Enhancing security against hard AI problems in user authentication using CAPTCHA as graphical passwords
S. Murugavalli, S.A.K. Jainulabudeen, G. Senthil Kumar and D. Anuradha
Abstract
Information and computer security are supported by the passwords, as passwords play a vital role in the authentication process. The traditional authentication method uses text-based passwords, which is also called alphanumeric passwords, is not reliable in data security, and to overcome these drawbacks, the graphical password scheme is introduced as an alternative to text-based passwords. But the graphical password scheme is vulnerable to shoulder surfing attacks, spyware attacks. To overcome this vulnerability of graphical passwords, an emerging technique that is Completely Automated Public Turing Tests to tell Computers and Humans Apart (CAPTCHA), as a challenge response test is generated to distinguish humans from bots in authentication. To ensure security, an alternative method to textual CAPTCHA is replaced by CAPTCHA as gRaphical Password (CaRP). As CaRP scheme has a scope of refinements in cyber security a two-way authentication method is proposed in one of the CaRP techniques of Recognition-based scheme. The graphical password scheme when compared, confer exceptional nascent outcome when it coalesces both CAPTCHA and graphical passwords.
Keyword
Textual CAPTCHAs, Authentication, Shoulder surfing attacks, Cyber security, CaRP.
Cite this article
Refference
[1][1]Zhu BB, Yan J, Bao G, Yang M, Xu N. Captcha as grRaphical passwords-a new security primitive based on hard AI problems. IEEE Transactions on Information Forensics and Security. 2014; 9(6):891-904.
[2][2]Yampolskiy RV. AI-complete, AI-hard, or AI-easy: classification of problems in artificial intelligence. 2011.
[3][3]Goutham RA, Kim DS, Yoo KY. Implicit graphical password mutual authentication using mirror-image encryption. In proceedings of the conference on research in adaptive and convergent systems 2014 (pp. 218-23). ACM.
[4][4]Thorpe J, Al-Badawi M, MacRae B, Salehi-Abari A. The presentation effect on graphical passwords. In proceedings of the SIGCHI conference on human factors in computing systems 2014 (pp. 2947-50). ACM.
[5][5]Anshuman S, Aniket AM. Graphical user authentication techniques. International Journal of Advanced Research 2015; 3(11):1101-7.
[6][6]Davis M, Divya R, Paul V, Sankaranarayanan PN. CAPCHA as graphical password. International Journal of Computer Science and Information Technologies. 2015; 6(1); 148-51.
[7][7]Haque MA, Imam B. A new graphical password: combination of recall & recognition based approach. World Academy of Science, Engineering and Technology, International Journal of Computer, Electrical, Automation, Control and Information Engineering. 2014; 8(2):320-4.
[8][8]Jermyn I, Mayer AJ, Monrose F, Reiter MK, Rubin AD. The design and analysis of graphical passwords. In Usenix security 1999.
[9][9]Tao H, Adams C. Pass-Go: A proposal to improve the usability of graphical passwords. International Journal Network Security. 2008; 7(2):273-92.
[10][10]Wiedenbeck S, Waters J, Birget JC, Brodskiy A, Memon N. Pass points: design and longitudinal evaluation of a graphical password system. International Journal of Human-Computer Studies. 2005; 63(1):102-27.
[11][11]Chiasson S, van Oorschot PC, Biddle R. Graphical password authentication using cued click points. In computer security–ESORICS 2007 (pp. 359-74). Springer Berlin Heidelberg.
[12][12]Rashmi BJ, Maheshwarappa B. Improved security using captcha as graphical password. International Journal of Advanced Research in Computer and Communication Engineering.2015; 4(5):352-4.
[13][13]Ugochukwu K, Ekeke E, Jusoh YY. A review on the graphical user authentication algorithm: recognition-based and recall-based. International Journal of Information Processing & Management. 2013; 4(3):238-52.
[14][14]Biddle R, Chiasson S, Van Oorschot PC. Graphical passwords: learning from the first twelve years. ACM Computing Surveys (CSUR). 2012; 44(4):19.
[15][15]Pinkas B, Sander T. Securing passwords against dictionary attacks. In proceedings of the ACM conference on computer and communications security 2002 (pp.161-70). ACM.
[16][16]Van Oorschot PC, Stubblebine S. On countering online dictionary attacks with login histories and humans-in-the-loop. ACM Transactions on Information and System Security. 2006; 9(3):235-58.
[17][17]Sahay D, Merchant M, Sheikh S, Shukla R, Suryavanshi S. Enhanced security in online database system using visual cryptography and water marking. International Journal of Computer Science and Information Technology Research. 2015; 3(4): 297-302.
[18][18]Kale ND, Nalgirkar MM. An ample-range survey on recall-based graphical password authentication based on multi-line grid and attack patterns. International Journal of Science and Modern Engineering. 2013; 1(5):32-6.
[19][19]Towhidi F, Masrom M. A survey on recognition based graphical user authentication algorithms. International Journal of Computer Science and Information Security. 2009; 6(2):119-27.
[20][20]Van Oorschot PC, Salehi-Abari A, Thorpe J. Purely automated attacks on passpoints-style graphical passwords. IEEE Transactions on Information Forensics and Security. 2010; 5(3):393-405.
[21][21]Van Oorschot PC, Thorpe J. Exploiting predictability in click-based graphical passwords. Journal of Computer Security. 2011; 19(4):669-702.
[22][22]Kim S, Cao X, Zhang H, Tan D. Enabling concurrent dual views on common LCD screens. In proceedings of the SIGCHI conference on human factors in computing systems 2012 (pp. 2175-84). ACM.
[23][23]Alsaleh M, Mannan M, Van Oorschot PC. Revisiting defenses against large-scale online password guessing attacks. IEEE Transactions on Dependable and Secure Computing. 2012; 9(1):128-41.
[24][24]Van Oorschot PC, Thorpe J. On predictive models and user-drawn graphical passwords. ACM Transactions on Information and System Security (TISSEC). 2008; 10(4):5.
[25][25]Gołofit K. Click passwords under investigation. In Computer Security–ESORICS 2007 (pp. 343-58). Springer Berlin Heidelberg.
[26][26]The Science Behind Passfaces. http://www.passfaces.com/published/The%20Science%20Behind%20Passfaces.pdf. Accessed 23 December 2015.
[27][27]Wang L, Chang X, Ren Z, Gao H, Liu X, Aickelin U. Against spyware using CAPTCHA in graphical password scheme. In IEEE international conference on advanced information networking and applications (AINA) 2010 (pp.760-7). IEEE.
[28][28]Dirik AE, Memon N, Birget JC. Modeling user choice in the pass points graphical password scheme. In proceedings of the 3rd symposium on usable privacy and security 2007 (pp. 20-8). ACM.
[29][29]Gawande N. Merging CAPTCHA and graphical password on NP hard problems in AI: new security enhancing Tecnhique. International Journal of Science and Research. 2014; 3(12); 980-3.
[30][30]Thorpe J, Van Oorschot PC. Human-Seeded attacks and exploiting hot-spots in graphical passwords. In USENIX security symposium 2007 (pp.103-18).
[31][31]T Wolverton. Hackers Attack eBay Accounts. http://www.zdnet.co.uk/news/networking/2002/03/ 26/hackers-attack-ebay-accounts-2107350/. Accessed 23 December 2015.
[32][32]DVLabs HT. Vienna, Austria. Top Cyber Security Risks Report, SANS Institute and Qualys Research Labs. http://dvlabs.tippingpoint.com/toprisks2010/ Accessed 23 December 2015.
[33][33]Li S, Shah S, Khan M, Khayam SA, Sadeghi AR, Schmitz R. Breaking e-banking CAPTCHAs. In proceedings of the annual computer security applications conference 2010 (pp. 171-80). ACM.
[34][34]Von Ahn L, Blum M, Hopper NJ, Langford J. CAPTCHA: using hard AI problems for security. In advances in cryptology-EUROCRYPT 2003 (pp. 294-311). Springer Berlin Heidelberg.