CAPTCHAs and AI

What is wrong with current CAPTCHAs and how can they be improved.

Outline

  • What is a CAPTCHA?
  • How are CAPTCHAs and AI related?
  • What types of CAPTCHAs are there and how are they insecure?
  • What is our solution?

How CAPTCHAs affect the general public

  • Often used to protect secure servers, including e-commerce
  • CAPTCHAs protect the general public from identity theft and these higher prices

Sonalz

What is a CAPTCHA?

  • “Completely Automated Public Turing Test To Tell Computers and Humans Apart”

  • Differentiate between computers and people attempting to access a website

Andrew

What has led to the faster rate of advancement in AI?

  • Attempts to break CAPTCHAs have expanded
    • AI hacks the newest CAPTCHAs
  • More AI research and development is being done
    • One of the largest fields in computer technology and even biotechnology

Sonal

AI advancement (cont.)

  • Moore’s law
    • Computer capabilities increase exponentially, meaning AI today is potentially much better than even five years ago.

Recent AI advances

  • Computers are becoming increasingly able to outperform humans at cognitive tasks such as games
  • These advances showcase the increasing abilities of AI

How CAPTCHAs being broken would advance AI

  • CAPTCHAs are generally based on a hard AI problem
    • The security of CAPTCHAs based upon AI’s weaknesses
  • A broken CAPTCHA would mean AI had become able to solve this problem

Historical Relevance

  • This cat and mouse game to break/enhance cryptography has been going on for decades
  • When one force increases the security of their information, the other works harder to retrieve it

Andrew

Enigma

  • During World War I, there was a huge use of Cryptography
    • German Engineer created a code called “Enigma”
  • It was eventually cracked by Alan Turing, ending the war

Andrew

What can we learn from Enigma?

  • This shows the constant battle between Code Breakers (Turing) and Cryptography (Enigma)
  • Similar to the relationship between AI and CAPTCHAs

Andrew

Different types of CAPTCHAs

  • Text-based CAPTCHAs

Flaws in Text-based CAPTCHAs

    • Have been hacked by bots and are already being removed due to this issue
    • Accuracy of AI hacking text based CAPTCHAs 99.8%

Ahan

2. Math CAPTCHAs

Flaws in Math CAPTCHA

    • Hackable because these are easily completed by bots

3. Logic CAPTCHAs:

- Identify the food in this list: asphalt, bacon, cloud, dagger

- What is the third word in this sentence?

Flaws in Logic CAPTCHAs

    • Easily hackable with bots
    • Difficult for some users

Ahan

4. Image CAPTCHAs

Flaws in Image CAPTCHAs

  • The visually impaired or disabled cannot complete these
  • Hackable because there are codes that tag pictures

5. Survey CAPTCHAs

Survey CAPTCHA

  • Often long and tedious to complete
  • Hackable because the bot must only answer some questions

Sonal

reCAPTCHA

Flaws in reCAPTCHAs

  • Have been hacked
  • Images can easily be tagged and this can be used to hack reCAPTCHAs
  • Bots can imitate how a human would move towards the box and can also have fake browser history
    • Not secure anymore

Ahan

Decrease in spam and hacking

  • Spam has decreased over the last few years
    • CAPTCHAs gained an advantage over hackers
  • CAPTCHAs need to be improved

How can we improve current CAPTCHAs?

  • Corporations are constantly working on CAPTCHAs
  • Google has recently released a new CAPTCHA called reCAPTCHA

Andrew

How can we improve current CAPTCHAs? (cont.)

  • CAPTCHAs should focus on what separates humans and computers

  • Humans are creative
  • Humans are imperfect

Andrew

What is ARTT and why did we make it?

  • Art-Related Turing Test
  • CAPTCHAs are not up-to-date with the technology of AI
  • Many CAPTCHAs are not user-friendly
  • ARTT uses the differences between humans and bots
    • Humans are creative and imperfect

Sonal

How ARTT works:

  • The user is told to draw “something to do with nature”, “a shape”etc.
    • This will require the user to think
    • Gives bots an immediate disadvantage

  • ARTT then identifies if the user has drawn the assigned “shape” or “scenery” etc.

  • Artificial Intelligence and neural networks

Ahan

How ARTT differentiates between a human and a bot:

  • The statement requires basic human common sense and is ambiguous
    • For example, draw the instrument that tells the time

  • ARTT checks for imperfections.
    • A perfect shape is a bot since a human can never be completely perfect.

Ahan

Advantages of ARTT

  • Interactive
  • Safe
    • Not easily hackable
  • Easy to use
    • Users only draw simple shapes
  • Cannot be easily manipulated
  • Every time someone uses ARTT, it becomes stronger
    • Even if bots try to hack it, the program becomes stronger and more difficult to manipulate
    • A lock that only gets stronger when you hit it
  • People have never used AI for CAPTCHAs

Ahan

How other CAPTCHAs influenced ARTT

  • Picture CAPTCHAs
    • Inspired us to use art as bots are not creative
    • Picture CAPTCHAs do not have “interpret, then draw” aspect
  • Logic CAPTCHAs
    • Asking questions that bots cannot answer

Sonal

Bibliography

Ahn, L. V., Blum, M., Hopper, N. J., & Langford, J. (n.d.). CAPTCHA: Using hard AI problems for security. CAPTCHA. Retrieved from http://www.captcha.net/captcha_crypt.pdf

This source shows the similarities between AI and CAPTCHAs, as well as shows how the advancement of one can result in the evolution of the other.

Angre, A. R., Kapadia, M. D., & Ugale, M. (2015). PiCAPTion: Picture captchas for internet authentication. International Journal of Computer Applications, 114(10), 6-9. Retrieved from http://research.ijcaonline.org/volume114/number10/pxc3901976.pdf

This explains the image CAPTCHAs and how they can be easily cracked but how they protect the security of the people.

Brown, B. (2013, November 7). Researchers dare AI experts to crack new gotcha password scheme; Like captcha, gotcha's inkblot password system relies on humans' visual skills. LexisNexis Academic. Retrieved from http://www.lexisnexis.com/hottopics/lnacademic/?shr=t&csi=8090&sr=HEADLINE(%22Researchers%20dare%20AI%20experts%20to%20crack%20new%20GOTCHA%20password%20scheme%22)%20and%20date%20is%202013

This source gave us important information about how AI was able to break CAPTCHAs.

Clarifai. (n.d.). Retrieved June 22, 2016, from Clarifai website: https://www.clarifai.com/#demo

This site is a great demo about an AI that can be easily manipulated to break CAPTCHAs.

Minor, J. (n.d.). AI startup develops captcha-cracking software. PC Magazine. Retrieved from ProQuest database.

This source shows how AI can crack CAPTCHAs and how both CAPTCHAs and AI must keep advancing to stay ahead of each other.

Bibliography (CONT.)

Ollmann, G. (2008). The evolution of commercial malware development kits and colour-by-numbers custom malware. Computer Fraud and Security, 2008(9), 4-7. Retrieved from http://www.sciencedirect.com/science/article/pii/S1361372308701350

This source informed us about the monetary gains that come from producing bots that hack CAPTCHAs and other advantages to having AI that can bypass CAPTCHAs.

Pope, C., & Kaur, K. (n.d.). Is it human or computer? Defending e-commerce with captchas. IEEE, 43-49. Retrieved from http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1425425

This source gives a very simple overview about CAPTCHAs and the overall impact of CAPTCHAs on society and the economy.

Thomas, V. A., & Kaur, K. (2013). Cursor CAPTCHA – captcha mechanism using mouse cursor. International Journal of Computer Applications, 67(22), 13-17. Retrieved from http://research.ijcaonline.org/volume67/number22/pxc3887253.pdf

This source explains the new Google reCAPTCHA and how it monitors the cursor in how it moves toward the box and browses the browser history of the computer.

Zhu, B. B., Yan, J., Bao, G., Yang, M., & Xu, N. (2014). Captcha as graphical passwords—a new security primitive based on hard AI problems. IEEE Transactions on Information Forensics and Security, 9(6), 891-904. Retrieved from http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6775249&tag=1

This source went into depth about graphical passwords which was necessary to our research, especially when making a new and improved CAPTCHA.

ARTT

Yes, it said human

Ahan

Now… Any questions?

DEMONSTRATION

Ahan

CAPTCHAs Presentation - Google Slides