Optimized Face Image CAPTCHA as Graphical Password

Most of the existing security primitives are based on hard AI problems. But these have been underexplored. This paper introduce a novel family of graphical password build on top of CAPTCHA technology. It is a combination of both CAPTCHA and a graphical password scheme. Many online security problems like online dictionary attack, relay attacks, brute force attacks can be overcomed by this scheme. Password can be found only probablistically in guessing attacks. The system uses a novel face image CAPTCHA which are optimized using genetic learning algorithm. The CAPTCHA combines touch based input methods favoured by mobile devices. They provide a high level security toward automated computer attacks. Keywords—Graphical password, CaRP, Captcha, dictionary attack, relay attack,brute force attack

[1]  Henry S. Baird,et al.  BaffleText: a Human Interactive Proof , 2003, IS&T/SPIE Electronic Imaging.

[2]  Henry S. Baird,et al.  ScatterType: a reading CAPTCHA resistant to segmentation attack , 2005, IS&T/SPIE Electronic Imaging.

[3]  Henry S. Baird,et al.  A Highly Legible CAPTCHA That Resists Segmentation Attacks , 2005, HIP.

[4]  Julie Thorpe,et al.  Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords , 2007, USENIX Security Symposium.

[5]  Nasir D. Memon,et al.  Modeling user choice in the PassPoints graphical password scheme , 2007, SOUPS '07.

[6]  Julie Thorpe,et al.  Purely Automated Attacks on PassPoints-Style Graphical Passwords , 2010, IEEE Transactions on Information Forensics and Security.

[7]  Nasir D. Memon,et al.  PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[8]  Haichang Gao,et al.  A new graphical password scheme against spyware by using CAPTCHA , 2009, SOUPS.

[9]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[10]  Benny Pinkas,et al.  Securing passwords against dictionary attacks , 2002, CCS '02.

[11]  Krzysztof Golofit Click Passwords Under Investigation , 2007, ESORICS.

[12]  Uwe Aickelin,et al.  Against Spyware Using CAPTCHA in Graphical Password Scheme , 2010 .

[13]  Uwe Aickelin,et al.  Against Spyware Using CAPTCHA in Graphical Password Scheme , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[14]  Henry S. Baird,et al.  ScatterType: a legible but hard-to-segment CAPTCHA , 2005, Eighth International Conference on Document Analysis and Recognition (ICDAR'05).

[15]  Jeff Yan,et al.  A low-cost attack on a Microsoft captcha , 2008, CCS.