CAPTCHA challenge strings : problems and improvements
Identifieur interne : 000347 ( PascalFrancis/Checkpoint ); précédent : 000346; suivant : 000348CAPTCHA challenge strings : problems and improvements
Auteurs : Jon Bentley [États-Unis] ; Colin Mallows [États-Unis]Source :
- Proceedings of SPIE, the International Society for Optical Engineering [ 0277-786X ] ; 2006.
Descripteurs français
- Pascal (Inist)
- Wicri :
- topic : Dictionnaire, Psychologie.
English descriptors
- KwdEn :
Abstract
A CAPTCHA is a Completely Automated Public Test to tell Computers and Humans Apart. Typical CAPTCHAs present a challenge string consisting of a visually distorted sequence of letters and perhaps numbers, which in theory only a human can read. Attackers of CAPTCHAs have two primary points of leverage: Optical Character Recognition (OCR) can identify some characters, while nonuniform probabilities make other characters relatively easy to guess. This paper uses a mathematical theory of assurance to characterize the probability that a correct answer to a CAPTCHA is not just a lucky guess. We examine the three most common types of challenge strings, dictionary words, Markov text, and random strings, and find substantial weaknesses in each. We therefore propose improvements to Markov text, and new challenges based on the consonant-vowel-consonant (CVC) trigrams of psychology. Theory and experiment together quantify problems in current challenges and the improvements offered by modifications.
Affiliations:
Links toward previous steps (curation, corpus...)
Links to Exploration step
Pascal:07-0377977Le document en format XML
<record><TEI><teiHeader><fileDesc><titleStmt><title xml:lang="en" level="a">CAPTCHA challenge strings : problems and improvements</title><author><name sortKey="Bentley, Jon" sort="Bentley, Jon" uniqKey="Bentley J" first="Jon" last="Bentley">Jon Bentley</name><affiliation wicri:level="2"><inist:fA14 i1="01"><s1>Avaya Labs, 233 Mt. Airy Road</s1><s2>Basking Ridge, NJ 07920</s2><s3>USA</s3><sZ>1 aut.</sZ><sZ>2 aut.</sZ></inist:fA14><country>États-Unis</country><placeName><region type="state">New Jersey</region></placeName></affiliation></author><author><name sortKey="Mallows, Colin" sort="Mallows, Colin" uniqKey="Mallows C" first="Colin" last="Mallows">Colin Mallows</name><affiliation wicri:level="2"><inist:fA14 i1="01"><s1>Avaya Labs, 233 Mt. Airy Road</s1><s2>Basking Ridge, NJ 07920</s2><s3>USA</s3><sZ>1 aut.</sZ><sZ>2 aut.</sZ></inist:fA14><country>États-Unis</country><placeName><region type="state">New Jersey</region></placeName></affiliation></author></titleStmt><publicationStmt><idno type="wicri:source">INIST</idno><idno type="inist">07-0377977</idno><date when="2006">2006</date><idno type="stanalyst">PASCAL 07-0377977 INIST</idno><idno type="RBID">Pascal:07-0377977</idno><idno type="wicri:Area/PascalFrancis/Corpus">000330</idno><idno type="wicri:Area/PascalFrancis/Curation">000456</idno><idno type="wicri:Area/PascalFrancis/Checkpoint">000347</idno></publicationStmt><sourceDesc><biblStruct><analytic><title xml:lang="en" level="a">CAPTCHA challenge strings : problems and improvements</title><author><name sortKey="Bentley, Jon" sort="Bentley, Jon" uniqKey="Bentley J" first="Jon" last="Bentley">Jon Bentley</name><affiliation wicri:level="2"><inist:fA14 i1="01"><s1>Avaya Labs, 233 Mt. Airy Road</s1><s2>Basking Ridge, NJ 07920</s2><s3>USA</s3><sZ>1 aut.</sZ><sZ>2 aut.</sZ></inist:fA14><country>États-Unis</country><placeName><region type="state">New Jersey</region></placeName></affiliation></author><author><name sortKey="Mallows, Colin" sort="Mallows, Colin" uniqKey="Mallows C" first="Colin" last="Mallows">Colin Mallows</name><affiliation wicri:level="2"><inist:fA14 i1="01"><s1>Avaya Labs, 233 Mt. Airy Road</s1><s2>Basking Ridge, NJ 07920</s2><s3>USA</s3><sZ>1 aut.</sZ><sZ>2 aut.</sZ></inist:fA14><country>États-Unis</country><placeName><region type="state">New Jersey</region></placeName></affiliation></author></analytic><series><title level="j" type="main">Proceedings of SPIE, the International Society for Optical Engineering</title><idno type="ISSN">0277-786X</idno><imprint><date when="2006">2006</date></imprint></series></biblStruct></sourceDesc><seriesStmt><title level="j" type="main">Proceedings of SPIE, the International Society for Optical Engineering</title><idno type="ISSN">0277-786X</idno></seriesStmt></fileDesc><profileDesc><textClass><keywords scheme="KwdEn" xml:lang="en"><term>Consonant</term><term>Dictionaries</term><term>Experimental study</term><term>Optical character recognition</term><term>Pattern recognition</term><term>Psychology</term><term>Vowel</term></keywords><keywords scheme="Pascal" xml:lang="fr"><term>Etude expérimentale</term><term>Reconnaissance optique caractère</term><term>Dictionnaire</term><term>Consonne</term><term>Voyelle</term><term>Psychologie</term><term>Reconnaissance forme</term><term>4230S</term></keywords><keywords scheme="Wicri" type="topic" xml:lang="fr"><term>Dictionnaire</term><term>Psychologie</term></keywords></textClass></profileDesc></teiHeader><front><div type="abstract" xml:lang="en">A CAPTCHA is a Completely Automated Public Test to tell Computers and Humans Apart. Typical CAPTCHAs present a challenge string consisting of a visually distorted sequence of letters and perhaps numbers, which in theory only a human can read. Attackers of CAPTCHAs have two primary points of leverage: Optical Character Recognition (OCR) can identify some characters, while nonuniform probabilities make other characters relatively easy to guess. This paper uses a mathematical theory of assurance to characterize the probability that a correct answer to a CAPTCHA is not just a lucky guess. We examine the three most common types of challenge strings, dictionary words, Markov text, and random strings, and find substantial weaknesses in each. We therefore propose improvements to Markov text, and new challenges based on the consonant-vowel-consonant (CVC) trigrams of psychology. Theory and experiment together quantify problems in current challenges and the improvements offered by modifications.</div></front></TEI><inist><standard h6="B"><pA><fA01 i1="01" i2="1"><s0>0277-786X</s0></fA01><fA05><s2>6067</s2></fA05><fA08 i1="01" i2="1" l="ENG"><s1>CAPTCHA challenge strings : problems and improvements</s1></fA08><fA09 i1="01" i2="1" l="ENG"><s1>Document recognition and retrieval XIII : 18-19 January 2006, San Jose, California, USA</s1></fA09><fA11 i1="01" i2="1"><s1>BENTLEY (Jon)</s1></fA11><fA11 i1="02" i2="1"><s1>MALLOWS (Colin)</s1></fA11><fA12 i1="01" i2="1"><s1>TAGHVA (Kazem)</s1><s9>ed.</s9></fA12><fA12 i1="02" i2="1"><s1>LIN (Xiaofan)</s1><s9>ed.</s9></fA12><fA14 i1="01"><s1>Avaya Labs, 233 Mt. Airy Road</s1><s2>Basking Ridge, NJ 07920</s2><s3>USA</s3><sZ>1 aut.</sZ><sZ>2 aut.</sZ></fA14><fA18 i1="01" i2="1"><s1>IS&T--The Society for Imaging Science and Technology</s1><s3>USA</s3><s9>org-cong.</s9></fA18><fA18 i1="02" i2="1"><s1>Society of photo-optical instrumentation engineers</s1><s3>USA</s3><s9>org-cong.</s9></fA18><fA20><s2>60670H.1-60670H.7</s2></fA20><fA21><s1>2006</s1></fA21><fA23 i1="01"><s0>ENG</s0></fA23><fA26 i1="01"><s0>0-8194-6107-5</s0></fA26><fA43 i1="01"><s1>INIST</s1><s2>21760</s2><s5>354000153562240160</s5></fA43><fA44><s0>0000</s0><s1>© 2007 INIST-CNRS. All rights reserved.</s1></fA44><fA45><s0>1/4 P.</s0></fA45><fA47 i1="01" i2="1"><s0>07-0377977</s0></fA47><fA60><s1>P</s1><s2>C</s2></fA60><fA61><s0>A</s0></fA61><fA64 i1="01" i2="1"><s0>Proceedings of SPIE, the International Society for Optical Engineering</s0></fA64><fA66 i1="01"><s0>USA</s0></fA66><fC01 i1="01" l="ENG"><s0>A CAPTCHA is a Completely Automated Public Test to tell Computers and Humans Apart. Typical CAPTCHAs present a challenge string consisting of a visually distorted sequence of letters and perhaps numbers, which in theory only a human can read. Attackers of CAPTCHAs have two primary points of leverage: Optical Character Recognition (OCR) can identify some characters, while nonuniform probabilities make other characters relatively easy to guess. This paper uses a mathematical theory of assurance to characterize the probability that a correct answer to a CAPTCHA is not just a lucky guess. We examine the three most common types of challenge strings, dictionary words, Markov text, and random strings, and find substantial weaknesses in each. We therefore propose improvements to Markov text, and new challenges based on the consonant-vowel-consonant (CVC) trigrams of psychology. Theory and experiment together quantify problems in current challenges and the improvements offered by modifications.</s0></fC01><fC02 i1="01" i2="X"><s0>001D04A05A</s0></fC02><fC02 i1="02" i2="3"><s0>001B40B30S</s0></fC02><fC03 i1="01" i2="X" l="FRE"><s0>Etude expérimentale</s0><s5>30</s5></fC03><fC03 i1="01" i2="X" l="ENG"><s0>Experimental study</s0><s5>30</s5></fC03><fC03 i1="01" i2="X" l="SPA"><s0>Estudio experimental</s0><s5>30</s5></fC03><fC03 i1="02" i2="X" l="FRE"><s0>Reconnaissance optique caractère</s0><s5>61</s5></fC03><fC03 i1="02" i2="X" l="ENG"><s0>Optical character recognition</s0><s5>61</s5></fC03><fC03 i1="02" i2="X" l="SPA"><s0>Reconocimento óptico de caracteres</s0><s5>61</s5></fC03><fC03 i1="03" i2="X" l="FRE"><s0>Dictionnaire</s0><s5>62</s5></fC03><fC03 i1="03" i2="X" l="ENG"><s0>Dictionaries</s0><s5>62</s5></fC03><fC03 i1="03" i2="X" l="SPA"><s0>Diccionario</s0><s5>62</s5></fC03><fC03 i1="04" i2="X" l="FRE"><s0>Consonne</s0><s5>63</s5></fC03><fC03 i1="04" i2="X" l="ENG"><s0>Consonant</s0><s5>63</s5></fC03><fC03 i1="04" i2="X" l="SPA"><s0>Consonante</s0><s5>63</s5></fC03><fC03 i1="05" i2="X" l="FRE"><s0>Voyelle</s0><s5>64</s5></fC03><fC03 i1="05" i2="X" l="ENG"><s0>Vowel</s0><s5>64</s5></fC03><fC03 i1="05" i2="X" l="SPA"><s0>Vocal</s0><s5>64</s5></fC03><fC03 i1="06" i2="X" l="FRE"><s0>Psychologie</s0><s5>65</s5></fC03><fC03 i1="06" i2="X" l="ENG"><s0>Psychology</s0><s5>65</s5></fC03><fC03 i1="06" i2="X" l="SPA"><s0>Psicología</s0><s5>65</s5></fC03><fC03 i1="07" i2="X" l="FRE"><s0>Reconnaissance forme</s0><s5>66</s5></fC03><fC03 i1="07" i2="X" l="ENG"><s0>Pattern recognition</s0><s5>66</s5></fC03><fC03 i1="07" i2="X" l="SPA"><s0>Reconocimiento patrón</s0><s5>66</s5></fC03><fC03 i1="08" i2="X" l="FRE"><s0>4230S</s0><s4>INC</s4><s5>91</s5></fC03><fN21><s1>246</s1></fN21><fN44 i1="01"><s1>OTO</s1></fN44><fN82><s1>OTO</s1></fN82></pA><pR><fA30 i1="01" i2="1" l="ENG"><s1>Document recognition and retrieval</s1><s2>13</s2><s3>USA</s3><s4>2006</s4></fA30></pR></standard></inist><affiliations><list><country><li>États-Unis</li></country><region><li>New Jersey</li></region></list><tree><country name="États-Unis"><region name="New Jersey"><name sortKey="Bentley, Jon" sort="Bentley, Jon" uniqKey="Bentley J" first="Jon" last="Bentley">Jon Bentley</name></region><name sortKey="Mallows, Colin" sort="Mallows, Colin" uniqKey="Mallows C" first="Colin" last="Mallows">Colin Mallows</name></country></tree></affiliations></record>Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Ticri/CIDE/explor/OcrV1/Data/PascalFrancis/Checkpoint
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000347 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/PascalFrancis/Checkpoint/biblio.hfd -nk 000347 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien
|wiki= Ticri/CIDE
|area= OcrV1
|flux= PascalFrancis
|étape= Checkpoint
|type= RBID
|clé= Pascal:07-0377977
|texte= CAPTCHA challenge strings : problems and improvements
}}
| This area was generated with Dilib version V0.6.32. |  |