Proposing a Scheme for Human Interactive Proof Test using Plasma Effect

            Human Interactive Proofs (HIPs) are automatic inverse Turing tests, which are intended to differentiate between people and malicious computer programs. The mission of making good HIP system is a challenging issue, since the resultant HIP must be secure against attacks and in the same time it must be practical for humans. Text-based HIPs is one of the most popular HIPs types. It exploits the capability of humans to recite text images more than Optical Character Recognition (OCR), but the current text-based HIPs are not well-matched with rapid development of computer vision techniques, since they are either vey simply passed or very hard to resolve, thus this motivate that continuous efforts are required to improve the development of HIPs base text. In this paper, a new proposed scheme is designed for animated text-based HIP; this scheme exploits the gap between the usual perception of human and the ability of computer to mimic this perception and to achieve more secured and more human usable HIP. This scheme could prevent attacks since it's hard for the machine to distinguish characters with animation environment displayed by digital video, but it's certainly still easy and practical to be used by humans because humans are attuned to perceiving motion easily. The proposed scheme has been tested by many Optical Character Recognition applications, and it overtakes all these tests successfully and it achieves a high usability rate of 95%

CAPTCHA Types and Breaking Techniques: Design Issues, Challenges, and Future Research Directions

The proliferation of the Internet and mobile devices has resulted in malicious bots access to genuine resources and data. Bots may instigate phishing, unauthorized access, denial-of-service, and spoofing attacks to mention a few. Authentication and testing mechanisms to verify the end-users and prohibit malicious programs from infiltrating the services and data are strong defense systems against malicious bots. Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) is an authentication process to confirm that the user is a human hence, access is granted. This paper provides an in-depth survey on CAPTCHAs and focuses on two main things: (1) a detailed discussion on various CAPTCHA types along with their advantages, disadvantages, and design recommendations, and (2) an in-depth analysis of different CAPTCHA breaking techniques. The survey is based on over two hundred studies on the subject matter conducted since 2003 to date. The analysis reinforces the need to design more attack-resistant CAPTCHAs while keeping their usability intact. The paper also highlights the design challenges and open issues related to CAPTCHAs. Furthermore, it also provides useful recommendations for breaking CAPTCHAs

Propose an Arabic CAPTCHA System based on Chaotic Maps

CAPTCHA is the facility that prevents web bots from accessingthe web services by generating tests to check whether the user is human orcomputer program. In this paper, a new pseudo-random bits generator basedon chaotic system is offered to generate Arabic letters and numbers forCAPTCHA system. The proposed generator uses two Jacobian ellipticChebyshev rational maps that are combined in the algorithm to produce ablock of 32bits in each iteration. A specified number of bits are selected fromthe resulted blocks to be converted to a set of Arabic letters and numbers.National Institute of Standards and Technology (NIST) statistical test suiteare used to assess the generator randomness, all tests has been passed exceptLongest Run of Ones in a Block Test, Binary Matrix Rank Test and RandomExcursions Test

Avatar captcha : telling computers and humans apart via face classification and mouse dynamics.

Bots are malicious, automated computer programs that execute malicious scripts and predefined functions on an affected computer. They pose cybersecurity threats and are one of the most sophisticated and common types of cybercrime tools today. They spread viruses, generate spam, steal personal sensitive information, rig online polls and commit other types of online crime and fraud. They sneak into unprotected systems through the Internet by seeking vulnerable entry points. They access the system’s resources like a human user does. Now the question arises how do we counter this? How do we prevent bots and on the other hand allow human users to access the system resources? One solution is by designing a CAPTCHA (Completely Automated Public Turing Tests to tell Computers and Humans Apart), a program that can generate and grade tests that most humans can pass but computers cannot. It is used as a tool to distinguish humans from malicious bots. They are a class of Human Interactive Proofs (HIPs) meant to be easily solvable by humans and economically infeasible for computers. Text CAPTCHAs are very popular and commonly used. For each challenge, they generate a sequence of alphabets by distorting standard fonts, requesting users to identify them and type them out. However, they are vulnerable to character segmentation attacks by bots, English language dependent and are increasingly becoming too complex for people to solve. A solution to this is to design Image CAPTCHAs that use images instead of text and require users to identify certain images to solve the challenges. They are user-friendly and convenient for human users and a much more challenging problem for bots to solve. In today’s Internet world the role of user profiling or user identification has gained a lot of significance. Identity thefts, etc. can be prevented by providing authorized access to resources. To achieve timely response to a security breach frequent user verification is needed. However, this process must be passive, transparent and non-obtrusive. In order for such a system to be practical it must be accurate, efficient and difficult to forge. Behavioral biometric systems are usually less prominent however, they provide numerous and significant advantages over traditional biometric systems. Collection of behavior data is non-obtrusive and cost-effective as it requires no special hardware. While these systems are not unique enough to provide reliable human identification, they have shown to be highly accurate in identity verification. In accomplishing everyday tasks, human beings use different styles, strategies, apply unique skills and knowledge, etc. These define the behavioral traits of the user. Behavioral biometrics attempts to quantify these traits to profile users and establish their identity. Human computer interaction (HCI)-based biometrics comprise of interaction strategies and styles between a human and a computer. These unique user traits are quantified to build profiles for identification. A specific category of HCI-based biometrics is based on recording human interactions with mouse as the input device and is known as Mouse Dynamics. By monitoring the mouse usage activities produced by a user during interaction with the GUI, a unique profile can be created for that user that can help identify him/her. Mouse-based verification approaches do not record sensitive user credentials like usernames and passwords. Thus, they avoid privacy issues. An image CAPTCHA is proposed that incorporates Mouse Dynamics to help fortify it. It displays random images obtained from Yahoo’s Flickr. To solve the challenge the user must identify and select a certain class of images. Two theme-based challenges have been designed. They are Avatar CAPTCHA and Zoo CAPTCHA. The former displays human and avatar faces whereas the latter displays different animal species. In addition to the dynamically selected images, while attempting to solve the CAPTCHA, the way each user interacts with the mouse i.e. mouse clicks, mouse movements, mouse cursor screen co-ordinates, etc. are recorded nonobtrusively at regular time intervals. These recorded mouse movements constitute the Mouse Dynamics Signature (MDS) of the user. This MDS provides an additional secure technique to segregate humans from bots. The security of the CAPTCHA is tested by an adversary executing a mouse bot attempting to solve the CAPTCHA challenges

Robust security against cyber threats with variety of captchaGüvenlik kodu çeşitliliği ile siber tehditlere karşı güçlü güvenliğin sağlanması

Cyberspace also brings about cybercrime, which is evolving along with the rapid progress of technology and internet. Captchars are used as a layer of security to prevent these crimes. It is a security mechanism designed to distinguish whether an entry is made by the user when entering a system and is used for protection against malicious bot programs. For this reason, it is important that the introduction is done by human or bot software.In this study, a safer Captcha combination test was presented based on Captcha types and Captcha studies. The proposed approach basically consists of three steps. In the first step, the user is asked to test with a simple text-based Captcha to avoid the difficulty of captcha testing. The second stage, when the first stage test is unsuccessful, offers a more complicated captcha test with text and picture. In the third stage, different-based captcha are presented which are more complex than the first two stages and will force the user. This approach makes it easier to distinguish the bot with the user, and the bot program's algorithm can be challenged with the variety of captcha combinations created. Extended English summary is in the end of Full Text PDF (TURKISH) file.ÖzetSiber dünyada, teknoloji ve internetin hızla ilerlemesi beraberinde gelişmekte olan siber suçları da getirmektedir. Güvenlik kodlar (captcha) bu suçları engellemek amacıyla oluşturulan bir güvenlik katmanı olarak kullanılırlar. Bir sisteme giriş yapıldığında girişin kullanıcı tarafından yapılıp yapılmadığının ayırt edilebilmesi için tasarlanmış bir güvenlik mekanizması ve kötü niyetli bot programlarına karşı korunma amaçlı kullanılır. Bu nedenle girişin insan mı yoksa bot yazılımı tarafından mı yapıldığı önem arz etmektedir.Bu çalışmada, Güvenlik kod (captcha) türleri ve yapılan Güvenlik kod (captcha) çalışmaları baz alınarak daha güvenli bir Güvenlik kod (captcha)  kombinasyon testi sunulmuştur. Önerilen yaklaşım temelde üç aşamadan oluşmaktadır. İlk aşamada kullanıcının Güvenlik kod (captcha) ile imtihanını zorlaştırmamak için metin tabanlı basit Güvenlik kod (captcha) ile test edilmesi istenmektedir. İkinci aşamada, ilk aşama testi başarısız olduğunda metin ve resim tabanlı daha zorlaştırılmış Güvenlik kod (captcha) testi sunulmaktadır. Üçüncü aşamada ise ilk iki aşamadan daha karmaşık ve kullanıcıyı zorlayacak farklı tabanlı Güvenlik kodu (captcha)  sunulmaktadır. Bu yaklaşım ile kullanıcı ile bot ayırımı daha kolay yapılabilmekte ve oluşturulan Güvenlik kodu (captcha)  birleşim çeşitliliği ile bot programlarının algoritmasına meydan okunabilmektedir.

Prevention of Phishing Attacks Using AI-Based Cybersecurity Awareness Training

Machine learning has been described as an effective measure in avoiding most cyberattacks. The development of AI has therefore promoted increased security for most computer attacks. Phishing attacks are risky and can be prevented through AI-based solutions. This factor suggests the need for increased awareness of cybersecurity through AI. Developing awareness for most people will prevent these types of attacks. The research paper describes how the awareness of AI-based cybersecurity could ensure a reduction of phishing attacks. The paper, therefore, showcases the effectiveness of AI-based cybersecurity awareness training and how it may influence cyber-attacks

Integrating Light-Weight Cryptography with Diacritics Arabic Text Steganography Improved for Practical Security Applications

Cryptography and steganography are combined to provide practical data security. This paper proposes integrating light-weight cryptography with improved Arabic text steganography for optimizing security applications. It uses light-weight cryptography to cope with current limited device capabilities, to provide acceptable required security. The work tests hiding encrypted secret information within Arabic stego-cover texts, using all common diacritics found naturally in the Arabic language. The study considers different challenging situations and scenarios in order to evaluate security practicality. It further carries out simulations on some short texts from the Holy Quran, taking them as standard authentic texts, that are fixed and trusted, therefore providing realistic study feedback that is worth monitoring. Our improved approach features preferred capacity and security, surpassing the best previous diacritics stego approach, showing interesting potential results for attractive enlightening exploration to come