ᯏ᪾⸶ߩ๺ᗵࠍ޿ߚ CAPTCHA ߩឭ᩺ A Proposal of CAPTCHA using

IPSJ SIG Technical Report 2009-CSEC-46 No.38 ipsjstyle-ms2009.dot (V2.0) CAPTCHA †,‡ 1. WEB WEB WEB DoS Denial of Service J. D. Tygar †† †,‡‡ CAPTCHA CAPTCHA CAPTCHA CAPTCHA CMU CAPTCHA CAPTCHA [1] WEB A Proposal of CAPTCHA using Strangeness in Machine Translation Takumi YAMAMOTO†,‡ J. D. Tygar †† Masakatsu NISHIGAKI†,‡‡ CAPTCHA is a technique to prevent automatic programs from being able to acquire free Email or online service accounts. However, as many researchers have reported, the conventional CAPTCHA could be defeated by recent malwares since the ability of PCs get closer to that of human. Therefore CAPTCHA should be based on an even more advanced human cognitive processing ability. In this study, to realize a new CAPTCHA, we propose to use a human ability to recognize “strangeness”. As an example, this paper focuses on strangeness in machine translated sentences, and proposes a CAPTCHA which detects malwares by checking if a user can distinguish natural sentences created by human from machine translated sentences. † Graduate School of Science and Technology Shizuoka University †† Computer Science Division, University of California, Berkeley ‡ DC1 Research Fellow of the Japan Society for the Promotion of Science (DC1) ‡‡ CREST Japan Science Technology and Agency CREST CAPTCHA 1 [2] OCR [3] CAPTCHA CAPTCHA Figure 1 1 Google CAPTCHA An example of a CAPTCHA used for Google Accounts Asirra [4] CAPTCHA Asirra Asirra [5] 1 2009 Information Processing Society of Japan ipsjstyle-ms2009.dot (V2.0) CAPTCHA PC CPU Asirra 2 CAPTCHA CAPTCHA Figure 2 2 Asirra [4] An example of the authentication window of Assira [4] Asirra [5] CAPTCHA Asirra Asirra CAPTCHA 2. CAPTCHA [3] [5] CAPTCHA Asirra [4] CAPTCHA OCR 3. 3.1 2 2009 Information Processing Society of Japan ipsjstyle-ms2009.dot (V2.0) NS(Natural Sentence) GS(Garbage Sentence) 3.2.1 NS NS WEB CAPTCHA NS NS SS-CAPTCHA NS WEB 1 in Sentences SS-CAPTCHA SS-CAPTCHA CAPTCHA using Strangeness 3 CS Collected Sentence SS-CAPTCHA NS CS NS SS-CAPTCHA 3.3 3.2.2 GS GS SS-CAPTCHA Figure 3 3.2 GS 3 SS-CAPTCHA An overview of our SS-CAPTCHA STEP 1. S0 S0 S0 NS SS-CAPTCHA CAPTCHA 3 2009 Information Processing Society of Japan ipsjstyle-ms2009.dot (V2.0) S0 STEP 2. L1 STEP 3. L0 L0 (MTL0->L1) L1 STEP 2 S1 (r ) S5 MTL0->L1 (S0) S0 L0 . STEP 3. STEP 2 WEB CS Collected Sentence STEP 4. (MT -> (MT (MT -> (MT -> STEP 2 Sr+1 = MTLr-> (Sr) GS ( -> S5 = MT S5 = MT -> -> (MT (MT ) -> -> (MT (MT -> -> (S0))))) (S0))))) . GS STEP 1. CS NS GS NS N GS G S=N+G+C NS Sr CS STEP 2. STEP 3. C S M N NS NS (r) 3.3 SS-CATCHA SS-CAPTCHA NS 2 1 CAPTCHA NS SS-CAPTCHA 2 STEP 4. STEP 3 CS CS 2 CS CS GS 4 6 GS CS CS K CS K K CS NS CS GS GS NS GS GS V CS GS V 0 CS V 1 V STEP 2 V 1 CS STEP 4 CS STEP 1. [a] V NS GS CS STEP 2. STEP 1 WEB WEB GS GS a 4 2009 Information Processing Society of Japan ipsjstyle-ms2009.dot (V2.0) 4. SS-CAPTCHA 8 4.1 SS-CAPTCHA 4 SS-CAPTCHA Figure 4 The scheme of SS-CAPTCHA. culture flickr [6] food sports 1 Figure 5 5 The scheme of collecting phase SS-CAPTCHA. 8 45.11 GS GS [7] 161 [b ] 1 SS-CAPTCHA 1 3 1 161 Figure 6 6 The scheme of authentication phase in SS-CAPTCHA b 5 1 GS 161 322 1 GS 2 GS , A 20 1 21 2009 Information Processing Society of Japan ipsjstyle-ms2009.dot (V2.0) NSs NS B A GS STEP 2. NS NS Table 1 1 GS Quality of Garbage Sentence created by processing technique A 16 B 15 A 23 B 11 A 54 B 14 STEP 1. 5 10 NS N=5 G=10 GS 1 7 5 GSs(1) NS GS 1 GS 15 15 2 GS GS STEP 1 4.1 A NS 2 GS ~ STEP 3. STEP 4. M=5 STEP1~STEP4 15 1 2 GS 5 GS 10 30 45.11 15 5 4.1 NS NS 1 B B SS-CAPTCHA GS A GS 2 GS NS 3.3 A 5 C GS D GS GS 3.3 NS NS [c] D GS 4.2 GS GS 4.1 , , 4.1 GSs(3) 4.1 NS GS , , GS NSs GSs(1),GSs(2), GS c 5 GS GS GS 60 GS 5 NS NS=5 NS GS NS 6 2009 Information Processing Society of Japan ipsjstyle-ms2009.dot (V2.0) GS 8 NS GS NS NS 3.3 NS=5 5. 4 5.1 4 SS-CAPTCHA 45 1 2 60 4.2 3.3 GS 1 1 SS-CAPTCHA [9] Figure 7 7 An example of an authentication window of SS-CAPTCHA CAPTCHA CAPTCHA NS 15 Table 2 2 Authentication success rate and time required for sentence selection GS C 5 4 17.50% 76.25% 93.75% 100.00% D 52.50% 93.75% 100.00% 100.00% C 46.25% 91.25% 100.00% 100.00% D 71.25% 98.75% 100.00% 100.00% C 28.75% 92.50% 100.00% 100.00% D 71.25% 98.75% 100.00% 100.00% 5.2 5.2.1 4.2 4.2 15 5 5 NS NS=4 1/15C5 5 4 NS 1/3003 NS 5C4 NS 3 2 / 15C4 1/273 69.36 [sec] 66.73 [sec] 60.37 [sec] 7 2009 Information Processing Society of Japan ipsjstyle-ms2009.dot (V2.0) 5.2.2 6. CAPTCHA SS-CAPTCHA GS SS-CAPTCHA SS-CAPTCHA NS GS CAPTCHA CAPTCHA CAPTCHA CAPTCHA CAPTCHA [1 10] [9] CAPTCHA CAPTCHA CAPTCHA [9] GS 5.2.3 No.20-6290 CAPTCHA SS-CAPTCHA CAPTCHA CAPTCHA [1] CAPTCHA CAPTCHA 1) The Official CAPTCHA Site, http://www.captcha.net 2) PWNtcha-Captcha Decoder, http://caca.zoy.org/wiki/PWNtcha 3) J.Yan,A.S.E.Ahmad: Breaking Visual CAPTCHAs with Naive Pattern Recognition Algorithms, 2007 Computer Security Applications Conference, pp.279-291,2007. 4) J.Elson,J.Douceur,J.Howell,J.Saul:Asirra: a CAPTCHA that exploit interest-aligned manual image categorization. 2007 ACM CSS, pp.366-374, 2007 5) P.Golle:Machine Learning Attacks Against the ASIRRA CAPTCHA, 2008 ACM CSS, pp.535-542 2008. 6) Welcome to Flickr - Photo Sharing, http://www.flickr.com/ 7) , http://www.excite.co.jp/world/ 8) 4 CAPTCHA 2009 CD-ROM No.3D3-3 2009 9) Google CAPTCHA ZDNet Japan http://japan.zdnet.com/sp/feature/07zeroday/story/0,3800083088,20392346,00.htm?ref=rss 10) -CNET Japan http://japan.cnet.com/news/sec/story/0,2000056024,20065869,00.htm 8 2009 Information Processing Society of Japan