驗證碼(CAPTCHA)，是利用電腦自動判別遠端使用者是電腦程式還是人類，主要用來阻擋自動化程序(bots)對網路服務的濫用。目前使用較為廣泛的驗證碼是文字型的驗證碼，但隨著光學文字辨識(OCR)技術的演進，文字驗證碼的安全性受到極大的考驗，因此近年來驗證碼逐漸朝向影像驗證碼、語音驗證碼等形式發展。
本篇文章提出以拼圖為設計概念的影像驗證碼技術，稱之為Puzzle CAPTCHA。其產生影像驗證碼的方式是利用影像切割技術，隨機將影像切割成數個尺寸不等之正方形的影像區塊，並將區塊進行隨機旋轉0°、90°、180°、270°，最後加入適當的干擾線。當使用者利用滑鼠點擊正方形影像區塊，區塊便會進行順時針90°的旋轉，直到將所有影像區塊旋轉拼回原圖便可通過驗證。
本研究進行使用者測試，根據實驗結果顯示通過機率達八成，平均花費時間為十秒以內。利用邊緣偵測技術亦無法有效得知區塊的位置，故可提升驗證碼的安全性。Puzzle CAPTCHA不受國別、語言及文化的隔閡進行使用者驗證。

CAPTCHAs (Completely Automated Public Test to tell Computers and Humans Apart) are computer-generated tests designed to differentiate humans from automated programs. The developments of CAPTCHAs are focusing on issues such as the protection of internet resource from being abused by bots. Traditionally, most CAPTCHAs are text-based. But currently, the security of text-based CAPTCHAs encounters a hard challenge from the improvements in OCR (Optical Character Recognition) technology. Therefore, in recent years, various different types of CAPTCHAs are developed with different approaches such as like image-based or audio-based CAPTCHAs.
This paper proposed an image-based CAPTCHA named Puzzle CAPTCHA. Puzzle CAPTCHA utilized image segment technology. In this approach, an image will be embedded with several tetragon cutout blocks with different sizes. The puzzle is built by rotating these original tetragon cutouts by 0, 90, 180, or 270 degrees randomly. Finally, the establishment of Puzzle CAPTCHA is finished by randomly adding interfering lines on the image.
When users face the image of Puzzle CAPTCHA, they click mouse on each tetragon block to make a 90° clockwise rotation of the block. Users should put all tetragon blocks to the right angle to reveal the original image to pass the CAPTCHA test. The preliminary user’s test of Puzzle CAPTCHA shows an 80.4% accuracy rate. Most users can solve the puzzle in less than 10 seconds. Furthermore, the location of tetragon blocks cannot be resolved by current edge detection technology. This could also boost the safety of Puzzle CAPTCHA. The other merit of Puzzle CAPTCHA lies on the universality that it can be implemented without the consideration of language and culture.

目錄
摘 要 I
ABSTRACT II
誌謝 III
目錄 IV
圖目錄 VI
表目錄 VIII
第1章　緒論 1
1.1研究背景 1
1.2研究動機與目的 2
1.3研究架構 6
第2章　相關研究與文獻 8
2.1驗證碼的發展 8
2.2驗證碼的型態 9
2.2.1文字驗證碼 9
2.2.2影像驗證碼 12
2.2.3語音驗證碼 17
第3章　Puzzle CAPTCHA 18
3.1系統架構 18
3.2開發環境 19
3.3 Puzzle CAPTCHA 19
3.3.1圖片篩選 21
3.3.2區塊切割數量 22
3.3.3區塊尺寸 22
3.3.4區塊碰撞偵測 22
3.3.5驗證碼圖片的處理 23
3.3.6區塊的旋轉方向 23
3.3.7干擾線段 24
第4章　實驗設計與結果分析 25
4.1實驗流程 25
4.1實驗結果分析 26
4.2安全性分析 29
第5章　結論與未來發展 31
參考文獻 32
附錄 34

[1] C Pope and K Kaur. “Is It Human or Computer? Defending E-Commerce with CAPTCHA”. IEEE IT Professional, March 2005, pp. 43-49.
[2] Jeff Yan , Ahmad Salah El Ahmad. Usability of CAPTCHAs or usability issues in CAPTCHA design. Proceedings of the 4th symposium on Usable privacy and security, July 23-25, 2008.
[3] Banday, M.T., Shah, N.A. “Challenges of CAPTCHA in the Accessibility of Indian Regional Websites”. Proceedings of the Fourth Annual ACM Bangalore Conference, 2011.
[4] Tae-Cheon Yang, Ibrahim Furkan Ince, Yucel Batu Salman. A Korean CAPTCHA Study: Defeating OCRs In a New CAPTCHA Context By Using Korean Syllables, International Journal of Contents, Vol.5, No.3, Sep 2009.
[5] Carlos Javier Hernandez-Castro, Arturo Ribagorda. Pitfalls in CAPTCHA design and implementation: the Math CAPTCHA, a case Study, Computers & Security,2009
[6] A. M. Turing. Computing machinery and intelligence, Computers & thought,p11-35,1995.
[7] http://en.wikipedia.org/wiki/CAPTCHA
[8] http://www.freepatentsonline.com/6195698.html
[9] Luis von Ahn, Manuel Blum, Nicholas J.Hopper, and John Langford. CAPTCHA: Using hard AI problems for security, In Proceedings of Eurocrypt, 2003.
[10]Luis von Ahn, Benjamin Maurer, Colin McMillen, David Abraham, and Manuel Blum. reCAPTCHA: Human-Based Character Recognition via Web Security Measures. SCIENCE vol. 321,pp.1465-1468, 2008
[11] Jeff Yan, and Ahmad Salah El Ahmad. “A Low-cost Attack on a Microsoft CAPTCHA”, School of Computing Science Technical Report, Newcastle University, England. Feb, 2008.
[12] Luis von Ahn, Laura Dabbish. Labeling images with a computer game, Proceedings of the SIGCHI conference on Human factors in computing systems, p.319-326, April 24-29, 2004.
[13] L. von Ahn, M. Blum, N.J. Hopper, and J. Langford. The CAPTCHA web page. http://www.captcha.net.
[14] Eight Days Inc. Hot or not, Retrieved form http://www.hotornot.com/, 2000.
[15] GigoIt Inc. Human Authentication, Retrieved from http://www.gigoit.org/, 2008.
[16] Jeremy Elson, John R. Douceur, Jon Howel, and Jared Saul. Asirra: a CAPTCHA that exploits interest-aligned manual image categorization. Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007.
[17] Philippe Golle. Machine learning attacks against the Asirra CAPTCHA. Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008.
[18] Rich Gossweiler, Maryam Kamvar, Shumeet Baluja. What’s Up CAPTCHA?A CAPTCHA Based on Image Orientation. Proceedings of the 18th international conference on World wide web, Pages 841-850, 2009.
[19] M. Tariq Banday, Nisar A. Shah. The ISC International Journal of Information Security, Volume 1, Number 2, pp. 103-121, 2009.
[20] Haichang Gao, Dan Yao, Honggang Liu, Xiyang Liu, and Liming Wang, A Novel Image Based CAPTCHA Using Jigsaw Puzzle, 2010 13th IEEE International Conference on Computational Science and Engineering, pp.351-356, 2010.