Design of Secure Multilingual CAPTCHA Challenge

Design of Secure Multilingual CAPTCHA Challenge

M. Tariq Banday (Department of Electronics and Instrumentation Technology, University of Kashmir, Srinagar, India) and Shafiya Afzal Sheikh (Department of Electronics and Instrumentation Technology, University of Kashmir, Srinagar, India)
Copyright: © 2015 |Pages: 27
DOI: 10.4018/IJWP.2015010101
OnDemand PDF Download:
$37.50

Abstract

Growing demand for native languages in web applications has made multilingual implementation of web user interfaces and dialogs essential. However, use of insecure foreign language text CAPTCHA challenges to prove human interaction in the native language pages of web applications has rendered CAPTCHA protected services unusable, insecure and inaccessible. This paper analyses CAPTCHA and multilingual functionalities of 410 multilingual websites (240 government and 170 non-government) and discusses their accessibility and usability. It enumerates deficiencies of currently in use CAPTCHA scripts and services (open and closed source). It discusses the design, algorithm, pseudo code, and working of a secure multilingual text CAPTCHA script having desired security, accessibility and usability features. The designed script offers localized onscreen keyboard, random patterns, fonts, and audio alternatives to improve usability and security. The results of experiments, security tests, and users study with the CAPTCHA tests generated through the proposed technique have validated its design, security, usability, and accessibility.
Article Preview

1. Introduction

In the current age, information technology and the Internet play a major role in almost every sphere of life, be it education, shopping, governance, communication or business. Computers, hand held gadgets and Internet have gone mainstream and are no more limited to technologists only but have a lot to offer to a common user by way of websites, web applications, and other similar online services. The massive coverage and diversity of the users through Internet technologies make it necessary to provide information in majority of languages alongside the English language. Making technology multilingual is not limited to providing text in multiple languages but includes implementing security and accessibility features of Internet applications in those languages. Users not only need to read the text but also write and interact with the application. They need to type in their passwords to access content and fill up and submit web forms on Internet applications and websites. All this opens a vast area of improvements and support extensions on the technology.

A website or web portal may contain simple web pages, web forms, secure content, contact information, e-mail addresses, and other similar information. Simple web pages are served to the clients on request without any type of security check. Some areas of a website may require users to login and others may not but at the same time to prevent misuse, they must not be accessible to bots such as web forms and web pages containing e-mail and other similar information. When the server receives a request for a web page, which is not protected, access is granted directly. In case the content is protected, the website takes proper measure to allow access only to humans. Through CAPTCHA (Ahn et al, 2004) challenges web resources and services such as e-mail services, downloadable documents, polls and surveys, discussion boards, chat systems, login & registration systems, blogs, forums, and grievance redressal systems can be protected from web-bots.

A CAPTCHA free website permits simplified navigation and larger usability and therefore is in its ideal form for end users. User activities such as filling up forms, navigation, downloading, etc. are trouble-free for end users when CAPTCHA or similar security control is not implemented. However, CAPTCHA tests are unavoidable as they are the most successful human interaction proofs to provide security control against web-bots (Daniel, 2005). The primitive CAPTCHA tests were simple thus were easy for users to solve; however, with the advancements in image processing techniques particularly segmentation and optical character recognition, simple implementations of CAPTCHA challenges were broken by web-bots (Yan and Ahmad, 2007). To make these challenges difficult for bots to break, security of CAPTCHA tests were enhanced by adding deformation, distortion, random image backgrounds, noise, etc. However, such security enhancements also increased difficulty to legitimate users in solving them. The deformations, noise, complex fonts, and distortions added to the resultant CAPTCHA image make simple alphabets in it difficult to be recognized by end users particularly non-native speakers of that language.

Generally, CAPTCHA challenges are in English language and therefore, can cause accessibility challenges to user of non-English or multilingual websites because they may not be able to correctly respond to complex English CAPTCHA challenges. A study (Bursztein et al, 2010) conducted to evaluate the usability of CAPTCHA challenges has found that CAPTCHA challenges are increasing getting difficult for humans to solve and the difficulty is more for non-native speakers of English language. They are less accurate and slow in solving CAPTCHA challenges in English language. The study also revealed that non-native speakers of English language take 57% longer time to solve English audio CAPTCHA challenges. Further, highly educated user solve CAPTCHA challenges quickly. Similar results have been found through another study (Khalil et al, 2012) conducted to evaluate the effect of script familiarization on CAPTCHA usability. It is therefore, desirable to have alternate CAPTCHA challenges for regional users, which are secure and usable. Studies (Banday et al, 2009a; Banday et al, 2009b) discuss various types of CAPTCHA challenges and their working. The study also discusses usability and security issues and the effectiveness and limitations of CAPTCHA challenges.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 9: 2 Issues (2017)
Volume 8: 1 Issue (2016)
Volume 7: 2 Issues (2015)
Volume 6: 4 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing