Tel Aviv U Researchers Working To Harden Captcha
- By Dian Schaffhauser
A research project at Tel Aviv University is tackling the problem of making Captcha more secure. Captcha is an open source program created by a team from Carnegie Mellon University. It consists of a component that shows wavy letters on Web sites and asks the visitor to type them into a box to prove he or she is human and not a bot trying to hack into a server or database.
Recently, Captcha has begun showing vulnerabilities. Spammers have begun hiring humans to sit in front of a screen to type in the letters from Captcha images thousands of times a day, thereby getting around the security mechanism. Likewise, other, more automated hacks have been developed to exploit insecure implementations of the component, such as re-using session IDs of known Captcha images on Web sites that allow multiple data entry attempts.
But a research project led by Danny Cohen-Or in Tel Aviv U's Blavatnik School of Computer Sciences is testing out a new kind of Captcha code using video, which may prove harder to crack.
"Humans have a very special skill that computer bots have not yet been able to master," said Cohen-Or. "We can see what's called an 'emergence image'--an object on a computer screen that becomes recognizable only when it's moving--and identify this image in a matter of seconds. While a person can't 'see' the image as a stationary object on a mottled background, it becomes part of our gestalt as it moves, allowing us to recognize and process it."
In a research paper co-authored with people in Taiwan, Saudi Arabia, and India and presented at a recent Siggraph conference, Cohen-Or described a technique that generates pictures of 3D objects, like a running man or a flying airplane. This technique, he said, will allow developers to generate any number of moving images that will be virtually impossible for any computer algorithm to decode.
"Emergence" describes the ability of humans to collect bits of information, synthesize it, and perceive it as an identifiable whole. So far, computers don't have this skill. "Computer vision algorithms are completely incapable of effectively processing emergence images," explained Lior Wolf, a co-author of the study.
The researchers haven't developed a new form of Captcha yet. "But we are taking a step towards that--something that could lead to a much better Captcha, to highlight the big difference between men and bots," Cohen-Or said. "If it were to be turned into a solution, however, we wouldn't be able to give humans a multiple choice answer or common word answer for what they see, so we'll need to develop a way to use it. We have a few ideas in the works."
"This could be a tough thing for a robot to crack, so we're working hard to make it practical," he emphasized. "A good Captcha has to be something that's easy for people but hard for a machine."
Dian Schaffhauser is a writer who covers technology and business for a number of publications. Contact her at firstname.lastname@example.org.