CAPTCHA AS GRAPHICAL PASSWORDS—A NEW
SECURITY PRIMITIVE BASED ON HARD AI PROBLEMS
ABSTRACT:
Many security primitives are based on hard
mathematical problems. Using hard AI problems for security is emerging as an
exciting new paradigm, but has been underexplored.
In this paper, we present a new security primitive
based on hard AI problems, namely, a novel family of graphical password systems
built on top of Captcha technology, which we call Captcha as graphical
passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP
addresses a number of security problems altogether, such as online guessing
attacks, relay attacks, and, if combined with dual-view technologies,
shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically
by automatic online guessing attacks even if the password is in the search set.
CaRP also offers a novel approach to address the well-known image hotspot
problem in popular graphical password systems, such as PassPoints that often
leads to weak password choices. CaRP is not a panacea, but it offers reasonable
security and usability and appears to fit well with some practical applications
for improving online security.
EXISTING SYSTEM:
AI
FUNDAMENTAL
task in security is to create cryptographic primitives based on hard
mathematical problems that are computationally intractable. For example, the
problem of integer factorization is fundamental to the RSA public-key cryptosystem
and the Rabin encryption. The discrete logarithm problem is fundamental to the
ElGamal encryption, the Diffie- Hellman key exchange, the Digital Signature
Algorithm, the elliptic curve cryptography and so on.
DISADVANTAGES OF
EXISTING SYSTEM:
v Existing
graphical password schemes where a password can be found within a fixed number
of trials.
v Analyses
on Captcha security were mostly case by case or used an approximate process. No
theoretic security model has been established yet.
PROPOSED
SYSTEM:
In
this paper, we introduce a new security primitive based on hard AI problems, namely,
a novel family of graphical password systems integrating Captcha technology,
which we call
CaRP
(Captcha as gRaphical Passwords). CaRP is click-based graphical
passwords, where a sequence of clicks on an image is used to derive a password.
Unlike other click-based graphical passwords, images used in CaRP are Captcha
challenges, and a new CaRP image is generated for every login attempt.
ADVANTAGES OF PROPOSED
SYSTEM:
v
CaRP also offers protection against
relay attacks, an increasing threat to bypass Captchas protection.
v
Captcha can be circumvented through
relay attacks whereby
v
Captcha challenges are relayed to human
solvers, whose answers are fed back to the targeted application.
SYSTEM CONFIGURATION:-
HARDWARE REQUIREMENTS:-
Processor - Pentium –IV
Speed - 1.1 Ghz
RAM - 512 MB(min)
Hard Disk - 40 GB
Key Board - Standard Windows Keyboard
Mouse - Two or Three Button Mouse
Monitor - LCD/LED
SOFTWARE
REQUIREMENTS:
Operating
system : Windows XP.
Coding
Language : .Net
Data
Base : SQL Server 2005
Tool : VISUAL STUDIO 2008.
REFERENCE:
Bin
B. Zhu, Jeff Yan, Guanbo Bao, Maowei Yang, and Ning Xu_, “Captcha as Graphical Passwords—A New
Security Primitive Based on Hard AI Problems” IEEE TRANSACTIONS ON
INFORMATION FORENSICS AND SECURITY, VOL. 9, NO. 6, JUNE 2014
No comments:
Post a Comment