Captcha as Graphical Passwords a New Security Primitive Based on Hard AI Problems
-
Upload
igeeks-technologiesbangalore -
Category
Documents
-
view
93 -
download
0
description
Transcript of Captcha as Graphical Passwords a New Security Primitive Based on Hard AI Problems
-
5/21/2018 Captcha as Graphical Passwords a New Security Primitive Based on Hard AI Problems
Captcha as Graphi
PasswordsA New Secur
Primitive Based on HardProble
Bin B. Zhu, Jeff Yan, Guanbo Bao, Maowei Yang, and Ning Xu
-
5/21/2018 Captcha as Graphical Passwords a New Security Primitive Based on Hard AI Problems
Abstract
Many security primitives are based on hard mathematical problems. Using hard AIproblems for security is emerging as an exciting new paradigm, but has beenunderexplored. In this paper, we present a new security primitive based on hardAI problems, namely, a novel family of graphical password systems built on top ofCaptcha technology, which we call Captcha as graphical passwords (CaRP). CaRPis both a Captcha and a graphical password scheme. CaRP addresses a number ofsecurity problems altogether, such as online guessing attacks, relay attacks, and,if combined with dual-view technologies, shoulder-surfing attacks. Notably, a
CaRP password can be found only probabilistically by automatic online guessingattacks even if the password is in the search set. CaRP also offers a novelapproach to address the well-known image hotspot problem in popular graphicalpassword systems, such as PassPoints, that often leads to weak password choices.CaRP is not a panacea, but it offers reasonable security and usability and appearsto fit well with some practical applications for improving online security.
-
5/21/2018 Captcha as Graphical Passwords a New Security Primitive Based on Hard AI Problems
Existing System
Security primitives are based on hard mathematical problems. Using hard AIproblems for security is emerging as an exciting new paradigm, but has been
underexplored.A fundamental task in security is to create cryptographicprimitives based on hard mathematical problems that are computationally
intractable.
-
5/21/2018 Captcha as Graphical Passwords a New Security Primitive Based on Hard AI Problems
Disadvantages of Existing System
This paradigm has achieved just a limited success as compared with thecryptographic primitives based on hard math problems and their wide
applications.
Using hard AI (Artificial Intelligence) problems for security, initially proposed
in [17], is an exciting new paradigm. Under this paradigm, the most notableprimitive invented is Captcha, which distinguishes human users from
computers by presenting a challenge.
-
5/21/2018 Captcha as Graphical Passwords a New Security Primitive Based on Hard AI Problems
Proposed System
We present a new security primitive based on hard AI problems, namely, a no
graphical password systems built on top of Captcha technology, which we calgraphical passwords (CaRP). CaRP is both a Captcha and a graphical passwordCaRP addresses a number of security problems altogether, such as online gue
relay attacks, and, if combined with dual-view technologies, shoulder-surfing
Notably, a CaRP password can be found only probabilistically by automatic on
attacks even if the password is in the search set. CaRP also offers a novel appaddress the well-known image hotspot problem in popular graphical password
such as PassPoints, that often leads to weak password choices. CaRP is not a it offers reasonable security and usability and appears to fit well with some p
applications for improving online security.We present exemplary CaRPs built
Captcha and image-recognition Captcha. One of them is a text CaRP wherein is a sequence of characters like a text password, but entered by clicking the
character sequence on CaRP images. CaRP offers protection against online di
attacks on passwords, which have been for long time a major security threat
online services. This threat is widespread and considered as a top cyber secuDefense against online dictionary attacks is a more subtle problem than it mig
-
5/21/2018 Captcha as Graphical Passwords a New Security Primitive Based on Hard AI Problems
Advantages of Proposed System
The proposed system offers reasonable security and usability and appears tofit well with some practical applications for improving online security.
This threat is widespread and considered as a top cyber security risk. Defenseagainst online dictionary attacks is a more subtle problem than it might
appear.
-
5/21/2018 Captcha as Graphical Passwords a New Security Primitive Based on Hard AI Problems
Implementation
Implementation is the stage of the project when the theoretical design is turnedout into a working system. Thus it can be considered to be the most critical stage
in achieving a successful new system and in giving the user, confidence that thenew system will work and be effective.
The implementation stage involves careful planning, investigation of theexisting system and its constraints on implementation, designing of methods to
achieve changeover and evaluation of changeover methods.
-
5/21/2018 Captcha as Graphical Passwords a New Security Primitive Based on Hard AI Problems
Modules
Graphical Password
Captcha in Authentication
Thwart Guessing Attacks
Security Of Underlying Captcha
-
5/21/2018 Captcha as Graphical Passwords a New Security Primitive Based on Hard AI Problems
Modules Description
Graphical PasswordIn this module, Users are having authentication and security to access the detailwhich is presented in the Image system. Before accessing or searching the details
user should have the account in that otherwise they should register first.
-
5/21/2018 Captcha as Graphical Passwords a New Security Primitive Based on Hard AI Problems
Captcha in Authentication
It was introduced in [14] to use both Captcha and password in a userauthentication protocol, which we call Captcha-based Password Authentication
(CbPA) protocol, to counter online dictionary attacks. The CbPA-protocol inrequires solving a Captcha challenge after inputting a valid pair of user ID and
password unless a valid browser cookie is received. For an invalid pair of user IDand password, the user has a certain probability to solve a Captcha challenge
before being denied access.
-
5/21/2018 Captcha as Graphical Passwords a New Security Primitive Based on Hard AI Problems
Thwart Guessing Attacks
In a guessing attack, a password guess tested in an unsuccessfultrial is determined wrong and excluded from subsequent trials.The number of undetermined password guesses decreases withmore trials, leading to a better chance of finding the password. Tocounter guessing attacks, traditional approaches in designinggraphical passwords aim at increasing the effective passwordspace to make passwords harder to guess and thus require more
trials. No matter how secure a graphical password scheme is, thepassword can always be found by a brute force attack. In thispaper, we distinguish two types of guessing attacks: automaticguessing attacks apply an automatic trial and error process but Scan be manually constructed whereas human guessing attacksapply a manual trial and error process.
-
5/21/2018 Captcha as Graphical Passwords a New Security Primitive Based on Hard AI Problems
Security Of Underlying Captcha
Computational intractability in recognizing objects in CaRP images isfundamental to CaRP. Existing analyses on Captcha security were mostly case by
case or used an approximate process. No theoretic security model has beenestablished yet. Object segmentation is considered as a computationally
expensive, combinatorially-hard problem, which modern text Captcha schemesrely on.
-
5/21/2018 Captcha as Graphical Passwords a New Security Primitive Based on Hard AI Problems
MinimumHardware Configuration of the
proposed system
Processor : Intel/AMD
Speed : 1.1 GHz
RAM : 256 MB
Hard Disk : 20 GB
Key Board : Standard Keyboard
Mouse : Standard Mouse
Monitor : SVGA/LCD
-
5/21/2018 Captcha as Graphical Passwords a New Security Primitive Based on Hard AI Problems
Software Configuration of the
proposed system
Operating System : Windows
Java Version : JDK 1.7/1.8
Application Server : Tomcat 7/8
Front End : HTML, Java, JSP
Scripts : JavaScript
Database : MySQL 5.5
Database Connectivity : JDBC
-
5/21/2018 Captcha as Graphical Passwords a New Security Primitive Based on Hard AI Problems
References
R. Biddle, S. Chiasson, and P. C. van Oorschot, Graphical passwords: Learningfrom the first twelve years,ACM Comput. Surveys, vol. 44, no. 4, 2012.
(2012, Feb.). The Science Behind Passfaces [Online]. Available:http://www.realuser.com/published/ScienceBehindPassfaces.pdf
I. Jermyn, A. Mayer, F. Monrose, M. Reiter, and A. Rubin, The design andanalysis of graphical passwords, in Proc. 8th USENIX Security Symp., 1999,pp. 115.
H. Tao and C. Adams, Pass-Go: A proposal to improve the usability ofgraphical passwords, Int. J. Netw. Security, vol. 7, no. 2, pp. 273292, 2008.
S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy, and N. Memon,PassPoints: Design and longitudinal evaluation of a graphical passwordsystem, Int. J. HCI, vol. 63, pp. 102127, Jul. 2005.