captcha as graphical passwords a new security primitive based on hard ai problems

5/21/2018 Captcha as Graphical Passwords a New Security Primitive Based on Hard AI Problems

Captcha as Graphi

PasswordsA New Secur

Primitive Based on HardProble

Bin B. Zhu, Jeff Yan, Guanbo Bao, Maowei Yang, and Ning Xu


Abstract

Many security primitives are based on hard mathematical problems. Using hard AIproblems for security is emerging as an exciting new paradigm, but has beenunderexplored. In this paper, we present a new security primitive based on hardAI problems, namely, a novel family of graphical password systems built on top ofCaptcha technology, which we call Captcha as graphical passwords (CaRP). CaRPis both a Captcha and a graphical password scheme. CaRP addresses a number ofsecurity problems altogether, such as online guessing attacks, relay attacks, and,if combined with dual-view technologies, shoulder-surfing attacks. Notably, a

CaRP password can be found only probabilistically by automatic online guessingattacks even if the password is in the search set. CaRP also offers a novelapproach to address the well-known image hotspot problem in popular graphicalpassword systems, such as PassPoints, that often leads to weak password choices.CaRP is not a panacea, but it offers reasonable security and usability and appearsto fit well with some practical applications for improving online security.


Existing System

Security primitives are based on hard mathematical problems. Using hard AIproblems for security is emerging as an exciting new paradigm, but has been

underexplored.A fundamental task in security is to create cryptographicprimitives based on hard mathematical problems that are computationally

intractable.


Disadvantages of Existing System

This paradigm has achieved just a limited success as compared with thecryptographic primitives based on hard math problems and their wide

applications.

Using hard AI (Artificial Intelligence) problems for security, initially proposed

in [17], is an exciting new paradigm. Under this paradigm, the most notableprimitive invented is Captcha, which distinguishes human users from

computers by presenting a challenge.


Proposed System

We present a new security primitive based on hard AI problems, namely, a no

graphical password systems built on top of Captcha technology, which we calgraphical passwords (CaRP). CaRP is both a Captcha and a graphical passwordCaRP addresses a number of security problems altogether, such as online gue

relay attacks, and, if combined with dual-view technologies, shoulder-surfing

Notably, a CaRP password can be found only probabilistically by automatic on

attacks even if the password is in the search set. CaRP also offers a novel appaddress the well-known image hotspot problem in popular graphical password

such as PassPoints, that often leads to weak password choices. CaRP is not a it offers reasonable security and usability and appears to fit well with some p

applications for improving online security.We present exemplary CaRPs built

Captcha and image-recognition Captcha. One of them is a text CaRP wherein is a sequence of characters like a text password, but entered by clicking the

character sequence on CaRP images. CaRP offers protection against online di

attacks on passwords, which have been for long time a major security threat

online services. This threat is widespread and considered as a top cyber secuDefense against online dictionary attacks is a more subtle problem than it mig


Advantages of Proposed System

The proposed system offers reasonable security and usability and appears tofit well with some practical applications for improving online security.

This threat is widespread and considered as a top cyber security risk. Defenseagainst online dictionary attacks is a more subtle problem than it might

appear.


Implementation

Implementation is the stage of the project when the theoretical design is turnedout into a working system. Thus it can be considered to be the most critical stage

in achieving a successful new system and in giving the user, confidence that thenew system will work and be effective.

The implementation stage involves careful planning, investigation of theexisting system and its constraints on implementation, designing of methods to

achieve changeover and evaluation of changeover methods.


Modules

Graphical Password

Captcha in Authentication

Thwart Guessing Attacks

Security Of Underlying Captcha


Modules Description

Graphical PasswordIn this module, Users are having authentication and security to access the detailwhich is presented in the Image system. Before accessing or searching the details

user should have the account in that otherwise they should register first.


Captcha in Authentication

It was introduced in [14] to use both Captcha and password in a userauthentication protocol, which we call Captcha-based Password Authentication

(CbPA) protocol, to counter online dictionary attacks. The CbPA-protocol inrequires solving a Captcha challenge after inputting a valid pair of user ID and

password unless a valid browser cookie is received. For an invalid pair of user IDand password, the user has a certain probability to solve a Captcha challenge

before being denied access.


Thwart Guessing Attacks

In a guessing attack, a password guess tested in an unsuccessfultrial is determined wrong and excluded from subsequent trials.The number of undetermined password guesses decreases withmore trials, leading to a better chance of finding the password. Tocounter guessing attacks, traditional approaches in designinggraphical passwords aim at increasing the effective passwordspace to make passwords harder to guess and thus require more

trials. No matter how secure a graphical password scheme is, thepassword can always be found by a brute force attack. In thispaper, we distinguish two types of guessing attacks: automaticguessing attacks apply an automatic trial and error process but Scan be manually constructed whereas human guessing attacksapply a manual trial and error process.


Security Of Underlying Captcha

Computational intractability in recognizing objects in CaRP images isfundamental to CaRP. Existing analyses on Captcha security were mostly case by

case or used an approximate process. No theoretic security model has beenestablished yet. Object segmentation is considered as a computationally

expensive, combinatorially-hard problem, which modern text Captcha schemesrely on.


MinimumHardware Configuration of the

proposed system

Processor : Intel/AMD

Speed : 1.1 GHz

RAM : 256 MB

Hard Disk : 20 GB

Key Board : Standard Keyboard

Mouse : Standard Mouse

Monitor : SVGA/LCD


Software Configuration of the

proposed system

Operating System : Windows

Java Version : JDK 1.7/1.8

Application Server : Tomcat 7/8

Front End : HTML, Java, JSP

Scripts : JavaScript

Database : MySQL 5.5

Database Connectivity : JDBC


References

R. Biddle, S. Chiasson, and P. C. van Oorschot, Graphical passwords: Learningfrom the first twelve years,ACM Comput. Surveys, vol. 44, no. 4, 2012.

(2012, Feb.). The Science Behind Passfaces [Online]. Available:http://www.realuser.com/published/ScienceBehindPassfaces.pdf

I. Jermyn, A. Mayer, F. Monrose, M. Reiter, and A. Rubin, The design andanalysis of graphical passwords, in Proc. 8th USENIX Security Symp., 1999,pp. 115.

H. Tao and C. Adams, Pass-Go: A proposal to improve the usability ofgraphical passwords, Int. J. Netw. Security, vol. 7, no. 2, pp. 273292, 2008.

S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy, and N. Memon,PassPoints: Design and longitudinal evaluation of a graphical passwordsystem, Int. J. HCI, vol. 63, pp. 102127, Jul. 2005.

captcha as graphical passwords a new security primitive based on hard ai problems

Documents

new security primitive

online security

reasonable security

number of security problems

hard mathematical problems

hard math problems

hard aiproblems

hard ai problemscaptcha