Captcha Improvement: Security from DDoS Attack

BY: DHANANJAY SINGH

CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”. Manuel Blum, Luis von Ahn, Nicholas J. Hopper, and John Langford originated the term CAPTCHA in 2003 [1]. The first version of CAPTCHA was image-based. It was designed in 1997 to distinguish humans from Robots. Solving the CAPTCHA is similar to the reverse Turing test. CAPTCHA was introduced to add a layer of security to protect the servers/devices from unauthorized sources/users like robots. It is also considered a DDoS attack prevention mechanism. CAPTCHA can also be useful for solving NP-hard problems to take correct decisions when dealing with ambiguous problems.

Figure 1 represents the overall CAPTCHA system, assuming all the resources available on the internet as a server. All the request bodies are either Robots or Humans. Human/Robot tries to get resources from server and CAPTCHA plays a security layer to prevent the Robot from unauthorized access. If the client is able to solve the captcha it is considered as Human and allowed to access the resources if not client is not allowed to access the resource.

CLASSIFICATION OF CAPTCHAS

CAPTCHA system can be categorized into 5 categories depending on the problems created to solve by the human[3].

CAPTCHAs based on puzzle
CAPTCHAs based on text.
CAPTCHAs based on audio.
CAPTCHAs based on video.
CAPTCHAs based on image.
CAPTCHAs based on OCR [4].

Application of CAPTCHA

Protecting unauthorized registration/request for resources.
Helping computer to solve computationally hard/ambiguous problems.
Preventing the attacks based on Hit and Trial method.
Preventing web scraping and unauthorized automation.
Protecting personal information like email/contact number from scrapers to protect unwanted emails/messages.

Drawbacks of Current CAPTCHA System

There are several drawbacks due to which bots are able to solve the CAPTCHA using machine learning approaches. Due to the huge development of machine learning[5], it is easy to solve approximately all the CAPTCHA by training the bots. There is no technique introduced in the CAPTCHA to prevent the bots if bots are able to solve the captcha. CAPTCHA should be easy to solve for humans but tough to solve for bots, due to which the scope of CAPTCHA design has been limited. So there is a huge need for improvement as CAPTCHA is the easiest method to prevent unauthorized access of resources.

Improvement in CAPTCHA

The Captcha system tries to prevent the DDoS attack but it fails when the robot is able to solve the captcha using the machine learning approach. It is very difficult to create a captcha system that is not solvable using a machine learning algorithm or by robots. So better idea is to force the user/robot to wait for a definite time(equal to the time required to solve the captcha). This idea will make the system double secure from DDoS attacks. A multistep authentication scheme is recommended to be used for better security[8].

Algorithm for CAPTCHA improvement

var date = new Date();

var starting_time = date.getSeconds();

const time_bount= 2 sec

ShowCaptcha()

date = new Date();

var end_time = date.getSeconds();

if (end_time – starting_time)> 0:

setInterval( function() {

Success();

},(time_bound -(end_time – starting_time)*1000);

}

The above algorithm tries to add a time-bound with captcha so that a user must take a specific time to solve the CAPTCHA. If any user can solve the captcha very quickly it must wait for a specific time to enter the server, even a bot can be identified here to add keep track of it. The complete explanation of the algorithm is given below.

date = new Date() and var starting_time = date.getSeconds() captures the current time in second.
const time_bount= 2 sec; initialize the time-bound, it can vary according to the complexity of the CAPTCHA.
ShowCaptcha(); It shows the CAPTCHA in the screen to be solved.
date = new Date() and var end_time = date.getSeconds() captures the time in second after getting the CAPTCHA solved.
If time-taken to solve the CAPTCHA is less than the time-bound defined then the user should wait for the rest of the time to enter in the server. “setInterval” is responsible to wait for the time defined and then allow the user to access the resources.

Figure 2 represents the improved captcha system. This figure shows that humans or Robots must solve the CAPTCHA in a definite time interval not earlier than that. If the user is able to solve the CAPTCHA it must wait for time-bound.

Future Scope

The DDoS attacks can also be prevented by designing the CAPTCHA which takes exponential time to solve by the bots but can be easily solved by humans. Creating a reverse Turing problem is best for CAPTCHA. The DDoS attack is very much powerful for IoT devices because IoT devices are very much vulnerable. Adding a better security protocol for data transmission will be good to secure data transmission. The next target of the research would be focused on securing IoT devices from DDoS attacks.

References

[1]. R. K. Devi, M. Muthukannan, S. S. H. Babu, A. Sivadasan and S. Abinivesh, “Novel Authentication Mechanisms for Hash Code, CAPTCHA and OTP in Cyber Security Domain,” 2021 6th International Conference on Inventive Computation Technologies (ICICT), 2021, pp. 62-68, doi: 10.1109/ICICT50816.2021.9358573.

[2]. http://www.captcha.net/ visited 20 july2020.

[3]. Magdy, Menna and Tawfeek, Medhat A. and Mousa, Hamdy M., A Comprehensive Study for Different Types of CAPTCHA Methods and Various Attacks (2021). JETIR June 2021, Volume 8, Issue 6

[4]. C. E. Dunn and , P. S. P. Wang, “Character segmentation techniques for handwritten text-a survey,” In Pattern Recognition, 1992. Vol. II. Conference B: Pattern Recognition Methodology and Systems, Proceedings., 11th IAPR International Conference , pp. 577-580.

[5]. Y. Zhang, H. Gao, G. Pei, S. Luo, G. Chang and N. Cheng, “A Survey of Research on CAPTCHA Designing and Breaking Techniques,” 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2019, pp. 75-84, doi: 10.1109/TrustCom/BigDataSE.2019.00020.

[6]. Ning Zhang, Mohammadreza Ebrahimi, Weifeng Li, Hsinchun Chen, “A Generative Adversarial Learning Framework for Breaking Text-Based CAPTCHA in the Dark Web“, Intelligence and Security Informatics (ISI) 2020 IEEE International Conference on, pp. 1-6, 2020.

[7]. Mohit Jadhav, Nupur Kulkarni, Omkar Walhekar, “Doodling Based CAPTCHA Authentication System“, Innovation in Technology (ASIANCON) 2021 Asian Conference on, pp. 1-5, 2021.

[8]. Almazrooie, M., Samsudin, A., Gutub, A., Salleh, M.S., Omar, M.A., Hassan, A.A. (2020). Integrity verification for digital Holy Quran verses using cryptographic hash function and compression. Journal of King Saud University Computer and Information Sciences 32(1):24-34.

Cite this article

Dhananjay Singh (2021) Captcha Improvement: Security from DDoS Attack, Insights2Techinfo, pp.1

Related Articles:

149100cookie-checkCaptcha Improvement: Security from DDoS Attack

Post Views: 543

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Captcha Improvement: Security from DDoS Attack

CLASSIFICATION OF CAPTCHAS

Application of CAPTCHA

Drawbacks of Current CAPTCHA System

Improvement in CAPTCHA

Algorithm for CAPTCHA improvement

Future Scope

2 thoughts on “Captcha Improvement: Security from DDoS Attack”

Leave a Reply Cancel reply

Smart grid and cyber defences

Revolutionizing Healthcare: The Role of Machine Learning in IoMT

Revolutionizing Software Engineering using Quantum Computing

AGILE METHODOLOGIES IN THE ERA OF MACHINE LEARNING DEVELOPMENT

The Marvels of Large Language Models: Unleashing The Power of Generative AI

The differences between Edge Computing and Federated Learning

AirAsia’s Tourism Impact: A Case Study on the AIRA Chatbot in Malaysia

AI Revolution in Service and Tourism Selling: Concepts and Difficulties

Beyond Borders: Navigating Tomorrow with AI-Enhanced Face Acknowledgement in Tourism and Service industry

Fathoming Big Data Analytics for Community-Driven Strategies in Rural Tourism Development

Safeguard authenticity for mitigating the harms of generating AI