Home     Introduction to Stopping Spam, Eliminating CAPTCHA     Stopping Spam, Eliminating CAPTCHA     3-D CAPTCHA      
The 3-D CAPTCHA

Michael G. Kaplan

 
The following is a design for a CAPTCHA that is likely invulnerable to automated decryption.
 
I argue that this is the world's most secure CAPTCHA, yet I have invented a far superior technology that will allow for the elimination of all CAPTCHA.  This method is more secure yet completely invisible to the end user.  I describe it on this website in my paper locate on the page Stopping Spam, Eliminating CAPTCHA.  Continue on below to learn about the 3-D CAPTCHA although I now feel that it, along with all other CAPTCHA, is now obsolete.
 

The technique is as follows:

Step One
Manually design a library of easily recognizable computer generated three-dimensional objects such as the following:

  

Step Two
The computer is given a description of each attribute of each object.

 

Each attribute is described using multiple foreign languages (English, French, Chinese, etc.).  Other relevant data is entered into the computer; such as at what angles each attribute can be viewed and still remain recognizable, and what percentage of each attribute can be obstructed by an object and yet remain recognizable.

-THE REST OF THE PROCESS IS FULLY AUTOMATED-

Step Three
The computer takes a sample of objects from the library and places them together in a scene. The computer can generate multiple images simply by taking multiple angles of the same scene. The following scenes are the same image seen from different angles.

 

The following image contains the same three objects placed together in a different formation.
 
The only difference between the following two images is the direction of the virtual light source.

Manipulating these three very simple objects can generate a nearly infinite number of pictures.

In practice these pictures will be generated by mixing and matching easily recognizable objects from a constantly changing database of at least hundreds of objects. Objects will articulate as limbs will move and car doors will open. Trees will have randomly generated branches. Patterns will change as a person wears a polka dot shirt in one image and a striped shirt in another. An infinite number of unique images can be generated. The process will be random, though the computer will follow some rules such as preventing one object from completely obstructing another.

Step Four
The individual attributes within a randomly generated picture are labeled with characters. The computer is given a set of characters to encode. The computer will then list the attributes that correspond to the characters being encoded. The example below shows the final product: 


Please click on or enter each letter corresponding to the following list in the field below. You must enter them in the exact sequence listed.

• The Head of the Walking Man
• The Vase
• The Back of the Chair
 




We now have the code:CKT

Thus we have a system whereby a computer can automatically generate and label billions of unique images to be used as CAPTCHA.
 
The instructions and list of features will be displayed in the language of choice.  A Chinese language website will show the identical image but the directions will be in Chinese.

A bot attempting to brute force a solution to the above example will need to work its way through (26)(25)(24) = 15,600 possible combinations. Asking for the identification of 5 unique features will render 7,893,600 possible combinations.  The success rate for humans can be dramatically improved by tolerating a single error; requiring a person to successfully identify only 3 out of 4 features in the above example will result in a random submission having only a 1 in 13,800 chance of being right.
 


The 3-D CAPTCHA Can Instantaneously Detect and Dynamically Change to Neutralize an Automated Attack
Let us assume that a malicious programmer puts in the effort to design a bot that is able to recognize a ‘flower’ 30% of the time. This malicious bot will cycle through multiple 3-D CAPTCHA selecting out challenges that ask to identify a flower. The bot will correctly identify the flower and use a brute force attack to identify the remaining attributes and solve the CAPTCHA. This attack will be rapidly neutralized via the following mechanism:

-For every one CAPTCHA correctly solved by this method the malicious bot will generate an enormous number of responses that correctly identify the flower but misidentify all other features. The sudden receipt of an enormous number of responses that correctly identify the flower but misidentify all other attributes will make it immediately obvious that a malicious bot is identifying the flower.

-The compromised ‘flower’ is automatically removed from the library and is replaced with another unique object (e.g. an octopus, a half-peeled banana, a plate of spaghetti) taken from a reserve library of objects that have never been publicly viewed. The malicious bot will be neutralized almost instantly after starting an attack without any manual intervention on the part of the CAPTCHA operator.

A malicious bot can not succeed even if it gains the ability to recognizing the objects used to create the 3-D CAPTCHA (although this would be an extremely impressive feat).  To succeed the bot must be able to recognize every theoretical object that will instantly appear in response to an attack - a impossibe task with existing computer vision technology. 

 

 

Patent Pending