3D Handwritten Animated Captcha Algorithm: Web Security

3D Handwritten Animated Captcha Algorithm: Web Security

Neha Chandrakant Mutha

NRI Institute of Information Science & Technology Bhopal, India.

Dr. Samidha D. Sharma

Dept.Of Information Technology,

NRI Institute of Information Science & Technology, Bhopal, India.

Abstract

Now days we daily use internet and websites but some malicious computer programs have attempted to attack on websites. CAPTCHA is a standard security technology used to distinguish between human and computer. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Human Apart. It uses a type of challenge-response test to find that the response is not generated by a computer. The spam- boats have now been made intelligent enough to break simple CAPTCHA while complicated CAPTCHA is difficult for the humans to solve. In this paper, we propose a new CAPTCHA implementation mechanism based on 3D handwritten Animated CAPTCHA.

Keywords

CAPTCHA, Computer vision, Artificial Intelligence, Image recognition, Handwritten CAPTCHA, Three- dimensional Animation.

1. Introduction

   In daily life every one use internet and websites but some malicious computer programs have attempted to attack on websites. CAPTCHA is a standard security technology used to distinguish between human and computer program which is used for preventing malicious programs to access web resources automatically. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Human Apart.

   For E.g. for creating of account users are commonly asked to fill out registration forms by entering their personal information.

   This procedure also carried out by computer which is not a human automatically however, registration can be done by automated hacking software by filling fake information of human. This may result in numbers of fake accounts creation which can even stop the running of the web site. They fill a form automatically with wrong information because of this activity a server may jam and genuine user suffers which results in access of web resources, wastage of large amount of disk space, slow down the speed of server etc.For solution to these types of problems, to check out whether the user is human or computer CAPTCHA is used. The AI has now been made intelligent enough to break simple CAPTCHA while complicated CAPTCHA is difficult for the humans to solve.

   In this paper, 3D handwritten animated CAPTCHA was proposed in which characters and numbers are selected for generation of CAPTCHA. The typical CAPTCHA graphical user interface consists of two parts: a character image with noise, and an input textbox. CAPTCHAs shows on website with label box in which only a few characters shoes at a time and hides the remaining characters using animation effects. This model cannot be solved by OCR programs because of its various features. The new CAPTCHA should be user human friendly and at the same time very difficult to be recognized by any computer. In second section we gather the related work which is previously done. In third section proposed system is explained and in next section discussion is done on our system with its pros and cons. In fifth section conclusion is made. In next section acknowledgement is given with references.

2. Literature Survey

   The first CAPTCHA was proposed by researchers at Carnegie Mellon University. CAPTCHA is created in 2000 for Yahoo to prevent automated e-mail account registration, by Luis von Ahn, Manuel Blum, Nicholas Hopper and John Langford.

   CAPTCHA is divided into following types

   1. Text Based CAPTCHA

      1. Gimpy, ez-gimpy

         In this type of CAPTCHA a word is picked from a small dictionary and distort them with adding noise and background

         Figure 1. Gimpy, ez-gimpy CAPTCHA

      2. Gimpy-r, Googles CAPTCHA

         In this type of CAPTCHA a letter is picked randomly and distort them, add noise and background

         Figure 2. Gimpy-r, Googles CAPTCHA

      3. Simards HIP

         In this type of CAPTCHA a letter is picked randomly and distort them and add arcs

         Figure 3. Simards HIP CAPTCHA

         1. Simple OCR based CAPTCHA

            It is based on Optical Character-Recognition Pattern. OCR-based methods show images of words making distortion so that human can get words of images easily but computer programs or bots cannot [11].

            Figure 4. Simple OCR based CAPTCHA Limitations

            Because of development of AI simple CAPTCHA is being cracked by any computer program easily.

            For example, The CAPTHCA implementation on Yahoo Mail's login website has been defeated by a Russian researcher group [19 ].

            Microsoft live mail has also been captured by junk mails for many times [12] [21]. Many websites have been facing similar critical attacks. And the increasingly attacks are the main reason of improved 2D still image .

         2. Complex OCR-based CAPTCHA

            In complex OCR based CAPTCHA developers add extra noise and interference into CAPTCHA images, for making verification image complex and complicated in front of attackers.

            Limitations

            Because of extra noise and interferences these changes cause much more difficulty for human users to read the word of CAPTCHA. So user cannot identify correct CAPTCHA and time complexity increases to find CAPTCHA.

            Figure 5. Complex OCR-based CAPTCHA

         3. Audio CAPTCHA

            Those human have poor vision cannot solve normal CAPTCHA So alternative option is the Audio CAPTCHA has been developed. In this CAPTCHA text CAPTCHA shown as well as audio CAPTCHA is audible.

            Figure 6. Audio CAPTCHA

            Limitations

            Due to background noise it is difficult to understand,

            Many characters have similar sound so it confuses the listener and also there is some unfamiliar word to non- English human.

         4. Logical Questions

            Answering simple logical questions is also one type of CAPTCHA. This CAPTCHA service has million questions in its database and user has to solve that questions and give proper answering of that.

            Such as:

            The 2nd letter in solution is?

            Which of 4, 21, 70, 45 or 65 is the lowest?

            Limitations

            The logic questions are language specific to English. Logical questions require greater intelligence ability It uses real words rather than a random sequence.

            The time required to read and understand the question will vary because they are unusual and unknown to users. Computers can break these CAPTCHAs with the help of Search Engines.

         5. Image Recognition CAPTCHA

            One more type of CAPTCHA is Image Recognition. Microsoft has also researched in this type of CAPTCHA through its Asirra project. In this CAPTCHA new experiment with photography or image recognition is carried out.

            Human/users ask to identify the object which is shown in images.

            Figure 7. Image Recognition CAPTCHA

            Limitations

            Main disadvantage of this type of CAPTCHA is storage, near about 10 to 12 images are store in database for one CAPTCHA so it increases space complexity.

            If less number of images store in database then brute force attack can be possible on database.

            Its security is lost if its database is cracked, it requires more screen space than a regular text CAPTCHA. Again visually impaired users have no chance to solve this type of CAPTCHA, it doesnt improve usability.

         6. Friend Recognition CAPTCHA

            In friend recognition CAPTCHA we use social authentication as a result of an effort by social- networking sites like Facebook.

            We will sho you a few pictures of your friends and ask you to name the person in those photos. Any computer automated programs cannot answer who is your friend.

            Figure 8. Friend Recognition CAPTCHA Limitations

            There are some more problems like some time you dont know who your friends are? Because reality is that friend requests are accepted or exchanged between even unknown peoples also and it is difficult to remembering names to go with all those faces.

            Privacy concerns are also break due to this method.

         7. Avatar CAPTCHA

            CAPTCHA algorithm designed by Y.Rui is about recognition of human face [1]. CAPTCHA algorithm proposed by J.Elson is based on distinguishing between similar photos [8]; R.Datta's work is relied on recognition of photos [4].

            Avatar CAPTCHA: Telling Computers and Humans Apart via Face Classification. This CAPTCHA asks users to identify avatar faces from a set of 12 images which is of a mix of human and avatar faces.

            User has to select all artificial faces.

            • 3D Characters

            • Handwritten Characters

            • Animation

            • Display Technique

         Limitations

         Figure 9. Avatar CAPTCHA

         Step 1:

         Store such Handwritten CAPTCHA in 3D Form into database. This stores height, width as well as depth of character according to the value of x, y and z coordinates.

         Step 2:

         Generate CAPTCHA on screen by random selection. For storing 3D coordinates used but for display is in

         Main disadvantage of this type of CAPTCHA is

         storage, near about 10 to 12 images are store in database for one CAPTCHA so it increases space complexity

         Its security is lost if its database is compromised, it requires more screen space than a regular text CAPTCHA.

3. Proposed system

   1. Algorithm

      To design a CAPTCHA this will omit the demerits of current CAPTCHA. The new CAPTCHA should be human friendly and at the same time very difficult to be recognized by any computer.

      Design a 3D handwritten animated CAPTCHA which shows handwritten characters and numbers and shows only a few characters at a time and hides the remaining characters with the help of animation.

      CAPTCHA is based on some Techniques such as

      2D.

      Step 3:

      Draw frames in given box so animation can be generated. Animated frames are differ to each other in aspect of size, font, scale, color, tilt, multimedia effects, noise distortion, background, contrast of color, intensity of pixels etc.

      Step 4:

      Due to speed animation is created and CAPTCHA looks like moving.

      Step 5:

      Moving CAPTCHA not seen as complete image to user at a time. So using AI cannot be capture the CAPTCHA, even it captures, the whole image is not recognized. So repeat each frame of drawing and save animation.

      Step 6:

      CAPTCHA is typed by user in given input box.

4. Advantages

   First advantage is that characters are handwritten and selected randomly so cannot be recognized by any software.

   If any software tries to identify, the characters are stored in 3D form. So again this feature makes it difficult to computer.

   Another advantage is that it uses animation so no one can capture image. Even if it is captured the whole CAPTCHA text cannot be recognize because in animation whole word is not seen in box.

   To reduce the time consumption user can type the letters of CAPTCHA in text box.

   1. Application

      • Worms and Spam

      • Preventing Comment Spam in Blogs

      • Protecting Email Addresses

      • Online Polls

      • Protecting Website Registration

      • Preventing Dictionary Attacks

      • Search Engine Bots

      • Book Digitization

5. Conclusion

   It is an effective random algorithm to produce handwritten CAPTCHA which are relatively difficult for OCRs to recognize, while being very user/human friendly as made up of human handwritten letters. Another advantage is that it is 3D CAPTCHA so very difficult to recognize by computer or capture by computer. CAPTCHA letters are shown in animated form and not seen by user complete word at a time in frame. So user cannot Capture CAPTCHA

6. Acknowledgments

   I would like to acknowledge all the people who have been of the help and assisted me for this paper. I would like to thank my respected guide Dr. Samidha D. Sharma, Professor and Head of Department in Information Technology at NIIST for time-to-time guidance, encouragement, and valuable suggestions and also my lovely parents and husband for their valuable support and encouragement.

7. References

1. Y. Rui and Z. Liu. ARTIFACIAL: Automated reverse turing test using facial features. Technical Report MSRTR-2003-48, Microsoft, April 2003.

2. L. von Ahn,M. Blum, and J. Langford, Telling Humans and Computers Apart Automatically, Communications of the ACM, February 2004.

3. M.Chew and J.Tygar, "Image Recognition CAPTCHAs," in Information Security Conference, Palo Alto, California, 2004.

4. R. Datta, J. Li, and J. Z. Wang. IMAGINATION: a robust image-based CAPTCHA generation system. Proc. of 13th ACM Int. Conf. on Multimedia (MULTIMEDIA 05), pp. 331334, November 2005.

5. Zhou Xihan, Liu Bo and Zhou HeQin, A Motion Detection Algorithm Based on Background Subtraction and Symmetrical Differencing, Computer Simulation, , vol.22, p117-119,2005.

6. Athanasopoulos, E., Antonatos, S., Enhanced CAPTCHAs: Using Animation to Tell Humans and computers Apart, LNCS pp. 97-108,2006.

7. D. Misra and K. Gaj, "Face Recognition CAPTCHAs," in International Conference on Internet and Web Applications and Services (AICT-ICIW ' 06), Guadeloupe, French Caribbean, 2006, pp. 122-122, 2006.

8. J. Elson, J. R. Douceur, J. Howell, and J. Saul. ASIRRA: a CAPTCHA that exploits interest-aligned manual image categorization. Proc. of 14th ACM Conf. on Computer and Communications Security (CCS 2007), pp. 366 374, October November 2007.

9. Wang Jianping, Liu Wei and Wang Jinling, A Moving Object Detection and Recognition Method in Video Sequences, Computing Technology and Automation, vol.26, p78-80,2007.

10. J. Elson, J. Douceur, J. Howell and J. Saul, "Asirra: a CAPTCHA that exploits interest-aligned manual image categorization," in 14th ACM conference on Computer and Communications Security, Alexandria, Virginia, USA, 2007.

11. Mohammad Shirali-Shahreza and Sajad Shirali- Shahreza, Advanced Collage CAPTCHA, Fifth International Conference on Information Technology: New Generations, p1234-1235,2008.

12. Yan, J. and Salah El Ahmad, A. A Low-cost Attack on a Microsoft CAPTCHA, In CCS'08. Proceedings of the 15th ACM Conference on Computer and

13. Communications Security, Alexandria, Virginia, USA, October 27-31, 2008.

14. R. Gossweiler, M. Kamvar and S. Baluja, "What's up CAPTCHA?: a CAPTCHA based on image orientation," in 18th international conference on World wide web, Madrid, Spain, pp. 841-850,2009.

15. Wenjun Zhang :Zhangs CAPTCHA Architecture Based on Intelligent Interaction via RIA 2nd International Conference on Computer Engineering and Technology IEEE vol 6 pp 57-62, 2010.

16. C. Jing-Song, M. Jing-Ting, Z. Wu-Zhou, W. Xia and Z. Da, "A CAPTCHA Implementation Based on Moving Objects Recognition Problem," in International Conference on EBusiness and E- Government (ICEE) Shanghai, China, , pp. 1277- 1280,2010.

17. Mukta Rao, Nipur Singh Random Handwritten CAPTCHA: Web Security with a Difference I.J. Information Technology and Computer Science9, 53-58, 2012.

18. Neha C. Mutha, Samidha D. Sharma Handwritten 3D Animated CAPTCHA International Journal of Computer Applications [IJCA] ISBN: 973-93- 80874-3-2h,35-40, May 2013.

19. Carnegie Mellon. (2010, Jan.). The ofcial CAPTCHA website. C. M. University. [Online]. Available: http://www.captcha.net.

20. Thomas Claburn, Yahoos CAPTCHA Security Reportedly Broken, http://www.informationweek.com/news/internet/w ebdev/showArticle.jhtml?articleID=205900620.

21. http://coding.smashingmagazine.com/2011/03/04/i n-search-of-the-perfect-captcha/

22. Microsoft Live Hotmail CAPTCHA-Hacked in 6 seconds,

http://news.softpedia.com/news/Microsoft-Live- Hotmail-CAPTCHAHacked-In-6-Seconds- 83341.shtml