The International Arab Journal of Information Technology (IAJIT)


Cyber Security Using Arabic CAPTCHA Scheme

Bots are programs that crawl through the web site and make auto registrations. CAPTCHAs, using Latin script, are widely used to prevent automated bots from abusing online services on the World Wide Web. However, ma ny of the existing English based CAPTCHAs have some inherent problems and cannot assure the security of these websites. This paper proposes a method that focuses on the use of Arabic script i n the generation of CAPTCHA. The proposed scheme us es specific Arabic font types in CAPTCHA generation. Such CAPTCHA expl oits the limitations of Arabic OCRs in reading Arabic text. The proposed scheme is beneficial in Arabic speaking co untries and is very useful in protecting internet resources. A survey has been conducted to find the usability of the scheme, which was satisfactory. In addition, experiments w ere carried out to find the robustness of the scheme against OCR. The results w ere encouraging. Moreover, a comparative study of o ur CAPTCHA and Persian CAPTCHA scheme shows its advancement over P ersian CAPTCHA.

[1] Ahn L., Blum M., Hopper N., and Langford J., CAPTCHA: Using Hard AI Problems for Security, in proceedings of the 22 nd international conference on Theory and applications of cryptographic techniques (Eurocrypt) , Heidelberg, vol. 2656, pp. 294-311, 2003.

[2] Ahn L., Telling Humans and Computers Apart or How Lazy Cryptographers Do AI, Communications of the ACM , vol. 47, no. 2, pp. 57-60, 2004.

[3] Al-muhtaseb H., Mahmoud S., and Qahwajib R., Recognition of Off-Line Printed Arabic Text Using Hidden Markov Models, Journal of Signal Processing , vol. 88, no. 12, pp. 2902- 2912, 2008.

[4] Abdulla S., Al-nassiri A., and Salam R., Off- Line Arabic Handwritten Word Segmentation Using Rotational Invariant Segments Features, International Arab Journal of Information Technology , vol. 5, no. 2, pp. 200-208, 2008.

[5] Al-shatnavi A. and Omar K., A Comparative Study Between Methods of Arabic Baseline Detection, in proceedings of International Conference on Electrical Engineering and Informatics , Malaysia, pp.73-77, 2009.

[6] Elson J., Douceur J., and Saul J., Asirra: A CAPTCHA that Exploits Interest-Aligned Manual Image Categorization, in Proceedings of the 14 th ACM Conference on Computer and Communications Security , Virginia USA, pp. 366-374, 2007.

[7] Gupta A., Jain A., Raj A., and Jain A., Sequenced Tagged CAPTCHA: Generation and its Analysis, in Proceedings of International Advance Computing Conference , India, pp. 1286- 1291, 2009.

[8] Hindle A., Godfrey M., and Holt R., Reverse Engineering CAPTCHAs, in Proceedings of the 15 th Working Conference on Reverse Engineering , USA, pp. 59-68, 2008. 84 The International Arab Journal of Information Techn ology, Vol. 10, No. 1, January 2013

[9] Internet Usage in the Middle East, Source Online, available at: http://internetworldstats. com/stats5.htm, last visited 2010.

[10] Lillibridge M., Abadi M., Bharat K., and Broder A., Method for Selectively Restricting Access to Computer Systems, United States Patent 6195698. Applied 1998 and Approved 2001.

[11] Mori G. and Malik J., Recognizing Objects in Adversarial Clutter: Breaking A Visual CAPTCHA, in Proceedings of 2003 IEEE Conference on Computer Vision and Pattern Recognition , pp. 134-141, 2003.

[12] Moussaa S., Zahourb A., Abdelhafid A., and Alimi A., New Features Using Fractal Multi- Dimensions for Generalized Arabic Font Recognition, Journal of Pattern Recognition Letters , vol. 31, no. 5, pp. 361-371, 2010.

[13] Sattar S., Haque S., Pathan M., and Gee Q., Implementation Challenges for Nastaliq Character Recognition, in Proceedings of International Multi Topic Conference (IMTIC) , Pakistan, pp. 279-285, 2008.

[14] Shirali-shahreza M. and Shirali-Shahreza M., Persian/Arabic Baffle Text CAPTCHA, Journal of Universal Computer Science , vol. 12, no. 12, pp. 1783-1796, 2006.

[15] Shirali-shahreza M. and Shirali-Shahreza M., Advanced Nastaliq CAPTCHA, in Proceedings of 7 th IEEE International Conference on Cybernetic Intelligent Systems , UK, pp. 1-3, 2008.

[16] Survey Website for Arabic CAPTCHA, available at:, last visited 2010.

[17] Thomas A., Rusu A., and Govindaraju V., Synthetic Handwritten CAPTCHAs, Journal of New Frontiers on Handwriting Recognition , vol. 42, no. 12, pp. 3365-3373, 2009.

[18] Zheng L., Hassin A., and Tang X., A new Algorithm for Machine Printed Arabic Character Segmentation, Journal of Pattern Recognition Letter , vol. 25, no. 15, pp.1723-1729, 2004. Bilal Khan is working as a researcher at Center of Excellence in Information Assurance, King Saud University, Saudi Arabia. Received his MSc in Internet, Computer and system security from University of Bradford, UK. He has several journal and conference papers. His research interes ts include cyber security and information security management. Khaled Alghathbar , PhD, CISSP, CISM, PMP, BS7799 lead auditor, is an associate professor and the director of the Centre of Excellence in Information Assurance in King Saud University, Saudi Arabia. He is a security advisor for several government agencies. His main research interest is in information security management, policies, biometri cs and design. He received his PhD in Information Technology from George Mason University, USA. Muhammad Khurram Khan is currently working as an associate professor and R & D Manager at Center of Excellence in Information Assurance, King Saud University, Saudi Arabia. He is the founding editor of Bahria University Journal of Information and Communication Technology. He is the editorial board of several international journa ls. He also plays role of guest editor of several internat ional journals of Springer-Verlag and Elsevier Science. H e is an active reviewer of many international journals. He has been included in the Marquis Who s Who in the World 2010 edition. He was recently awarded a certificate of appreciation for outstanding contrib utions in Biometrics and Information Security Research, AI T Conference. He has also secured an outstanding leadership award at IEEE international conference o n Networks and Systems Security 2009, Australia. He has published more than 90 research papers. His are as of interest are biometrics, multimedia security, di gital data hiding, and authentication protocols. Abdullah Alkelabi is the IT risk assessment officer at Alinma Bank, Saudi Arabia. He received his BSc degree in computer information systems from King Saud University, Saudi Arabia. Abdulaziz Alajaji is working as a teaching assistant in College of Computer Sciences and Information Systems, King Saud University, Saudi Arabia. He received his BSc in Information Systems from King Saud University, Saudi Arabia. His main research interest is in information security technologies.