Description
This assignment and its associated exercises provide experience in the use of libraries and
more complex program build processes.
Objectives
On completion of this assignment and its associated exercise, you will be able to:
• Explain the differences between static and dynamic linking
• Link code that you have written with supplied libraries.
• Create makefiles
Task domain for example application – generating a graphic CAPTCHA
You will often have encountered CAPTCHAs when using the web. They are intended to block
features of web-sites from automated bots, spiders, scanners, scripts etc. The web server displays a
puzzle that the user must solve before they can advance to the controlled web resource. The puzzle
is displayed in a web page, the user’s “solution” is sent back to the server for checking; only if the
solution is correct may the user advance to the controlled web resource.
“A CAPTCHA (an acronym for “Completely Automated Public Turing test to tell Computers and
Humans Apart”) is a type of challenge-response test used in computing to determine whether or not
the user is human.
The term was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas J. Hopper of Carnegie Mellon
University and John Langford of IBM. The most common type of CAPTCHA was first invented by Mark
D. Lillibridge, Martin Abadi, Krishna Bharat and Andrei Z. Broder. This form of CAPTCHA requires that
the user type the letters of a distorted image, sometimes with the addition of an obscured sequence
of letters or digits that appears on the screen.” (So says Wikipedia.)
Wikipedia adds: “This user identification procedure has received many criticisms, especially from
disabled people, but also from other people who feel that their everyday work is slowed down by distorted
words that are illegible even for users with no disabilities at all.”
Apart from being a pain for humans solve, these distorted letter patterns are increasingly vulnerable.
“However, our research recently showed that today’s Artificial Intelligence technology can solve even
the most difficult variant of distorted text at 99.8% accuracy. Thus distorted text, on its own, is no
longer a dependable test.” https://googleonlinesecurity.blogspot.com.au/2014/12/are-you-robotintroducing-no-captcha.html
A number of organisations have created alternative “picture recognition” based CAPTCHAs. For
example, Microsoft created the Asirra CAPTCHA:
“Asirra is easy for users; it can be solved by humans 99.6% of the time in under 30 seconds.
Anecdotally, users seemed to find the experience of using Asirra much more enjoyable than a textbased CAPTCHA.”
There are a number of similar projects –
Confidentcaptcha.com
Piccaptcha.com
Google’s own version:
While currently more secure than corrupted text, these picture based approaches are still
vulnerable.
That collection of 2 million dog and cat photos – only 2 million, hackers have infinite time and can it
seems map out the space of picture files onto dog | cat. Other attacks may also be possible –
https://www.linkedin.com/pulse/20140417144957-237781962-cracking-ms-asirra-captchas-withgoogle-repost-from-blog .
And these picture based approaches are an excellent area for PhD students to create thesis projects
for recognising images – https://epub.uni-regensburg.de/16872/1/trustbus_1.pdf .
So what you will be doing in this exercise is creating a component for a slightly more challenging
variant!
This variant works as follows:
• For every CAPTCHA test the server web server will generate a complex and quite unique
image that has embedded in it a set of sub-images of a given type, it records the position
of these sub-images for use when verifying the users response. (This version uses a fixed
number of sub-images, but could easily be generalised.)
It sends this unique generated image to the client’s browser.
• The page sent to the browser incorporates the image and some Javascript code.
The CAPTCHA test requires the user to click on the embedded sub-images; the positions of
the clicks are captured by Javascript and sent in a verification request using AJAX.
• The server receives the user input and checks that the user clicked within the areas of the
sub-images. If the user input is valid, the server creates session data “not a bot” that will
allow the user to reach controlled web resources.
As shown in the following examples, the overall image is comprised of a background photo (or
abstract patterned image) and a large number of embedded partially transparent sub-images. These
sub-images are taken from several different collections. One group of sub-images constitutes the
target for the user – as identified by a different sub-image of similar type.
The code that you write for this exercise is the C code for firstly creating an image collection, and
then generating HTML pages with images along with the files containing the associated data that
define the position of the embedded sub-images that the user is to identify. (Your HTML pages don’t
include the Javascript that would be required; this code would be added via a HTML
