A SEMINAR REPORT

On
CAPTCHA

Submitted to

MALLA REDDY ENGINEERING COLLEGE

In partial fulfilment of the requirements for the award of the degree of

BACHELOR OF TECHNOLOGY
In
Computer Science and Engineering
Seminar-A00P3

By

VANGALA DEV SRIRAM

Regd. No.: 21J45A0523

DEPARTMENT OF CSE
MALLA REDDY ENGINEERING COLLEGE
(An UGC Autonomous Institution, Approved by AICTE, New Delhi & Affiliated to JNTUH,
Hyderabad).
Maisammaguda(H), Medchal - Malkajgiri District, Secunderabad, Telangana State – 500100,
www.mrec.ac.in

APRIL - 2024
 MALLA REDDY ENGINEERING COLLEGE
(An UGC Autonomous Institution, Approved by AICTE, New Delhi & Affiliated to JNTUH, Hyderabad).
Maisammaguda(H), Medchal - Malkajgiri District, Secunderabad, Telangana State – 500100,
www.mrec.ac.in

DEPARTMENT OF CSE

CERTIFICATE
Certified that seminar work entitled “CAPTCHA” is a bonafide work

carried out in the eighth semester by “VANGALA DEVSRIRAM” in

partial fulfilment for the award of Bachelor of Technology in Electronics

and Communication Engineering from Malla Reddy Engineering College,

during the academic year 2023 – 2024.

I wish her/ him success in all future endeavours.

SEMIANR COORDINATOR INTERNAL EXAMINER HEAD OF DEPARTMENT

Mr K V VARAPRASAD(PH.D) Dr. P S R C MURTY
Assistant professor HOD

Place:
Date:
 ACKNOWLEDGEMENT

I would like to express our sincere thanks to Dr. A. RamaSwami Reddy, Principal,
MREC(A) for providing the working facilities in the college.

My sincere thanks and gratitude to Dr. P.Srirama Chandra Murty, Professor & Head,
Department of CSE, MREC(A) for all the timely support and valuable suggestions during
the period of seminar.

I am thankful to our Seminar Coordinator Mr K V Varaprasad(Ph.d), Assistant

Professor, Department of Computer Science and Engineering, for his cooperation during
the seminar work.

Finally, I would also like to thank all the faculty and staff of the CSE Department
who helped us directly or indirectly, parents and friends for their cooperation in
completing the seminar work.

Name :V.DEV SRIRAM

Regd. No :21J45A0523
Section :CSE-D
 ABSTRACT

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a widely-
used security measure designed to distinguish between human users and automated bots on the internet.
This abstract explores the evolution, effectiveness, and challenges associated with CAPTCHA systems.

It discusses various techniques employed in CAPTCHAs, including text-based challenges, image

recognition tasks, and more recent approaches like behavioral analysis.

Additionally, the abstract delves into the limitations of CAPTCHA systems, such as accessibility concerns
for users with disabilities and the arms race between CAPTCHA designers and automated bots. Finally, it
addresses emerging trends in CAPTCHA technology, such as the integration of machine learning
algorithms for enhanced security and user experience.

Signature of the Student

Name :V.DEV SRIRAM

Regn. No :21J45A0523
Semester :8th
Branch : CSE
Date :

i
 TABLE OF CONTENTS

Chapter Description Page

No. No.

ABSTRACT i

TABLE OF CONTENTS ii

LIST OF FIGURES iii

1 INTRODUCTION TO CAPTCHA

1.1 Purpose and Functionality 1

1.2 History of CAPTCHA 2-3

2 TYPES OF CAPTCHA

2.1 Types of CAPTCHA 4-5

3 reCAPTCHA

3.1 History of reCAPTCHA 6-7

3.2 How reCAPTCHA works 8

4 CONCLUSION 9

REFERENCES 10

ii
 LIST OF FIGURES

FIGURE NO. TITLE PAGE NO.

1.1 Version of CAPTCHA 1

Text based CAPTCHAs 2

1.2

1.3 Check box CAPTCHA 3

1.4 CAPTCHA vs reCAPTCHA 3

2.1 Text based CAPTCHA 4

2.2 Image based CAPTCHA 4

2.3 Audio based CAPTCHA 5

3.1 Google’s reCAPTCHA 7

iii
 CHAPTER I

INTRODUCTION

CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart."
It's a type of challenge-response test used in computing to determine whether the user is a human or a bot.

The purpose of a CAPTCHA is to prevent automated software (often referred to as "bots" or "spambots")
from performing certain actions on a website, such as creating accounts, submitting forms, or accessing
restricted content. By presenting a task that is easy for humans to solve but difficult for automated
programs, CAPTCHAs help to ensure that these actions are performed by real people rather than automated
scripts.

CAPTCHAs typically involve presenting the user with a task that requires some level of human
intelligence to complete, such as identifying distorted text, selecting images that match a certain criterion,
or solving a simple puzzle. Once the user successfully completes the task, the website can be reasonably
confident that the user is a human and not a bot.

Overall, CAPTCHAs are an important tool in combating spam, fraud, and abuse on the internet by
verifying the identity of users interacting with websites and online services.

1.1. Purpose and Functionality

The primary purpose of CAPTCHA is to distinguish between human users and automated scripts or
bots. It accomplishes this by presenting challenges that are typically easy for humans to solve but difficult
for automated programs to crack. These challenges commonly involve tasks like recognizing distorted text,
identifying objects in images, or solving simple puzzles.

Fig.1.1

1
1.2.History of CAPTCHA

The history of CAPTCHA is an interesting journey that evolved as a response to the growing challenges
posed by automated bots on the internet. Here's a brief overview:

1. Early Anti-Spam Measures (1990s)

In the early days of the internet, automated bots became a nuisance, particularly in the form of email spam.
To combat this, basic text-based challenges were introduced to differentiate between humans and bots.
These challenges typically involved distorted text that was easy for humans to read but difficult for
automated programs to decipher.

2. The Birth of CAPTCHA (2000s)

The term "CAPTCHA" was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and John
Langford at Carnegie Mellon University. They introduced CAPTCHA as a more sophisticated approach to
distinguishing humans from bots. The first widely used CAPTCHA implementation was developed by
AltaVista in 1997, followed by Yahoo in 2000.

3. Text-Based CAPTCHA Dominance (2000s)

Text-based CAPTCHAs, where users had to decipher distorted text, became the norm in the early 2000s.
However, advancements in optical character recognition (OCR) technology led to the development of bots
capable of bypassing these challenges, prompting the need for more advanced solutions.

Fig.1.2

4. Evolution of CAPTCHA Techniques :As bots became more sophisticated, CAPTCHA techniques
evolved to stay ahead. This led to the introduction of image-based CAPTCHAs, audio-based CAPTCHAs
for users with visual impairments, and more interactive challenges like checkbox CAPTCHAs.

5. ReCAPTCHA and Machine Learning (2007)

In 2007, Luis von Ahn and his team at Carnegie Mellon University introduced reCAPTCHA, which not
only served as a CAPTCHA but also helped digitize books. Users were presented with two words, one of
which was a known word used to verify the user's humanity, while the other was an unknown word from a

scanned document that needed transcription. This innovative approach leveraged the collective effort of
millions of users to digitize books while simultaneously protecting websites from bots.

2
 Fig.1.3

6. Challenges and Advancements

Over the years, CAPTCHA has faced challenges from increasingly sophisticated bots, leading to the
development of more complex and adaptive solutions. This includes techniques like behavioral analysis,
biometric CAPTCHAs, and machine learning-based CAPTCHAs that continuously adapt to new threats.

7. Future Directions

The future of CAPTCHA is likely to involve even more advanced techniques that seamlessly integrate with
user interactions while effectively thwarting automated attacks. This may include a shift towards more
user-friendly and accessible solutions that prioritize both security and usability.

Overall, CAPTCHA has come a long way since its inception, playing a crucial role in safeguarding online
platforms and services against automated threats while continually adapting to the evolving landscape of
cybersecurity.

Fig.1.4

3
 CHAPTER II

TYPES OF CAPTCHA

CAPTCHA, or Completely Automated Public Turing test to tell Computers and Humans Apart, is a
security mechanism designed to differentiate between human users and automated bots on the internet.
There are several types of CAPTCHAs, each employing different methods to verify human presence. Here
are some common types:

1. Text-Based CAPTCHA: This is the most traditional type of CAPTCHA where users are presented
with distorted or obscured text that they need to decipher and enter into a text box. The distortion is
intended to make it difficult for bots to recognize the characters. However, advancements in OCR
(Optical Character Recognition) technology have made this type of CAPTCHA less effective
against sophisticated bots.

Fig.2.1

2. Image-Based CAPTCHA: Instead of distorted text, users are presented with images and asked to
perform a task related to the images, such as selecting all images containing a specific object (e.g.,
traffic lights, bicycles, storefronts). This type of CAPTCHA is more resilient to OCR attacks but
may be challenging for users with visual impairments.

Fig.2.2

4
3. Audio-Based CAPTCHA: For users who have difficulty deciphering distorted text or viewing
images, audio-based CAPTCHAs provide an alternative. Users listen to an audio clip containing
spoken characters or numbers and then enter what they hear into a text box. This method is
designed to be accessible to visually impaired users but may still be vulnerable to automated
attacks.

Fig.2.3

4. Math-Based CAPTCHA: Users are presented with a simple mathematical equation (e.g., 5 + 3
= ?) and asked to solve it. This type of CAPTCHA is straightforward for humans to solve but can
be challenging for bots, especially if the equations become more complex.

5. Checkbox CAPTCHA: A relatively user-friendly CAPTCHA type, where users simply need to
check a box to confirm that they are human. However, behind the scenes, additional behavioral
analysis may be conducted to verify the user's authenticity, such as mouse movement patterns or
browsing behavior.

6. ReCAPTCHA: Developed by Google, ReCAPTCHA is one of the most widely used CAPTCHA
systems. It employs various techniques, including image recognition and behavioral analysis, to
distinguish between humans and bots. ReCAPTCHA v3, for example, operates invisibly in the
background, analyzing user behavior across the site to assign a risk score and determine whether the
user is likely human or bot.

7. Honeypot CAPTCHA: This type of CAPTCHA relies on the placement of hidden form fields that
are invisible to human users but can be detected and filled out by bots. When a form is submitted
with data in these hidden fields, it is flagged as spam. Honeypot CAPTCHAs are effective against
simple bots but may be circumvented by more sophisticated ones.

5
 CHAPTER III

reCAPTCHA

reCAPTCHA is a widely used CAPTCHA service developed by Google, which not only serves the purpose
of distinguishing humans from bots but also helps in digitizing books and improving machine learning
algorithms. It has evolved over the years and has become an integral part of web security and data
processing. Let's delve into its history and workings:

3.1.History of reCAPTCHA:

1. Original CAPTCHA: The concept of CAPTCHA was introduced in the late 1990s as a means to
prevent automated bots from accessing websites. The original CAPTCHAs typically involved
distorted text that humans could decipher, but bots found challenging.

2. Initial Development: reCAPTCHA was developed at Carnegie Mellon University in 2007 by Luis
von Ahn, Ben Maurer, Colin McMillen, David Abraham, and Manuel Blum. It was initially based
on the idea of using CAPTCHAs to digitize books. Users would solve CAPTCHAs consisting of
words that optical character recognition (OCR) software couldn't decipher during the digitization
process.

3. Acquisition by Google: In 2009, Google acquired reCAPTCHA, integrating it into its suite of
services. Google's vast resources and expertise allowed for further development and widespread
adoption of reCAPTCHA across the internet.

4. reCAPTCHA v1: The first version of reCAPTCHA presented users with distorted text that they
needed to decipher and enter into a text box. This text was generated from scanned books, helping
to digitize printed text that OCR technology couldn't reliably recognize.

5. reCAPTCHA v2: In 2014, reCAPTCHA v2 was introduced, which replaced distorted text with a
simpler checkbox labeled "I'm not a robot." By analyzing user behavior, mouse movements, and
other factors, Google could determine whether the user was likely human or bot. If the system
detected suspicious behavior, it would prompt the user to solve a more traditional CAPTC0HA.

6
6. reCAPTCHA v3: Launched in 2018, reCAPTCHA v3 operates invisibly in the background,
analyzing user behavior across the site to assign a risk score. Website owners can then use this
score to determine whether to block, challenge, or allow a user's access. Unlike previous versions,
reCAPTCHA v3 doesn't require any user interaction, making for a seamless user experience.

Fig.3.1

7
3.2.How reCAPTCHA Works:

1. Risk Assessment: reCAPTCHA v3 works by continuously analyzing user behavior on a website to

generate a risk score ranging from 0.0 to 1.0, with higher scores indicating a higher likelihood of
the user being a bot.

2. Integration: Website owners integrate reCAPTCHA v3 into their websites using a JavaScript API
provided by Google. This API collects user interaction data and sends it to Google's servers for
analysis.

3. Score Evaluation: Based on the risk score generated by reCAPTCHA, website owners can
implement actions such as blocking suspicious users, displaying additional challenges, or allowing
access without further intervention.

4. Invisibility: Unlike previous versions, reCAPTCHA v3 operates invisibly, without requiring users
to interact with any CAPTCHA challenges. This seamless user experience helps prevent disruptions
while still effectively identifying and mitigating bot activity.

Overall, reCAPTCHA has played a significant role in enhancing web security, combating spam, and
improving the accessibility of online content. Its evolution from text-based challenges to sophisticated
behavior analysis reflects ongoing efforts to balance security with user experience.

8
 CHAPTER IV
CONCLUSION

CAPTCHA, or Completely Automated Public Turing test to tell Computers and Humans Apart, has
evolved significantly since its inception as a means to distinguish between humans and bots on the internet.
Initially developed as a simple challenge-response test involving distorted text, CAPTCHA has undergone
several iterations to keep pace with advances in technology and the evolving tactics of malicious actors.

Over the years, CAPTCHA has become an essential tool in safeguarding online platforms against
automated attacks, spam, and fraudulent activities. Its widespread adoption across various websites and
services underscores its importance in maintaining the integrity and security of the internet ecosystem.

However, CAPTCHA is not without its challenges. Accessibility concerns, user experience issues, and the
arms race between CAPTCHA designers and bot developers pose ongoing challenges. Balancing security
requirements with a seamless user experience is a constant endeavor for website developers and security
professionals.

Despite these challenges, CAPTCHA continues to play a crucial role in mitigating bot activity and ensuring
the authenticity of online interactions. Innovations such as reCAPTCHA, with its invisible risk assessment
mechanisms, represent significant strides in enhancing both security and user experience.

Looking ahead, the future of CAPTCHA will likely involve further advancements in machine learning,
behavioral analysis, and biometric authentication to better differentiate between humans and bots while
minimizing user friction. As technology continues to evolve, CAPTCHA will remain a cornerstone of web
security, adapting to new threats and challenges to uphold the integrity of online interactions.

9
 REFERENCES

 https://en.wikipedia.org/wiki/CAPTCHA

 https://www.w3.org/WAI/APA/task-forces/research-questions/wiki/
CAPTCHA_References

 https://www.cloudflare.com/learning/bots/how-captchas-work/

 https://support.google.com/a/answer/1217728?hl=en

 https://www.imperva.com/learn/application-security/what-is-captcha/

10