Captcha as Graphical Passwords—A
New Security
Primitive
Based on Hard AI Problems
ABSTRACT
In this paper, we present a new security primitive based on hard AI
problems, namely, a novel family of graphical password systems built on top of
Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP
is both a Captcha and a graphical password scheme. CaRP addresses a number of
security problems altogether, such as online guessing attacks, relay attacks,
and, if combined with dual-view technologies, shoulder-surfing attacks.
Notably, a CaRP password can be found only probabilistically by automatic
online guessing attacks even if the password is in the search set. CaRP also
offers a novel approach to address the well-known image hotspot problem in
popular graphical password systems, such as PassPoints, that often leads to
weak password choices.
Many security primitives are based on hard mathematical problems. Using
hard AI problems for security is emerging as an exciting new paradigm, but has
been underexplored.
CaRP is not a
panacea, but it offers reasonable security and usability and appears to fit
well with some practical applications
for improving online security.
.
Existing System
Security primitives are based on hard mathematical problems. Using hard
AI problems for security is emerging as an exciting new paradigm, but has been
underexplored. A
FUNDAMENTAL
task in security is to create cryptographic
primitives based on hard mathematical problems that are computationally
intractable.
Disadvantages
1.
This paradigm has achieved just a
limited success as compared with the cryptographic primitives based on hard
math problems and their wide applications.
1.
Using hard AI (Artificial Intelligence)
problems for security, initially proposed in [17], is an exciting new paradigm.
Under this paradigm, the most notable primitive invented is Captcha, which
distinguishes human users from computers by presenting a challenge.
Proposed System
We present a new security primitive based on
hard AI problems, namely, a novel family of graphical password systems built on
top of Captcha technology,
which we call Captcha as graphical passwords (CaRP).
CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number
of security problems altogether, such as online guessing attacks, relay
attacks, and, if combined with
dual-view technologies, shoulder-surfing attacks.
Notably, a CaRP password can be found only probabilistically by automatic
online guessing attacks even if the password is in the search set. CaRP also
offers a novel approach to address the well-known image hotspot problem in
popular graphical password systems, such as PassPoints, that often leads to
weak password choices. CaRP is not a panacea, but it offers reasonable security
and usability and appears to fit well with some practical applications for
improving online security.We present exemplary CaRPs built on
both text Captcha and image-recognition Captcha. One of them is a text CaRP
wherein a password is a sequence of characters like a text password, but
entered by clicking the right character sequence on CaRP images. CaRP offers
protection against online dictionary attacks on passwords, which have been for
long time a major security threat for various online services. This threat is
widespread and considered as a top cyber security risk. Defense against online
dictionary attacks is a more subtle problem than it might appear.
Advantages:
1.
It offers reasonable security and usability and
appears to fit well with some practical applications for improving online
security.
2.
This
threat is widespread and considered as a top cyber security risk. Defense
against online dictionary attacks is a more subtle problem than
it might
appear.
Main Modules:-
1.
Graphical Password :
2.
Captica in
Authentication:
3.
Thwart
Guessing Attacks :
4.
Security
Of Underlying Captcha:
Graphical Password :
In this module, Users are having authentication and
security to access the detail which is presented in the Image system. Before
accessing or searching the details user should have the account in that
otherwise they should register first.
System Configuration:-
H/W System Configuration:-
Processor - Pentium –III
Speed - 1.1 Ghz
RAM - 256
MB(min)
Hard Disk - 20 GB
Floppy Drive - 1.44 MB
Key Board - Standard Windows Keyboard
Mouse - Two or Three Button Mouse
Monitor - SVGA
S/W System Configuration:-
v Operating System :Windows95/98/2000/XP
v Application
Server : Tomcat5.0/6.X
v Front End : HTML, Java, Jsp
v Scripts : JavaScript.
v Server side Script :
Java Server Pages.
v Database : Mysql 5.0
v
Database
Connectivity : JDBC.
No comments:
Post a Comment