Abstract: CAPTCHA is stand for completely automated public turing test to tell computers and humans apart which is the test generated and graded by computers in order to check the users’ humanity. CAPTCHA has benefit to protect online and free services from bots. Bots is defined as software that can access heavily to services without permission. Currently, several different types of CAPTCHA have been proposed in which the main problem is not security that is usability. The way of choosing features of a CAPTCHA that previous researchers have used was not based on the fact of human and computer interaction rules which is to value human part rather than resources. This research studies usability issues of the existing CAPTCHA schemes and proposes a sort of usability features based on what users choose in a user affinity of choice survey. Finally, a sort of usability features is presented and transferred to a user-friendly CAPTCHA scheme as a result of this study. The most important contribution of this study is consideration of people in various ranges of age and people in different languages to be able to solve CAPTCHA. So, it is claimed that the proposed CAPTCHA scheme is a language-independent scheme and also a usable scheme for all ranges of age.
INTRODUCTION
CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) would be a piece of program that can protect websites against bots (Von Ahn et al., 2004). It would be a test that is generated and graded by computers to check the users to be human; the tests must be able to be solved by humans but must be difficult to be solved by current computer programs. In this process usually, computer asks users to do a test called CAPTCHA, that computer is able to create and also grade; these types of tests basically are simple for human.
In 1996, based on the idea of Naor (1996), there was a framework proposed that provides a test to check humanity automatically. Later Von Ahn et al. (2004), who was the second person with the same idea of Naor (1996), developed a complete framework on the subject of Automated Turing Test; his idea was successful in formalization and substantiation than Naor’s idea and conceptual model. Later, CAPTCHA become invented in 2000 by Von Ahn et al. (2004).
Original Turing Test has been introduced to test Artificial Intelligence of a computer; if the computer could solve the test, it is considered intelligent computer based on the Turning Test judgment (Chanamolu, 2009). So, being successful in Turing Test allows CAPTCHA to be useful for other practical applications:
| • | Search engine bots |
| • | Protecting e-mail addresses from scrapers |
| • | Protecting website registration |
| • | Worms and spam |
| • | Online polls |
| • | Preventing comment spam in blogs |
| • | Preventing dictionary attacks |
In fact there are many problems for recognizing some CAPTCHAs and also it seems that several kinds of CAPTCHA is annoying and silly but in fact in terms of using CAPTCHA, it is understood that it has good ability to protect websites and their resources from robots. As there are many servers such as Gmail, Yahoo and Hotmail and so on, that provide free email services, there is a need to protect them from bots which can create thousand accounts in a minute. CAPTCHA is a solution that can recognize human and bots. Also CAPTCHA has been used to prevent bots that create spam mail account in a huge numbers (Von Ahn et al., 2004).
CAPTCHAs are very efficient and effective for all websites because using these CAPTCHAs can increase the security of the websites and can protect them from bots. There are two aspects of CAPTCHA that are Reliability and Usability; these two aspects need to be considered in designing and developing a CAPTCHA. Having good reliability can make websites safe and these service providers can provide their service with no risk (Yan and Ahmad, 2008). Most of current CAPTCHAs have been created based on reliability and These CAPTCHAs are lack of usability and the users dislike to use those websites that are using those CAPTCHAs. So having usability can make a CAPTCHA reasonable to use, thus the CAPTCHA can be used in the websites and not to make users be annoyed and bored.
There are many types of CAPTCHA that are created by computers and designed by human to prevent robots and software programs to access to the Website’s services (Yan and Ahmad, 2007, 2008). Every year, there are many new types of CAPTCHA designed by CAPTCHA designers Because of the weakness of prior CAPTCHAs and also existing DECAPTCHAs. These weaknesses are lacking of usability or reliability or the usability and reliability are not balanced (Zhu et al., 2010).
Now-a-days Human Interaction Proof (HIP) is one of the most important parts for researchers who are working on designing CAPTCHA schemes. HIP is concerning about protecting Internet resources. As some CAPTCHAs are not understandable for human and they are very difficult to solve or recognize by human, this study is going to present a sort of usability features chosen by users and what they would like to have in a CAPTCHA, then propose some CHAPTCHA schemes by transferring the propose usability features to the scheme and finally evaluate the proposed schemes and choose one final scheme as a user-friendly CAPTCHA scheme.
RESEARCH METHODOLOGY
In this study, by using literature review of existing CAPTCHA schemes, the usability features of CAPTCHA schemes can be identified. After finding the usability features, the instrument should be prepared to pilot through the user and gathering result from them. Finally, by having result of survey and a list of usability features that users like to use, a CAPTCHA scheme will be developed by transferring usability features to CAPTCHA scheme.
In the first stage, there is a need to study existing CAPTCHA schemes in order to identify the usability features and analysing the usability. Different types of CAPTCHA and their usability elements will be discussed. Then, by analysing and comparing the existing CAPTCHA, it would be understood that which type of CAPTCHA have good usability features. Also it can be recognized that which usability features are best in order to be considered to design a new CAPTCHA scheme.
In the second stage, identifying the appropriate usability features based on user affinity of choice survey for a new CAPTCH scheme will be discussed. All standard features are needed to develop a CAPTCHA scheme.
In the third stage, developing CAPTCHA schemes and developing new survey application, as an instrument will be shown. Piloting instrument and collecting results, analysing the result of new CAPTCHA scheme and also Conclusion and recommendation (final result) will be discussed. After implementing the usability features into new CAPTCHA scheme, it will be considered that users should be satisfied from the new CAPTCHA scheme.
The proper plan and methodology are main factors of doing the research and to achieve the expected results. In this study, the research approach is quantitative approach. Because quantitative research is typically conducted through surveys, telephone interviews, web surveys and intercepts. Framework has significant role in the research. So, at first in this framework the usability elements of CAPTCHA should be identified. Then, after doing all stages, the good result will be achieved.
A questionnaire, including five parts and 43 questions, has been prepared and piloted between 30 users in various range of age, knowledge of CAPTCHA and education. The purpose of piloting this questionnaire was to ask users about an ideal CAPTCHA that they would like to solve in order to access some resources in the Internet. It can be called user affinity of choices in order to design a usable CAPTCHA based on the usable features which can be come from users themselves, NOT developers of CAPTCHAs. Scaled question have been chosen for all questions to be easy to decide and answer by users at any knowledge and ages. However, in the first part of questionnaire, there is an introduction and a definition of what CAPTCHA is and for what purpose they are used. Part two is about some personal questions including educational information, age and their gender. Part three includes some general questions about CAPTCHA like the users knowledge and their ability to solve a CAPTCHA. In part four, there are 11 questions about the usability of current CAPTCHAs as well as their ideal CAPTCHA. The most important part of this questionnaire is part five which is some questions about designing a CAPTCHA and chooses some usable features that users like to have in the CAPTCHA they want to solve.
PROPOSED CHAPTCHA SCHEMES
Generally, a CAPTCHA scheme has three stages of Creation, Presentation and Evaluation. All these three stages should be usable in order to have a good CAPTCHA scheme. In the first stage basically, the algorithm choose randomly some images from its database and generate a new CAPTCHA based on its rules of CAPTCHA creation and prepare it to be presented. In the next stage, the algorithm displays the created CAPTCHA from the stage creation to the user and makes a possible condition to get the answer from users. Then collect all answers and send them to verification process to get a verification notification that the answer is verified or not. In order to verify the answers from users the algorithm will check the labels of selected images and if the label of images were the same in its database, then it sends the success notification to presentation stage. Figure 1 shows the whole CAPTCHA scheme mechanism.
There are two schemes designed based on usability features chosen by users that are named the method of Match Relative Images (MRI) and the method of a Pair of Relative Objects (PRO). Both of these methods are designed based on usability features selected and proposed in the previous chapter but in different point of view.
Match relative images scheme (MRI-CAPTCHA): MRI-CAPTCHA scheme is designed based on finding a match of relative objects inside two images. MRI is stand for a Match Relative Images. MRI-CAPTCHA is designed by transferring the proposed usability features to a new scheme. Following parts explain this scheme in details.
MRI-CAPTCHA scheme description: All the proposed features in this study should be transferred to this scheme in order to make a usable CAPTCHA scheme. In order to pass this scheme to prove humanity, users need to choose three matches of objects; for example a chair is related to a table and not related to a boy; another example is that a fireman is related to a fire or a house in fire and not related to a pool or a bird. As it is shown in Fig. 2, in this scheme users are displayed six images and users are needed to choose them two by two which in total means three pair of two objects from six images. In this scheme, all the features listed below have been considered as a main usability feature as well. This CAPTCHA scheme is explained in the following parts:
| • | Image-based CAPTCHA |
| • | Object-based CAPTCHA |
| • | Language independent |
| • | Usable for all ranges of age |
| • | Multi choices question with three options |
| • | Clickable/touchable using mouse/finger/pen |
| • | Fast of use and solve |
| • | Ease of use and solve |
| • | Clear of any noises/rotate/complexity/bad colour |
This scheme needs to have a sort of images which are related to each other and the relation should be easy to understand and recognize by simple users. The scheme contains a database in which there is one table. This table has three attributes that are the first image, second image and their relation.
| Fig. 1: | CAPTCHA mechanism |
| Fig. 2: | Match relative images scheme-MRI-CAPTCHA scheme |
In the first level of the creation of the database, this scheme needs to fill the database with a huge numbers of relative images. Each two images have a logical relation that should be in a special condition that will be explained later. After collecting images and filling the database, in each cycle, that is a step to prepare a new CAPTCHA dynamically and in run-time, three records are randomly selected by the scheme and in a randomized order displayed to users. Each cycle has its special order and will not be repeated again because of a huge number of records exists in database. The scheme verified the humanity by checking the chosen images. Each image has a special tag, so totally there are three different tags for six images. Images with the same tag are related and could be compared to verify. In each cycle six images are showed and assigned by a specific tag ID automatically by an algorithm. After users select all six images two by two, another algorithm designed to check images’ tag two by two and if their tags were the same two by two in appropriate orders, the humanity is approved and verification is successful. However, if the tags were different, a new MRI-CAPTCHA is prepared and showed and the failed CAPTCHA got one negative point to prevent showing again. This technique is also used to increase the usability of this scheme.
Probability calculation: Probability of displaying a pre- showed and repeated CAPTCHA in this scheme can be estimated by the following formula:
If database had thousand records each of which has two relative images, then totally, there are 2000 images in database. In each cycle, there are three records chosen randomly each of which has the probability of 1/1000. Therefore, the probability of displaying a CAPTCHA here is:
This is probability of displaying a MRI-CAPTCHA only by having thousand records contain two thousand images. Also another technique is used to prevent selecting the same record in the same cycle by comparing the selected records with second and third record. In this case the probability is decreasing, however it is 100% sure not to have a repeated record in each cycle and CAPTCHA:
This scheme has a special advantage which is ability to present a huge number of CAPTCHAs, by having small number of relative images. The following equation is used to estimate the number of CAPTCHAs by having only one thousand records in database:
1000x999x998 = 997,002,000 CAPTHCAs |
So, it is obvious that by having a small database, this scheme is able to provide a huge number of CAPTCHAs. The records inside the database should contain the appropriate relative images. The relation between images is language-independent and culture-independent which are the essential usability features asked by users.
A pair of relative objects scheme (PRO-CAPTCHA): PRO-CAPTCHA is a CAPTCHA scheme designed based on logical understanding which is easy for human and hard for robots. PRO is stand for a pair of relative objects in this scheme. This scheme has been designed by transferring the proposed usability features by this study which is based on user affinity of choice.
PRO-CAPTCHA scheme description: In this scheme, all the features listed below have been considered as a main usability feature. This scheme is explained in the following parts in details. The following usability features proposed by this study have been considered in heart of this scheme:
| • | Image-based CAPTCHA |
| • | Object-based CAPTCHA |
| • | Language independent |
| • | Usable for all ranges of age |
| • | Multi choices question with three options |
| • | Clickable/touchable using mouse/finger/pen |
| • | Clear of any noises/rotate/complexity/bad colour |
| Fig. 3: | A pair of relative objects scheme-PRO-CAPTCHA scheme |
As it is shown in Fig. 3, in this scheme, users are displayed one image as a question and three more images as the options and choices for users. Users are asked to find the most relative image with the image of question. Users are needed to understand the meaning of the image of the question and find the object inside it and based on their general knowledge find a relation between the chosen object and one of the objects showed in presented choices as a pair of relative objects or images.
This scheme has a specific database contains a table with two attributes. Each attribute is one images and these two attributes are related to each other based on the meaning of their inside objects. So, each record contains two related images and preferably should not repeated in any other records which can be control by administrators. In this scheme one record randomly selected as the main part of this scheme by probability of 1/Number of records. So there are two images in this record one of which is marked as the question and another one is marked as one of the answers. There is a need to have two more answers that should not be related to the question in order to avoid complexity and confusion. Therefore, another two records randomly selected and only one of their attributes and images is marked as the rest of answers.
In this step, one image as a question and three images as the choices for answers are ready. The image of the question and the related answer are assigned the same tag number. The rest choices and not related images are assigned different tag numbers with the question. It is done in order to verify the CAPTCHA by comparing the tag of question and the tag of chosen answer. In this part, users are displayed one image as a question and three images as the possible choices for answers. This huge number of CAPTCHA is a good advantage of this scheme and a good point of this scheme is to have a simple algorithm. There is an algorithm to verify the humanity of the users. Cycle is defined as a preparation and presentation of a CAPTCHA to users and finally verification of those users. In presentation, each user is displayed one image as a question and three images as choices for the answer. In presentation step, the question and appropriate answer are assigned a unique and same tag number and a different tag number assigns to the other images. User needs to select one of the three choices as the best pair with question by finding a relation between images or the objects inside images. Finding the relation between the question and answer is based on human understanding and is hard for robots, as they need so many vision and definition of all existed objects in the world. After selecting one of the choices, the algorithm check the question tag number with the tag of the selected image which if they were equal, the humanity is approved, unless the user probably is a robot.
Probability calculation: The probability of PRO-CAPTCHA can be calculated by the following formula. As the same as probability of the MRI-CAPTCHA this scheme also has a good view of point about the presenting and preparing mechanism. This scheme is also able to provide a huge number of CAPTCHAs by having a simple and small database. There is a new advantage for this scheme that is to use only one of the images in one record for the rest of answers. As it is mentioned after choosing one record as the question and one of the answers, there are two more images needed for the rest of answers. These two images will be selected randomly from two different records each of which has two images and only one of them is used for this scheme. It means that each record can be used twice for the rest of answers.
The following formula shows the probability of presenting each PRO-CAPTCHA. If the database has thousand records contain two thousand images, then the probability can be estimated as below:
Here, the probability of displaying a CAPTCHA again is three times more than MRI-CHAPTCHA scheme. Also having only one thousand records contain two thousand images can create the following number of CAPTCHA:
1000x1998x1996 = 3,988,008,000 CAPTCHAs |
EVALUATION AND DATA ANALYSIS
In order to evaluate proposed usability features of this study, 30 users are asked to solve a few CAPTCHA from each of designed CAPTCHA schemes. Participants of this final survey should be in a various range of age, knowledge, culture and language. They are asked to solve a few CAPTCHA samples and finally are asked to cooperate in filling another survey questionnaire about the usability of those two schemes and their usability features. During the evaluation process, participants have not been helped and trained how to use CAPTCHA scheme and how to find a relation between objects. They are faced to these two new CAPTCHA schemes without any previous knowledge. After piloting the final questionnaire and collect data from 30 participants of this study in order to evaluate the proposed schemes, here there are the process and analysed results of this study.
One of the variable and usability features of this study is the range of age in which users should be able to solve the CAPTCHA schemes. It has been the problem of other studies and CAPTCHA schemes that only a group of people with specific range of age could solve the previous CAPTCHA schemes. Because of this reason, this study consider a various range of aged people to cooperate. As it is shown in Fig. 4, participants of this study are in all range of age between 7 to 70 who are considered as the people working with Internet and probably facing CAPTCHA.
Figure 5 shows that respondents of this study are in a various of educational knowledge. It can help the result of this study to cover all people in various range of knowledge.
The following parts will explain the analysis data from two proposed schemes, MRI-CAPTCHA and PRO-CAPTCHA, to be compared with each other and one of them, as the selected scheme by users will be chosen.
Analysis data of MRI-CAPTCHA scheme: The survey contains MRI-CAPTCHA schemes which is evaluated by users who are asked to answer some questions about that CAPTCHA scheme.
Ease of use and solve: One of the questions is about their ability of solving this type of CAPTCHA and how their ideas are about the other people who will face to this scheme.
| Fig. 4: | Participant’s range of age (years) |
| Fig. 5: | Participant’s education |
| Fig. 6: | MRI-CAPTCHA: ability of solving |
Figure 6 shows that 60% of participants rate it as excellent and 40% of them rate it as very good. It would be counted as a good result for this scheme as there is no one considers this scheme as poor, fair or even good.
Ease of object recognizing: Figure 7 shows the participants’ ability of recognizing objects inside images and finding the relation between them in order to solve CAPTCHA.
| Fig. 7: | MRI-CAPTCHA: ability of object recognizing |
| Fig. 8: | MRI-CAPTCHA: speed of solving |
| Fig. 9: | MRI-CAPTCHA: usability features |
As well as previous question, there is no one considered this scheme as poor, fair or even good and their ability to recognize objects inside this scheme is evaluated by 53% very good ability and 47% excellent ability.
Fast of use and solve: One of the variables that can evaluate a CAPTCHA scheme is the speed of users to solve a CAPTCHA. Participants of this study claim that 83% of them have a very good speed and 17% of them have an excellent speed in solving this CAPTCHA schemes which is shown in Fig. 8.
Usability of CAPTCHA scheme: Usability of this scheme can be evaluated by asking users who rate this scheme 7% as a good scheme, 37% as a very good scheme and 57% as an excellent scheme. It is obvious in Fig. 9 that by having more than 50% rate in excellent, this scheme has an excellent usability for its features.
Usability in terms of age: One of the questions of the final survey was that which range of age can solve this CAPTCHA scheme based on user’s idea. Figure 10 shows that all range of age can solve it as based on participant’s idea, they are able to solve it by percentage of higher than 80%.
| Fig. 10: | MRI-CAPTCHA: usable for ranges of age |
| Fig. 11: | PRO-CAPTCHA: ability to use and solve |
| Fig. 12: | PRO-CAPTCHA: ability of object recognizing |
It is 100% usable for the people aged 12 to 18 years old. The most problem of the previous schemes is related to the people aged 5 to 12 years old and above 60 years old.
Analysis data of PRO-CAPTCHA scheme: Ability of solving a CAPTCHA is really important that the previous schemes have had problem in it especially for some people in specific range of age.
Ease of use and solve: Figure 11 shows that 83% of participants rate it as excellent and 17% of them rate it as very good. It would be counted as a good result for this scheme as there is no one considers this scheme as poor, fair or even good.
Ease of object recognizing: Figure 12 shows the participants’ ability of recognizing objects inside images and finding the relation between them in order to solve CAPTCHA.
| Fig. 13: | PRO-CAPTCHA: speed of solving |
| Fig. 14: | PRO-CAPTCHA: usability features |
As well as previous question, there is no one considered this scheme as poor, fair or even good and their ability to recognize objects inside this scheme is evaluated by 73% very good ability and 27% excellent ability. Here it is concluded that in this scheme it is more easier than the other one to recognize objects as here users are needed to find only one relation.
Fast of use and solve: The speed of solving a CAPTCHA is so important as in real world time is considered as Gold. Users are widely face to CAPTCHA everyday and in doing every action in Internet. They would not like to waste their times to solve only one CAPTCHA and only because of the issues that related to robots and not human. One of the variables that can evaluate a CAPTCHA scheme is the speed of users to solve a CAPTCHA. Participants of this study claim that 90% of them have a very good speed and 10% of them have an excellent speed in solving this CAPTCHA schemes which is shown in Fig. 13.
Usability of CAPTCHA scheme: Usability of this scheme can be evaluated by asking users who rate this scheme 37% as a very good scheme and 63% as an excellent scheme. It is obvious in Fig. 14 that by having more than 60% rate in Excellent, this scheme has an excellent usability for its features.
Usability in terms of age: One of the questions of the final survey was that which range of age can solve this CAPTCHA scheme based on user’s idea. Figure 15 shows that all range of age can solve it as based on participant’s idea, they are able to solve it by having three 100% usability for the people aged 12 and above.
| Fig. 15: | PRO-CAPTCHA: usable for ranges of age |
It is 70% usable for the people aged 5 to 12 years old. Here there is a better usability for this variable rather than MRI CAPTCHA scheme.
INFERENCES
As a result of evaluation process, it can be concluded that those usability features have been chosen in a reliable environment or are still not reliable. If users could solve the proposed CAPTCHA scheme and have no difficulty at solving them and be satisfied from it, it is proved that the usability features are the absolute list of usability features that must be considered in a usable CAPTCHA. PRO-CAPTCHA has got better percentage in terms of ability to solve, ability to recognize objects, speed to solve, usability features and capable and usable for all ranges of age. A Pair of Object CAPTCHA (PRO-CAPTCHA) would be finally presented and selected as the best scheme proposed by this study and it can be concluded that all usability features on it would be called usable because of participants’ affinity of choice about usability features and usable CAPTCHA scheme. Figure 16 shows comparison of the proposed CAPTCHA schemes by this study.
As it is obvious in Fig. 16, however, there is only one difference between these two proposed schemes. The first one which is MRI-CHAPTCHA, is designed based on finding one of the most relative option between three presented options to the image of question. The second one which is PRO-CAPTCHA, is designed based on finding three pair of images that are related to each other. In conclusion, human and computer interaction studies which concern about human value, are widely working on usability of the proposed methods to make a better and easier world for human by using the latest technologies and ideas. The interaction between human and computer is the action have been done thousand and millions times a day for a user.
| Fig. 16: | Comparison of proposed CAPTCHA schemes |
| Fig. 17: | PRO-CAPTCHA vs. MRI-CAPTCHA |
Users must be satisfied while they are working with their devices and it is researcher’s responsibility to make it true. This study has proposed a usable CAPTCHA scheme, Fig. 17 and a sort of usability features which can be applied to a CAPTCHA scheme in order to make it more usable.