Analisis Keamanan CAPTCHA (Completely Automatic Public Turing to Tell Computers and Human Apart) Menggunakan intervensi Mouse

ABSTRAKSI: Perkembangan spam atau aplikasi komputer yang berjalan dengan sendirinya sangat cepat,seiring dengan banyaknya aplikasi di dunia Internet yang membutuhkan autentikasi. Oleh karena itu dibutuhkan suatu aplikasi untuk mengetahui bahwa yang melakukan autentikasi atau menginputkan data pada suatu aplikasi bukan spam atau aplikasi yang bekerja secara otomatis. Dan aplikasi tersebut dinamakan CAPTCHA (Completely Automatic Public Turing to Tell Computers and Human Apart), pada umumnya CAPTCHA hanya berupa image yang bertuliskan huruf atau angka, dan melibatkan user untuk mengetikkan hasil tebakan hurup atau angka yang ada pada image. Dalam dunia cyber yang semakin canggih, ternyata dengan adanya CAPTCHA tersebut masih memungkinkan spam untuk masuk, yang menyebabkan user merasa tidak nyaman dengan hal tersebut. Hal tersebut terjadi karena CAPTCHA yang digunakan dapat dipecahkan oleh beberapa aplikasi seperti GOCR yang menggunakan teknik OCR nya untuk menebak angka dan huruf pada CAPTCHA, ada juga yang menggunakan Brute Force pada setiap penebakan angka dan huruf. Dan sebagian menggunakan Dictionary dan Database. Oleh karena itu solusi yang digunakan menggunakan CAPTCHA menggunakan intervensi mouse, dengan tujuan lebih user friendly dan lebih aman. Pada tugas akhir ini, hasil analisis usabilitas dan keamanan CAPTCHA menggunakan intervensi mouse mendapatkan hasil yang lebih memudahkan user dan CAPTCHA menggunakan intervensi mouse lebih aman jika digunakan encoding.Kata Kunci : CAPTCHA, Brute Force, CAPTCHA intevensi mouse, keamanan sistemABSTRACT: Evolution of spam or automaticaly computer applications are so fast, as fast as evaluation of application in Internet that need authentication progress. There for it need application to identificate or inputing data are human and not spam as automatically computer applications. The application’s name is CAPTCHA (Completely Automatic Public Turing to Tell Computers and Human Apart), basicly CAPTCHA is an image that has letters and numbers, and ask user to type value of the touring test that contain letters or numbers on image. In cyber world that more advanced, CAPTCHA still has any way to break its and CAPTCHA still available to post in, and make user unconfertabel. It’s cause of CAPTCHA can break by some application such as GOCR using OCR techniques to guest key or letters and numbers on CAPTCHA, Brute Force attack to guest numbers and letters, using dictionary and database technique. There for the solution to use is using CAPTCHA mouse intervention, to make user friendly and more secure. At this final task, analytic for usability and security of CAPTCHA using mouse intervenstion and make user more interesting with CAPTCHA and CAPTCHA mouse intervention more secure because using encode technique.Keyword: CAPTCHA, Brute Force, CAPTCHA mouse intevention, system securit

CAPTCHA Types and Breaking Techniques: Design Issues, Challenges, and Future Research Directions

The proliferation of the Internet and mobile devices has resulted in malicious bots access to genuine resources and data. Bots may instigate phishing, unauthorized access, denial-of-service, and spoofing attacks to mention a few. Authentication and testing mechanisms to verify the end-users and prohibit malicious programs from infiltrating the services and data are strong defense systems against malicious bots. Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) is an authentication process to confirm that the user is a human hence, access is granted. This paper provides an in-depth survey on CAPTCHAs and focuses on two main things: (1) a detailed discussion on various CAPTCHA types along with their advantages, disadvantages, and design recommendations, and (2) an in-depth analysis of different CAPTCHA breaking techniques. The survey is based on over two hundred studies on the subject matter conducted since 2003 to date. The analysis reinforces the need to design more attack-resistant CAPTCHAs while keeping their usability intact. The paper also highlights the design challenges and open issues related to CAPTCHAs. Furthermore, it also provides useful recommendations for breaking CAPTCHAs

RANCANG BANGUN IMAGE BASED CAPTCHA (COMPLETELY AUTOMATED PUBLIC TURING TEST TO TELL COMPUTER AND HUMAN APART) TERINTEGRASI DENGAN JIGSAW PUZZLE MENGGUNAKAN HTML5

CAPTCHA (Completely Automated Public Turing Test to tell Computer and Human Apart) adalah program komputer yang dapat melakukan tes dimana sebagian manusia dapat lulus, namun bot komputer tidak. CAPTCHA pada umumnya digunakan untuk memverifikasi pengunjung situs di internet dengan menggunakan tulisan terdistorsi pada sebuah gambar. CAPTCHA menghadapi sejumlah serangan dan potensi masalah dalam penggunaannya. Sejumlah Solusi dikembangkan untuk menghadapi serangan bot komputer, salah satunya dengan menggunakan skema mouse intervention. Dalam tugas akhir ini, pengembangan Image Based CAPTCHA diintegrasikan dengan kombinasi Jigsaw Puzzle dan dilakukan dengan menggunakan teknologi HTML5. Penelitian ini menggunakan metode pengembangan penelitian RAD (Rapid Application Development). CAPTCHA yang telah dikembangkan diuji dengan menggunakan teknik Blackbox, pengujian dimensi gambar, Security, dan User Acceptence Test. Hasil penelitian ini membuktikan bahwa penggunaan Jigsaw Puzzle CAPTCHA ini dapat mengurangi potensi masalah yang ada, namun tetap memudahkan manusia dalam menggunakannya

Security Guidelines for the Development of Accessible Web Applications through the implementation of intelligent systems

Due to the significant increase in threats, attacks and vulnerabilities that affect the Web in recent years has resulted the development and implementation of tools and methods to ensure security measures in the privacy, confidentiality and data integrity of users and businesses. Under certain circumstances, despite the implementation of these tools do not always get the flow of information which is passed in a secure manner. Many of these security tools and methods cannot be accessed by people who have disabilities or assistive technologies which enable people to access the Web efficiently. Among these security tools that are not accessible are the virtual keyboard, the CAPTCHA and other technologies that help to some extent to ensure safety on the Internet and are used in certain measures to combat malicious code and attacks that have been increased in recent times on the Web. Through the implementation of intelligent systems can detect, recover and receive information on the characteristics and properties of the different tools and hardware devices or software with which the user is accessing a web application and through analysis and interpretation of these intelligent systems can infer and automatically adjust the characteristics necessary to have these tools to be accessible by anyone regardless of disability or navigation context. This paper defines a set of guidelines and specific features that should have the security tools and methods to ensure the Web accessibility through the implementation of intelligent systems

Dynamic adversarial mining - effectively applying machine learning in adversarial non-stationary environments.

While understanding of machine learning and data mining is still in its budding stages, the engineering applications of the same has found immense acceptance and success. Cybersecurity applications such as intrusion detection systems, spam filtering, and CAPTCHA authentication, have all begun adopting machine learning as a viable technique to deal with large scale adversarial activity. However, the naive usage of machine learning in an adversarial setting is prone to reverse engineering and evasion attacks, as most of these techniques were designed primarily for a static setting. The security domain is a dynamic landscape, with an ongoing never ending arms race between the system designer and the attackers. Any solution designed for such a domain needs to take into account an active adversary and needs to evolve over time, in the face of emerging threats. We term this as the ‘Dynamic Adversarial Mining’ problem, and the presented work provides the foundation for this new interdisciplinary area of research, at the crossroads of Machine Learning, Cybersecurity, and Streaming Data Mining. We start with a white hat analysis of the vulnerabilities of classification systems to exploratory attack. The proposed ‘Seed-Explore-Exploit’ framework provides characterization and modeling of attacks, ranging from simple random evasion attacks to sophisticated reverse engineering. It is observed that, even systems having prediction accuracy close to 100%, can be easily evaded with more than 90% precision. This evasion can be performed without any information about the underlying classifier, training dataset, or the domain of application. Attacks on machine learning systems cause the data to exhibit non stationarity (i.e., the training and the testing data have different distributions). It is necessary to detect these changes in distribution, called concept drift, as they could cause the prediction performance of the model to degrade over time. However, the detection cannot overly rely on labeled data to compute performance explicitly and monitor a drop, as labeling is expensive and time consuming, and at times may not be a possibility altogether. As such, we propose the ‘Margin Density Drift Detection (MD3)’ algorithm, which can reliably detect concept drift from unlabeled data only. MD3 provides high detection accuracy with a low false alarm rate, making it suitable for cybersecurity applications; where excessive false alarms are expensive and can lead to loss of trust in the warning system. Additionally, MD3 is designed as a classifier independent and streaming algorithm for usage in a variety of continuous never-ending learning systems. We then propose a ‘Dynamic Adversarial Mining’ based learning framework, for learning in non-stationary and adversarial environments, which provides ‘security by design’. The proposed ‘Predict-Detect’ classifier framework, aims to provide: robustness against attacks, ease of attack detection using unlabeled data, and swift recovery from attacks. Ideas of feature hiding and obfuscation of feature importance are proposed as strategies to enhance the learning framework\u27s security. Metrics for evaluating the dynamic security of a system and recover-ability after an attack are introduced to provide a practical way of measuring efficacy of dynamic security strategies. The framework is developed as a streaming data methodology, capable of continually functioning with limited supervision and effectively responding to adversarial dynamics. The developed ideas, methodology, algorithms, and experimental analysis, aim to provide a foundation for future work in the area of ‘Dynamic Adversarial Mining’, wherein a holistic approach to machine learning based security is motivated

Human-artificial intelligence approaches for secure analysis in CAPTCHA codes

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) has long been used to keep automated bots from misusing web services by leveraging human-artificial intelligence (HAI) interactions to distinguish whether the user is a human or a computer program. Various CAPTCHA schemes have been proposed over the years, principally to increase usability and security against emerging bots and hackers performing malicious operations. However, automated attacks have effectively cracked all common conventional schemes, and the majority of present CAPTCHA methods are also vulnerable to human-assisted relay attacks. Invisible reCAPTCHA and some approaches have not yet been cracked. However, with the introduction of fourth-generation bots accurately mimicking human behavior, a secure CAPTCHA would be hardly designed without additional special devices. Almost all cognitive-based CAPTCHAs with sensor support have not yet been compromised by automated attacks. However, they are still compromised to human-assisted relay attacks due to having a limited number of challenges and can be only solved using trusted devices. Obviously, cognitive-based CAPTCHA schemes have an advantage over other schemes in the race against security attacks. In this study, as a strong starting point for creating future secure and usable CAPTCHA schemes, we have offered an overview analysis of HAI between computer users and computers under the security aspects of open problems, difficulties, and opportunities of current CAPTCHA schemes.Web of Science20221art. no.

Detecting, Preventing, and Responding to “Fraudsters” in Internet Research: Ethics and Tradeoffs

Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/111094/1/jlme12200.pd