Downloaded 1,003 times
![REFERENCES
[1] Bin B. Zhu, Jeff Yan, Guanbo Bao, Maowei Yang, and Ning Xu “Captcha as
Graphical Passwords—A New Security Primitive Based on Hard AI Problems”
VOL. 9, NO. 6, JUNE 2014
[2] R. Biddle, S. Chiasson, and P. C. van Oorschot, “Graphical passwords:
Learning from the first twelve years,” ACM Compute Surveys, vol. 44, no. 4,
2012.
[3] I. Jermyn, A. Mayer, F. Monrose, M. Reiter, and A. Rubin, “The design and
analysis of graphical passwords,” in Proc. 8th USENIX Security Symp., 1999,
pp. 1–15.
[4] H. Tao and C. Adams, “Pass-Go: A proposal to improve the usability of
graphical passwords,” Int. J. Netw. Security , vol. 7, no. 2, pp. 273– 292, 2008.
[5] S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy, and N. Memon,
“PassPoints: Design and longitudinal evaluation of a graphical password
system,” Int. J. HCI, vol. 63, pp. 102–127, Jul. 2005.
21](https://image.slidesharecdn.com/captchaasgraphicalpassword-150111225209-conversion-gate02/85/Captcha-as-graphical-password-21-320.jpg)
Uploaded byGopinath Ramanna
Captcha as graphical password
This document proposes a new type of graphical password system called CAPTCHA As Graphical Passwords (CaRP) that integrates CAPTCHAs with password authentication. CaRP schemes require users to click on a sequence of visual objects like characters, animals or grid cells in an image to enter their password. This combines the tasks of recognizing CAPTCHA objects and recalling a click-sequence password. CaRP aims to thwart automatic guessing attacks by generating new images for each login attempt. Recognition-based CaRP examples include Click Text and Click Animal, while Animal Grid combines recognition and cued recall. CaRP is resistant to relay attacks and provides stronger security than other graphical passwords by leveraging hard AI problems in CAPT
More Related Content
Similar to Captcha as graphical password
![[Deck] What's New in Spark-Iceberg Integration via DSV2.pptx](https://cdn.slidesharecdn.com/ss_thumbnails/deckwhatsnewinspark-icebergintegrationviadsv2-260210005337-25955b12-thumbnail.jpg?width=640&height=640&fit=bounds)
Captcha as graphical password
- 1. CAPTCHA AS GRAPHICALPASSWORDS A NEW SECURITY PRIMITIVE BASED ON HARD AI PROBLEMS By Gopinath.R (1BY14SCS08) M.Tech (CSE),BMSIT Under the Guidance of: Mr. Ravi Kumar B.N Asst. Professor , Dept of CSE, BMSIT
- 2. AGENDA Introduction Background Captcha as Graphical Password Recognition Based CaRP Security Analysis Applications Conclusion 2
- 3. INTRODUCTION Using hardArtificial Intelligence problems for Security is an exciting new paradigm. Under this paradigm, the most notable primitive is Captcha, which distinguishes human users from computers by presenting a challenge, i.e., a puzzle . Captcha is now a standard Internet security technique to protect online email and other services from being abused by bots. A new security primitive based on hard AI problems, namely, a novel family of graphical password systems integrating Captcha technology, called as CaRP. CaRP is click-based graphical passwords, where a sequence of clicks on an image is used to derive a password. 3
- 4. BACKGROUND Graphical Passwords RecallBased Techniques A user is asked to reproduce something that he created or selected earlier during the registration stage Recognition Based Techniques A user is presented with a set of images and the user passes the authentication by recognizing and identifying the images he selected during the registration stage. Cued-recall Technique An extra cue is provided to users to remember and target specific locations within a presented image. 4
- 5. Captcha Completely AutomatedPublic Turing test to tell Computers & Humans Apart. It is a program that is a challenge response to test to separate humans from computer programs. TYPES: Text Captcha The Text Captcha relies on character recognition Image-Recognition Captcha (IRC) The IRC relies on recognition of non-character objects. 5
- 6. TEXT BASED simple, normalquestions :- what is the sum of three & thirty-five ? If today is Saturday, what is day after tomorrow? Which of mango, table & water is a fruit? Very effective, needs a large question bank. Cognitively challenged ,users find it hard. 6
- 7. IMAGE-RECOGNITION CAPTCHA 1.BONGO Userhas to solve a pattern recognition problem. Has to tell the distinct characteristic between two sets of figures. Then tell to which set a given figure belongs to. 7
- 8. 2.PIX Uses alarge database of labelled images. It shows a set of images, user has to recognize the common feature among those. Eg :- pick the common characteristic among the following 4 pictures = “aeroplane”. 8
- 9. Captcha inAuthentication It was introduced to use both Captcha and password in authentication protocol, called as Captcha-based Password Authentication (CbPA) protocol. The CbPA-protocol requires solving a Captcha challenge after inputting a valid pair of user ID and password. 9
- 10. CAPTCHA AS GRAPHICAL PASSWORDS-CARP A New Way to Thwart Guessing Attacks In a guessing attack, a password guess tested in an unsuccessful trial is determined wrong and excluded from subsequent trials. To counter guessing attacks, traditional approaches in designing graphical passwords aim at increasing the effective password space. Here we distinguish two types of guessing attacks: Automatic guessing attacks apply a automatic trial and error process. Human guessing attacks apply a manual trial and error process. 10
- 11. CaRP: An Overview In CaRP, a new image is generated for every login attempt. CaRP uses an alphabet of visual objects (e.g., alphanumerical characters, similar animals) to generate a CaRP image CaRP schemes are clicked-based graphical passwords. CaRP schemes can be classified into two categories: Recognition which requires recognizing an image and using the recognized objects as cues to enter a password. Recognition-recall combines the tasks of both recognition and cued-recall 11
- 12. USER AUTHENTICATION WITH CARPSCHEMES A typical way to apply CaRP schemes in user authentication is as follows. 12 Flowchart of basic CaRP authentication.
- 13. The authenticationserver AS stores a salt s and a hash value H(ρ,s) for each user ID . Upon receiving a login request, AS generates a CaRP image. The coordinates of the clicked points are recorded and sent to AS along with the user ID. AS maps the received coordinates onto the CaRP image, and recovers a sequence of visual object IDs . Then AS retrieves salt s of the account, calculates the hash value of ρ with the salt. Authentication succeeds only if the two hash values match. 13
- 14. RECOGNITION BASED CARP 1.ClickText Click Text is a recognition-based CaRP scheme built on top of text Captcha. A Click Text password is a sequence of characters in the alphabet, e.g.ρ =“AB#9CD87”, which is similar to a text password. 14 Click-Text image with 33 characters
- 15. 2.Click Animal ClickAnimal is a recognition-based CaRP scheme built on top of Captcha Zoo ,with an alphabet of similar animals such as dog, horse, cat, etc. Its password is a sequence of animal names such as ρ = “Turkey, Cat, Horse, Dog,….” 15 Captcha Zoo with horses circled red. A Click Animal image
- 16. 3.Animal Grid AnimalGrid is a combination of Click Animal and CAS. Click-A-Secret (CAS) wherein a user clicks the grid cells in his password. password. To enter a password, a Click Animal image is displayed first. After an animal is selected, an image of n × n grid appears, with the grid- grid-cell size equaling the bounding rectangle of the selected animal. 16 A ClickAnimal image 6 × 6 grid
- 17. SECURITY ANALYSIS Securityof Underlying Captcha As a framework of graphical passwords, CaRP does not rely on any specific Captcha scheme. If one Captcha scheme gets broken, a new robust Captcha scheme can be used to construct a new CaRP scheme 17
- 18. Automatic onlineguessing attcks In automatic online guessing attacks, the trial and error process is executed automatically whereas dictionaries can beconstructed manually 18
- 19. APPLICATIONS CaRP canbe applied on touch-screen devices . Many e-banking systems uses Captchas in user logins that requires solving a Captcha challenge for every online login attempt. CaRP increases spammer’s operating cost and thus helps reduce spam emails. If CaRP is combined with a policy to throttle the number of emails sent to new recipients per login session, leads to reduced outbound spam traffic. 19
- 20. CONCLUSION CaRP isboth a Captcha and a graphical password scheme. A desired security property that other graphical password schemes lack. CaRP is also resistant to Captcha relay attacks, and, if combined with dual-view technologies shoulder-surfing attacks. CaRP can also help to reduce spam emails sent from a Web email service More efforts will be attracted by CaRP than ordinary Captcha. CaRP does not rely on any specific Captcha scheme. 20
- 21. REFERENCES [1] Bin B.Zhu, Jeff Yan, Guanbo Bao, Maowei Yang, and Ning Xu “Captcha as Graphical Passwords—A New Security Primitive Based on Hard AI Problems” VOL. 9, NO. 6, JUNE 2014 [2] R. Biddle, S. Chiasson, and P. C. van Oorschot, “Graphical passwords: Learning from the first twelve years,” ACM Compute Surveys, vol. 44, no. 4, 2012. [3] I. Jermyn, A. Mayer, F. Monrose, M. Reiter, and A. Rubin, “The design and analysis of graphical passwords,” in Proc. 8th USENIX Security Symp., 1999, pp. 1–15. [4] H. Tao and C. Adams, “Pass-Go: A proposal to improve the usability of graphical passwords,” Int. J. Netw. Security , vol. 7, no. 2, pp. 273– 292, 2008. [5] S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy, and N. Memon, “PassPoints: Design and longitudinal evaluation of a graphical password system,” Int. J. HCI, vol. 63, pp. 102–127, Jul. 2005. 21
- 22.