7.IJAEST-Vol-No-6-Issue-No-2-Implementation-of-Secure-Multilayered-CAPTCHA-200-219

Implementation of Secure Multilayered

CAPTCHA

Ramesh Babu .A1 Praveen kumar .K2 Dr. Srinivasa Rao.V3 Student (M.Tech) Sr.Lecturer Professor & Head

Department of Computer Science and Engineering V R Siddhartha Engineering College

Vijayawada, A.P-520007 [email protected] [email protected] [email protected]

ABSTRACT

In order to avoid tremendous attack from

malicious computer programs, CAPTCHA

(Completely Automated Public Turing test

to tell Computers and Human Apart)

mechanism has been introduced to

distinguish humans and computers. They are

used to protect various kinds of online

services from advertising spam, brute

force attacks and denial of service by

automatic computer programs. In general

the present CAPTCHAS are 2D. Due to the

fast development of pattern recognition and

artificial intelligence technology, there are

increasing safety loopholes concerning

traditional 2D static CAPTCHAs, resulting

in that certain malicious computer programs

could launch serious program attack through

breaking such CAPTCHA.

So in our project we propose a practical and

safe 3-layer dynamic CAPTCHA which is

very hard to break and which prevent the

attack from malicious computer program.

The 3-layered dynamic CAPTCHA can be

implemented by using the “layered”

concept. Three layers are: Character Layer,

Background Interference Layer and

Foreground Interference Layer.

Keywords

CAPTCHA; 3-layer; dynamic; single-frame

zero knowledge theory; biological vision

theory; moving objects recognition

1. INTRODUCTION

CAPTCHA is a program that can tell

whether its user is a human or a computer. It

can also be defined as the program that can

generate and grade tests that:

a. Most humans can pass

b. Current computer programs cannot pass

IJA

EST

Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219

ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. Page 200

mailto:[email protected]



Fig 1.1 Functionality of CAPTCHA

CAPTCHA is an acronym for

• Completely

• Automated

• Public

• Turing test to tell

• Computers and

• Humans

• Apart

CAPTCHA technology has its foundation in

an experiment called the Turing Test. Alan

Turing, sometimes called the father of

modern computing, proposed the test as a

way to examine whether or not machines

can think -- or appear to think -- like

humans. The classic test is a game of

imitation. In this game, an interrogator asks

two participants a series of questions. One of

the participants is a machine and the other is

a human. The interrogator can't see or hear

the participants and has no way of knowing

which is which. If the interrogator is unable

to figure out which participant is a machine

based on the responses, the machine passes

the Turing Test.Of course, with a

CAPTCHA, the goal is to create a test that

humans can pass easily but machines can't.

It's also important that the CAPTCHA

application is able to present different

CAPTCHAs to different users. If a visual

CAPTCHA presented a static image that was

the same for every user, it wouldn't take long

before a spammer spotted the form,

deciphered the letters, and programmed an

application to type in the correct answer

automatically.

One alternative to a visual test is an audible

one. An audio CAPTCHA usually presents

the user with a series of spoken letters or

numbers. It's not unusual for the program to

distort the speaker's voice, and it's also

common for the program to include

background noise in the recording. This

helps thwart voice recognition programs.

Another option is to create a CAPTCHA

that asks the reader to interpret a short

passage of text. A contextual CAPTCHA

quizzes the reader and tests comprehension

skills. While computer programs can pick

out key words in text passages, they aren't

very good at understanding what those

words actually mean.

IJAEST


ISSN: 2230-7818 @ 2011 http://www.ijaest.iserp.org. All rights Reserved. 01

In 2007 nearly 95% of the mails

received by the world’s Internet users were

junk mails. Similar situations are registering

user accounts maliciously, cracking account

passwords with brute force, etc. All of these

bring a great threat to the network.

In order to prevent similar incidents from

happening again, CAPTCHA mechanism

comes into being, which is short for

Completely Automated Public Turing Test

to Tell Computers and Humans Apart. In

2000 Carnegie Mellon University set up the

first CAPTCHA group, followed by many

scholars studying CAPTCHA to find how to

better tell between humans and computers

apart. Currently, in order to prevent

malicious programs from issuing

advertisements or other useless information

recklessly, message boards of BBS, blog and

wiki have widely used CAPTCHA

mechanism, requiring that users must input

the correct letters to leave a message.

CAPTCHA also plays a significant role in

limiting usage rate. For example, the

automatic use of a particular service is

allowed unless such use goes beyond certain

1.1 TYPES OF CAPTCHAS

CAPTCHAs are classified based on what is

distorted and presented as a challenge to the

user. They are:

1.1.1 Text CAPTCHAs:

These are simple to implement. The simplest

yet novel approach is to present the user

with some questions which only a human

user can solve. Examples of such questions

are:

1. What is twenty minus three?

2. What is the third letter in UNIVERSITY?

3. Which of Yellow, Thursday and Richard

is a colour?

4. If yesterday was a Sunday, what is today?

Such questions are very easy for a

human user to solve, but it’s very difficult to

program a computer to solve them. These

are also friendly to people with visual

disability – such as those with colour

blindness. Other text CAPTCHAs involves

text distortions and the user is asked to

identify the text hidden. The various

implementations are:

1.1.1.1 Gimpy:

Gimpy is a very reliable text CAPTCHA

built by CMU in collaboration with Yahoo

for their Messenger service. Gimpy is based

on the human ability to read extremely

distorted text and the inability of computer

programs to do the same. Gimpy works by

choosing ten words randomly from a

dictionary, and displaying them in a

IJAEST



distorted and overlapped manner. Gimpy

then asks the users to enter a subset of the

words in the image. The human user is

capable of identifying the words correctly,

whereas a computer program cannot.

Fig.1.2 Gimpy example

1.1.1.2 Ez-Gimpy:

This is a simplified version of the

Gimpy CAPTCHA, adopted by Yahoo in

their signup page. Ez – Gimpy randomly

picks a single word from a dictionary and

applies distortion to the text. The user is

then asked to identify the text correctly.

This was developed by Henry Baird

at University of California at Berkeley. This

is a variation of the Gimpy. This doesn’t

contain dictionary words, but it picks up

random alphabets to create a nonsense but

pronounceable text. Distortions are then

added to this text and the user is challenged

to guess the right word. This technique

overcomes the drawback of Gimpy

CAPTCHA because, Gimpy uses dictionary

words and hence, clever bots could be

designed to check the dictionary for the

matching word by brute-force.

Fig.1.3 Ez-Gimpy example

1.1.1.3 MSN CAPTCHA:

Microsoft uses a different

CAPTCHA for services provided under

MSN umbrella. These are popularly called

MSN Passport CAPTCHAs. They use eight

characters (upper case) and digits.

Foreground is dark blue, and background is

grey. Warping is used to distort the

characters, to produce a ripple effect, which

makes computer recognition very difficult. IJAEST



Fig.1.4 MSN CAPTCHA example

1.1.2 Graphic CAPTCHAs:

Graphic CAPTCHAs are challenges

that involve pictures or objects that have

some sort of similarity that the users have to

guess. They are visual puzzles, similar to

Mensa tests. Computer generates the puzzles

and grades the answers, but is itself unable

to solve it.

1.1.2.1 Bongo:

Another example of a CAPTCHA is

the program we call BONGO [2]. BONGO

is named after M.M. Bongard, who

published a book of pattern recognition

problems in the 1970s [3]. BONGO asks the

user to solve a visual pattern recognition

problem. It displays two series of blocks, the

left and the right. The blocks in the left

series differ from those in the right, and the

user must find the characteristic that sets

them apart.

Fig.1.5 Bongo example

1.1.2.2 PIX:

PIX is a program that has a large database of

labeled images. All of these images are

pictures of concrete objects (a horse, a table,

a house, a flower). The program picks an

object at random, finds six images of that

object from its database, presents them to

the user and then asks the question “what are

these pictures of?” Current computer

programs should not be able to answer this

question, so PIX should be a CAPTCHA.

However, PIX, as stated, is not a

CAPTCHA: it is very easy to write a

program that can answer the question “what

are these pictures of?” Remember that all

the code and data of a CAPTCHA should be

publicly available; in particular, the image

database that PIX uses should be public.

Hence, writing a program that can answer

the question “what are these pictures of?” is

easy: search the database for the images

presented and find their label. Fortunately,

this can be fixed. One way for PIX to

become a CAPTCHA is to randomly distort

the images before presenting them to the

user, so that computer programs cannot

IJAEST



easily search the database for the undistorted

image. Pick the common characteristic

among the following pictures-----

”Aeroplane”

Fig.1.6 PIX example

1.1.3 Audio CAPTCHA:

The final example we offer is based

on sound. The program picks a word or a

sequence of numbers at random, renders the

word or the numbers into a sound clip and

distorts the sound clip; it then presents the

distorted sound clip to the user and asks

users to enter its contents. This CAPTCHA

is based on the difference in ability between

humans and computers in recognizing

spoken language. Nancy Chan of the City

University in Hong Kong was the first to

implement a sound-based system of this

type. The idea is that a human is able to

efficiently disregard the distortion and

interpret the characters being read out while

software would struggle with the distortion

being applied, and need to be effective at

speech to text translation in order to be

successful. This is a crude way to filter

humans and it is not so popular because the

user has to understand the language and the

accent in which the sound clip is recorded.

Fig.1.7 example for Audio CAPTCHA

1.1.4 ReCAPTCHA and book

Digitization:

To counter various drawbacks of the

existing implementations, researchers at

CMU developed a redesigned CAPTCHA

aptly called the reCAPTCHA. About 200

million CAPTCHAs are solved by humans

around the world every day. In each case,

roughly ten seconds of human time are

IJAEST



being spent. Individually, that's not a lot of

time, but in aggregate these little puzzles

consume more than 150,000 hours of work

each day. What if we could make positive

use of this human effort? reCAPTCHA does

exactly that by channeling the effort spent

solving CAPTCHAs online into "reading"

books.

To archive human knowledge and to

make information more accessible to the

world, multiple projects are currently

digitizing physical books that were written

before the computer age. The book pages are

being photographically scanned, and then

transformed into text using "Optical

Character Recognition" (OCR). The

transformation into text is useful because

scanning a book produces images, which are

difficult to store on small devices, expensive

to download, and cannot be searched. The

problem is that OCR is not perfect.

ReCAPTCHA improves the process of

digitizing books by sending words that

cannot be read by computers to the Web in

the form of CAPTCHAs for humans to

decipher. More specifically, each word that

cannot be read correctly by OCR is placed

on an image and used as a CAPTCHA. This

is possible because most OCR programs

alert you when a word cannot be read

correctly. But if a computer can't read such a

CAPTCHA, how does the system know the

correct answer to the puzzle? Here's how:

Each new word that cannot be read correctly

by OCR is given to a user in conjunction

with another word for which the answer is

already known. The user is then asked to

read both words. If they solve the one for

which the answer is known, the system

assumes their answer is correct for the new

one. The system then gives the new image to

a number of other people to determine, with

higher confidence, whether the original

answer was correct. Currently, reCAPTCHA

is employed in digitizing books as part of

the Google Books Project.

First line shows scanned text,

second line shows text read by OCR

Fig.1.8 examples for reCAPTCHA and

Book digitization

IJAEST



1.2 APPLICATIONS:

CAPTCHA s have several applications for

practical security, including

Preventing Comment Spam in Blogs:

Most bloggers are familiar with programs

that submit bogus comments, usually for the

purpose of raising search engine ranks of

some website (e.g., "buy penny stocks

here"). This is called comment spam. By

using a CAPTCHA, only humans can enter

comments on a blog. There is no need to

make users sign up before they enter a

comment, and no legitimate comments are

ever lost!

Protecting Website Registration: Several

companies (Yahoo!, Microsoft, etc.) offer

free email services. Up until a few years

ago, most of these services suffered from a

specific type of attack: "bots" that would

sign up for thousands of email accounts

every minute. The solution to this problem

was to use CAPTCHAs to ensure that only

humans obtain free accounts. In general, free

services should be protected with a

CAPTCHA in order to prevent abuse by

automated scripts.

Fig.1.9 example showing website

registration

Protecting Email Addresses From

Scrapers: Spammers crawl the Web

in search of email addresses posted

in clear text. CAPTCHAs provide

an effective mechanism to hide your

email address from Web scrapers.

The idea is to require users to solve

a CAPTCHA before showing your

email address. A free and secure

implementation that uses

CAPTCHAs to obfuscate an email

address can be found at

reCAPTCHA MailHide.

Online Polls: In November 1999,

http://www.slashdot.org released an

online poll asking which was the

best graduate school in computer

science (a dangerous question to ask

over the web!). As is the case with

IJAEST



http://mailhide.recaptcha.net/

most online polls, IP addresses of

voters were recorded in order to

prevent single users from voting

more than once. However, students

at Carnegie Mellon found a way to

stuff the ballots using programs that

voted for CMU thousands of times.

CMU's score started growing

rapidly. The next day, students at

MIT wrote their own program and

the poll became a contest between

voting "bots." MIT finished with

21,156 votes, Carnegie Mellon with

21,032 and every other school with

less than 1,000. Can the result of

any online poll be trusted? Not

unless the poll ensures that only

humans can vote.

Fig.1.10 example for online polling

Preventing Dictionary Attacks:

CAPTCHAs can also be used to

prevent dictionary attacks in

password systems. The idea is

simple: prevent a computer from

being able to iterate through the

entire space of passwords by

requiring it to solve a CAPTCHA

after a certain number of

unsuccessful logins. This is better

than the classic approach of locking

an account after a sequence of

unsuccessful logins, since doing so

allows an attacker to lock accounts

at will.

Search Engine Bots: It is

sometimes desirable to keep

webpage’s unindexed to prevent

others from finding them easily.

There is an html tag to prevent

search engine bots from reading

web pages. The tag, however,

doesn't guarantee that bots won't

read a web page; it only serves to

say "no bots, please." Search engine

bots, since they usually belong to

large companies, respect web pages

that don't want to allow them in.

However, in order to truly guarantee

that bots won't enter a web site,

CAPTCHAs are needed.

Worms and Spam: CAPTCHAs

also offer a plausible solution

against email worms and spam: "I

will only accept an email if I know

there is a human behind the other

computer." A few companies are

already marketing this idea.

IJAEST



Preventing Unauthorized Access:

The CAPTCHA mechanism

prevents a hacker who tries to crack

a password using Brute force

method or any other password

cracking method.

1.3 BREAKING CAPTCHA

The challenge in breaking a CAPTCHA isn't

figuring out what a message says -- after all,

humans should have at least an 80 percent

success rate. The really hard task is teaching

a computer how to process information in a

way similar to how humans think. In many

cases, people who break CAPTCHAs

concentrate not on making computers

smarter, but reducing the complexity of the

problem posed by the CAPTCHA. Let's

assume you've protected an online form

using a CAPTCHA that displays English

words. The application warps the font

slightly, stretching and bending the letters in

unpredictable ways. In addition, the

CAPTCHA includes a randomly generated

background behind the word.

A programmer wishing to break this

CAPTCHA could approach the problem in

phases. He or she would need to write an

algorithm -- a set of instructions that directs

a machine to follow a certain series of steps.

In this scenario, one step might be to convert

the image in grayscale. That means the

application removes all the color from the

image, taking away one of the levels of

obfuscation the CAPTCHA employs. Next,

the algorithm might tell the computer to

detect patterns in the black and white image.

The program compares each pattern to a

normal letter, looking for matches. If the

program can only match a few of the letters,

it might cross reference those letters with a

database of English words. Then it would

plug in likely candidates into the submit

field. This approach can be surprisingly

effective. It might not work 100 percent of

the time, but it can work often enough to be

worthwhile to spammers. What about more

complex CAPTCHAs? TheGimpy

CAPTCHA displays 10 English words with

warped fonts across an irregular

background. The CAPTCHA arranges the

words in pairs and the words of each pair

overlap one another. Users have to type in

three correct words in order to move

forward. How reliable is this approach? As it

turns out, with the right CAPTCHA-

cracking algorithm, it's not terribly reliable.

Greg Mori and Jitendra Malik published a

paper detailing their approach to cracking

the Gimpy version of CAPTCHA

1.3.1 Breaking CAPTCHAs

without OCR:

Most CAPTCHAs don't destroy the session

when the correct phrase is entered. So by

reusing the session id of a known

CAPTCHA image, it is possible to automate

IJAEST



requests to a CAPTCHA-protected page.

Manual steps: Connect to CAPTCHA page

Record session ID and CAPTCHA plaintext

Automated steps: Resend session ID and

CAPTCHA plaintext any number of times,

changing the user data. The other user data

can change on each request. We can then

automate hundreds, if not thousands of

requests, until the session expires, at which

point we just repeat the manual steps and

then reconnect with a new session ID and

CAPTCHA text. Traditional CAPTCA-

breaking software involves using image

recognition routines to decode CAPTCHA

images. This approach bypasses the need to

do any of that, making it easy to hack

CAPTCHA images.

2. AIM AND SCOPE OF THE

PROJECT

2.1 AIM:

The mainstay of this project is to avoid

tremendous attack from malicious computer

programs, CAPTCHA (Completely

Automated Public Turing test to tell

Computers and Human Apart) mechanism

has been introduced to distinguish humans

and computers.

2.2 SCOPE OF THE PROJECT:

2.2.1 Existing System:

Currently, there are mainly three kinds of

methods to implement the CAPTCHA

mechanism: OCR (Optical character

recognition) visual method, non-OCR visual

method and non-visual method.

The 2D static CAPTCHA based on OCR

visual method takes advantage of superiority

in language barrier, security and easy use,

becoming the most widely used CAPTCHA.

Commonly seen CAPTCHAs are: Gimpy

series CAPTCHA designed by Carnegie

Mellon University in 2000, Pessimal Print

CAPTCHA designed by Henry Baird from

PARC(Palo Alto Research Center) in 2000,

and Baffle Text CAPTCHA designed by

Baird in cooperation with Monica Chew

from California Berkeley in 2003. However,

with the fast development of OCR

technology based on neural network, as well

as the emergence of a variety of character

segmentation technology, CAPTCHAs of

lots of websites have been attacked. A

Russian programmer has ever cracked the

CAPTCHA mechanism of Yahoo with 35%

success rate. Also, the CAPTCHA

mechanism of Microsoft live mail has been

bothered by junk mails many times. Given

facts like these, newly designed CAPTCHAs

have become increasingly complex, so that

some of those are extremely difficult to

identify.

Though there are many different kinds of

specific implementations for non-OCR

visual method, it eventually comes down to

IJAEST



the OCR problem in general, requiring users

to identify images. It is not so widely used.

Up to now, except some research sites,

commercial sites rarely use it. Specific

implementation algorithms are: CAPTCHA

algorithm based on real object image

identification and designed by R. Datta, etc,

CAPTCHA algorithm based on image

similarity judgment and designed by J.

Elson, etc and so forth. Non-OCR visual

method is designed for special occasions and

certain user groups, thus it has very limited

applications.

Examples are: voice-based CAPTCHA

algorithm intended for visually disabled

people and designed by G. Kochanski, etc,

CAPTCHA algorithm based on

collaborative filtering and designed by M.

Chew and so forth. In conclusion, the OCR-

based 2D static visual method is the main

way to implement current CAPTCHA

mechanism. However, it could no longer

strike a balance between security and easy

use, calling for a new kind of CAPTCHA to

address this increasingly prominent

problem.

2.2.2 Proposed System :

Dynamic CAPTCHA can make it not only

extremely hard to crack for computer

programs using multiple frames, but also

easy for humans to identify. According to

anatomical, physiological and functional

characteristics of the visual system, there are

two visual pathways in the brain, the ventral

pathway, which function is to identify

objects, and the dorsal pathway, which

function is to identify spatial location and

movement of objects. Both the identifiability

and contrast ratio of images will affect

moving objects. In the right hemisphere, 3D

movement shows stronger brain activity

than 2D movement. The biological vision

theory says that the perception ability of

moving objects far exceeds that of static

objects for biological vision. For example,

we can easily recognize a running cheetah in

a jungle while could hardly notice a

stationary cheetah in the jungle. The reason

is that the human visual system can easily

reconstruct the overall shape merely from

vague displacements of parts of the moving

object.

IJAEST



3. DESIGN

3.1 ARCHITECTURE:

3-Layer Dynamic

CAPTCHA

Fig 3.1 Architecture of 3-Layer Dynamic CAPTCHA

Character Layer (A-Z|a-z|0-9)

Background Interference Layer (Image, Noise)

Foreground Interference Layer (Special Characters)

IJAEST



4. IMPLEMENTATION

4.1 MODULES:

1. Character Layer

2. Background Interference Layer

3. Foreground Layer

4.1.1 Character layer

Implementation of Character Layer is very

simple, as described below:

1. Determination of the number of

characters. CAPTCHA often

consists of 4-7 characters, and we

choose the minimum length 4.

2. Random selection of characters. Our

program randomly chooses 4

characters from a total of 62

characters consisting of 26

lowercase letters, 26 uppercase

letters and 10 Arabic numerals.

3. Determination of character

attributes. Optional character

attributes are size, font, color, tilt,

twist, spin, etc. In the same

CAPTCHA, a variety of fonts or

different sizes can easily increase

the difficulty of attack

Fig.4.1 Example for Character

layer module

4.1.2 Background Interference layer:

The background interference of this

design can include not only background

color transformation and messy pixels or

characters, etc, traditional interference

sources used in 2D static images, but also

light, smoke and texture rendering, etc, new

interference sources used in 3D dynamic

videos. In this case, we combine the

interference point and the interference

character, randomly selecting some regions

IJAEST



and generating a lot of interference points as

well as an interference character.

4.2 Example for Background

interference layer

4.1.3 Foreground Interference layer:

Different with the background interference

layer, the foreground interference is to make

the identifying characters in the character

layer incomplete, further increasing

difficulty of attack whether using single

frame or multiple frames. Foreground

interference involves character interference,

line interference and point interference. In

this case we combine all three together.

Fig.4.3 Example for foreground interference

layer

5. RESULTS

5.1 Module 1: Character layer

Unit Testing

Module Tested : Character Layer

Test Type : Unit Testing

Purpose : To verify the person

is legal user or not

Expected Behavior: Valid or invalid

user

Input : CAPTCHA code

Observed Behavior: Valid or invalid

user

Priority : High.

Integration Testing

Name : Character Layer

Test type : Integration testing

Modules involved : Carousel, Carouseldata Input : CAPTCHA code

Expected Results : Valid or invalid

user

Observed Results : Valid or invalid user

Black box testing

Input : CAPTCHA code

Process :verify whether the

entered code is correct or not

Action : blocked or verified

IJAEST



Module 1: Character layer

screen shots

For Valid Input:

Fig.5.1 Character layer screenshot for valid input Actually the code L7W5 will be in motion

which here in the figure is not visible. When

the user enters the correct CAPTCHA code

i.e “L7W5” he is considered as a valid or

authorized user as shown in the above

figure.

For Invalid Input:

Fig.5.2 character layer screenshot for invalid input Here the CAPTCHA code is “qTod” will be in motion and the user entered the code “qT “ so the code that is entered doesn’t match with CAPTCHA code. So, the user is considered as invalid user.

5.2. Module: 2

Background Interference layer

Unit Testing

Module Tested : Background Interference Layer Test Type : Unit Testing Purpose : to verify whether user is authorized or not Expected Behavior: valid or invalid user Input : CAPTCHA code

Observed Behavior: valid or invalid user Priority : High.

Integration Testing

Name : Background Interference Layer Test type : Integration testing Modules involved : Character Layer, Background Interference Layer.. Input : CAPTCHA code Expected Results : valid or invalid user Observed Results : valid or invalid user

IJAEST



Black box testing

Input : CAPTCHA code Process : checks whether the user is authorized or not Action : valid or invalid user Background Interfernce layer

screen shots:

For Valid Input:

Fig.5.3 Background Interference layer

for valid input

Here the CAPTCHA code “1JUj” will be in

motion. In the second module these

characters are displayed along with noise. If

the user can enter the correct code he is

considered as valid user as shown in the

above figure.

For Invalid Input:

Fig.5.4 Background Interference layer

for Invalid Input

Here the CAPTCHA code is “Y5Dn” but

the user entered “yndn“ . So ,the code

that is entered doesn’t match with

CAPTCHA code. So, the user is

considered as invalid or unauthorized

user.

5.3 MODULE 3: FOREROUND

INTERFERENCE LAYER

Unit Testing

Module Tested : Foreground Interference Layer Test Type : Unit Testing Purpose : to verify whether user is authorized or not Expected Behavior : valid or invalid user Input : CAPTCHA code Observed Behavior : valid or invalid user Priority : High.

Integration Testing

IJAEST



Name : Background Interference Layer Test type : Integration testing Modules involved : Character, BackGroundInterference, ForeGroundInterference Layer Input : CAPTCHA code Expected Results : valid or invalid user Observed Results : valid or invalid user

Black box testing

Input : CAPTCHA code Process : checks whether the user is authorized or not Action : valid or invalid user Foreground Interference layer

screen shots:

For Valid Input:

Fig.5.5 foreground interference layer for

valid input

Here the code is “DNF4” the user enters

the same code so he is an authorized

user.

For Invalid Input:

Fig.5.6 Foreground interference layer screenshot for valid input Here the user enters the code

which isn’t correct so he is considered as

an unauthorized or invalid user

6. SUMMARY AND CONCLUSION

6.1 SUMMARY:

CAPTCHA is Completely

Automated Public Turing Test to tell

Computers and Human Apart. CAPTCHA is

a mechanism which protects, the website

registration, Email addresses from scrapers,

and prevents unauthorised access, dictionary

attacks, and also helps in proper functioning

IJAEST



of online polling. Of late the breaking of

these CAPTCHA’s has become a major

concern. These breaking of CAPTCHAs are

possible because of the advancements in

pattern recognition tasks and Artificial

Intelligence. So, there is a need for the

development of CAPTCHA which is very

hard to break. In our project we

implemented a practical 3-Layer Dynamic

CAPTCHA which is very hard to break. We

used the disadvantages of computers in

recognising moving objects. Our

CAPTCHA consists of a code which will be

in motion making it hard for the computer to

recognise the code at the same time it’s easy

for humans to recognise it. As there are 3-

Layers the complexity of image is also more

which makes it even harder for the

computers to recognise the CAPTCHA

code. We have provided authenticity feature

using this 3-Layer Dynamic CAPTCHA.

6.2 CONCLUSION AND FUTURE

SCOPE:

In this project we implemented a practical

and safe 3-Layer Dynamic CAPTCHA

originally bonding the biological vision

theory with the single-frame zero-

knowledge theory, ensuring it not only

extremely hard to recognize every single

frame, but easy to identify for humans as

well. It also makes full use of disadvantages

of computers in recognizing numerous

moving objects from a complicated

background, making it still very difficult for

computer programs to break even using

several frames. Moreover, the 3-layer

structure makes the design of CAPTCHA

more distinct, taking on high expansibility

as well as plenty of room for sustainable

optimization.

The security analysis shows that this new

design can prevent attacks efficiently from

existing algorithms as well as possible ones

using multiple frames. Furthermore,

transformation from 2D to 3D optimizes the

visual effects, providing a new idea for the

design of CAPTCHA. In short, this project

will be a good guide for the design of next

generation CAPTCHA. Our future research

will be on how to design a more practical

and safer 3-layer dynamic CAPTCHA and

the improvement in performance of the

websites when these CAPTCHAs are

used(Generally when these type of

CAPTCHAs are used the performance

decreases as the generation requires time for

execution) .

REFERENCES

[1]. JIN Hai-kun, DU Wen-jie SHA Li-min.

Research on security model with Chinese

CAPTCHA Computer Engineering and

Design, 2006.

IJAEST



[2]. Luis von Ahn, Manuel Blum, Nicholas

J, Hopper and John Langford,The

CAPTCHA

Web Page: http://www.captcha.net, 2000.

[3]. Luis von Ahn, Manuel Blum and John

Langford, Telling Humans and Computers

Apart Automatically: How Lazy

Cryptographers do AI, In Communications

of the ACM, 2004.

[4]. L. von Ahn, M. Blum, N. Hopper, and J.

Langford. CAPTCHA: Using hard AI

problems for security. In Proceedings of

Eurocrypt, 2003, 2003.

[5]. HU Jin-rong, WANG Ling. Technique

of randomized question reading CAPTCHA

based on character feature . Computer

Engineering and Design, 2008.

[6]. R. Datta, J. Li, and J. Z. Wang.

IMAGINATION: a robust image-based

CAPTCHA generation system. Proc. of 13th

ACM Int. Conf. on Multimedia

(MULTIMEDIA 05), pp. 331–334,

November 2005.

[7]. J. Elson, J. R. Douceur, J. Howell, and J.

Saul. ASIRRA: a CAPTCHA that exploits

interest-aligned manual image

categorization. Proc. of 14th ACM Conf. on

Computer and Communications Security

(CCS 2007),pp. 366–374, October –

November 2007.

[8]. G. Kochanski, D. Lopresti, and C. Shih.

A Reverse Turing Test Using Speech. Proc.

of 7th Int. Conf. on Spoken Language

Processing, pp.1357–1360, September 2002.

[9]. M. Chew and J. Tygar. Collaborative

filtering CAPTCHAs. Proc. Of 2nd Int.

Workshop on Human Interactive Proofs ,

vol. 3517 of Lecture Notes in Computer

Science, pp. 66–81, May 2005.

[10]. Lin Hongwen, Tu Dan, and Li Guohui.

Moving Objects Detection Method Based on

Statistical Background Model. Computer

Engineering,Vol.29, No.16, p97-99,

September 2003 (in Chinese).

IJAEST



7.IJAEST-Vol-No-6-Issue-No-2-Implementation-of-Secure-Multilayered-CAPTCHA-200-219

Documents

Transcript of 7.IJAEST-Vol-No-6-Issue-No-2-Implementation-of-Secure-Multilayered-CAPTCHA-200-219