December 30, 2009
Moving Video To ‘Captcha’ Robot Hackers
TAU uses a computer weakness to "code" security images that only humans can see
We see the popular "captcha" security mechanism often "” wavy letters websites ask us to type into a box. It's used by web pages and newsletter sign-up forms to prevent computer robots from hacking into servers and databases. But these codes, which are becoming increasingly complicated for an average person to use, are not immune to security holes.A research project led by Prof. Danny Cohen-Or of Tel Aviv University's Blavatnik School of Computer Sciences demonstrates how a new kind of video captcha code may be harder to outsmart. The foundation of the work, presented at a recent SIGGRAPH conference, is really pure research, says Prof. Cohen-Or, but it opens the door so security researchers can think a little differently.
"Humans have a very special skill that computer bots have not yet been able to master," says Prof. Cohen-Or. "We can see what's called an 'emergence image' "” an object on a computer screen that becomes recognizable only when it's moving "” and identify this image in a matter of seconds. While a person can't 'see' the image as a stationary object on a mottled background, it becomes part of our gestalt as it moves, allowing us to recognize and process it."
A truly "emerging" technology
In the new research paper, co-authored with colleagues in Taiwan, Saudi Arabia and India, Prof. Cohen-Or describes a synthesis technique that generates pictures of 3-D objects, like a running man or a flying airplane. This technique, he says, will allow security developers to generate an infinite number of moving "emergence" images that will be virtually impossible for any computer algorithm to decode.
"Emergence," as defined by the researchers, is a unique human ability to collect fragments of seemingly useless information, then synthesize and perceive it as an identifiable whole. So far, computers don't have this skill. "Computer vision algorithms are completely incapable of effectively processing emergence images," says Prof. Cohen-Or's faculty colleague Dr. Lior Wolf, a co-author of the study.
The scientists warn that it will take some time before this research can be applied in the real world, but they are currently defining parameters that identify the "perception difficulty level" of various images that might be used in future security technologies.
Finding Waldo in cyberspace
"We're not claiming in our research paper that we've developed a whole new captcha technology," says Prof. Cohen-Or. "But we are taking a step towards that "” something that could lead to a much better captcha, to highlight the big difference between men and bots. If it were to be turned into a solution, however, we wouldn't be able to give humans a multiple choice answer or common word answer for what they see, so we'll need to develop a way to use it. We have a few ideas in the works."
The researchers are also developing methods of automatically generating "hidden" images in a natural background, like a pastoral mountain setting "” a digital "Where's Waldo?" game. "We're trying to hide images like eagles or a lion in mountainscape," says Prof. Cohen-Or. Because the moving image blends into a static background, it's hard for bots to understand what the human eye perceives with only minimal training.
"This could be a tough thing for a robot to crack, so we're working hard to make it practical," he emphasizes. "A good captcha has to be something that's easy for people but hard for a machine."
On the Net: