CAPTCHA

Completely Automated Public Turing Test to tell Computers and humans apart (CAPTCHA) is a method that attempts to differentiate between men and machines on ability alone. Be it sensory, cognitive ability or mobility, the ability of the user will always create stoppages that are insurmountable to some, considering that many people with sensory impairments rely on machines and tools such as screen readers to overcome it.

Animated Ink Blot CAPTCHA was the brainchild of Niloy Mitra from the Indian Institute Of Technology, Delhi. The innumerable failures of text based CAPTCHA meant the  need of better technology in ensuring cyber-security. Mitra came up with the use of  randomly painted ink blots that depict figures of animals when looked at closely. His idea has been met with great enthusiasm by various technology experts and is paving the way for new frontiers in the field of ensuring cyber security.

Inspite of  certain drawbacks, Animated Ink Blot CAPTCHA is still working in fairly usual settings. Although an important and  useful  tool, computer experts are putting time to make it more prominent in fighting for its purpose, fighting  against automated programs.

INTRODUCTION

A CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) is a challenge-response test most often placed within web forms to determine whether a user is human or not. It is also known as HIP (Human Interaction Proof). The purpose of CAPTCHA is to block infinite form submissions by spambots, which are automated scripts that post spam content anywhere possible.

Figure 1

Due to the failure of various previous versions of captcha which were easily hacked, Niloy Mitra and his colleagues from IIT, Delhi came up with idea of using animated ink blot images. The team's new system uses so-called "emerging images" - seemingly random assortments of blotches from which a coherent image emerges after a few seconds after detailed observation. (Barras Colin, "Animated Ink blot Images keep unwanted blots at Bay", Nov 2009)

Figure 2

U.S. Patent Application Publication No. 2003/0191947 to Stubblefield uses similar inkblots as images to confirm a user's identity. The confirmation method displays a random sequence of inkblots which the user has to identify when he/she logs on to his/her account.

Moni Naor was the first person to postulate a list of ways to verify that a request or command comes from a human and not a bot.[4] Primitive CAPTCHAs seem to have been developed in 1997 by Andrei Broder, Martin Abadi, Krishna Bharat, and Mark Lillibridge to prevent bots from adding URLs containing spam to their search engine. [5] In order to make the images resistant to OCR (Optical Character Recognition), the team simulated situations that scanner manuals claimed resulted in bad OCR. In 2000, Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford coined the term 'CAPTCHA', improved and publicized the idea, which included any program that can distinguish humans from computer bots. They invented multiple examples of CAPTCHAs, including the first CAPTCHAs to be widely used, which were those implemented by Yahoo!

LITERATURE REVIEW

With the increasing number of hacking incidents relating old CAPTCHA techniques, The need to develop new innovative and fool-proof designs has been found extremely important all across the world. Many famous web-sites like Google , Yahoo! and even Microsoft have been victims of CAPTCHA failure and to ensure complete cyber-security, research on Animated Ink-Blot CAPTCHA images has been  pushed to second gear. Computer Scientists from all across the world are collaborating with each other to come up with a solution to the ever-increasing menace of CAPTCHA breakdowns.

A TIME magazine article [4] mentions Yahoo!'s complaints of criminals taking advantage of their Yahoo! Mail by creating programs that create thousands of email ids and then using those accounts to send out spam. The article also mentions the story of the website GetAFreelancer.com where dozens of ads have been placed by spammers who hire people to read and type out dozens of CAPTCHAS, all day by hand.

Another way to get around poorly conceived CAPTCHAS can be by counting the number of pixels as defined in [4]. In many cases each letter in a CAPTCHA is made of a definite number of pixels. Computer programs can be made to count the number of pixels in a CAPTCHA image and thus find out the letters on the CAPTCHA image. Faulty  CAPTCHAs that led to incessant cyber attacks on websites called for a new revolutionary way of ensuring security,

Microsoft is currently working on ways to enhance its current CAPTCHA system to make it both more readable to humans and less susceptible to bot attacks. Some of the enhancements made include dynamic monitoring which observes cyber attacks in real time and makes the necessary adjustments accordingly. The new techniques also involve usage of new image distortion logic and overlapping characters in order to make the CAPTCHAs efficient and trustworthy. [5]

Researchers at Microsoft are involved in two CAPTCHA - related projects. One of them is called Assira which prompts human user to identify 12 photographs of animals that come from petfinder.com and the other uses Ink-Blot images which works by asking the user to form semantic associations with a set of randomly formed animated ink-blot images. The associations are then used to authenticate the user's identity.[5]

According to Larry Seltzer in [1] the main purpose of CAPTCHA or Completely Automated Public Turing Test ( see D4 ) to tell Computers and Humans Apart is to present a user with a question that only a human can decipher ( see D1 ) and answer correctly. He also mentions that with the drastic development of robots and computer malware CAPTCHAs have proved inefficient in ensuring security.

Image CAPTCHA has been implemented only on certain websites till now as mentioned in the Wikipedia article on CAPTCHA [6]. Only Rapidshare.com, Linux Mint and Ubuntu have made use of Image CAPTCHA so far. Implementation of Image recognition CAPTCHAS is quite troublesome as it is difficult for sites to access a large dictionary of images that the hackers do not have access too. The failure of Assira, an image bases CAPTCHA itself, was due to the use of brute human force to decipher CAPTCHA codes. Workers are hired and paid hourly wages to decipher CAPTCHAS. The whole purpose of separating bots from humans is thus lost.

Niloy Mitra, a computer scientist at the Indian Institute Of Technology, Delhi [2] also mentions that the use of Animated Ink-Blot CAPTCHAs can make it harder for bots (see D3 ) to solve and much easier for human users to handle. However, according to him it sometimes makes it difficult for humans to decipher as well.

Pass Rates for these CAPTCHAS could be a problem, says Luis von Ahn at Carnegie Mellon University in Pittsburgh, Pennsylvania, co-creator of the written captchas found on various websites today. His ReCaptcha update to the current CAPTCHA technology was recently adopted by Google. [2]

The technique behind Animated Ink Blot CAPTCHA has been illustrated in the following video -

http://brightcove.newscientist.com/services/player/bcpid1873822884?bctid=47814603001

Mitra and Cohen-Or in [2] also mention that adding other elements could make the emerging image design much better. According to them, when their algorithm converted 3D animations into emerging videos ( see the video link given above ), most of the users could recognize the animated ink-blotted figures. They also stated that when a single frame was shown to the volunteers only less than 10 percent of them could recognize the figures.

The following is an image taken from [3] that shows a classic animated ink-blot image used as a CAPTCHA

This image, when stared at for a while, can reveal four instances of a familiar figure. Two of the figures are easier to detect than the others. Locally there is little meaningful information that the human eye can see, and we perceive the figures only when observing it as a whole.

In light of the tests performed, Mitra concluded that adding motion to the ink blot im         ages makes it easier for humans to recognize and much harder for bots to solve. Analyzing the performance of animations, as a CAPTCHA system, is still going on in his lab.

Lance Winslow in [1] mentions that if the idea of animated ink-blot CAPTCHA images works many modern interactive websites could become entirely revolutionized. Being humiliated by hackers all around the world who ruin one's online communication due to easily decipherable CAPTCHAS, the new idea has been met with great enthusiasm and appreciation all across the world.

Some Useful Definitions

D1 ) Cipher

In cryptography, a cipher is an algorithm for performing encryption or decryption. In non-technical usage, a "cipher" is the same thing as a "code". Firstly, the original information is known as plaintext encrypted to ciphertext. The ciphertext message contains all the information of the plain text message, but is not readable by a human or computer without the correct decrypting algorithms.

http://en.wikipedia.org/wiki/Cipher

D2 ) Spam

In computing, to spam people or organizations means to send unwanted e-mails to a large number of them, usually as advertising.

Google Dictionary

D3 ) BOTS-

Attackers take control of computer PC using a malware called BOTS. These are also known as "Web robots". These are usually part of a network of infected machines, which is known as a "botnet".

The victim computers are also called zombies ad they do work of bidding for its masters. The botherders or the botmasters are the one that control these bots.

Some botnets might have a few hundred or a couple thousand computers, but others have tens and even hundreds of thousands of zombies at their disposal. Many of these computers are infected without the prior knowledge of the owner. A bot might cause the computer to slow down or  display mysterious messages.

http://www.symantec.com/norton/theme.jsp?themeid=botnet

D4 ) Turing Test - Alan Turing in his 1950 paper Computing Machinery and Intelligence, proposed a test to demonstrate a machine's intelligence. The test proceeds with a judge who engages in a natural language conversation with a human and a machine, each of which tries to appear human. The two participants are placed in isolated locations. If the judge cannot tell the human and machine apart , then the machine is said to have passed the test.

http://en.wikipedia.org/wiki/Turing_test

RESULTS AND DISCUSSION

-------------------------------------------------------------------------------------------------------

In this case study, we consider a hypothetical social networking site, aurbatao.com, which implements Animated Ink Blot CAPTCHA technology to prevent bots from spamming. The website has more than a million users and it serves as a platform for users to communicate and keep in touch by making use of its applications. Personal information of the users can easily be accessed by other users of the site.

In social networking websites, there is often the threat of spammers hacking into someone's account and posting inappropriate comments and messages. They often post links to videos and pictures which may not be suitable for the majority of the users. They also post status updates (as in Facebook ), or send messages and emails, from a friend's account claiming that the friend is in some difficult situation and in need of financial help. These messages ask you to help by wiring funds through an online money transfer service. The hackers may also get the user's credit card information and withdraw huge amounts of money. The use of Animated Ink Blot CAPTCHA can stop these kinds of frauds and prevent a lot of people from getting looted.
             

Other threats include using an automatic program to create fake accounts to flood the website's database which slows down the overall performance of the website. Before posting any advertisements on the website, an advertiser is prompted to validate its authenticity through an Animated CAPTCHA image, or else the advertising company could make use of bots to occupy the entire advertising space available on the webpage.

To ensure the privacy and security of the users' information, the website decided to adopt the newly designed Animated Ink Blot CAPTCHA technology. This technology is based on the humans' ability to aggregate information from meaningless data and to perceive something which is more useful and meaningful. This ability is known as emergence. It uses a mechanism to generate 3-D Objects which is difficult for any automatic algorithms to crack. Emerging Figures are used to generate Animated CAPTCHA.

On this website, the users are provided with limited memory to store pictures and videos which can be viewed by other users only after solving an animated ink blot CAPTCHA. This prevents bots from downloading those images and videos and distributing them with a virus attached to it.

The following is an Animated Ink Blot image which is used as a CAPTCHA in the website. Although at first sight the left image looks meaningless, suddenly we perceive the central object , a Dalmation dog hidden amongst other ink-blots . Before sending any message or a link to any other user, a similar image is shown to the user which prompts him to enter the correct answer (e.g.  an animal's name in this case). The user is given five attempts at five different images to come up with a correct answer following which he is either directed to the webpage he requested or is temporarily blocked from posting.

What do you see?

Figure 3.1

After one month of its inception, the owners of the website came with these statistics showing the difficulty level as perceived by users. Perceived difficulty level in each category changes gradually. For example 98% of the easy images were recognized by at least 80% of the users.

Figure 3.2

The website received good feedback from its users on the use of Animated Ink Blot CAPTCHA. Majority of the users found it interesting and most of them said that they felt more secure after the addition of this newer technology. With a higher success rate and a lower penetration rate, it looks like this technology has a very bright future.

CONCLUSIONS AND RECOMMENDATIONS  

With the increasing use of internet, millions of users are now connected to each other. As the number of users is increasing, so are the cyber threats. More and more private information is becoming public which can be misused by anyone. So what is required is the development of efficient technologies which would ensure cyber privacy and cyber security. Animated Ink-blot Captcha Image verification technique is the means by which a line is drawn between the users and the hackers or the automated algorithms.

The technique is an updated version of text based Captcha which uses certain aspect of human intellect which an automated program or code cannot reproduce. The difficulty level in the interpretation of images can also be changed thus making it user friendly. The images are real life objects which are hidden behind blots.

In future, the threats to internet privacy are going to increase drastically and so will the technology required to counter these privacy intrusions. CAPTCHAs in the future will involve more sophisticated techniques as the present ones fail to counter bot intrusions.

REFERENCES

Internet resources

[1]    Larry Seltzer

http://www.eweek.com/c/a/Security/The-Decline-of-the-CAPTCHA/

(03-11-2007).

[2]    Colin Barras

http://www.newscientist.com/article/dn18078-animated-inkblot-images-keep-unwanted-bots-at-bay.html    (03 - 11- 2009)

[3]    Niloy J. Mitra, Hung- Kuo Chu, Tong-Yee Lee, Lior Wolf, Hezy Yeshrun and Daniel Cohen-Or.

http://graphics.stanford.edu/~niloy/research/emergence/emergence_image_siga_09 .html  (2009)

[4]     Lev Grossman

  http://www.time.com/time/magazine/article/0,9171,1812084,00.html  (05- 06- 2008)

[5]    Brian Prince

http://www.eweek.com/c/a/Security/Spammers-War-Against-CAPTCHA-Requires-New-Approaches/   (06 - 01 - 2009)

[6]   

http://en.wikipedia.org/wiki/CAPTCHA