2010 International Conference on E-Business and E-Government
A CAPTCHA Implementation Based on Moving Objects Recognition Problem Jing-Song Cui, Jing-Ting Mei, Wu-Zhou Zhang, Xia Wang, Da Zhang School of computer Wuhan University Wuhan, Hubei, China Email:
[email protected] Abstract—Nowadays, malicious computer programs have attempted to attack websites, greatly affecting their availability and security. CAPTCHA (Completely Automated Public Turing test to tell Computers and Human Apart) mechanism is an effectual method in solving this problem. The prevailing implementation of CAPTCHA is 2D still image verification code, however, the developing artificial intelligence and image recognition technologies make it possible for computer programs to pass through CAPTCHA’s test. In this paper, we propose a new CAPTCHA implementation, in the form of 3D animation and based on the weak point of computer vision. This new method could prevent attacks based on both image recognition and moving objects recognition in videos. Coupled with easy use for humans, it proves to be a kind of novel, safe and practical CAPTCHA. Keywords-CAPTCHA; computer vision; image recognition; Moving objects recognition; Three-dimensional Animation
I.
INTRODUCTION
As it is known, the invention of Internet has advanced our society into the era of information technology, which has imposed significant effects on every aspect of our life. For instance, we can purchase books or tickets by simply filling out a form on the Internet. However, vast malicious programs have imitated our behaviors to try a large number of dealings, highly wasting and even undermining Internet resources. CAPTCHA (Completely Automated Public Turing test to tell Computers and Human Apart) mechanism proposed by a study group of Carnegie Mellon University could solve similar problems through identifying end-users of Internet as either humans or automatic computer programs[1][2][3]. CAPTCHA mechanism is always implemented in the form of test, which is designed to be easy for human to pass but difficult for current computer programs. The research of CAPTCH develops well all over the world after its emergence, and the major methods divide into two parts: OCR-based methods and Non-OCR-based methods [2]. OCR-based methods mean CAPTCHA methods based on Optical Character-Recognition Systems. In this group, CAPTCHA methods utilize the weak points of OCR that it could not recognize reading texts printed with a low quality and reading manuscripts well [4]. OCR-based methods show
images of words after distortion so that human can get words of images easily but computer programs cannot. Currently, OCR-based methods are the major forms of CAPTHCA mechanism. Users are required to type the word shown on images to go to next steps, such as trying to login personal system of internet bank or register mail accounts. The images of words vary a lot from each other in aspects of font, size and color, etc, as Fig. 1 shows.
Figure 1. Simple OCR-based CAPTHA
Nevertheless, OCR-based methods suffer severe threats from the development of artificial intelligence technology. The recognition rate of characters on images is higher and higher, leading more and more attacks to current 2D still image verification code. For an instance, The CAPTHCA implementation on Yahoo Mail’s login website has been defeated by a Russian researcher group with the recognition rate about 30% [6]. Meanwhile, Microsoft live mail has also been captured by junk mails for many times [7][8]. Lots of websites have been threatened by similar critical attacks. And the increasingly emerging attacks are the main reason of improved 2D still verification code, in which, designers add excessive interference information into images, in order to make verification code robust in front of attacks. But this change causes much more difficulty for human users to recognize the words, and greatly undermines the good quality of websites, as shown in Fig. 2.
Figure 2. Complex OCR-based CAPTCHA
Non-OCR-based methods are implemented utilizing the features of multimedia systems and usually in the form of small puzzle games [4]. For example, PIX requires users to choose pictures in certain subject among pictures of various subjects [1]. CAPTCHA algorithm designed by Y.Rui is about recognition of human face [10]; CAPTCHA algorithm proposed by J.Elson is based on distinguishing between similar photos [12]; R.Datta’s work is relied on recognition of photos in daily life [11], etc.
Acknowledgement: This work is supported by NSFC 60603012, NSFC 60703009 as well as National 863 plan projects 2008AA01Z404, NSFC 90718006.
978-0-7695-3997-3/10 $26.00 © 2010 IEEE DOI 10.1109/ICEE.2010.326
1277
In this paper, we propose a Non-OCR-based CAPTCHA method in the form of 3D animation and based on the recognition of moving objects in videos. In section 2, we analyze the main design idea of this new implementation of CAPTCHA mechanism, and then we describe the major generating step of this new CAPTCHA method. In section 3 we give an example of our implementation, and illustrate the flow chart step by step. Section 4 concludes with a research summary and a plan about future research. II.
Step 2: Generate a verification code randomly and set shown position in animation. Each time we need to choose 3 or more elements from original set randomly to form a verification code. Meanwhile, the position of verification code should be determined in the form of pixel coordinate in accordance with animation’s shown screen size. Step 3: Draw frames of animation. Animation is produced by lasting drawing of frames. Firstly, we set the number of drawn frames 0. •
DESIGN
A. Main Idea In this design, we still use characters as the content of verification code, while we change the carrier of these words from still images to vivid 3D animation.
In first frame’s drawing, we decide a series of number: the large number of moving objects in each frame, the initial position, color, shape, size of each object, the moving orbit of each object. And we choose one attribute about objects’ showing in animation as the changing attribute to all. While in the following frame’s drawing, we only need to change the position of each object by calculating the position in prior frame and moving orbit. Other attributes of objects remain the same as the prior frame.
3D animation is generated by the continuous drawing of pictures, and firstly we decide how many frames form an animation. Only when objects in each frame are changing, animation’s effect shows fluently. So we need to set each object moving orbit in the whole animation. Then we determine the shown position of verification code in the animation, which is used to show the verification code in the process of frames’ changing. In each frame’s drawing, when objects are in the position where verification code is supposed to be, we change one attribute of objects. Via this way, in the animation, we can see the characters of the verification code by changing attributes in each frame.
•
Before the painting of each frame, we need to judge whether objects in the position of verification code in the screen. The position information is expressed in the way of pixel coordinate. If both are the same, we change the changing attribute of objects into other different values randomly. Then we begin to paint each frame now. The drawn frame number should be added 1 after each frame’s painting.
Step 4: Repeat each frame’s drawing and save the animation. We need to set the total number of frames in the animation, and we loop Step 3 until the number of drawn frames reaches the total number of frames in the animation. Finally, we reserve all the frames in GIF format or AVI format.
B. Algorithm of Design We design specific algorithm and divides the process of generating new CAPTCHA into 4 steps, as Fig. 3 shows:
C. Security Analysis In the design, we set up a dynamic process to show verification code comparing to the showing method of 2D still image verification code. Actually, in each frame of animation, we can see nothing about characters we see in the animation, only in the moving process of objects, verification code could show clearly in the screen. And the reason is zero knowledge per frame principle, which means that each frame of animation would not leak any information of the verification code. This is due to the way we change our objects’ attributes in each frame’s drawing. The new principle makes the new CAPTCHA method robust to current OCR attacks. When it comes to computer vision field, the current detection methods to moving objects in animation still have weak points. The current major methods of detection are as follows. • Frame difference method [13][14]. This method means that using the difference of two continuous frames to detect the moving target. While in our design, each object in the animation is moving, this method could focus on all the objects and get nothing.
Figure 3. Algorithm of generating new CAPTCHA
Step 1: Determine elements of original content set. Usually, we select elements from English alphabet set or Arabic numerals set to make up of the original set of characters. And the elements should be easy for humans to recognize in shape.
•
1278
Optical flow method [19]. This method is based on the calculation of optical flow. While the weak point is
that it cannot meet the needs of real-time monitoring [15]. And in recognition of the new CAPTCHA, the real-time monitoring is needed, but Optical flow method is not valid. •
•
areas of animation screen. In this example, we set the screen size as 240 pixels*100 pixels, and set 01 matrix with 100 rows and 240 columns. As Fig. 5 shows, it is the shape of alpha ‘J’. The regions of element 1 in the 01 matrix show the shape of alpha ‘J’, while the regions of element 0 are outside the verification code’s area.
Temporal difference method [17][18]. In this method, we make the target object as the template and scan pixels to find the target. But this method can’t work in detecting of the new CAPTCHA. One reason is that the target object is unknown to attackers unless they know what characters are, and another reason is that objects in animation are similar to each other, thus this method may be misled by vast similar objects [20].
Step 2: Set the reflection between position in 01matrix of CAPTCHA and position in animation screen. The animation screen size is 240 pixels*100 pixels. We set the pixel coordinate of verification code in screen according to its 01 matrix in the way that if a pixel point’s pixel coordinate in the animation screen is (i, j), its corresponding location in the 01 matrix is the location of the element in Row (100-j) Column i.
Background subtraction method [16]. This method separates the moving objects and background to get the moving objects’ information [13]. But in the new design, all the objects are moving, so this method could retrieve nothing to analyze.
As we’ve discussed above, our new method of generating 3D animation as the carrier of verification code could suffer current OCR attacks to 2D still image verification code and recognition attacks aiming at moving objects in computer vision field. III.
THE IMPLEMENTATION OF 3D ANIMATION CAPTCHA
We implemented our new CAPTCHA method using VC++ and OPENGL. Details of the example are shown in Fig. 4. 1 Set the content set of CAPTCHA and generate a verification code
3 Set the grid’s shown attributes
2 Set the reflection between position in 01matrix of CAPTCHA and position in animation screen
4 Transform 3D coordinate in animation to 2D coordinate in shown screen
Figure 5. 01 matrix of “J”
yes
Step 3: Set the grid’s shown attributes. In this step, we are drawing a frame of the 3D animation.
5 Judge each quadrangle’s position
In each frame, a grid pattern covers the screen, which consists 150*150 points. It means that 22500 points of the vertexes of small quadrangles form a big quadrangle. We measure the location of points in 3D coordinate way and set the value of X and Y fixed at first, and the value of Z is calculated by a sin function. Meanwhile, we set the rotation angle of each quadrangle around X axis, Y axis and Z axis, in order to make a waving wave in the animation, which could add the complexity of moving orbits. Then we set colors of each point randomly from the color set of red, green and blue. What’s more, color is picked as the changing attribute.
no
6 Change colors randomly
7 Draw frames
8 Save CAPTCHA
Figure 4. Example of generating a 3D animation verification code
Step 1: Set the content set of CAPTCHA. We choose elements from English and Arabic numerals as elements of original set of verification code. In order to make each element could be recognized easily, we exclude elements with similar shape, such as letter O and number 0. So our set is { A,B,D,E,F,P,Q,R,T,U,V,X,Y,H,J,K,L,M,N,3,4,6,7,8,9}.
As to each quadrangle’s moving orbit, we design it in this way. After each 3 frames’ drawing, we replace each point’s value of Z by the adjacent right point’s Z. And the points’ Z in the rightmost column of the grid are replaced the corresponding points’ Z in the leftmost column of the same row.
Then we choose three letters randomly as the content of the verification code and reserve it in the form of 01 matrix. The 01 matrix’s rows and columns are determined by the pixel
Now we will explain the changing method for an example. As Fig. 6 shows, in the changing process, Z of point P is
1279
replaced by point Q’s Z. To the points like A, B, C and D in the rightmost column, their Z should be replaced by Z of point a, b, c and d, respectively.
new kind of CAPTCHA provides much more convenience for human to recognize. And we will go on studying to improve its security and practicability in future research. REFERENCES [1]
[2]
[3] Figure 6. Example of changing of points’ value of coordinate z
[4]
In the following frames’ drawing after the first frame’s drawing, we need to do the following measures. The total number of small quadrangles of the grid pattern, the moving orbit of each quadrangle and the changing attribute is fixed in the first frame’s drawing. The color of each point is the same as the prior frame. The only thing we need to change is the 3D coordinate of each point, according to the moving orbit and prior position.
[5]
[6]
[7]
Step 4: Transform 3D coordinate in animation to 2D coordinate in shown screen. We change the each quadrangle’s center point from 3D coordinate(X, Y, Z) to 2D pixel coordinate (i, j). And the center point’s position information is calculated by the position information from Step 3.
[8]
[9]
Step5: Judge each quadrangle’s position. In this step, we just need to judge the 2D pixel coordinate of each quadrangle’s position that is its center point’s position, to see whether or not it is in the verification code’s shown region. If it is, go to Step6; else, go to Step 7. Step 6: Change colors randomly. Each quadrangle’s color in this step is changed to others, such as a red quadrangle would be changed to a blue one or a green one. Step 7: Draw frames. After steps before, everything about the frame is determined, and we begin to draw the grid pattern according to the data. And we go to Step 3 to do continuous drawing of the animation. Step 8: Save CAPTCHA. When drawing frames, we record the animation at the same time. After a period of time, we reserve it in the form of GIF, because it is convenient to show in the web page. IV.
CONCLUSION
We’ve designed a new method to implement CAPTCHA mechanism in the form of 3D animation. This method is researched in a new field—the recognition of moving objectives. The current methods of detecting moving objects still have defects, and we make full use of these defects to fulfill our design. For that reason, the new design could resist current attacks in computer vision. Besides, in the study, we propose a new design principle—zero knowledge per frame principle, which assures that each frame of the animation would not leak any information about verification code’s content, so that it makes current computer programs encounter difficulties to attacks using OCR methods. Furthermore, this
[10]
[11]
[12]
[13] [14] [15]
[16] [17]
[18]
[19]
[20]
1280
L. von Ahn,M. Blum, and J. Langford, Telling Humans and Computers Apart Automatically, Communications of the ACM, February 2004, 5760. Luis von Ahn,Manuel Blum and John Langford,Telling Humans and Computers Apart Automatically: How Lazy Cryptographers do AI,In Communications of the ACM,2004. Luis von Ahn,Manuel Blum,Nicholas J,Hopper and John Langford ,The CAPTCHA Web Page: http://www.captcha.net,2000. Mohammad Shirali-Shahreza and Sajad Shirali-Shahreza, Advanced Collage CAPTCHA, Fifth International Conference on Information Technology: New Generations, 2008, p1234-1235. C Hue, JP Le Cadre, P Perez, Tracking multiple objects with particle filtering, Aerospace and Electronic Systems, IEEE Transactions on, Vol. 38, No. 3. (2002), pp. 791-812. Thomas Claburn, “Yahoo’s CAPTCHA Security Reportedly Broken”, http://www.informationweek.com/news/internet/webdev/showArticle.jht ml?articleID=205900620.. Microsoft Live Hotmail CAPTCHA-Hacked in 6 seconds , http://news.softpedia.com/news/Microsoft-Live-Hotmail-CAPTCHAHacked-In-6-Seconds-83341.shtml. Yan, J. and Salah El Ahmad, A. A Low-cost Attack on a Microsoft CAPTCHA, In CCS'08. Proceedings of the 15th ACM Conference on Computer and Communications Security, Alexandria, Virginia, USA, October 27-31, 2008. K Chellapilla, K Larson, P Simard, M Czerwinski, Computers beat humans at single character recognition in reading-based Human Interaction Proofs”, 2nd Conference on Email and Anti-Spam (CEAS), 2005. Y. Rui and Z. Liu. ARTIFACIAL: Automated reverse turing test using facial features. Technical Report MSRTR-2003-48, Microsoft, April 2003. R. Datta, J. Li, and J. Z. Wang. IMAGINATION: a robust image-based CAPTCHA generation system. Proc. of 13th ACM Int. Conf. on Multimedia (MULTIMEDIA 05), pp. 331–334, November 2005. J. Elson, J. R. Douceur, J. Howell, and J. Saul. ASIRRA: a CAPTCHA that exploits interest-aligned manual image categorization. Proc. of 14th ACM Conf. on Computer and Communications Security (CCS 2007), pp. 366–374, October – November 2007. Gavrila D M, The visual analysis of human movement: a survey, Computer Vision and Image Understanding, 1999, vol.73,p82-89. Jia Deyun, Computer Vision, Beijing: Science publisher, 2000, p26-235. Zhou Xihan, Liu Bo and Zhou HeQin, A Motion Detection Algorithm Based on Background Subtraction and Symmetrical Differencing, Computer Simulation, 2005, vol.22, p117-119. McKenna S and Jabri Z Duric Z, Tracking groups of people, Computer Vision and Image Understanding, 2000, vol(80), p42-56. Tian Juan and Zheng Yuzheng,Application of template matching technique in image recognition, Transducer and Microsystem Technologies, 2008, vol.27,p112-113. Xu Bo, Li Zhengming, A New Algorithm of Correlation Tracking Based on Adaptive Template, Optics& Optoelectronic Technology,2004, vol.2,p62-64. Barron J, Feet D, Beauchemin S. Performance of optical flow techniques, International Journal of Computer Vision, 1994,vol.12,p4377. Qin Xianxiang and Chen Hua, Amelioration of Template Matching Arithemetic for Moving Target Recognition and Tracking, Journal of Guangxi Academy of Sciences, 2008, vol.24, p293-295.
