Abstract
Many security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm, but has been under-explored. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphical password systems, such as PassPoints, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security.
Original language | English |
---|---|
Article number | 6775249 |
Pages (from-to) | 891-904 |
Number of pages | 14 |
Journal | IEEE Transactions on Information Forensics and Security |
Volume | 9 |
Issue number | 6 |
DOIs | |
Publication status | Published - 1 Jun 2014 |
Keywords
- CAPTCHAs
- authentication
- animals
- visualization
- artificial intelligence
- usability
- security primitive