Computer character success rate, and claim that this could lead

to a complete crack with a greater than

recognition:- 60% rate.

A number of research projects have

CAPTCHA DEVELOPMENT
attempted (often with success) to beat Developers have recognized the
visual CAPTCHAs by creating programs accessibility shortcomings of the visual
that contain the following functionality: CAPTCHA and have begun research
1)Pre-processing: into sound based CAPTCHA. One major
Removal of background clutter and noise. shortcoming of CAPTCHA based on
spoken text or numbers is that
2)Segmentation: the audio has to be distorted to defeat the
Splitting the image into regions which use of automated speech recognition to
each contain a single character. solve the challenges.
Because of this distortion it becomes
3)Classification: Identifying the difficult even for a human to differentiate
character in each region. between the distortion and the
valid data.
Stem 1 and 3 are easy tasks for computers.
The only step where humans still Cracking Google captchas with
outperform computers is segmentation. If porn
the background clutter consists of shapes Apparently Spammers are re-using an old
similar to letter shapes, and the letters are but nonetheless efficient trick to defeat
connected by this clutter, the segmentation Google captchas. By offering free porn,
becomes nearly impossible with current they try to find humans who do the work
software. Hence, an effective CAPTCHA for them and enter the distorted characters
should focus on the segmentation. that are needed to fill out a Google
Several research projects have broken real registration request.
world CAPTCHAs, including one of
Yahoo's early CAPTCHAs called "EZ-
Gimpy" and the CAPTCHA used by
popular sites such as PayPal,[9] Live
Journal, php BB, and other services. In
January 2008 Network Security Research
released their program for automated
Yahoo! CAPTCHA recognition. Windows
Live Hotmail and Gmail, the other two
major free email providers, were cracked
shortly after. In February 2008 it was
reported that spammers had achieved a
success rate of 30% to 35%, using a bot, in
responding to CAPTCHAs for Microsoft's
Fig. Google captcha
Live Mail service and a success rate of
20% against Google's Gmail CAPTCHA.
A Newcastle University research team has
defeated the segmentation part of
Microsoft's CAPTCHA with a 90%
[Type the company name]
CONTENTS

1. ABSTRACT..........................................

2. INTRODUCTION...............................

3. HISTORY............................................

4. APPLICATION...................................

5. PROBLEMS.........................................

6. CRACKING CAPTCHA.....................

7. COMPUTER CAPTURE
RECOGNITION.....................................

7. RECAPTCHA.......................................

8. FUTURETRENDS...................

9. ARTIFICIAL INTELLIGENCE.........

10. CONCLUSION......................

11. RFFERENCES....................................
CAPTCHA: HUMAN VS BOTS

ABSTRACT

BY-ANKIT, DINESH, PANKAJ

We introduce captcha ,an automated test that humans can pass,
but current computer programs can't pass: any program that has
high success over a captcha can be used to solve an unsolved
Artifcial Intelligence (AI) problem. We provide several novel
constructions of captchas. Since captchas have many applications
in practical security,preventing from spam attacks,password
[Link] introduce the brief history of captcha coming into
light, our approach introduces a new class of hard problems that
can be exploited for security purposes. Much like research in
cryptography has had a positive impact on algorithms for
factoring and discrete log, we hope that the use of hard AI
problems for security purposes allows usto advance the field of
Artificial Intelligence. We introduce recaptcha which is used to
digitalige books radio conversation .New treand in captcha
development are mentioned like audio,video,image captcha.
captchas based on these AI problem families, then, imply a win-
win situation: either the problems remain unsolved and there is a
way to differentiate humans from computers, or the problems are
solved and there is a way to communicate covertly on some
channels
CAPTCHA: HUMANS VS BOTS

by: ANKIT,DINESH,PANKAJ
ABSTRACT A CAPTCHA or Captcha (pronounced /
We introduce captcha ,an anautomated test ˈkæptʃə/) is a type of challenge-
that humans can pass, but current computer response test used in computing to ensure
programs can't pass: any program that has that the response is not generated by a
high success over a captcha can be used to computer. The process usually involves
solve an unsolved Artifcial Intelligence (AI) one computer (a server) asking a user to
problem. We provide several novel complete a simple test which the computer
constructions of captchas. Since captchas is able to generate and grade. Because
have many applications in practical security, other computers are unable to solve the
our approach introduces a new class of hard CAPTCHA, any user entering a correct
problems that can be exploited for security solution is presumed to be human. Thus, it
purposes. Much like research in cryptography is sometimes described as a reverse Turing
has had a positive impact on algorithms for test, because it is administered by a
factoring and discrete log, we hope that the machine and targeted to a human, in
use of hard AI problems for security purposes contrast to the standard Turing test that is
allows usto advance the field of Artificial typically administered by a human and
Intelligence. We introduce two families of AI targeted to a machine. A common type of
problems that can be used to construct CAPTCHA requires that the user type
captchas and we showthat solutions to such letters or digits from a distorted image that
problems can be used for steganographic appears on the screenThe term
communication. captchas based on these AI "CAPTCHA" (based upon the
problem families, then, imply a win-win word capture) was coined in 2000 by Luis
situation: either the problems remain von Ahn, Manuel Blum, Nicholas J.
unsolved and there is a way to differentiate Hopper, and John lLangfordLangford(all
humans from computers, or the problems are ofCarnegie Mellon University). It is a
solved and there is a way to communicate contrived acronym for
covertly on some channels "Completely Automated Public Turing test
to tell Computers and Humans Apart."
Carnegie Mellon University attempted to
INTRODUCTION trademark the term, but the trademark
You’ve probably seen them—colorful images application was abandoned on 21 April
with distorted text in them at the bottom of 200
Web registration forms. CAPTCHAs are used
by Yahoo, Hotmail, PayPal and many other
popular Web sites to prevent automated CHARACTERISTIC
registrations ,and they work because no
computer program can currently read
A CAPTCHA is a means of automatically
distorted text as well as humans can. What
generating challenges which intends to:
you probably don’t know is that a CAPTCHA
is something
 Provide a problem easy enough for
all humans to solve.
 Prevent standard automated
software from filling out a form,
unless it is specially designed to
circumvent specific CAPTCHA
systems.

 A check box in a form that reads

"check this box please" is the
simplest (and perhaps least
effective) form of a CAPTCHA.
CAPTCHAs do not have to rely on
difficult problems in artificial
intelligence, although they can.

 In the short term, this has the

benefit of distinguishing humans
from computers. In the long term,
it creates an incentive to advance
the state of AI.
 HISTORY
First Use - Alta-Vista
In 1997 Alta Vista sought ways to block or
discourage the automatic submission of

URLs to their search engine. This free "add- GIMPYU), using only one word-image at a
URL" service is important to AltaVista time, was installed by Yahoo!, and is in use
since it broadens its search coverage. Yet currently in their chat rooms to restrict
access to only human users.
some users were abusing the service by
automating the submission of large numbers Online Polls.
of URLS, in an effort to skew AltaVista's In November 1999, [Link] released
importance ranking algorithms. Andrei an online poll asking which was the best
Broder, Chief Scientist of AltaVista, and his graduate school in computer science (a
colleagues developed a filter. Their method dangerous question to ask over the web!).
is to generate an image of printed text As is the case with most online polls, IP
addresses of voters were recorded in order
randomly so that machine vision (OCR)
to prevent single users from voting more
systems cannot read it but humans still can . than once. However, students at Carnegie
In January 2002 Broder stated that the Mellon found a way tostu_ the ballots by
system had been in use for "over a year" and using programs that voted for CMU
had reduced the number of "spam add- thousands of times. CMU's score started
URL" by "over 95%."  A U.S. patent was growing rapidly. The next day, students at
issued in April 2001. MIT wrote their own voting program and
the poll became a contest between
voting\bots". MIT finished with 21,156
Yahoo's Chat Room Problem: votes, Carnegie Mellon with 21,032 and
September 2000, Udi Manber of every other school with less than 1,000.
Yahoo! described this "chat room problem" Can the result of any online poll be
to researchers at CMU: 'bots' were joining trusted?CMU's Prof. Manual Blum, Luis A.
on-line chat rooms and irritating the people von Ahn, and John Langford articulated some
there by pointing them to advertising sites. desirable properties of a test, including :the
How could all 'bots' be refused entry to chat test's challenges can be automatically
rooms? CMU's CAPTCHA Research generated and graded the test can be taken
The CMU team developed a 'hard' GIMPY quickly and easily by human users the test
CAPTCHA which picked English words at will accept virtually all human users with
random and rendered them as images of high reliability while rejecting very few the
printed text under a wide variety of shape test will reject virtually all machine users the
deformations and image occlusions, the test will resist automatic attack for many
word images often overlapping. The user years even as technology advances.
was asked to transcribe some number of the
words correctly.  Not unless the poll
requires that only humans can vote. A
simplified version of GIMPY (EZ
APPLICATION
1)Preventing Comment Spam in Blogs :- 
Most bloggers are familiar with programs
that submit bogus comments, usually for
the purpose of raising search engine ranks
of some website (e.g., "buy penny stocks
here"). This is called comment spam. By
using a CAPTCHA, only humans can enter
comments on a blog. There is no need to
make users sign up before they enter a
comment, and no legitimate comments are
ever lost! Protecting Website Registration requiring it to solve a CAPTCHA after a
:-Several companies (Yahoo!, Microsoft, certain number of unsuccessful logins.
etc.) offer free email services. Up until a This is better than the classic approach of
few years ago, most of these services locking an account after logins, since a
suffered from a specific type of attack: " sequence of unsuccessful doing so allows
was to use CAPTCHAs to ensure that only an attacker to lock accounts at will.
humans obtain free accounts. In general,
free services should be protected with a
4)Free Email Services:- Several
CAPTCHA in order to prevent abuse by
companies (Yahoo!, Microsoft, etc.) offer
automated scripts.
free mail services, most of which suffer
from a specific type of attack: \bots" that
2)Protecting Email Addresses:- From sign up for thousands of email accounts
Scrapers. Spammers crawl the Web in every minute. This situation can be
search of email addresses posted in clear improved by requiring users to prove they
text . CAPTCHAs provide an effective are human before they can get a free email
mechanism to hide your email address account. Yahoo!, for instance, uses a
from Web scrapers. The idea is to require captcha of our design to prevent bots from
users to solve a CAPTCHA before registering for accounts. Their captcha
showing your email address. A free and asks users to read a distorted word such as
secure implementation that uses the one shown below (current computer
CAPTCHAs to obfuscate an email address programs are not as good as humans at
can be foundat  reCAPTCHA Maill Hide. reading distorted text).

3)Preventing Dictionary Attacks  :- 5)Search Engine Bots :- Some

CAPTCHAs can also bots" that would sign web sites don't want to be indexed by
up for thousands of email accounts every search engines. There is an html tag to
minute. The solution to this problem be prevent search engine bots from reading
used to prevent dictionary attacks in web pages, but the tag doesn't guarantee
password systems. The idea is simple: that bots won't read the pages; its only
prevent a computer from being able iterate serves to say \no bots, please". Search
through the entire space of password by engine bots, since they usually belong to
large companies, respect web pages that
don't want to allow them in. However,
in order to truly guarantee that bots won't
enter a web site, captchas are needed.
Worms and Spam:- captchas also offer a
plausible solution against email worms and
spam: only accept an email if you know
there is a human behind the other
computer. A few companies,such as
[Link] are already
marketing this idea.
EXAMPLE OF CAPTCHA :-
PROBLEMS:-Theoriginal CAPTCHA 
exampales are now trivial for current
algorithms to recognise, and the only
option that developers had was to increase
the complexity of the distortion.
Successive CAPTCHA systems have
added more distortion, extraneous lines
and shapes, fuzz on the letters, multiple
colours and different sizes all in an attempt
to stay ahead of the spammers. This had
lead to the current situation where the
CAPTCHAs are so complex that it’s
difficult if not impossible for a large
proportion of humans to recognise any CRACKING CAPTCHA:-
particular one, yet a sizeable proportion 1) The first method of cracking is manual.
of CAPTCHA breaking bots can solve that People from developing countries offer
same one. There is a further problem services. The competition is intense. On
with CAPTCHA – they are a complete some dedicated forums, proposals surge in
block to many web users who have visual from Vietnam or Bangladesh. They claim
difficulties. Web standards demand that lots of people are ready to work 24
alternative text for any image that contains hours a day to process hundred of
information, but that completely breaks the thousands of CAPTCHA. Rates vary from
system here. By using these tests we (as an $8 to $1 per 1,000 CAPTCHA
industry) ghettoise a complete section of
web users. Various workarounds have
2) A less expensive solution consists in
been proposed and implemented – for
using private individuals to do the work
example reCAPTCHA’s audio equivalent
free of charge. I am sure some readers
– but these tend to be extremely difficult to
remember this unusual offer, in which it
use as well.
was possible to undress “Melissa” in
exchange for some CAPTCHA work. This
allowed a spammer to create fake Yahoo
Mail accounts.
3) It is also possible to find free web and $5,000 for such algorithms, which
[Link] CAPTCHA Killer web site suppress the noise, create a black-and-
offers such services. Its designer claims white picture, break it into segments (one
letter per segment), and identify the
the offer “is 100% focused on increasing
character.
accessibility on the Internet” for the “1
Million Americans that suffer from
blindness.” The RECAPTCHA:-
4) A very technical approach uses rainbow reCAPTCHA is a free CAPTCHA
and-white picture, break it into segments service that helps to digitize books,
(one letter per segment), and identify the newspapers and old time radio shows.
character. 5) A A CAPTCHA is a program that can tell
programmer called Wangrun in the whether its user is a human or a computer.
Chinese province of Anhui says he You've probably seen them — colorful
developed software to decode CAPTCHA images with distorted text at the bottom of
systems. Depending on the complexity of Web registration forms. CAPTCHAs are
the CAPTCHA image, he charges between used by many websites to prevent abuse
$500 and $6,000 per decoder. from from "bots," or automated programs
usually written to generate spam. No
6) Spammers can also use zombie
computer program can read distorted text
machines to help them crack CAPTCHA.
as well as humans can, so bots cannot
It has been read on the Virus Bulletin web
navigate sites protected by CAPTCHAs.
site that compromised systems making up
About 200 million CAPTCHAs are solved
a large botnet were recently used to help in
by humans around the world every day In
the registration process for Windows Live
each case, roughly ten
Mail accounts. When the bot

7) Finally, turnkey tools are another

method for defeating CAPTCHA
defenses. XRumer 5 is one of them. It can
flood message and links forums, guest
books, blogs, wikis, etc.

8) A very technical approach uses

rainbow tables, in which each CAPTCHA
image is associated with its character
string. In March 2008, someone
nicknamed Maluc created PHP scripts to
download, extract, and save thousands
CAPTCHA images from Yahoo, Google,
and Hotmail. When finished, each
collection will help spammers create new
recognition tables or verify the accuracy of
its OCR algorithm. When successful, only
one millisecond is needed to compare a
new footprint with the ones included in the
database. You have to pay between $1,500 FOR DETAILS:-
[Link]/recaptcha FUTURE TREANDS:-
seconds of human time are being spent.
Individually, that's not a lot of time, but in 1)GENDER RECOGNITION:-In this
aggregate these little puzzles consume Captcha system computer will ask to
more than 150,000 hours of work each differentiate between male and female.
day. What if we could make positive use
of this human effort? reCAPTCHA does
2) EXPRESSION RECOGNITION:-
exactly that by channeling the effort spent
Captcha will ask to recognise the correct
solving CAPTCHAs online into "reading"
expression of human behaviour shown.
books. To archive human knowledge and
to make information more accessible to the
world, multiple projects are currently 3)AUDIO CAPTCHA:- A word or line
digitizing physical books that were written will be made to listen n w’ll have to type
before the computer ageThe book pages the required audio Presently in use in
are being photographically scanned, and many web sites.
then transformed into text using "Optical 4) LABEL BODY PARTS:- WILL ask
Character Recognition" (OCR). The you to type the name of body part shown
transformation into text is useful because in picture
scanning a book produces images, which
are difficult to store on small Devices ,
expensive to download and cannot be 5) IMAGE-RECOGNITION
searched. The problem is that OCR is not CAPTCHA:-Choosing the correct image
perfect among many as specified.

6) VIDEO CAPTCHA:-Enter key word

that describes the video.

7) SOLVING SIMPLE LOGICAL

PROBLEM:-ASK YOU TO SOLVE
SOME SIMPLE LOGICAL PROBLEM N
TYPE YOUR ANSWER

8) PICTURE CAPTCHA-rotate the

given picture (360) as asked .
 programmers, to work on advancing the
Advancing Artificial
field of AI. CAPTCHAs are thus a win-
Intelligence win situation: either a CAPTCHA is not
broken and there is a way to differentiate
CAPTCHA tests are based on open humans from computers, or the
problems in artificial intelligence (AI): CAPTCHA is broken and an AI problem is
decoding images of distorted text, for solved.
instance, is well beyond the capabilities of
modern computers. Therefore,
CAPTCHAs also offer well-defined
challenges for the AI community, and
induce security researchers, as well as
other malicious

A captcha is a cryptographic protocol

whose underlying hardness assumption
is based on an AI problem
 based CAPTCHAs, which is our future
work.
Overall, the design of CAPTCHA is still
an art, rather than a science. It requires
considerable study to evolve the design of
secure and usable CAPTCHAs into a
science.

CONCLUSION

We have discussed different aspects of

CAPTCHA , and the main contributions of
this paper include the following.
First, we have systematically examined
what is CAPTCH and what are its
application, future treands in captcha
design,
we have observed the following issues:

• Contrary to the common belief, text-

based
CAPTCHAs are easy to crack..

• Whether the length of strings used in a

scheme is predictable or not can have
interesting implications for both its
security and usability.

• The use of colour in a CAPTCHA can

have an impact on its usability, security
or both.

All this contributes to further our

understanding of the design of
usable and secure CAPTCHAs, for which
current collective knowledge is limited.
Second, we have proposed a simple but
novel framework for examining usability
issues of CAPTCHAs, and showed that
this
framework is applicable not only to text-
based schemes, but also to other types of
CAPTCHAs. We do not claim the list of
usability issues we have discussed is
complete, and encourage researchers to
identify more of them using our
framework. In particular, a lot more can be
explored for sound-based and image-
REFFERENCES

^ a b Greg, Mori,; Malik,

Jitendra. "Breaking a Visual CAPTCHA".
Simon Fraser University. Retrieved 2008-
12-21.

^ "Computer Literacy Tests: Are You

Human?". Time (magazine). 2008-06-05.
Retrieved 2008-06-12.

^ "Latest Status of CAPTCHA Trademark

Application". USPTO. 2008-04-21.
Retrieved 2008-12-21.

^ Kluever, Kurt (February 28,

2008). "Breaking ASP Security Image
Generator". [Link]. Retrieved 2008-
12-21.

^ Amrinder Arora (2007). "Statistics

Hacking — Exploiting Vulnerabilities in
News Websites" (PDF). International
Journal of Computer Science and Network
Security 7: 342–347.

^ Wagner N.R (2003). Verifying the

Presence of Humans: Three New
CAPTCHAs.

^ "Breaking CAPTCHAs Without Using

OCR". Howard Yeend ([Link]).
2005. Retrieved 2006-08-22.

^ "Online services allow MD5 hashes to be

cracked". Retrieved 2007-01-04.