHAs is uncertain as generation techniques may not be truly random and some can be broken with basic pattern recognition. More complex object and scene recognition may be needed to improve security.

Uploaded by

Abhi Kalla
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
78 views14 pages

Breaking CAPTCHA: (Multi-Media Security)

The document discusses CAPTCHAs, including their history, creation techniques, and vulnerabilities to being broken. CAPTCHAs are designed to tell humans and computers apart, but various attacks have achieved success rates as high as 100% in breaking some CAPTCHAs. The future of CAPTCHAs is uncertain as generation techniques may not be truly random and some can be broken with basic pattern recognition. More complex object and scene recognition may be needed to improve security.

Uploaded by

Abhi Kalla
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 14

Breaking CAPTCHA

(Multi-Media Security)

Isa Muqattash
Agenda
• Introduction
• Creation techniques
• Breaking CAPTCHA
• Future expectations
Introduction
• CAPTCHA: Completely
Automated
Public
Turing test to tell
Computers and
Humans
Apart
History of CAPTCHA
• Reverse Turing Test
• Alta Vista (1997): URLs to Search Engines
– Solution by Andrei Broder, chief scientist.
– Reduced spam add-URL by 95%
• Yahoo! (2000): Chat room problem
– Solution by CMU: Gimpy, EZ-Gimpy
• PARC (2002): For research purposes
– Henry Baird & UC Berkeley
– Product: PessimalPrint
– First referenced technical publication
Properties of CAPTCHA
• The test's challenges can be automatically
generated and graded 
• The test can be taken quickly and easily by
human users
• The test will accept virtually all human users with
high reliability while rejecting very few
• The test will reject virtually all machine users
• The test will resist automatic attack for many
years even as technology advances
Creating CAPTCHA
• Pessimal Print (Image Degradation):
– Pseudorandom sequences
– Blurring
– Skewing
– Scaling
– Dithering
– Fonts
– Resolution
More on Creating CAPTCHA

• More sound techniques:


– Rotation
– Segmented characters
– Non-uniform background
– Varied font thickness
• Computationally hard problems (AI hard)

• Various objects:
– Animals
– Scenes
– Sports
Breaking CAPTCHA
• OCR based
– Difficult
– Non-uniform background
– SVM
– Some success, but not good enough…
• Non-OCR based
– PWNtcha (49%-100%)
– Puremango.co.uk (Scripting)
More CAPTCHA Attacks
• Anti-cluttering processing
– Remove small objects
– Standard dictionary attack
– Trivial network attacks
• Pattern recognition techniques
– Segmentation & Clustering pixels together
• By colored pixel density
• By distance:
Distance between pixels
– Eucledian distance
D=sqrt(dx^2 + dy^2 + dz^2)

– Adjusted human vision distance


r_bar = (r1 + r2)/2
D=sqrt ( dr^2 * (2 + r_bar/256) )
(+ 4dg^2 )
(+ db^2 * (2 + (255 – r_bar)/256) )
Vulnerable CAPATCHA
• http://linuxfr.org/user_new.html
• http://www.gandi.net/whois?l=en
• http://www.phpbb.com/phpBB/profile.php?
mode=register&agreed=true
The Future of CAPTCHA
• Insecure
– Attacks with success of 40% - 100%
– As low as success of 10% is bad enough
– Not enough for authentication
– Are the generators really pseudorandom???
• Not feasible for blind, weak sight, and disordered
• More object and scene recognition (correct
response not unique)
• 3D CAPTCHA
CAPTCHA SAMPLES

www-users.cs.umn.edu/~sampra/8980project
www2.parc.com/istl/projects/captcha/captchas.htm
References
• http://www2.parc.com/istl/projects/captcha/
history.htm
• http://www.w3.org/TR/2005/NOTE-
turingtest-20051123/
• http://www2.parc.com/istl/projects/captcha/
docs/pessimalprint.pdf
• http://sam.zoy.org/pwntcha/

You might also like