preventing automated use of stmp reservation system using captcha
TRANSCRIPT
Preventing Automated Preventing Automated Use of STMP Reservation Use of STMP Reservation System Using CAPTCHASystem Using CAPTCHA
IntroductionIntroduction
The ATCSCC Intranet/internet has a web The ATCSCC Intranet/internet has a web interface for making arrival/departure interface for making arrival/departure reservations for Special Traffic Management reservations for Special Traffic Management
Programs (STMP).Programs (STMP).
PurposePurpose
We are looking for ways to prevent We are looking for ways to prevent automated tools from getting large automated tools from getting large number of reservations.number of reservations.
Proposed SolutionProposed Solution
A website security solution designed with A website security solution designed with CAPTCHA image is proposed to prevent CAPTCHA image is proposed to prevent automated STMP reservations.automated STMP reservations.
What is CAPTCHA?What is CAPTCHA?
A CAPTCHA (Completely Automated Public A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Turing test to tell Computers and Humans Apart) is a program that can generate and Apart) is a program that can generate and grade tests that most humans can pass, grade tests that most humans can pass, but current computer programs and but current computer programs and automated tools can't pass. For example, automated tools can't pass. For example, humans can read distorted text as the one humans can read distorted text as the one shown here, but current computer shown here, but current computer programs can't.programs can't.
Gimpy CAPTCHAGimpy CAPTCHA
GIMPY CAPTCHA is a methodology where a GIMPY CAPTCHA is a methodology where a word is randomly selected from a word is randomly selected from a dictionary and a rendering of a distorted dictionary and a rendering of a distorted image of the word is shown.image of the word is shown.
The user is then asked to type in the word.The user is then asked to type in the word. While human users have no problems While human users have no problems
typing the words displayed, current bots typing the words displayed, current bots are simply unable to do the same.are simply unable to do the same.
ProcessProcess
User logs in.User logs in. User fills in the reservation form.User fills in the reservation form. At the bottom of the form, user is shown a At the bottom of the form, user is shown a
CAPTCHA image and asked to enter the CAPTCHA image and asked to enter the characters in the image.characters in the image.
User submits the reservation request.User submits the reservation request. The web server processes the information. The web server processes the information.
If the user response is correct, the If the user response is correct, the reservation process is continued. If not, reservation process is continued. If not, the user is shown an error page.the user is shown an error page.
STMP Reservation form (current)STMP Reservation form (current)
STMP Reservation form with CAPTCHASTMP Reservation form with CAPTCHA
STMP Reservation formSTMP Reservation form
Reservation form with error messageReservation form with error message
STMP Reservation form with color CAPTCHASTMP Reservation form with color CAPTCHA
Pop-up messagePop-up message
CAPTCHA examplesCAPTCHA examples
7-letter CAPTCHA –7-letter CAPTCHA –
6-letter CAPTCHA6-letter CAPTCHA--
5-letter CAPTCHA – 5-letter CAPTCHA –
Color CAPTCHAColor CAPTCHA--
CFX Captcha CFX Captcha
CAPTCHA CustomizationCAPTCHA Customization
Text producer: Defaults to a random character Text producer: Defaults to a random character generator. But there is a name generator as well.generator. But there is a name generator as well.
The characters that will create the string can be The characters that will create the string can be configured.configured.
No of characters in the captcha image: 3,4,5,6,7 etc.No of characters in the captcha image: 3,4,5,6,7 etc. Captcha Font (Arial, Helvetica, Courier, Times New Captcha Font (Arial, Helvetica, Courier, Times New
Roman)Roman) Font SizeFont Size Font colorFont color DistortionDistortion BackgroundBackground Border around captchaBorder around captcha Color of the borderColor of the border Thickness of the border around captchaThickness of the border around captcha
NotesNotes
ESTMP users are required to enter CAPTCHA input ESTMP users are required to enter CAPTCHA input for each reservation request.for each reservation request.
If the user input is wrong, an error message is If the user input is wrong, an error message is shown and the reservation form is reloaded with shown and the reservation form is reloaded with new CAPTCHA image. new CAPTCHA image.
The reservation request is NOT processed by the The reservation request is NOT processed by the server until the user enters correct CAPTCHA server until the user enters correct CAPTCHA characters. characters.
If reservation for the requested time is not If reservation for the requested time is not available, the user is redirected to a page that available, the user is redirected to a page that shows reservation availability for different times. shows reservation availability for different times. Users can select new reservation time but do not Users can select new reservation time but do not need to enter the CAPTCHA input in this page.need to enter the CAPTCHA input in this page.
No CAPTCHA input needed for Confirm, Cancel or No CAPTCHA input needed for Confirm, Cancel or Update operations.Update operations.