Captcha as graphical passwords a new security primitive based on hard ai problems
Download as PPTX, PDF20 likes15,130 views
The document proposes a new security primitive called Captcha as Graphical Passwords (CaRP) that uses hard AI problems from Captcha technology to create a novel graphical password system. CaRP aims to address security issues like online guessing attacks, relay attacks, and shoulder surfing. It can probabilistically thwart automated online guessing even if the password is in the search set. CaRP also aims to solve the "image hotspot" problem in other graphical password systems. The document outlines examples of how CaRP could work and argues that it offers reasonable security and usability for improving online security.
![Disadvantages of Existing System
This paradigm has achieved just a limited success as compared with the
cryptographic primitives based on hard math problems and their wide
applications.
Using hard AI (Artificial Intelligence) problems for security, initially proposed
in [17], is an exciting new paradigm. Under this paradigm, the most notable
primitive invented is Captcha, which distinguishes human users from
computers by presenting a challenge.](https://image.slidesharecdn.com/captchaasgraphicalpasswordsanewsecurityprimitivebasedonhardaiproblems-140827003930-phpapp02/85/Captcha-as-graphical-passwords-a-new-security-primitive-based-on-hard-ai-problems-4-320.jpg)
![ Captcha in Authentication
It was introduced in [14] to use both Captcha and password in a user
authentication protocol, which we call Captcha-based Password Authentication
(CbPA) protocol, to counter online dictionary attacks. The CbPA-protocol in
requires solving a Captcha challenge after inputting a valid pair of user ID and
password unless a valid browser cookie is received. For an invalid pair of user ID
and password, the user has a certain probability to solve a Captcha challenge
before being denied access.](https://image.slidesharecdn.com/captchaasgraphicalpasswordsanewsecurityprimitivebasedonhardaiproblems-140827003930-phpapp02/85/Captcha-as-graphical-passwords-a-new-security-primitive-based-on-hard-ai-problems-10-320.jpg)
![References
R. Biddle, S. Chiasson, and P. C. van Oorschot, “Graphical passwords: Learning
from the first twelve years,” ACM Comput. Surveys, vol. 44, no. 4, 2012.
(2012, Feb.). The Science Behind Passfaces [Online]. Available:
http://www.realuser.com/published/ScienceBehindPassfaces.pdf
I. Jermyn, A. Mayer, F. Monrose, M. Reiter, and A. Rubin, “The design and
analysis of graphical passwords,” in Proc. 8th USENIX Security Symp., 1999,
pp. 1–15.
H. Tao and C. Adams, “Pass-Go: A proposal to improve the usability of
graphical passwords,” Int. J. Netw. Security, vol. 7, no. 2, pp. 273–292, 2008.
S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy, and N. Memon,
“PassPoints: Design and longitudinal evaluation of a graphical password
system,” Int. J. HCI, vol. 63, pp. 102–127, Jul. 2005.](https://image.slidesharecdn.com/captchaasgraphicalpasswordsanewsecurityprimitivebasedonhardaiproblems-140827003930-phpapp02/85/Captcha-as-graphical-passwords-a-new-security-primitive-based-on-hard-ai-problems-15-320.jpg)
Captcha as graphical passwords a new security primitive based on hard ai problems
- 1. Captcha as Graphical Passwords—A New Security Primitive Based on Hard AI Problems Bin B. Zhu, Jeff Yan, Guanbo Bao, Maowei Yang, and Ning Xu
- 2. Abstract Many security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm, but has been underexplored. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphical password systems, such as PassPoints, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security.
- 3. Existing System Security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm, but has been underexplored. A fundamental task in security is to create cryptographic primitives based on hard mathematical problems that are computationally intractable.
- 4. Disadvantages of Existing System This paradigm has achieved just a limited success as compared with the cryptographic primitives based on hard math problems and their wide applications. Using hard AI (Artificial Intelligence) problems for security, initially proposed in [17], is an exciting new paradigm. Under this paradigm, the most notable primitive invented is Captcha, which distinguishes human users from computers by presenting a challenge.
- 5. Proposed System We present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphical password systems, such as PassPoints, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security.We present exemplary CaRPs built on both text Captcha and image-recognition Captcha. One of them is a text CaRP wherein a password is a sequence of characters like a text password, but entered by clicking the right character sequence on CaRP images. CaRP offers protection against online dictionary attacks on passwords, which have been for long time a major security threat for various online services. This threat is widespread and considered as a top cyber security risk. Defense against online dictionary attacks is a more subtle problem than it might appear.
- 6. Advantages of Proposed System The proposed system offers reasonable security and usability and appears to fit well with some practical applications for improving online security. This threat is widespread and considered as a top cyber security risk. Defense against online dictionary attacks is a more subtle problem than it might appear.
- 7. Implementation Implementation is the stage of the project when the theoretical design is turned out into a working system. Thus it can be considered to be the most critical stage in achieving a successful new system and in giving the user, confidence that the new system will work and be effective. The implementation stage involves careful planning, investigation of the existing system and it’s constraints on implementation, designing of methods to achieve changeover and evaluation of changeover methods.
- 8. Modules Graphical Password Captcha in Authentication Thwart Guessing Attacks Security Of Underlying Captcha
- 9. Modules Description Graphical Password In this module, Users are having authentication and security to access the detail which is presented in the Image system. Before accessing or searching the details user should have the account in that otherwise they should register first.
- 10. Captcha in Authentication It was introduced in [14] to use both Captcha and password in a user authentication protocol, which we call Captcha-based Password Authentication (CbPA) protocol, to counter online dictionary attacks. The CbPA-protocol in requires solving a Captcha challenge after inputting a valid pair of user ID and password unless a valid browser cookie is received. For an invalid pair of user ID and password, the user has a certain probability to solve a Captcha challenge before being denied access.
- 11. Thwart Guessing Attacks In a guessing attack, a password guess tested in an unsuccessful trial is determined wrong and excluded from subsequent trials. The number of undetermined password guesses decreases with more trials, leading to a better chance of finding the password. To counter guessing attacks, traditional approaches in designing graphical passwords aim at increasing the effective password space to make passwords harder to guess and thus require more trials. No matter how secure a graphical password scheme is, the password can always be found by a brute force attack. In this paper, we distinguish two types of guessing attacks: automatic guessing attacks apply an automatic trial and error process but S can be manually constructed whereas human guessing attacks apply a manual trial and error process.
- 12. Security Of Underlying Captcha Computational intractability in recognizing objects in CaRP images is fundamental to CaRP. Existing analyses on Captcha security were mostly case by case or used an approximate process. No theoretic security model has been established yet. Object segmentation is considered as a computationally expensive, combinatorially-hard problem, which modern text Captcha schemes rely on.
- 13. Minimum Hardware Configuration of the proposed system Processor : Intel/AMD Speed : 1.1 GHz RAM : 256 MB Hard Disk : 20 GB Key Board : Standard Keyboard Mouse : Standard Mouse Monitor : SVGA/LCD
- 14. Software Configuration of the proposed system Operating System : Windows Java Version : JDK 1.7/1.8 Application Server : Tomcat 7/8 Front End : HTML, Java, JSP Scripts : JavaScript Database : MySQL 5.5 Database Connectivity : JDBC
- 15. References R. Biddle, S. Chiasson, and P. C. van Oorschot, “Graphical passwords: Learning from the first twelve years,” ACM Comput. Surveys, vol. 44, no. 4, 2012. (2012, Feb.). The Science Behind Passfaces [Online]. Available: http://www.realuser.com/published/ScienceBehindPassfaces.pdf I. Jermyn, A. Mayer, F. Monrose, M. Reiter, and A. Rubin, “The design and analysis of graphical passwords,” in Proc. 8th USENIX Security Symp., 1999, pp. 1–15. H. Tao and C. Adams, “Pass-Go: A proposal to improve the usability of graphical passwords,” Int. J. Netw. Security, vol. 7, no. 2, pp. 273–292, 2008. S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy, and N. Memon, “PassPoints: Design and longitudinal evaluation of a graphical password system,” Int. J. HCI, vol. 63, pp. 102–127, Jul. 2005.