Document Type : Research Article

Authors

Abstract

The massive and automated access to Web resources through robots has made it essential for Web service providers to make some conclusion about whether the "user" is a human or a robot. A Human Interaction Proof (HIP) like Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) offers a way to make such a distinction. CAPTCHA is a reverse Turing test used by Web service providers to secure human interaction assumed services from Web bots. Several Web services that include and are not limited to free e-mail accounts, online polls, chat rooms, search engines, blogs, password systems, etc. use CAPTCHA as a defensive mechanism against automated Web bots. In this paper, we present a new clickable image-based CAPTCHA technique. The technique presents user with a CAPTCHA image composed of several sub-images. Properties of the proposed technique offer all of the benefits of image-based CAPTCHAs; grant improved security than that of usual OCR-based techniques, consume less Web page area than most of image-based techniques and at the same time improve the user-friendliness of the Web page.

Keywords

[1] M. Rajab, J. Zarfoss, F. Monrose, and A. Terzis. A Multifaceted Approach to Understanding the Botnet Phenomenon. In Proceedings of the 6th ACM SIGCOMM on Internet Measurement (IMC'06), pages 41-52, Rio de Janeriro, Brazil, 2006. ACM.
[2] G. Ollmann. Stopping Automated Attack Tools, 2005. Available online at: http://www.ngssoftware.com/papers/Stopping AutomatedAttackTools.pdf, Accessed 25, Aug 2008.
[3] M. D. Vivo, G. O. D. Vivo, R. Koeneke, and G. Isern. Internet Vulnerabilities Related to TCP/IP and T/TCP. SIGCOMM Computer Communications Review, 29(1):81-85, 1999.
[4] H. Baird and K. Popat. Human Interactive Proofs and Document Image Analysis. In Proceedings of the 5th IAPR International Workshop on Document Analysis Systems (DAS'02), volume 2423 of Lecture Notes in Computer Science (LNCS), pages 531-537, Princeton, NJ, USA, 2002. Springer.
[5] N. J. Hopper and M. Blum. Secure Human Identification Protocols. In Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology (ASIACRYPT'01), volume 2248 of Lecture Notes in Computer Science (LNCS), pages 52-66, Gold Coast, Australia, 2001. Springer.
[6] C. Pope and K. Kaur. Is It Human or Computer? Defending E-Commerce with Captchas. IEEE IT Professional, 7(2):43-49, 2005.
[7] S. Shirali-Shahreza and A. Movaghar. A New Anti-Spam Protocol Using CAPTCHA. In Proceedings of the 2007 IEEE International Conference on Networking, Sensing and Control, pages 234-238, London, UK, 2007.
[8] R. Dhamija and J. D. Tygar. Phish and HIPs: Human Interactive Proofs to Detect Phishing Attacks. In Proceedings of the 2nd International Workshop on Human Interactive Proofs (HIP'05), pages 127-141, Bethlehem, PA, USA, 2005. Springer.
[9] R. P. Karrer. EC: An Edge-Based Architecture Against DDoS Attacks and Malware Spread. In Proceedings of the 20th International Conference on Advanced Information Networking and Applications (AINA'06), volume 2, pages 49-56, Vienna, Austria, 2006.
[10] W. G. Morein, A. Stavrou, D. L. Cook, A. D. Keromytis, V. Misra, and D. Rubenstein. Using Graphic Turing Tests to Counter Automated DDoS Attacks Against Web Servers. In Proceedings of the ACM Conference on Computer and Communication Security, pages 8-19, Washington D.C., USA, 2003.
[11] A. Basso. Multimedia Content Protection from Massive Automated Access and Unauthorized Distribution. PhD thesis, 2008.
[12] I. Fisher and T. Herfet. Visual CAPTCHA for Document Authentication. In Proceedings of the IEEE 8th Workshop on Multimedia Signal Processing, pages 471-474, Victoria, BC, Canada., 2006.
[13] M. D. Lillibridge, M. Abadi, K. Bharat, and A. Z. Broder. Method for Selectively Restricting Access to Computer Systems, 2001.
[14] L. von Ahn, M. Blum, and J. Langford. Telling Humans and Computers Apart Automatically. Communications of the ACM, 47(2):57-60, 2004.
[15] G. Mori and J. Malik. Recognizing Objects in Adversarial Clutter: Breaking a Visual CAPTCHA. In Proceedings of the Conference on Computer Vision and Pattern Recognition, pages 134-141, Madison, USA, 2003.
[16] L. V. Ahn, B. Maurer, C. McMillen, D. Abraham, and M. Blum. reCAPTCHA: Human-Based Character Recognition via Web Security Measures. Science Express, 321(5895):1465-1468, 2008.
[17] M. Chew and H.S. Baird. BaffleText, a Human Interaction Proof. In Proceedings of the 10th SPIE/IS&T Document Recognition and Retrieval Conference (DRR'03), pages 305-316, Santa Clara, CA, USA, 2003.
[18] M. Chew and J. D. Tygar. Image Recognition CAPTCHAs. In Proceedings of the 7th International Information Security Conference (ISC 2004). Springer, 2004.
[19] A. Rusu and V. Govindaraju. Handwritten CAPTCHA: Using the Difference in the Abilities of Humans and Machines in Reading Hand-written Words. In Proceedings of the 9th International Workshop on Frontiers in Handwriting Recognition (IWFHR- 9 2004), pages 226-231, Kokubunji, Tokyo, Japan, 2004.
[20] R. Ferzli, R. Bazzi, and L. J. Karam. A CAPTCHA Based on the Human Visual Systems Masking Characterists. In Proceedings of the 2006 IEEE International Conference on Multimedia and Expo (ICME'06), pages 517-520, Toronto, Ontario, Canada, 2006.
[21] M. H. Shirali-Shahreza and M. Shirali-Shahreza. Persian/Arabic Baffletext CAPTCHA. Journal of Universal Computer Science, 12(12):1783-1796, 2006.
[22] M. H. Shirali-Shahreza and M. Shirali-Shahreza. Question-Based CAPTCHA. In Proceedings of International Conference on Computational Intelligence and Multimedia Applications, volume 4, pages 54-58, Sivakasi, Tamil Nadu, India, 2007.
[23] R. Chow, P. Golle, M. Jakobsson, L. Wang, and X. Wang. Making CAPTCHAs Clickable. In Proceedings of the 9th Workshop on Mobile Computing Systems and Applications, pages 91-94, Napa Valley, CA, USA, 2008.
[24] Jeremy Elson, John R. Douceur, Jon Howell, and Jared Saul. Asirra: A CAPTCHA that Exploits Interest-Aligned Manual Image Categorization. In Proceedings of 14th ACM Conference on Computer and Communications Security (CCS), pages 366-374, Alexandria, Virginia, USA, 2007. ACM.
[25] R. Datta, J. Li, and J. Z. Wang. Imagination: A Robust Image-Based CAPTCHA Generation System. In Proceedings of the 13th Annual ACM International Conference on Multimedia (MUL- TIMEDIA05), pages 331-334, New York, NY, USA, 2005. ACM Press.
[26] W. H. Liao. A CAPTCHA Mechanism by Ex-changing Image Blocks. In Proceedings of the 18th International Conference on Pattern Recognition (ICPR06), volume 1, pages 1179-1183, Hong Kong, 2006.
[27] D. Misra and K. Gaj. Face Recognition CAPTCHAs. In Proceedings of the Advanced International Conference on Telecommunications and International Conference on Internet and Web Applications and Services (AICT/ICIW'06), pages 122-127, Guadeloupe, French Caribbean, 2006.
[28] M. Shirali-Shahreza and S. Shirali-Shahreza. Multilingual CAPTCHA. In Proceedings of the 5th IEEE International Conference on Computational Cybernetics (ICCC'07), pages 135-139, Gammarth, Tunisia, 2007.
[29] H. S. Baird and J. L. Bentley. Implicit CAPTCHAs. In Proceedings of the IS&T/SPIE Document Recognition & Retrieval XII Conference, pages 191-196, San Jose, CA, USA, 2005.
[30] R. Gossweiler, M. Kamvar, and S. Baluja. Whats Up CAPTCHA? A CAPTCHA Based On Image Orientation. In Proceedings of the 18th International Conference on World Wide Web, pages 841-850, Madrid, Spain, 2009.
[31] T.Y Chan. Using a Text-to-Speech Synthesizer to Generate a Reverse Turing Test. In Proceedings of the 15th IEEE International Conference on Tools with Artificial Intelligence, pages 226-232, Sacramento, CA, USA, 2003.
[32] M. Chew and J. D. Tygar. Collaborative Filtering CAPTCHAs. In Proceedings of the 2nd International Workshop on Human Interactive Proofs (HIP'05), pages 66-81, Bethlehem, PA, USA, 2005. Springer.
[33] J. Yen and A. S. Ahmad. A Low-cost Attack on Microsoft CAPTCHA. In Proceedings of the 15th ACM Conference on Computer and Communications Security, pages 543-554, Alexandria, Virginia, USA, 2008.
[34] J. Yen and A. S. Ahmad. Breaking Visual CAPTCHAs with Nave Pattern Recognition Algorithms. In Proceedings of the 23rd Annual Computer Security Applications Conference, pages 279-291, Miami Beach, Florida, USA, 2007. IEEE Computer Society.
[35] G. Moy, N. Jones, C. Harkless, and R. Potter. Distortion Estimation Techniques in Solving Visual CAPTCHAs. In Proceedings of the 2004 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR'04), volume 2, pages 23-28, Washington, DC, USA, 2004.
[36] K. Chellapilla and P. Y. Simard. Using Machine Learning to Break Visual Human Interaction Proofs (HIPs). In Proceedings of the Conference on Advances in Neural Information Processing Systems (NIPS'04), pages 265-272, Cambridge, MA, 2005. MIT Press.
[37] K. Chellapilla, P. Simard, and M. Czerwinski. Computers Beat Humans at Single Character Recognition in Reading-Based Human Interaction Proofs (HIPs). In Proceedings of the 2nd Conference on Email and Anti-Spam (CEAS), Palo Alto, CA, USA, 2005.
[38] GIMP. GNU Image Manipulation Program. Available at http://www.gimp.org, Accessed 25, Aug 2008.
[39] K. Yanai, M. Shindo, and K. Noshita. A Fast Image Gathering System from the World-Wide Web Using a PC Cluster. Image and Vision Computing, 22(1):59-71, 2004.
[40] F. Long, H. Zhang, and D. Feng. Fundamentals of Content-Based Image Retrieval (Chapter 1). Springer, 2003.
[41] M. S. Lew, N. Sebe, C. Djeraba, and R. Jain. Content-Based Multimedia Information Retrieval: State of the Art and Challenges. ACM Transactions on Multimedia Computing, Communications, and Applications (TOMCCAP), 2 (1):1-19, 2006.
[42] S. Deb. Overview of Image Segmentation Techniques and Searching for Future Directions of Research in Content-Based Image Retrieval. In Proceedings of the 1st IEEE International Conference on Ubi-Media Computing and Workshops, pages 184-189, Lanzhou, China, 2008.
[43] M. Yang, K. Kidiyo, and R. Joseph. Shape Matching and Object Recognition Using Chord Contexts. In Proceedings of the International Conference on Visualizations, pages 63-69, London, UK, 2008.
[44] R. Jones and K. L. Klinker. Beyond the Session Timeout: Automatic Hierarchical Segmentation of Search Topics in Query Logs. In Proceedings of the 17th ACM Conference on Information and Knowledge Management, pages 699-708, Napa Valley, California, USA, 2008.
[45] J. Yan and A. S. Ahmad. Usability of CAPTCHAs or Usability Issues in CAPTCHA Design. In Proceedings of the 4th Symposium on Usable Privacy and Security, pages 44-52, Pittsburgh, PA, USA, 2008.
[46] G. Sauer, H. Hochheiser, J. Feng, and J. Lazar. Towards a Universally Usable CAPTCHA. In Proceedings of the Symposium on Accessible Privacy and Security, ACM Symposium On Usable Privacy and Security (SOUPS'08), Pittsburgh, PA, USA, 2008.