Article Preview
Top1. Introduction
A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) or HIP (Human Interactive Proof) is an automatic security mechanism used to determine whether the user is a human or a malicious computer program .It is a program that generates and grades tests that are human solvable, but intends to be beyond the capabilities of current computer programs (Von Ahn et al., 2004). It has become the most widely used standard security technology to prevent automated computer program attacks. With the expansion of Web services, denial of service (DoS) attacks by malicious automated programs (e.g., bots) are becoming a serious problem as masses of Web service accounts are being illicitly obtained, bulk spam e-mails are being sent, and mass spam blogs (splogs) are being created. Thus, the Turing test is becoming a necessary technique to discriminate humans from malicious automated programs (Von Ahn et al., 2004).
In the original Turing Test, a human judge was allowed to ask a series of questions to two players, one of which was a computer and the other a human. Both players pretended to be human, and the judge had to distinguish between them (Blum et al., 2000). CAPTCHAs are similar to Turing Test in that they distinguish humans from computers, but they differ in that the judge is now a computer.
The CAPTCHA is usually a simple visual test or puzzle that a human can complete without much difficulty, but an automated program cannot understand. The test usually consists of letters, numbers or their combination with overlapping and intersection. A typical example of a text based CAPTCHA challenge is shown in Figure 1. The CAPTCHA images may be distorted in some way or shown against an intricate background to keep them from being easily read by Optical Character Recognition (OCR) software) or other image recognition systems.
Figure 1. Examples of text-based CAPTCHAs
Currently, in order to defend malicious programs from issuing advertisements or other useless information recklessly, message boards of BBS, blog and wiki have widely used CAPTCHA challenges as a defense mechanism (Von Ahn et al., 2004),requiring that users must input the correct letters to leave a message. CAPTCHs have a wide variety of applications on the web such as:
- •
Worms and Spam: CAPTCHAs also offer a plausible solution against email worms and spam: only accept an email if you know there is a human behind the other computer.
- •
Web Crawler: CAPTCHA provides reasonable solution, when one wants that web pages should not be crawled for indexing by search engines.
- •
Online Polls: In November 1999, http://www.slashdot.com released an online poll asking for the best graduate school in computer science. IP addresses of voters were recorded in order to prevent single users from voting more than once. However, students at Carnegie Mellon figured out a way to stuff the ballots using programs that voted for CMU thousands of times. CMU's score started growing rapidly. The next day, students at MIT wrote their own voting program and the poll became a contest between voting-“bots”. But captchas offer a solution: voters should show they are human before being allowed to vote.
- •
Free Email Services: Several companies (Google, Yahoo!, Microsoft, etc.) offer free email services. Unfortunately ― “Web bots” which is a script capable of registering for thousands of email accounts every minute, wasting precious web space. This situation has been improved by requiring users to prove they are human before they can get a free email account.
- •
Preventing Dictionary Attacks: Pinkas and Sander (Turing, 1950) have suggested using CAPTCHAs to prevent dictionary attacks in password systems.