Two Cal engineers
stump "Gimpy" bot blocker
An ingenious computer security system designed to stop automated
Internet robots from trying to impersonate humans was cracked
by two Berkeley computer scientists, in response to an open challenge
from the researchers who created it.
picture is worth a thousand words. You need just one word
to get past Gimpy, but it must be the right one. While humans
can decipher it with ease, computer-generated bot programs
have difficulty reading the distorted text.
PHOTO COURTESY OF THE CAPTCHA PROJECT, CARNEGIE MELLON UNIVERSITY
Known as "Gimpy," the program was originally created
by researchers at Carnegie Mellon University to stop computer-automated
robots or "bots" from taking online polls, creating
new e-mail accounts, signing up for free Web-based mail, and all
the other things human beings use their computers for. Bot programs
can produce e-mail accounts that are difficult to trace, making
them ideal vehicles for proliferating unwanted spam messages to
legitimate e-mail users.
Gimpy adds a step in an online registration process asking the
user to read a word on the screen that has been distorted by a
fuzzy background. Most people have no trouble with this, while
computer programs based on optical character recognition can’t
pass the test.
Yahoo, one of the largest providers of free Web-based e-mail,
implemented Gimpy last year in its new account registration process.
Users who pass the test can proceed to the next step to get an
account, but those who cannot read the word are blocked.
"We were able to crack Gimpy because of our previous research
on a technique called ‘shape contexts’ for object
recognition," says Jitendra Malik, the Arthur J. Chick professor
of EECS. "The idea is to match shapes based on relative configuration
of contours in a way that can tolerate small distortions."
It took Malik and computer science doctoral student Greg Mori
just five days to create a program that empowered their computer
to read the Gimpy text. They then called Manuel Blum, professor
of computer science, and his graduate student Luis von Ahn at
Carnegie Mellon to announce their result.
"I was delighted when I heard from them," Blum said.
"They were the first ones to successfully take up the challenge."
Blum taught computer science at Berkeley for 30 years before joining
Carnegie Mellon. His project there, of which Gimpy is a part,
is called CAPTCHA, or "Completely Automated Public Turing
Test to Tell Computers and Humans Apart."
Malik and Mori stumped EZ-Gimpy, the simpler of two versions of
the program. They also devised a program to beat a more difficult
version, which requires users to identify three words instead
of just one, but it works only about a third of the time.
FOREFRONT takes you into the labs, classrooms,
and lives of professors, students, and alumni for an intimate
look at the innovative research, teaching, and campus life that
defines the College of Engineering at the University of California,
Published three times a year by the Engineering Public Affairs
Office. Have a comment about Forefront? E-mail
your letter to the editor. Click here
to learn more about the magazine.