geo captcha - a novel personalized captcha using geographic
TRANSCRIPT
Geo-CAPTCHA - A Novel Personalized CAPTCHA Using
Geographic Concept to Defend Against Third Party Human Attack
Introduction to CAPTCHA Good CAPTCHA properties CAPTCHA uses Types of CAPTCHA Advantages of existing CAPTCHA Disadvantages of existing CAPTCHA Geo-CAPTCHA Geo-CAPTCHA Passing HIP test Condition
CONTENTS
CAPTCHA -Completely Automated Public Turing test to tell Computers and Humans Apart.
CAPTCHA program generates the challenges.
It recognize the humans’ behaviours.
It tells humans and computers apart.
Introduction to CAPTCHA
Security:The security dimension determines its strength for preventing the variant attacks.
Usability: usability dimension determines the necessity of ”user friendly” when CAPTCHA is deployed
Good CAPTCHA properties
CATCHA has been used extensively in online applications:
Online Ticket Reservation, Online Polls, Online Banking, Web-based E-mail Service
CAPTCHA uses
Text based CAPTCHA
Image based CAPTCHA
Types of CAPTCHA
It makes impossible for computers to pass the CAPTCHA challenges.
It prevent Botnet attacks.
It prevents the spam attacks.
Advantages of existing CAPTCHA
Existing CAPTCHA is vulnerable to : The third Party Human Attack Binarization Vertical Segmentation Phishing, Session Hijacking, Relay Attacks
and Man in the Middle Attacks Key-logger and Hidden Camera
Disadvantages of existing CAPTCHA
Its personalized image base CAPTCHA.
It identifies Legitimate and Illegitimate users.
It generates lot of personalized challenges which makes it suitable for cloud computing applications.
It non-recordable & OCR can’t defeat it.
Its specifically designed to deal with third party attacks.
It also prevents Automatic programming attacks.
Geo-CAPTCHA
Idea :To use a geographic scene image. Image is privately known to each user.
Working : Generates a set of candidate images for a location selected by each user.
User selects a geo-location image from the set .
This is registered private image to be used as the correct answer to the challenges.
Geo-CAPTCHA Idea & Working
The challenges are vertically and horizontally rotated images of the registered private image.
Fig(1)The random challenge of any angle
Fig(2)The rotated solution of correct angle street view
Condition :Security threshold condition if | GH(x)- GH(y) <= T | then pass HIP test.
GH(x)- denotes the function to calculate the hash value of image x.
GH(y)- denotes the function to calculate the hash value of image y.
T- we define a error threshold .
Geo-CAPTCHA Passing HIP test Condition
1. U User’s log-in account; 2. PW User’s log-in password;3. A Pick a personalized Geo-location
image which only known to the user;4. Qu
x and Quy C(A);
5. R G(Qux;Qu
y);
6. S Pick a solution image from R;7. Save the h, p , (Qu
x; Quy ), U and PW to
database;
GeoCAPTCHA Registration
U User’s log-in account; while U is true do Qu
x and Quy M(U);
end while R G(Qu
x; Quy );
C Randomize(R);
Geo-CAPTCHA Login
Challenge Quantity
Challenge can be recorded
Broken by OCR
Typical CAPTCHA
Plenty & Dynamic
No Text-based: YesImage-based: No
Personalized challenge
Fixed & Static Yes Yes
Geo-CAPTCHA Fixed & Dynamic
No No
THE COMPARISONS BETWEEN TYPICAL CAPTCHA, PERSONALIZEDCAPTCHA ANDGEOCAPTCHA
AutomaticAttack
Genuine User(Human)
3rd PartyHuman
Typical CAPTCHA
Fail Pass Pass
Personalized Challenge
Pass Pass Fail
Geo-CAPTCHA Fail Pass Fail
THE GOAL OF THREE CAPTCHA
THANK YOU