Security is an important aspect in the computing environment today. Various security measures are used to protect resources from malicious attacks. One such security measure includes using CATPCHAs to protect resources. A CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. This test is used to detect whether a party that is requesting access to a resource is a human or a computer. CAPTCHAs help in protecting resources intended for humans by preventing automated software or “bots” from utilizing or abusing the resources. Resources such as web-mails, blogs and online-voting are vulnerable of abuse and need protection against the abuse. For example, a bot can create thousands of email accounts if it gets access to a web-mail. This activity heavily uses the server bandwidth and severely impacts the quality of the service. Similarly, a bot that gets access to a blog or online-voting can make automated postings and voting, respectively. As a result, the blog can be used by the bot for malicious activities such as commercial promotion, harassment, or even otherwise for degrading the blog service. Similarly, automated voting by a bot can easily influence the results of online-voting.
The earlier used CAPTCHAs involved warping or distorting the image of text or set of characters such that it could be easily identified and reproduced by humans. Bots or computer programs often failed to recognize the information present in these images and could not reproduce the correct information. As these images were presented at random, one could not have any prior idea about the textual information being displayed. However, with improvement in Optical Character Recognition (OCR) techniques, decoding such CAPTCHAs became possible. CAPTCHAs were then improved by embedding a distorted text image on a background image to form an image. Thereafter, to further add to the complexity, the text was struck through using an angled line which made identification by a computer system even more difficult. Another option used for increasing the difficulty level was to crowd the characters together. In other words, some extent of overlap in characters was used to increase the CAPTCHA's difficulty level. However, further developments in the OCR technology have made it possible to break these CAPTCHAs as well.
Efforts were then made to make CAPTCHAs that are not prone to be broken by OCR techniques. The CAPTCHAs developed then were based on image recognition rather than character recognition. For instance, a CAPTCHA included three to four different images in which an object was presented to a user; it further asked him/her to identify the common object. At the back-end, creating such a CAPTCHA included having a number of images corresponding to a predefined object and displaying three to four randomly selected images to the user. However, techniques evolved to decode such CAPTCHAs also. Such CAPTCHAs are based on static logic or hard artificial intelligence problems. Once the logic has been identified, a bot can decode all CAPTCHAs generated by that system. The one-time identification of the logic can be performed manually with few attempts and then the solution can be given to a bot to break all CAPTCHAs generated by that system and gain access to resources.
In light of the limitations associated with the existing CAPTCHAs, a need exists for a challenge for assuring human interaction that is difficult for a computer program or a bot to decode.