Close this Advertisement
Close this Advertisement

News

Tel Aviv U Researchers Working To Harden Captcha

  • By Dian Schaffhauser
  • 01/12/10

A research project at Tel Aviv University is tackling the problem of making Captcha more secure. Captcha is an open source program created by a team from Carnegie Mellon University. It consists of a component that shows wavy letters on Web sites and asks the visitor to type them into a box to prove he or she is human and not a bot trying to hack into a server or database.

Recently, Captcha has begun showing vulnerabilities. Spammers have begun hiring humans to sit in front of a screen to type in the letters from Captcha images thousands of times a day, thereby getting around the security mechanism. Likewise, other, more automated hacks have been developed to exploit insecure implementations of the component, such as re-using session IDs of known Captcha images on Web sites that allow multiple data entry attempts.

But a research project led by Danny Cohen-Or in Tel Aviv U's Blavatnik School of Computer Sciences is testing out a new kind of Captcha code using video, which may prove harder to crack.

"Humans have a very special skill that computer bots have not yet been able to master," said Cohen-Or. "We can see what's called an 'emergence image'--an object on a computer screen that becomes recognizable only when it's moving--and identify this image in a matter of seconds. While a person can't 'see' the image as a stationary object on a mottled background, it becomes part of our gestalt as it moves, allowing us to recognize and process it."

In a research paper co-authored with people in Taiwan, Saudi Arabia, and India and presented at a recent Siggraph conference, Cohen-Or described a technique that generates pictures of 3D objects, like a running man or a flying airplane. This technique, he said, will allow developers to generate any number of moving images that will be virtually impossible for any computer algorithm to decode.

"Emergence" describes the ability of humans to collect bits of information, synthesize it, and perceive it as an identifiable whole. So far, computers don't have this skill. "Computer vision algorithms are completely incapable of effectively processing emergence images," explained Lior Wolf, a co-author of the study.

The researchers haven't developed a new form of Captcha yet. "But we are taking a step towards that--something that could lead to a much better Captcha, to highlight the big difference between men and bots," Cohen-Or said. "If it were to be turned into a solution, however, we wouldn't be able to give humans a multiple choice answer or common word answer for what they see, so we'll need to develop a way to use it. We have a few ideas in the works."

"This could be a tough thing for a robot to crack, so we're working hard to make it practical," he emphasized. "A good Captcha has to be something that's easy for people but hard for a machine."

Comments

Fri, Oct 15, 2010 Editor

In a way it is possible though. I was seeing as many as 50 or more spam posts per day between this site and my other one. As you can see, our captcha is from the stone age, so it's fairly convenient for human spammers to come in and post like crazy. But I've stayed vigilant about clearing out the spam as it comes in. Unless somebody posts in the wee hours (or when I'm traveling and forget to switch my comment prefs), that spam will be gone within a minute or so. Spamming is a business, and when there's absolutely no return on an ongoing investment (as opposed to a one-time investment in an automated system), business sense will eventually kick in, and the spamming will slow or stop. Now I had one spam post last night, inconveniently timed with me crashing out after Educause, so it sat there for a few hours. But other than that, I've seen nothing for months. (We've had commenting capabilities for less than two years.) So I think human vigilance pays off. It gets frustrating and repetitive. A good admin system (which we also do NOT have) could alleviate some of that frustration. But in the end it has been worthwhile to overcome the limitations of our software and put the human labor into it. --David Nagel

Thu, Oct 14, 2010 MLM USA

Captcha HAS begun showing vulnerabilities but the worst offense we are experiencing on http://heavyhitterleads.com is HUMAN captcha breaking services. Some charge as little as $2 per 1,000 captcha solves. Impossible to beat this, I,m afraid.

Mon, Jan 18, 2010 Web Axe U.S.A.

How are these researchers planning on tackling the accessibility issues of visual CAPTCHA?! For example, if I was blind, I wouldn't be able to enter this comment (can't see the numbers and there's no auditory assistance). Seems like they are pretty naive and need to research web accessibility before jumping to the complicated and challenging issue of CAPTCHA.

Add your Comment

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Related Articles

Latest Webinars

More FREE Webinars