RBSCaptchaLab - HOPE 11 Speech

CAPTCHAs are the most common form of web activity security and they play an important role in regulating online activity. CAPTCHAs keep bots and "blackhats" from abusing online resources by proving a user's humanity via solving a challenge that consists of a hard AI problem. CAPTCHA development is a constantly evolving arms race with new styles and designs being created by site administrators and broken by attackers every day. In order to keep the world wide web usable, site administrators must constantly work on developing new methods and improving CAPTCHAs to prevent automated abuse. This talk covers the basics of what CAPTCHAs are, what type of security they provide, the major types of CAPTCHAs, and how to attack them. We also discuss criteria used when designing a CAPTCHA framework and briefly cover some academic literature that is relevant to the field. We look at popular tools and services currently used to attack CAPTCHAs and provide some insight into the current state of bot identification. We are currently working on developing a new image based CAPTCHA challenge that relies on humans being able to discern an emotion expressed by a face in an image. We will demonstrate how we believe we have achieved our desired usability, scalability, and robustness levels via a real world prototype implementation. An overview of the tools and tool chain used (MS Emotion API, GIMP, Google APIs, Python, Django) to create the CAPTCHA challenges will be detailed. The deck concludes with a user study and provides an analysis of the results with a discussion about some of the limitations of the project in its current form.