DOCSLIB.ORG

How LAZY CRYPTOGRAPHERS DO

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

By Luis von Ahn, Manuel Blum, and John Langford TELLING HUMANS AND COMPUTERS APART AUTOMATICALLY You’ve probably seen them—colorful images with distorted text in them at the bottom of Web registration forms. CAPTCHAs are used by Yahoo, Hotmail, PayPal and How lazy many other popular Web sites to prevent automated regis- cryptographers trations, and they work because no computer program can currently read distorted text as well as humans can. What do AI. you probably don’t know is that a CAPTCHA is something illustration by Jean-François Podevin COMMUNICATIONS OF THE ACM February 2004/Vol. 47, No. 2 57 more than just an image with distorted text: it is a Carnegie Mellon found a way to stuff the ballots by test, any test, that can be automatically generated, using programs that voted for CMU thousands of which most humans can pass, but that current com- times: CMU’s score started growing rapidly. The puter programs cannot pass. Notice the paradox: a next day, students at MIT wrote their own voting CAPTCHA is a program that can generate and program and the poll became a contest between vot- grade tests that it itself cannot pass (much like some ing “bots.” MIT finished with 21,156 votes, professors). Carnegie Mellon with 21,032 and every other CAPTCHA stands for “Completely Automated school with less than 1,000. Can the result of any Public Turing Test to Tell Computers and Humans online poll be trusted? Not unless the poll requires Apart.” The P for Public means that the code and that only humans can vote. the data used by a CAPTCHA should be publicly Another application involves free email services. available. This is not an open source requirement, Several companies offer free email services that have but a security guarantee: it should be difficult for suffered from a specific type of attack: “bots” that someone to write a computer program that can pass signed up for thousands of email accounts every the tests generated by a minute. This situation CAPTCHA even if they has been improved know exactly how the by requiring users to CAPTCHA works (the prove they are human only hidden information before they can get a is a small amount of ran- free email account. domness utilized to gener- Yahoo, for instance, uses ate the tests). The T for a CAPTCHA of our “Turing Test to Tell” is design to prevent bots because CAPTCHAs are from registering for like Turing Tests [10]. In accounts. the original Turing Test, a Some Web sites don’t human judge was allowed to ask a series of questions Figure 1. Can you read three want to be indexed by to two players, one of which was a computer and the words in this image? search engines. There is other a human. Both players pretended to be the a HTML tag to prevent human, and the judge had to distinguish between search engine bots from reading Web pages, but the them. CAPTCHAs are similar to the Turing Test in tag doesn’t guarantee that bots won’t read the pages; that they distinguish humans from computers, but it only serves to say “no bots, please.” Search engine they differ in that the judge is now a computer. A bots, since they usually belong to large companies, CAPTCHA is an Automated Turing Test. We delib- respect Web pages that don’t want to allow them in. erately avoid using the term Reverse Turing Test (or However, in order to truly guarantee bots won’t even worse, RTT) because it can be misleading— enter a Web site, CAPTCHAs are needed. Reverse Turing Test has been used to refer to a form CAPTCHAs also offer a plausible solution against of the Turing Test in which both players pretend to email worms and spam: only accept an email message be a computer. if you know there is a human behind the other com- puter. A few companies, such as www.spamarrest. Applications com are already marketing this idea. Although the goal of the original Turing Test was to Pinkas and Sander [9] have also suggested using serve as a measure of progress for artificial intelli- CAPTCHAs to prevent dictionary attacks in pass- gence—a computer would be said to be intelligent if word systems. The idea is simple: prevent a com- it passed the Turing Test—making the judge be a puter from being able to iterate through the entire computer allows CAPTCHAs to be useful for other space of passwords by requiring a human to type the practical applications. passwords. In November 1999, for example, the Web site slashdot.com released an online poll asking which Examples of CAPTCHAs was the best graduate school in computer science— CAPTCHAs further differ from the original Turing a dangerous question to ask over the Web. As is the Test in that they can be based on a variety of sensory case with most online polls, IP addresses of voters abilities. The original Turing Test was conversa- were recorded in order to prevent single users from tional—the judge was only allowed to ask questions voting more than once. However, students at over a text terminal. In the case of a CAPTCHA, the 58 February 2004/Vol. 47, No. 2 COMMUNICATIONS OF THE ACM CAPTCHAs are similar to the Turing Test in that they distinguish humans from computers, but they differ in that the judge is now a computer. computer judge can ask which side does the iso- any question that can be lated block belong in Fig- transmitted over a com- ure 3? (Answer: the right puter network. side.) GIMPY and OCR-based PIX. PIX [2] is a pro- CAPTCHAs. GIMPY [2] gram that has a large is one of the many database of labeled CAPTCHAs based on the images. All of these difficulty of reading dis- images are pictures of torted text. GIMPY works concrete objects (a horse, by selecting seven words a table, a house, a flower). out of a dictionary and rendering a distorted image Figure 2. Everything on the The program picks an containing the words (as shown in Figure 1). GIMPY left is drawn with thick lines, object at random, finds while everything on the right then presents a test to its user, which consists of the is drawn with thin lines. six images of that object distorted image and the directions: “type three words from its database, pre- appearing in the image.” Given the types of distor- sents them to the user tions that GIMPY uses, most humans can read three and then asks the question “what are these pictures words from the distorted image, but current com- of?” Current computer programs should not be able puter programs can’t. The majority of CAPTCHAs to answer this question, so PIX should be a used on the Web today CAPTCHA. However, are similar to GIMPY in PIX, as stated, is not a that they rely on the dif- CAPTCHA: it is very ficulty of optical charac- easy to write a program ter recognition (the that can answer the ques- difficulty of reading dis- tion “what are these pic- torted text). tures of?” Remember that Bongo. Another exam- all the code and data of a ple of a CAPTCHA is CAPTCHA should be the program we call publicly available; in par- BONGO [2]. BONGO ticular, the image data- is named after M.M. base that PIX uses should Bongard, who published be public. Hence, writing a book of pattern recog- a program that can nition problems in the answer the question 1970s [3]. BONGO asks “what are these pictures the user to solve a visual of?” is easy: search the pattern recognition database for the images problem. It displays two series of blocks, the left and Figure 3. To which side does presented and find their the block on the bottom the right. The blocks in the left series differ from belong? label. Fortunately, this those in the right, and the user must find the char- can be fixed. One way for acteristic that sets them apart. A possible left and PIX to become a right series is shown in Figure 2. After seeing the two CAPTCHA is to randomly distort the images before series of blocks, the user is presented with a single presenting them to the user, so that computer pro- block and is asked to determine whether this block grams cannot easily search the database for the belongs to the left series or to the right. The user undistorted image. passes the test if he or she correctly determines the Sound-based CAPTCHAs. The final example we side to which the block belongs. Try it yourself: to offer is based on sound. The program picks a word COMMUNICATIONS OF THE ACM February 2004/Vol. 47, No. 2 59 this approach has the beneficial side effect of inducing security researchers, as well as otherwise malicious programmers, to advance the field of AI. or a sequence of numbers at random, renders the A good example of this process is the recent word or the numbers into a sound clip and distorts progress in reading distorted text images motivated the sound clip; it then presents the distorted sound by the CAPTCHA in use at Yahoo. In response to clip to the user and asks users to enter its contents. the challenge provided by this test, Malik and Mori This CAPTCHA is based on the difference in abil- [7] have developed a program that can pass the test ity between humans and computers in recognizing with over 80% accuracy.
Recommended publications
  • Recaptcha: Human-Based Character Recognition Via Web Security

    Recaptcha: Human-Based Character Recognition Via Web Security

    REPORTS on September 12, 2008 and blogs. For example, CAPTCHAs prevent www.sciencemag.org reCAPTCHA: Human-Based Character ticket scalpers from using computer programs to buy large numbers of concert tickets, only to re Recognition via Web Security Measures sell them at an inflated price. Sites such as Gmail and Yahoo Mail use CAPTCHAs to stop spam Luis von Ahn,* Benjamin Maurer, Colin McMillen, David Abraham, Manuel Blum mers from obtaining millions of free e mail accounts, which they would use to send spam CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) are e mail. Downloaded from widespread security measures on the World Wide Web that prevent automated programs from According to our estimates, humans around abusing online services. They do so by asking humans to perform a task that computers cannot yet the world type more than 100 million CAPTCHAs perform, such as deciphering distorted characters. Our research explored whether such human every day (see supporting online text), in each case effort can be channeled into a useful purpose: helping to digitize old printed material by asking spending a few seconds typing the distorted char users to decipher scanned words from books that computerized optical character recognition failed acters. In aggregate, this amounts to hundreds of to recognize. We showed that this method can transcribe text with a word accuracy exceeding 99%, thousands of human hours per day. We report on matching the guarantee of professional human transcribers. Our apparatus is deployed in more an experiment that attempts to make positive use than 40,000 Web sites and has transcribed over 440 million words.
  • Are Captchas Preventing Robotic Intrusion Or Accessibility for Impaired Users?

    Are Captchas Preventing Robotic Intrusion Or Accessibility for Impaired Users?

    2020 IEEE 17th Annual Consumer Communications & Networking Conference (CCNC) Are CAPTCHAs preventing robotic intrusion or accessibility for impaired users? Rudy Berton1, Ombretta Gaggi1, Agnieszka Kolasinska2, Claudio Enrico Palazzi1, Giacomo Quadrio1 1Department of Mathematics “Tullio Levi-Civita” 2Department of General Psychology University of Padua Padua, Italy fgaggi, cpalazzi, [email protected], [email protected] Abstract—Is the World Wide Web for everyone? Long story Moreover, CAPTCHAs often use the English language, thus short: no and unfortunately it is not only a matter of infrastruc- excluding the non-English speaking web users in the world. tures, level of instruction or economic conditions. People affected In this paper, we present an overview of CAPTCHA’s by visual impairments have often difficulties in navigating web pages for a wide range of reasons. One of the biggest obstacles current technologies and data collected during an experiment nowadays is the use of CAPTCHAs, powerful tools against bot involving both regular users and visually impaired ones nav- attacks but also potential virtual barriers for the aforementioned igating the web with the aid of a screen reader. We asked category of users. In this paper we tested various categories of participants to answer to a questionnaire organized in ten CAPTCHAs with people affected by visual impairment and not, pages, each of which contained a CAPTCHA. Different types to understand how discriminatory can be these cybersecurity measures. of CAPTCHA have been used and we collected data about Index Terms—accessibility, CAPTCHA, visual impairment users’ answers, mouse’s movements and interactions, as well as data about the success or failure of the CAPTCHAs.
  • Tarjan Transcript Final with Timestamps

    Tarjan Transcript Final with Timestamps

    A.M. Turing Award Oral History Interview with Robert (Bob) Endre Tarjan by Roy Levin San Mateo, California July 12, 2017 Levin: My name is Roy Levin. Today is July 12th, 2017, and I’m in San Mateo, California at the home of Robert Tarjan, where I’ll be interviewing him for the ACM Turing Award Winners project. Good afternoon, Bob, and thanks for spending the time to talk to me today. Tarjan: You’re welcome. Levin: I’d like to start by talking about your early technical interests and where they came from. When do you first recall being interested in what we might call technical things? Tarjan: Well, the first thing I would say in that direction is my mom took me to the public library in Pomona, where I grew up, which opened up a huge world to me. I started reading science fiction books and stories. Originally, I wanted to be the first person on Mars, that was what I was thinking, and I got interested in astronomy, started reading a lot of science stuff. I got to junior high school and I had an amazing math teacher. His name was Mr. Wall. I had him two years, in the eighth and ninth grade. He was teaching the New Math to us before there was such a thing as “New Math.” He taught us Peano’s axioms and things like that. It was a wonderful thing for a kid like me who was really excited about science and mathematics and so on. The other thing that happened was I discovered Scientific American in the public library and started reading Martin Gardner’s columns on mathematical games and was completely fascinated.
  • Research on the Security of Visual Reasoning CAPTCHA

    Research on the Security of Visual Reasoning CAPTCHA

    Research on the Security of Visual Reasoning CAPTCHA Yipeng Gao1, Haichang Gao1*, Sainan Luo1, Yang Zi1, Shudong Zhang1, Wenjie Mao1, Ping Wang1, Yulong Shen1 and Jeff Yan2 1School of Computer Science and Technology, Xidian University 2Department of Computer and Information Science, Linkoping¨ University Abstract Text-based CAPTCHAs have long been the most widely CAPTCHA is an effective mechanism for protecting comput- used scheme because of their simple structure and low cost. ers from malicious bots. With the development of deep learn- Such a CAPTCHA relies on a text recognition problem to ing techniques, current mainstream text-based CAPTCHAs distinguish humans from computers [51]. To resist the attack, have been proven to be insecure. Therefore, a major effort has text-based CAPTCHAs are often specifically designed with been directed toward developing image-based CAPTCHAs, anti-segmentation features and anti-recognition features [6]. and image-based visual reasoning is emerging as a new di- However, with advances in segmentation and character recog- rection of such development. Recently, Tencent deployed nition technologies, most text-based CAPTCHAs have been the Visual Turing Test (VTT) CAPTCHA. This appears to solved [15], [5], [45], [32], [55], [14], [56], [13], [4], [57], have been the first application of a visual reasoning scheme. [60], and designers need to find a new way to achieve se- Subsequently, other CAPTCHA service providers (Geetest, curity. Subsequently, image-based CAPTCHAs have been NetEase, Dingxiang, etc.) have proposed their own visual proposed. The image-based scheme is more diverse in con- reasoning schemes to defend against bots. It is, therefore, tent and background, and thus, it seems to be more secure than natural to ask a fundamental question: are visual reason- the text-based scheme.
  • A Survey on Breaking Technique of Text-Based CAPTCHA

    A Survey on Breaking Technique of Text-Based CAPTCHA

    Hindawi Security and Communication Networks Volume 2017, Article ID 6898617, 15 pages https://doi.org/10.1155/2017/6898617 Review Article A Survey on Breaking Technique of Text-Based CAPTCHA Jun Chen,1,2 Xiangyang Luo,1 Yanqing Guo,3 Yi Zhang,1 and Daofu Gong1 1 State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450002, China 2Henan Institute of Science and Technology, Xinxiang 453003, China 3Dalian University of Technology, Dalian 116024, China Correspondence should be addressed to Xiangyang Luo; luoxy [email protected] Received 25 September 2017; Accepted 27 November 2017; Published 24 December 2017 Academic Editor: Zhenxing Qian Copyright © 2017 Jun Chen et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. The CAPTCHA has become an important issue in multimedia security. Aimed at a commonly used text-based CAPTCHA, this paper outlines some typical methods and summarizes the technological progress in text-based CAPTCHA breaking. First, the paper presents a comprehensive review of recent developments in the text-based CAPTCHA breaking field. Second, a framework of text-based CAPTCHA breaking technique is proposed. And the framework mainly consists of preprocessing, segmentation, combination, recognition, postprocessing, and other modules. Third, the research progress of the technique involved in each module is introduced, and some typical methods
  • Luis Von Ahn - Episode 14 Transcript

    Luis Von Ahn - Episode 14 Transcript

    ACM ByteCast Luis von Ahn - Episode 14 Transcript Rashmi Mohan: This is ACM ByteCast, a podcast series from the Association for Computing Machinery, the world's largest educational and scientific computing society. We talk to researchers, practitioners, and innovators who are at the intersection of computing research and practice. They share their experiences, the lessons they've learned, and their own visions for the future of computing. I am your host, Rashmi Mohan. Rashmi Mohan: If you want to boost your brain power, improve your memory, or enhance your multitasking skills, then you're often recommended to learn a foreign language. For many of us, that option has become a reality, thanks to our next guest and his creation. Luis von Ahn is a serial entrepreneur and Founder and CEO of Duolingo. An accomplished researcher and consulting professor of Computer Science at Carnegie Mellon University, he straddles both worlds seamlessly. He's a winner of numerous awards, including the prestigious Lemelson-MIT Prize and the MacArthur Fellowship often known as The Genius Grant. Louis, welcome to ACM ByteCast. Luis von Ahn: Thank you. Thank you for having me. Rashmi Mohan: Wonderful. I'd love to lead with a simple question that I ask all of my guests. If you could please introduce yourself and talk about what you currently do, and also give us some insight into what drew you into the field of computer science. Luis von Ahn: Sure. So my name is Luis. I am currently the CEO and co-founder of a company called Duolingo. Duolingo is a language learning platform.
  • I Am Not a Robot: an Overview on Google's Captcha

    I Am Not a Robot: an Overview on Google's Captcha

    I AM NOT A ROBOT: - AN OVERVIEW ON GOOGLE’S CAPTCHA A Thesis Presented to the Faculty of California State Polytechnic University, Pomona In Partial Fulfillment Of the Requirements for the Degree Master of Science In Computer Science By Uday Prabhala 2016 SIGNATURE PAGE THESIS: I AM NOT A ROBOT: - AN OVERVIEW ON GOOGLE’S CAPTCHA AUTHOR: Uday Prabhala DATE SUBMITTED: Summer 2016 Computer Science Department. Dr. Gilbert Young ___________________________________________ Thesis Committee Chair Computer Science Dr. Fang D. Tang ___________________________________________ Computer Science Dr. Yu Sun ___________________________________________ Computer Science ii ACKNOWLEDGEMENTS I would like to express my deepest gratitude to my family members, Yashoda, Lucky, and Diskey, as well as my girlfriend Siri, who helped make this endeavor possible. Their limitless support, assistance, and encouragement during the times when I was close to giving up were greatly helpful, and I wouldn’t have been able to overcome the obstacles without them. I would also like to send my appreciation and gratitude to the Professors who were part of my thesis committee. Most notably, I would like to thank Professor Gilbert Young, chair of the committee, for his support, patience, guidance, and sharing of knowledge throughout the program. I would also like to thank Professor Tang and Professor Yusun for reviewing my paper and attending my presentation. The above three Professors not only helped me to complete my program, but also served as an excellent example by exercising professionalism, versatility, and commitment to the developing engineering students at California State Polytechnic University, Pomona. iii ABSTRACT I am not a Robot Overview on Google’s Captcha Uday Kiran Prabhala Computers are one of the greatest inventions done by humans; these devices not only made our work easy, but could also be misused in various ways.
  • Single-To-Multi-Theorem Transformations for Non-Interactive Statistical Zero-Knowledge

    Single-To-Multi-Theorem Transformations for Non-Interactive Statistical Zero-Knowledge

    Single-to-Multi-Theorem Transformations for Non-Interactive Statistical Zero-Knowledge Marc Fischlin Felix Rohrbach Cryptoplexity, Technische Universität Darmstadt, Germany www.cryptoplexity.de [email protected] [email protected] Abstract. Non-interactive zero-knowledge proofs or arguments allow a prover to show validity of a statement without further interaction. For non-trivial statements such protocols require a setup assumption in form of a common random or reference string (CRS). Generally, the CRS can only be used for one statement (single-theorem zero-knowledge) such that a fresh CRS would need to be generated for each proof. Fortunately, Feige, Lapidot and Shamir (FOCS 1990) presented a transformation for any non-interactive zero-knowledge proof system that allows the CRS to be reused any polynomial number of times (multi-theorem zero-knowledge). This FLS transformation, however, is only known to work for either computational zero-knowledge or requires a structured, non-uniform common reference string. In this paper we present FLS-like transformations that work for non-interactive statistical zero-knowledge arguments in the common random string model. They allow to go from single-theorem to multi-theorem zero-knowledge and also preserve soundness, for both properties in the adaptive and non-adaptive case. Our first transformation is based on the general assumption that one-way permutations exist, while our second transformation uses lattice-based assumptions. Additionally, we define different possible soundness notions for non-interactive arguments and discuss their relationships. Keywords. Non-interactive arguments, statistical zero-knowledge, soundness, transformation, one-way permutation, lattices, dual-mode commitments 1 Introduction In a non-interactive proof for a language L the prover P shows validity of some theorem x ∈ L via a proof π based on a common string crs chosen by some external setup procedure.
  • 1 Introduction

    1 Introduction

    Logic Activities in Europ e y Yuri Gurevich Intro duction During Fall thanks to ONR I had an opp ortunity to visit a fair numb er of West Eu rop ean centers of logic research I tried to learn more ab out logic investigations and appli cations in Europ e with the hop e that my exp erience may b e useful to American researchers This rep ort is concerned only with logic activities related to computer science and Europ e here means usually Western Europ e one can learn only so much in one semester The idea of such a visit may seem ridiculous to some The mo dern world is quickly growing into a global village There is plenty of communication b etween Europ e and the US Many Europ ean researchers visit the US and many American researchers visit Europ e Neither Americans nor Europ eans make secret of their logic research Quite the opp osite is true They advertise their research From ESPRIT rep orts the Bulletin of Europ ean Asso ciation for Theoretical Computer Science the Newsletter of Europ ean Asso ciation for Computer Science Logics publications of Europ ean Foundation for Logic Language and Information publications of particular Europ ean universities etc one can get a go o d idea of what is going on in Europ e and who is doing what Some Europ ean colleagues asked me jokingly if I was on a reconnaissance mission Well sometimes a cow wants to suckle more than the calf wants to suck a Hebrew proverb It is amazing however how dierent computer science is esp ecially theoretical com puter science in Europ e and the US American theoretical
  • Fedramp Master Acronym and Glossary Document

    Fedramp Master Acronym and Glossary Document

    FedRAMP Master Acronym and Glossary Version 1.6 07/23/2020 i​[email protected] fedramp.gov Master Acronyms and Glossary DOCUMENT REVISION HISTORY Date Version Page(s) Description Author 09/10/2015 1.0 All Initial issue FedRAMP PMO 04/06/2016 1.1 All Addressed minor corrections FedRAMP PMO throughout document 08/30/2016 1.2 All Added Glossary and additional FedRAMP PMO acronyms from all FedRAMP templates and documents 04/06/2017 1.2 Cover Updated FedRAMP logo FedRAMP PMO 11/10/2017 1.3 All Addressed minor corrections FedRAMP PMO throughout document 11/20/2017 1.4 All Updated to latest FedRAMP FedRAMP PMO template format 07/01/2019 1.5 All Updated Glossary and Acronyms FedRAMP PMO list to reflect current FedRAMP template and document terminology 07/01/2020 1.6 All Updated to align with terminology FedRAMP PMO found in current FedRAMP templates and documents fedramp.gov page 1 Master Acronyms and Glossary TABLE OF CONTENTS About This Document 1 Who Should Use This Document 1 How To Contact Us 1 Acronyms 1 Glossary 15 fedramp.gov page 2 Master Acronyms and Glossary About This Document This document provides a list of acronyms used in FedRAMP documents and templates, as well as a glossary. There is nothing to fill out in this document. Who Should Use This Document This document is intended to be used by individuals who use FedRAMP documents and templates. How To Contact Us Questions about FedRAMP, or this document, should be directed to ​[email protected]​. For more information about FedRAMP, visit the website at ​https://www.fedramp.gov​.
  • An Object Detection Based Solver for Google's Image Recaptcha V2

    An Object Detection Based Solver for Google's Image Recaptcha V2

    An Object Detection based Solver for Google’s Image reCAPTCHA v2 Md Imran Hossen∗ Yazhou Tu∗ Md Fazle Rabby∗ Md Nazmul Islam∗ Hui Cao† Xiali Hei∗ ∗University of Louisiana at Lafayette †Xi’an Jiaotong University Abstract have emerged as a superior alternative to text ones as they are considered more robust to automated attacks. Previous work showed that reCAPTCHA v2’s image chal- lenges could be solved by automated programs armed with reCAPTCHA v2, a dominant image CAPTCHA service Deep Neural Network (DNN) image classifiers and vision released by Google in 2014, asks users to perform an im- APIs provided by off-the-shelf image recognition services. age recognition task to verify that they are humans and not In response to emerging threats, Google has made signifi- bots. However, in recent years, deep learning (DL) algorithms cant updates to its image reCAPTCHA v2 challenges that have achieved impressive successes in several complex image can render the prior approaches ineffective to a great extent. recognition tasks, often matching or even outperforming the In this paper, we investigate the robustness of the latest ver- cognitive ability of humans [30]. Consequently, successful sion of reCAPTCHA v2 against advanced object detection attacks against reCAPTCHA v2 that leverage Deep Neural based solvers. We propose a fully automated object detection Network (DNN) image classifier and off-the-shelf (OTS) im- based system that breaks the most advanced challenges of age recognition services have been proposed [44, 50]. reCAPTCHA v2 with an online success rate of 83.25%, the The prior work advanced our understanding of the security highest success rate to date, and it takes only 19.93 seconds issues of image CAPTCHAs and led to better CAPTCHA (including network delays) on average to crack a challenge.
  • Jeremiah Blocki

    Jeremiah Blocki

    Jeremiah Blocki Current Position (August 2016 to present) Phone: (765) 494-9432 Assistant Professor Office: 1165 Lawson Computer Science Building Computer Science Department Email: [email protected] Purdue University Homepage: https://www.cs.purdue.edu/people/faculty/jblocki/ West Lafayette, IN 47907 Previous Positions (August 2015 - June 2016) (May 2015-August 2015) (June 2014-May 2015) Post-Doctoral Researcher Cryptography Research Fellow Post-Doctoral Fellow Microsoft Research Simons Institute Computer Science Department New England Lab (Summer of Cryptography) Carnegie Mellon University Cambridge, MA UC Berkeley Pittsburgh, PA 15213 Berkeley, CA Education Ph.D. in Computer Science, Carnegie Mellon University, 2014. Advisors: Manuel Blum and Anupam Datta. Committee: Manuel Blum, Anupam Datta, Luis Von Ahn, Ron Rivest Thesis Title: Usable Human Authentication: A Quantitative Treatment B.S. in Computer Science, Carnegie Mellon University, 2009. (3.92 GPA). Senior Research Thesis: Direct Zero-Knowledge Proofs Allen Newell Award for Excellence in Undergraduate Research Research Research Interests Passwords, Usable and Secure Password Management, Human Computable Cryptography, Password Hash- ing, Memory Hard Functions, Differential Privacy, Game Theory and Security Journal Publications 1. Blocki, J., Gandikota, V., Grigorescu, G. and Zhou, S. Relaxed Locally Correctable Codes in Computa- tionally Bounded Channels. IEEE Transactions on Information Theory, 2021. [https://ieeexplore. ieee.org/document/9417090] 2. Harsha, B., Morton, R., Blocki, J., Springer, J. and Dark, M. Bicycle Attacks Consider Harmful: Quantifying the Damage of Widespread Password Length Leakage. Computers & Security, Volume 100, 2021. [https://doi.org/10.1016/j.cose.2020.102068] 3. Chong, I., Proctor, R., Li, N. and Blocki, J. Surviving in the Digital Environment: Does Survival Processing Provide and Additional Memory Benefit to Password Generation Strategies.