Human Cognition in Automated Truing Test Design

Human Cognition in Automated Truing Test Design

Mir Tafseer Nayeem (Department of Computer Science and Engineering (CSE), Ahsanullah University of Science and Technology (AUST), Dhaka, Bangladesh), Mamunur Rashid Akand (University of Calgary, Calgary, Alberta, Canada), Nazmus Sakib (Department of Computer Science and Engineering (CSE), Ahsanullah University of Science and Technology (AUST), Dhaka, Bangladesh) and Wasi Ul Kabir (Department of Computer Science and Engineering (CSE), Ahsanullah University of Science and Technology (AUST), Dhaka, Bangladesh)
DOI: 10.4018/ijssci.2014100101
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Nowadays, many services in the internet including Email, search engine, social networking are provided with free of charge due to enormous growth of web users. With the expansion of Web services, denial of service (DoS) attacks by malicious automated programs (e.g., web bots) is becoming a serious problem of web service accounts. A HIP, or Human Interactive Proofs, is a human authentication mechanism that generates and grades tests to determine whether the user is a human or a malicious computer program. Unfortunately, the existing HIPs tried to maximize the difficulty for automated programs to pass tests by increasing distortion or noise. Consequently, it has also become difficult for potential users too. So there is a tradeoff between the usability and robustness in designing HIP tests. In their propose technique the authors tried to balance the readability and security by adding contextual information in the form of natural conversation without reducing the distortion and noise. In the result section, a microscopic large-scale user study was conducted involving 110 users to investigate the actual user views compare to existing state of the art CAPTCHA systems like Google's reCAPTCHA and Microsoft's CAPTCHA in terms of usability and security and found the authors' system capable of deploying largely over internet.
Article Preview

1. Introduction

A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) or HIP (Human Interactive Proof) is an automatic security mechanism used to determine whether the user is a human or a malicious computer program .It is a program that generates and grades tests that are human solvable, but intends to be beyond the capabilities of current computer programs (Von Ahn et al., 2004). It has become the most widely used standard security technology to prevent automated computer program attacks. With the expansion of Web services, denial of service (DoS) attacks by malicious automated programs (e.g., bots) are becoming a serious problem as masses of Web service accounts are being illicitly obtained, bulk spam e-mails are being sent, and mass spam blogs (splogs) are being created. Thus, the Turing test is becoming a necessary technique to discriminate humans from malicious automated programs (Von Ahn et al., 2004).

In the original Turing Test, a human judge was allowed to ask a series of questions to two players, one of which was a computer and the other a human. Both players pretended to be human, and the judge had to distinguish between them (Blum et al., 2000). CAPTCHAs are similar to Turing Test in that they distinguish humans from computers, but they differ in that the judge is now a computer.

The CAPTCHA is usually a simple visual test or puzzle that a human can complete without much difficulty, but an automated program cannot understand. The test usually consists of letters, numbers or their combination with overlapping and intersection. A typical example of a text based CAPTCHA challenge is shown in Figure 1. The CAPTCHA images may be distorted in some way or shown against an intricate background to keep them from being easily read by Optical Character Recognition (OCR) software) or other image recognition systems.

Figure 1.

Examples of text-based CAPTCHAs

Currently, in order to defend malicious programs from issuing advertisements or other useless information recklessly, message boards of BBS, blog and wiki have widely used CAPTCHA challenges as a defense mechanism (Von Ahn et al., 2004),requiring that users must input the correct letters to leave a message. CAPTCHs have a wide variety of applications on the web such as:

  • Worms and Spam: CAPTCHAs also offer a plausible solution against email worms and spam: only accept an email if you know there is a human behind the other computer.

  • Web Crawler: CAPTCHA provides reasonable solution, when one wants that web pages should not be crawled for indexing by search engines.

  • Online Polls: In November 1999, http://www.slashdot.com released an online poll asking for the best graduate school in computer science. IP addresses of voters were recorded in order to prevent single users from voting more than once. However, students at Carnegie Mellon figured out a way to stuff the ballots using programs that voted for CMU thousands of times. CMU's score started growing rapidly. The next day, students at MIT wrote their own voting program and the poll became a contest between voting-“bots”. But captchas offer a solution: voters should show they are human before being allowed to vote.

  • Free Email Services: Several companies (Google, Yahoo!, Microsoft, etc.) offer free email services. Unfortunately ― “Web bots” which is a script capable of registering for thousands of email accounts every minute, wasting precious web space. This situation has been improved by requiring users to prove they are human before they can get a free email account.

  • Preventing Dictionary Attacks: Pinkas and Sander (Turing, 1950) have suggested using CAPTCHAs to prevent dictionary attacks in password systems.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 9: 4 Issues (2017): 3 Released, 1 Forthcoming
Volume 8: 4 Issues (2016)
Volume 7: 4 Issues (2015)
Volume 6: 4 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing