7.IJAEST-Vol-No-6-Issue-No-2-Implementation-of-Secure-Multilayered-CAPTCHA-200-219 by ISERP ISERP

Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219

Implementation of Secure Multilayered CAPTCHA Ramesh Babu .A1

Praveen kumar .K2

Dr. Srinivasa Rao.V3

Student (M.Tech) Sr.Lecturer Professor & Head Department of Computer Science and Engineering V R Siddhartha Engineering College Vijayawada, A.P-520007

rameshbabu023@gnail.com1 praveen@vrsiddhartha.ac.in hodcse@vrsiddhartha.com3

ABSTRACT

attack from malicious computer program.

In order to avoid tremendous attack from

The 3-layered dynamic CAPTCHA can be

malicious computer programs, CAPTCHA

implemented

(Completely Automated Public Turing test

concept. Three layers are: Character Layer,

to tell Computers and Human Apart)

Background

mechanism

Foreground Interference Layer.

using

has

been

introduced

distinguish humans and computers. They are

the

Interference

â&#x20AC;&#x153;layeredâ&#x20AC;?

Layer

and

used to protect various kinds of online

Keywords

ser vices fr om advertising spam, brute

CAPTCHA; 3-layer; dynamic; single-frame zero knowledge theory; biological vision theory; moving objects recognition

force attacks and denial of service by automatic computer programs. In general the present CAPTCHAS are 2D. Due to the

1. INTRODUCTION CAPTCHA is a program that can tell

artificial intelligence technology, there are

whether its user is a human or a computer. It

increasing

can also be defined as the program that can

fast development of pattern recognition and safety

loopholes

concerning

traditional 2D static CAPTCHAs, resulting

generate and grade tests that:

in that certain malicious computer programs

a. Most humans can pass

could launch serious program attack through

b. Current computer programs cannot pass

breaking such CAPTCHA.

So in our project we propose a practical and safe 3-layer dynamic CAPTCHA which is very hard to break and which prevent the

ISSN: 2230-7818

Page 200

Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219

a human. The interrogator can't see or hear the participants and has no way of knowing which is which. If the interrogator is unable to figure out which participant is a machine based on the responses, the machine passes the

Turing

Test.Of

course,

with

CAPTCHA, the goal is to create a test that humans can pass easily but machines can't. It's also important that the CAPTCHA application is able to present different

Fig 1.1 Functionality of CAPTCHA

CAPTCHAs to different users. If a visual CAPTCHA presented a static image that was

• Completely

the same for every user, it wouldn't take long

CAPTCHA is an acronym for

before

spammer

spotted

the

form,

deciphered the letters, and programmed an

•

Automated

•

Public

•

Turing test to tell

•

Computers and

•

Humans

the user with a series of spoken letters or

•

Apart

numbers. It's not unusual for the program to

application to type in the correct answer automatically.

One alternative to a visual test is an audible

one. An audio CAPTCHA usually presents

distort the speaker's voice, and it's also common for

the program to include

CAPTCHA technology has its foundation in

background noise in the recording. This

an experiment called the Turing Test. Alan

helps thwart voice recognition programs.

Turing, sometimes called the father of

Another option is to create a CAPTCHA

modern computing, proposed the test as a

that asks the reader to interpret a short

way to examine whether or not machines

passage of text. A contextual CAPTCHA

can think -- or appear to think -- like

quizzes the reader and tests comprehension

humans. The classic test is a game of

skills. While computer programs can pick

imitation. In this game, an interrogator asks

out key words in text passages, they aren't

two participants a series of questions. One of

very good at understanding what those

the participants is a machine and the other is

words actually mean.

ISSN: 2230-7818

Page 201

Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219

In 2007 nearly 95% of the mails received by the world’s Internet users were junk mails. Similar situations are registering user accounts maliciously, cracking account passwords with brute force, etc. All of these bring a great threat to the network.

comes into being, which is short for Completely Automated Public Turing Test to Tell Computers and Humans Apart. In first CAPTCHA group, followed by many

scholars studying CAPTCHA to find how to better tell between humans and computers in order

to prevent

from

issuing

advertisements or other useless information have

recklessly, message boards of BBS, blog and wiki

widely

with some questions which only a human user can solve. Examples of such questions 1. What is twenty minus three? 2. What is the third letter in UNIVERSITY? 3. Which of Yellow, Thursday and Richard is a colour?

4. If yesterday was a Sunday, what is today? Such questions are very easy for a

human user to solve, but it’s very difficult to

2000 Carnegie Mellon University set up the

programs

yet novel approach is to present the user

happening again, CAPTCHA mechanism

malicious

These are simple to implement. The simplest

are:

In order to prevent similar incidents from

apart. Currently,

1.1.1 Text CAPTCHAs:

used

CAPTCHA

mechanism, requiring that users must input

program a computer to solve them. These are also friendly to people with visual disability – such as those with colour blindness. Other text CAPTCHAs involves text distortions and the user is asked to identify the text hidden. The various implementations are:

1.1.1.1 Gimpy:

CAPTCHA also plays a significant role in

Gimpy is a very reliable text CAPTCHA

the correct letters to leave a message. limiting usage rate. For example, the automatic use of a particular service is allowed unless such use goes beyond certain

built by CMU in collaboration with Yahoo for their Messenger service. Gimpy is based on the human ability to read extremely

1.1 TYPES OF CAPTCHAS

distorted text and the inability of computer

CAPTCHAs are classified based on what is

programs to do the same. Gimpy works by

distorted and presented as a challenge to the

choosing ten words randomly from a

user. They are:

dictionary, and displaying them in a

ISSN: 2230-7818

Page 202

Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219

distorted and overlapped manner. Gimpy then asks the users to enter a subset of the words in the image. The human user is capable of identifying the words correctly,

overcomes

the

drawback

Gimpy

CAPTCHA because, Gimpy uses dictionary words and hence, clever bots could be designed to check the dictionary for the matching word by brute-force.

whereas a computer program cannot.

Fig.1.3 Ez-Gimpy example

1.1.1.3 MSN CAPTCHA: Microsoft

Fig.1.2 Gimpy example 1.1.1.2 Ez-Gimpy:

uses

different

CAPTCHA for services provided under MSN umbrella. These are popularly called MSN Passport CAPTCHAs. They use eight

This is a simplified version of the Gimpy CAPTCHA, adopted by Yahoo in

their signup page. Ez â&#x20AC;&#x201C; Gimpy randomly picks a single word from a dictionary and

applies distortion to the text. The user is

characters

(upper

case)

and

digits.

Foreground is dark blue, and background is grey. Warping is used to distort the characters, to produce a ripple effect, which makes computer recognition very difficult.

then asked to identify the text correctly. This was developed by Henry Baird

at University of California at Berkeley. This is a variation of the Gimpy. This doesnâ&#x20AC;&#x2122;t contain dictionary words, but it picks up random alphabets to create a nonsense but pronounceable text. Distortions are then added to this text and the user is challenged to guess the right word. This technique

ISSN: 2230-7818

Page 203

Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219

Fig.1.5 Bongo example 1.1.2.2 PIX:

PIX is a program that has a large database of labeled images. All of these images are

Fig.1.4 MSN CAPTCHA example

pictures of concrete objects (a horse, a table, a house, a flower). The program picks an

1.1.2 Graphic CAPTCHAs: Graphic CAPTCHAs are challenges

that involve pictures or objects that have some sort of similarity that the users have to guess. They are visual puzzles, similar to Mensa tests. Computer generates the puzzles to solve it.

and grades the answers, but is itself unable

1.1.2.1 Bongo:

object at random, finds six images of that object from its database, presents them to the user and then asks the question “what are these

pictures

of?”

Current

computer

programs should not be able to answer this question, so PIX should be a CAPTCHA. However,

PIX,

stated,

not

CAPTCHA: it is very easy to write a program that can answer the question “what are these pictures of?” Remember that all

the program we call BONGO [2]. BONGO

the code and data of a CAPTCHA should be

Another example of a CAPTCHA is who

publicly available; in particular, the image

published a book of pattern recognition

database that PIX uses should be public.

problems in the 1970s [3]. BONGO asks the

Hence, writing a program that can answer

user to solve a visual pattern recognition

the question “what are these pictures of?” is

problem. It displays two series of blocks, the

easy: search the database for the images

left and the right. The blocks in the left

presented and find their label. Fortunately,

series differ from those in the right, and the

this can be fixed. One way for PIX to

user must find the characteristic that sets

become a CAPTCHA is to randomly distort

them apart.

the images before presenting them to the

named after

M.M.

Bongard,

user, so that computer programs cannot

ISSN: 2230-7818

Page 204

Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219

easily search the database for the undistorted

spoken language. Nancy Chan of the City

image. Pick the common characteristic

University in Hong Kong was the first to

among

implement a sound-based system of this

the

following

pictures-----

â&#x20AC;?Aeroplaneâ&#x20AC;?

type. The idea is that a human is able to efficiently disregard the distortion and interpret the characters being read out while software would struggle with the distortion being applied, and need to be effective at speech to text translation in order to be

successful. This is a crude way to filter humans and it is not so popular because the user has to understand the language and the

accent in which the sound clip is recorded.

Fig.1.6 PIX example

1.1.3 Audio CAPTCHA: The final example we offer is based

on sound. The program picks a word or a sequence of numbers at random, renders the word or the numbers into a sound clip and distorts the sound clip; it then presents the distorted sound clip to the user and asks users to enter its contents. This CAPTCHA is based on the difference in ability between humans and computers in recognizing

ISSN: 2230-7818

Fig.1.7 example for Audio CAPTCHA

1.1.4

ReCAPTCHA and book

Digitization: To counter various drawbacks of the existing implementations, researchers at CMU developed a redesigned CAPTCHA aptly called the reCAPTCHA. About 200 million CAPTCHAs are solved by humans around the world every day. In each case, roughly ten seconds of human time are

Page 205

Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219

being spent. Individually, that's not a lot of

by OCR is given to a user in conjunction

time, but in aggregate these little puzzles

with another word for which the answer is

consume more than 150,000 hours of work

already known. The user is then asked to

each day. What if we could make positive

read both words. If they solve the one for

use of this human effort? reCAPTCHA does

which the answer is known, the system

exactly that by channeling the effort spent

assumes their answer is correct for the new

solving CAPTCHAs online into "reading"

one. The system then gives the new image to

books.

a number of other people to determine, with higher confidence, whether the original

make information more accessible to the

answer was correct. Currently, reCAPTCHA

world,

is employed in digitizing books as part of

multiple projects

are currently

digitizing physical books that were written

the Google Books Project.

before the computer age. The book pages are

To archive human knowledge and to

being photographically scanned, and then transformed Character

into

text

Recognition"

using

"Optical

(OCR).

The

transformation into text is useful because

scanning a book produces images, which are difficult to store on small devices, expensive

second line shows text read by OCR

to download, and cannot be searched. The

First line shows scanned text,

problem is that OCR is not perfect. ReCAPTCHA improves the process of digitizing books by sending words that

cannot be read by computers to the Web in the form of CAPTCHAs for humans to decipher. More specifically, each word that cannot be read correctly by OCR is placed on an image and used as a CAPTCHA. This is possible because most OCR programs alert you when a word cannot be read correctly. But if a computer can't read such a CAPTCHA, how does the system know the

Fig.1.8 examples for reCAPTCHA and Book digitization

correct answer to the puzzle? Here's how: Each new word that cannot be read correctly

ISSN: 2230-7818

Page 206

Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219

1.2 APPLICATIONS: CAPTCHA s have several applications for practical security, including Preventing Comment Spam in Blogs: Most bloggers are familiar with programs that submit bogus comments, usually for the some website (e.g., "buy penny stocks here"). This is called comment spam. By using a CAPTCHA, only humans can enter

purpose of raising search engine ranks of

Fig.1.9

example

make users sign up before they enter a

registration

showing

website

comments on a blog. There is no need to comment, and no legitimate comments are

Protecting Email Addresses From

ever lost!

Scrapers: Spammers crawl the Web in search of email addresses posted

companies (Yahoo!, Microsoft, etc.) offer

in clear text. CAPTCHAs provide

free email services. Up until a few years

an effective mechanism to hide your

ago, most of these services suffered from a

email address from Web scrapers.

specific type of attack: "bots" that would

The idea is to require users to solve

a CAPTCHA before showing your

every minute. The solution to this problem

email address. A free and secure

was to use CAPTCHAs to ensure that only

implementation

humans obtain free accounts. In general, free

CAPTCHAs to obfuscate an email

services

address

Protecting Website Registration: Several

should

protected

with

CAPTCHA in order to prevent abuse by automated scripts.

can

that be

found

uses at

reCAPTCHA MailHide. Online Polls: In November 1999, http://www.slashdot.org released an online poll asking which was the best graduate school in computer science (a dangerous question to ask over the web!). As is the case with

ISSN: 2230-7818

Page 207

Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219

most online polls, IP addresses of

being able to iterate through the

voters were recorded in order to

entire

prevent single users from voting

requiring it to solve a CAPTCHA

more than once. However, students

after

at Carnegie Mellon found a way to

unsuccessful logins. This is better

stuff the ballots using programs that

than the classic approach of locking

voted for CMU thousands of times.

an account after a sequence of

CMU's

growing

unsuccessful logins, since doing so

rapidly. The next day, students at

allows an attacker to lock accounts

MIT wrote their own program and

at will.

started

the poll became a contest between voting "bots." MIT finished with

passwords

certain

number

Engine

sometimes

Bots:

desirable

by of

is keep

webpageâ&#x20AC;&#x2122;s unindexed to prevent

21,156 votes, Carnegie Mellon with

score

space

21,032 and every other school with less than 1,000. Can the result of any online poll be trusted? Not

unless the poll ensures that only humans can vote.

others from finding them easily. There is an html tag to prevent search engine bots from reading web pages. The tag, however, doesn't guarantee that bots won't

read a web page; it only serves to

that don't want to allow them in. However, in order to truly guarantee

Worms and Spam: CAPTCHAs also offer a plausible solution

CAPTCHAs can also be used to attacks

password systems. The idea is simple: prevent a computer from

ISSN: 2230-7818

large companies, respect web pages

CAPTCHAs are needed.

Preventing Dictionary Attacks: dictionary

bots, since they usually belong to

that bots won't enter a web site,

Fig.1.10 example for online polling

prevent

say "no bots, please." Search engine

against email worms and spam: "I will only accept an email if I know there is a human behind the other computer." A few companies are already marketing this idea.

Page 208

Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219

Preventing Unauthorized Access:

obfuscation the CAPTCHA employs. Next,

The

mechanism

the algorithm might tell the computer to

prevents a hacker who tries to crack

detect patterns in the black and white image.

password using Brute force

The program compares each pattern to a

method or any other password

normal letter, looking for matches. If the

cracking method.

program can only match a few of the letters,

CAPTCHA

it might cross reference those letters with a database of English words. Then it would

The challenge in breaking a CAPTCHA isn't

plug in likely candidates into the submit

figuring out what a message says -- after all,

field. This approach can be surprisingly

humans should have at least an 80 percent

effective. It might not work 100 percent of

success rate. The really hard task is teaching

the time, but it can work often enough to be

a computer how to process information in a

worthwhile to spammers. What about more

1.3 BREAKING CAPTCHA

way similar to how humans think. In many

complex

cases,

CAPTCHA displays 10 English words with

people who break CAPTCHAs

concentrate not

on making computers

warped

CAPTCHAs?

fonts

across

TheGimpy an

irregular

background. The CAPTCHA arranges the

problem posed by the CAPTCHA. Let's

words in pairs and the words of each pair

assume you've protected an online form

overlap one another. Users have to type in

using a CAPTCHA that displays English

three correct words in order to move

smarter, but reducing the complexity of the

words. The application warps the font

forward. How reliable is this approach? As it

slightly, stretching and bending the letters in

turns out, with the right CAPTCHA-

unpredictable

the

cracking algorithm, it's not terribly reliable.

CAPTCHA includes a randomly generated

Greg Mori and Jitendra Malik published a

addition,

ways.

background behind the word.

paper detailing their approach to cracking

A programmer wishing to break this

the Gimpy version of CAPTCHA

CAPTCHA could approach the problem in phases. He or she would need to write an

1.3.1

Breaking

CAPTCHAs

algorithm -- a set of instructions that directs a machine to follow a certain series of steps. In this scenario, one step might be to convert the image in grayscale. That means the application removes all the color from the image, taking away one of the levels of

ISSN: 2230-7818

without OCR: Most CAPTCHAs don't destroy the session when the correct phrase is entered. So by reusing the session id

known

CAPTCHA image, it is possible to automate

Page 209

Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219

requests to a CAPTCHA-protected page.

mechanism:

Manual steps: Connect to CAPTCHA page

recognition) visual method, non-OCR visual

Record session ID and CAPTCHA plaintext

method and non-visual method.

OCR

(Optical

character

Automated steps: Resend session ID and The 2D static CAPTCHA based on OCR

changing the user data. The other user data

visual method takes advantage of superiority

can change on each request. We can then

in language barrier, security and easy use,

automate hundreds, if not thousands of

becoming the most widely used CAPTCHA.

requests, until the session expires, at which

Commonly seen CAPTCHAs are: Gimpy

point we just repeat the manual steps and

series CAPTCHA designed by Carnegie

then reconnect with a new session ID and

Mellon University in 2000, Pessimal Print

CAPTCHA text. Traditional CAPTCA-

CAPTCHA designed by Henry Baird from

breaking software involves using image

PARC(Palo Alto Research Center) in 2000,

CAPTCHA plaintext any number of times,

recognition routines to decode CAPTCHA

and Baffle Text CAPTCHA designed by

images. This approach bypasses the need to

Baird in cooperation with Monica Chew

do any of that, making it easy to hack

from California Berkeley in 2003. However,

CAPTCHA images.

with

the

fast

development

OCR

technology based on neural network, as well as the emergence of a variety of character

2.1 AIM:

2. AIM AND SCOPE OF THE PROJECT

segmentation technology, CAPTCHAs of lots of websites have been attacked. A Russian programmer has ever cracked the CAPTCHA mechanism of Yahoo with 35%

tremendous attack from malicious computer

success

programs,

(Completely

mechanism of Microsoft live mail has been

Automated Public Turing test to tell

bothered by junk mails many times. Given

Computers and Human Apart) mechanism

facts like these, newly designed CAPTCHAs

has been introduced to distinguish humans

have become increasingly complex, so that

and computers.

some of those are extremely difficult to

The mainstay of this project is to avoid CAPTCHA

rate.

Also,

the

CAPTCHA

identify. 2.2 SCOPE OF THE PROJECT: 2.2.1 Existing System:

Though there are many different kinds of

Currently, there are mainly three kinds of

specific

methods to implement the CAPTCHA

visual method, it eventually comes down to

ISSN: 2230-7818

implementations

for

non-OCR

Page 210

Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219

2.2.2 Proposed System :

to identify images. It is not so widely used.

Dynamic CAPTCHA can make it not only

Up to now, except some research sites,

extremely hard to crack for computer

commercial sites rarely use it. Specific

programs using multiple frames, but also

implementation algorithms are: CAPTCHA

easy for humans to identify. According to

algorithm based on real object image

anatomical, physiological and functional

identification and designed by R. Datta, etc,

characteristics of the visual system, there are

CAPTCHA algorithm based on image

two visual pathways in the brain, the ventral

similarity judgment and designed by J.

pathway, which function is to identify

Elson, etc and so forth. Non-OCR visual

objects, and the dorsal pathway, which

method is designed for special occasions and

function is to identify spatial location and

certain user groups, thus it has very limited

movement of objects. Both the identifiability

applications.

and contrast ratio of images will affect

the OCR problem in general, requiring users

moving objects. In the right hemisphere, 3D

are:

voice-based

CAPTCHA

movement shows stronger brain activity

algorithm intended for visually disabled

than 2D movement. The biological vision

people and designed by G. Kochanski, etc,

theory says that the perception ability of

CAPTCHA

moving objects far exceeds that of static

collaborative filtering and designed by M.

objects for biological vision. For example,

Chew and so forth. In conclusion, the OCR-

we can easily recognize a running cheetah in

algorithm

based

Examples

a jungle while could hardly notice a

way to implement current CAPTCHA

stationary cheetah in the jungle. The reason

mechanism. However, it could no longer

is that the human visual system can easily

strike a balance between security and easy

reconstruct the overall shape merely from

based 2D static visual method is the main

use, calling for a new kind of CAPTCHA to

vague displacements of parts of the moving

address

object.

this

increasingly

prominent

problem.

ISSN: 2230-7818

Page 211

Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219

3. DESIGN 3.1 ARCHITECTURE:

Background Interference Layer (Image, Noise)

Foreground Interference Layer (Special Characters)

Character Layer (A-Z|a-z|0-9)

3-Layer

Dynamic

CAPTCHA

Fig 3.1 Architecture of 3-Layer Dynamic CAPTCHA

ISSN: 2230-7818

Page 212

Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219

4. IMPLEMENTATION 4.1 MODULES: 1. Character Layer 2. Background Interference Layer

4.1.1 Character layer Implementation of Character Layer is very simple, as described below: characters.

1. Determination of the number of

3. Foreground Layer

CAPTCHA

often

consists of 4-7 characters, and we choose the minimum length 4.

2. Random selection of characters. Our program

randomly

chooses

characters from a total of 62 consisting

lowercase letters,

Fig.4.1 Example for Character

characters

layer module

26 uppercase

letters and 10 Arabic numerals. 3. Determination

Optional

attributes.

character character

attributes are size, font, color, tilt, twist,

spin,

etc.

In the same

CAPTCHA, a variety of fonts or different sizes can easily increase the difficulty of attack

4.1.2 Background Interference layer: The background interference of this design can include not only background color transformation and messy pixels or characters,

etc,

traditional

interference

sources used in 2D static images, but also light, smoke and texture rendering, etc, new interference sources used in 3D dynamic videos. In this case, we combine the interference point and the interference character, randomly selecting some regions

ISSN: 2230-7818

Page 213

Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219

and generating a lot of interference points as well as an interference character.

5. RESULTS 5.1 Module 1: Character layer Unit Testing

interference layer

: Character Layer

Test Type

Purpose

: To verify the person

Unit Testing

legal user or not

4.2 Example for Background

Module Tested

Expected Behavior:

Valid or invalid

4.1.3 Foreground Interference layer:

user

Different with the background interference

Input

layer, the foreground interference is to make

Observed Behavior: Valid or invalid

the identifying characters in the character

user

incomplete,

layer

: CAPTCHA code

further

increasing

difficulty of attack whether using single frame or multiple frames. Foreground interference involves character interference,

line interference and point interference. In

this case we combine all three together.

Priority

High.

Integration Testing Name

: Character Layer

Test type

Integration testing

Modules involved : Carousel, Carouseldata Input : CAPTCHA code Expected Results :

Valid or invalid

user Observed Results : Valid or invalid user Black box testing Input

: CAPTCHA code

Fig.4.3 Example for foreground interference

Process

:verify whether the

layer

entered code is correct or not Action

ISSN: 2230-7818

: blocked or verified

Page 214

Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219

layer For Invalid Input:

Module 1: Character screen shots For Valid Input:

Fig.5.1 Character screenshot for valid input

layer

Fig.5.2 character layer screenshot for invalid input

Actually the code L7W5 will be in motion

Here the CAPTCHA code is “qTod” will be in motion and the user entered the code “qT “ so the code that is entered doesn’t match with CAPTCHA code. So, the user is considered as invalid user.

which here in the figure is not visible. When

the user enters the correct CAPTCHA code i.e “L7W5” he is considered as a valid or authorized user as shown in the above figure.

Background Interference layer

Integration Testing

IJ 5.2. Module: 2

Observed Behavior: valid or invalid user Priority : High.

Unit Testing

Module Tested : Background Interference Layer Test Type : Unit Testing Purpose : to verify whether user is authorized or not Expected Behavior: valid or invalid user Input : CAPTCHA code

ISSN: 2230-7818

Name : Background Interference Layer Test type : Integration testing Modules involved : Character Layer, Background Interference Layer.. Input : CAPTCHA code Expected Results : valid or invalid user Observed Results : valid or invalid user

Page 215

Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219

Black box testing Input : CAPTCHA code Process : checks whether the user is authorized or not Action : valid or invalid user

Background Interfernce layer screen shots: For Valid Input: Fig.5.4 Background Interference layer

for Invalid Input

Here the CAPTCHA code is “Y5Dn” but the user entered “yndn“ . So ,the code that is entered doesn’t match with CAPTCHA code. So, the user is considered as invalid or unauthorized

user.

Fig.5.3 Background Interference layer for valid input

Here the CAPTCHA code “1JUj” will be in motion.

In the second module these

characters are displayed along with noise. If the user can enter the correct code he is considered as valid user as shown in the above figure.

For Invalid Input:

5.3 MODULE 3: FOREROUND INTERFERENCE LAYER Unit Testing Module Tested : Foreground Interference Layer Test Type : Unit Testing Purpose : to verify whether user is authorized or not Expected Behavior : valid or invalid user Input : CAPTCHA code Observed Behavior : valid or invalid user Priority : High. Integration Testing

ISSN: 2230-7818

Page 216

Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219

Name : Background Interference Layer Test type : Integration testing Modules involved : Character, BackGroundInterference,

Fig.5.5 foreground interference layer for

ForeGroundInterference Layer Input : CAPTCHA code Expected Results : valid or invalid user Observed Results : valid or invalid user

user.

the same code so he is an authorized

For Invalid Input:

Input : CAPTCHA code Process : checks whether the user is authorized or not Action : valid or invalid user

Here the code is “DNF4” the user enters

Black box testing

valid input

Foreground Interference layer screen shots:

For Valid Input:

Fig.5.6 Foreground interference layer screenshot for valid input Here the user enters the code

which isn’t correct so he is considered as an unauthorized or invalid user

6. SUMMARY AND CONCLUSION 6.1 SUMMARY: CAPTCHA

Completely

Automated Public Turing Test to tell Computers and Human Apart. CAPTCHA is a mechanism which protects, the website registration, Email addresses from scrapers, and prevents unauthorised access, dictionary attacks, and also helps in proper functioning

ISSN: 2230-7818

Page 217

Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219

of online polling. Of late the breaking of

background, making it still very difficult for

these CAPTCHAâ&#x20AC;&#x2122;s has become a major

computer programs to break even using

concern. These breaking of CAPTCHAs are

several frames. Moreover, the 3-layer

possible because of the advancements in

structure makes the design of CAPTCHA

pattern recognition tasks and Artificial

more distinct, taking on high expansibility

Intelligence. So, there is a need for the

as well as plenty of room for sustainable

development of CAPTCHA which is very

optimization.

hard

break.

our

project

we The security analysis shows that this new

CAPTCHA which is very hard to break. We

design can prevent attacks efficiently from

used the disadvantages of computers in

existing algorithms as well as possible ones

recognising

using

moving

objects.

Our

multiple

frames.

Furthermore,

transformation from 2D to 3D optimizes the

CAPTCHA consists of a code which will be

implemented a practical 3-Layer Dynamic

visual effects, providing a new idea for the

recognise the code at the same time itâ&#x20AC;&#x2122;s easy

design of CAPTCHA. In short, this project

for humans to recognise it. As there are 3-

will be a good guide for the design of next

Layers the complexity of image is also more

generation CAPTCHA. Our future research

which makes it even harder for the

will be on how to design a more practical

computers to recognise the CAPTCHA

and safer 3-layer dynamic CAPTCHA and

code. We have provided authenticity feature

the improvement in performance of the

in motion making it hard for the computer to

using this 3-Layer Dynamic CAPTCHA. 6.2

CONCLUSION

SCOPE:

AND

FUTURE

websites

when these CAPTCHAs

used(Generally

when

type

CAPTCHAs are used the performance decreases as the generation requires time for

In this project we implemented a practical

execution) .

and safe 3-Layer Dynamic CAPTCHA

REFERENCES

originally bonding the biological vision

these

are

zero-

[1]. JIN Hai-kun, DU Wen-jie SHA Li-min.

knowledge theory, ensuring it not only

Research on security model with Chinese

theory

with

the

single-frame

extremely hard to recognize every single frame, but easy to identify for humans as well. It also makes full use of disadvantages

CAPTCHA

Computer Engineering and

Design, 2006.

of computers in recognizing numerous moving

ISSN: 2230-7818

objects

from

complicated

Page 218

Ramesh Babu .A* et al / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 6, Issue No. 2, 200 - 219

[2]. Luis von Ahn, Manuel Blum, Nicholas

[9]. M. Chew and J. Tygar. Collaborative

filtering CAPTCHAs. Proc. Of 2nd Int.

Hopper

and

John

Langford,The

CAPTCHA

Workshop on Human Interactive Proofs ,

Web Page: http://www.captcha.net, 2000.

vol. 3517 of Lecture Notes in Computer

[3]. Luis von Ahn, Manuel Blum and John

Science, pp. 66–81, May 2005.

Langford, Telling Humans and Computers

[10]. Lin Hongwen, Tu Dan, and Li Guohui.

Apart

Lazy

Moving Objects Detection Method Based on

Cryptographers do AI, In Communications

Statistical Background Model. Computer

of the ACM, 2004.

Engineering,Vol.29,

[4]. L. von Ahn, M. Blum, N. Hopper, and J.

September 2003 (in Chinese).

How

Langford. CAPTCHA: Using hard AI problems for security. In Proceedings of

p97-99,

Eurocrypt, 2003, 2003.

No.16,

Automatically:

[5]. HU Jin-rong, WANG Ling. Technique

of randomized question reading CAPTCHA based on character feature . Computer Engineering and Design, 2008.

[6]. R. Datta, J. Li, and J. Z. Wang.

IMAGINATION: a robust image-based ACM

CAPTCHA generation system. Proc. of 13th Int.

Conf.

(MULTIMEDIA

05),

pp.

Multimedia 331–334,

November 2005.

[7]. J. Elson, J. R. Douceur, J. Howell, and J. Saul. ASIRRA: a CAPTCHA that exploits interest-aligned

manual

image

categorization. Proc. of 14 ACM Conf. on Computer and Communications Security (CCS

2007),pp.

366–374,

October

–

November 2007. [8]. G. Kochanski, D. Lopresti, and C. Shih. A Reverse Turing Test Using Speech. Proc. of 7th Int. Conf. on Spoken Language Processing, pp.1357–1360, September 2002.

ISSN: 2230-7818

Page 219