A Clever Approach to Insuring Internet Security

If you routinely access Internet web pages you have encountered a form of Internet security which are little boxes with distorted letters inside and an instruction to type in the letters you see. These interesting Internet security devices are called CAPTCHAs. The acronym stands for "Completely Automated Public Turing test to tell Computers and Humans Apart".

How Did CAPTCHAs Evolve?

As the Internet grew in size many applications such as online banking were developed. These required some type of Internet security to prevent automated software programs call bots from accessing the sites by repeatedly challenging them with password variations. The challenge facing programmers was to devise a way to tell that the person (or computer) trying to access the Internet site was really a human. The result of this security challenge was the development of CAPTCHAs. They grew out of what is known as the Turing test. Over 50 years ago a mathematician, Dr. Alan Turing devised a test to determine whether a human that was connected to both another human and also a computer in another room could tell the difference between human and machine by posing questions to both. Basically the concept in recent times was to harden Internet security of web sites by devising a way to tell whether the person trying to log on is indeed a human and not a robotic program mindlessly trying different passwords.

How a CAPTCHA Works

The CAPTCHA was developed by L. von Ahn, M. Blum, N. Hopper (all of Carnegie Mellon University) and John Langford (of IBM) and the CAPTCHA acronym is trademarked by Carnegie Mellon University. CAPTCHAs are derived out of the fact that computers have a very hard time interpreting or tagging images on the Internet. Conversely humans are very good at this. Thus when a human is logging on a site and is confronted with the challenge of visually interpreting a short series of distorted alphanumeric characters they can readily interpret what they are. When they type them in, as requested, the program compares the entry to the known characters that were used to make that CAPTCHA image. If the entry matches the user is allowed to go to the next level in the access process. This methodology enhances greatly the Internet security protocol. For sight impaired users some sites use an audio equivalent of the CAPTCHA where the letters of the CAPTCHA are heard on audio.

Internet Security Takes Time

In simple terms in the world of Internet security the task of the CAPTCHA is to generate challenges which humans can routinely easily solve but that computers are unable to solve. While it seems simple it has a lot of depth since it illustrates the ability of humans to solve problems quickly that computers cannot. Luis von Ahn has been instrumental in developing this field of Internet security. While the time it takes to solve a CAPTCHA seems trivial von Ahn, appearing on a PBS Wired Science episode, estimated that computer users worldwide solve 200 million CAPTCHAs every day to gain Internet security access on websites. Multiply this by the ~10 seconds to it takes to solve and type in. Converted to hours this equates to 555,555 hours spent daily for this one Internet security step. This doe not include the time spent entering user names and passwords found in most Internet security protocols. As an interesting point of reference he stated the Empire State Building took 7 million man-hours to build. This is equivalent to the time spent worldwide solving CAPTCHAs for only 12.6 days!

As the need for higher level of Internet security more sophisticated approaches to CAPTCHAs are being developed. This is driven by the fact that computers are not as smart as humans. Meanwhile CAPTCHAs play an increasingly important role in the field of Internet security. The ESP game (see link) is derived from the concept of CAPTCHAs and pits two players against each other to label pictures which computers have a difficult accomplishing. The labels generated in this game are actually used in building a data base of tagged images.

PBS Wired Science Episode 109 aired 12/19/2007

http://www.pbs.org/kcet/wiredscience/video/284-luis_von_ahn.html

http://www.captcha.net/

http://www.espgame.org/