Wednesday, 23 July 2014
Captcha as Graphical Passwords—A New Security Primitive Based on Hard AI Problems
CAPTCHA AS GRAPHICAL PASSWORDS—A NEW SECURITY PRIMITIVE BASED ON HARD AI PROBLEMS
Many security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm, but has been underexplored.
In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphical password systems, such as PassPoints that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security.
AI FUNDAMENTAL task in security is to create cryptographic primitives based on hard mathematical problems that are computationally intractable. For example, the problem of integer factorization is fundamental to the RSA public-key cryptosystem and the Rabin encryption. The discrete logarithm problem is fundamental to the ElGamal encryption, the Diffie- Hellman key exchange, the Digital Signature Algorithm, the elliptic curve cryptography and so on.
DISADVANTAGES OF EXISTING SYSTEM:
v Existing graphical password schemes where a password can be found within a fixed number of trials.
v Analyses on Captcha security were mostly case by case or used an approximate process. No theoretic security model has been established yet.
In this paper, we introduce a new security primitive based on hard AI problems, namely, a novel family of graphical password systems integrating Captcha technology, which we call
CaRP (Captcha as gRaphical Passwords). CaRP is click-based graphical passwords, where a sequence of clicks on an image is used to derive a password. Unlike other click-based graphical passwords, images used in CaRP are Captcha challenges, and a new CaRP image is generated for every login attempt.
ADVANTAGES OF PROPOSED SYSTEM:
v CaRP also offers protection against relay attacks, an increasing threat to bypass Captchas protection.
v Captcha can be circumvented through relay attacks whereby
v Captcha challenges are relayed to human solvers, whose answers are fed back to the targeted application.
Speed - 1.1 Ghz
RAM - 512 MB(min)
Hard Disk - 40 GB
Key Board - Standard Windows Keyboard
Mouse - Two or Three Button Mouse
Monitor - LCD/LED
Operating system : Windows XP.
Coding Language : .Net
Data Base : SQL Server 2005
Tool : VISUAL STUDIO 2008.
Bin B. Zhu, Jeff Yan, Guanbo Bao, Maowei Yang, and Ning Xu_, “Captcha as Graphical Passwords—A New Security Primitive Based on Hard AI Problems” IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 9, NO. 6, JUNE 2014