The University of Southampton
University of Southampton Institutional Repository

Captcha as graphical passwords - a new security primitive based on hard AI problems

Captcha as graphical passwords - a new security primitive based on hard AI problems
Captcha as graphical passwords - a new security primitive based on hard AI problems

Many security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm, but has been under-explored. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphical password systems, such as PassPoints, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security.

1556-6013
891-904
Zhu, Bin B.
ac66f851-8282-4ebf-918e-284693cc1d4f
Yan, Jeff
a2c03187-3722-46c8-b73b-439eb9d1a10e
Bao, Guanbo
0bc507a3-ecf3-4556-a011-e632d10c56c1
Yang, Maowei
ee8d852b-f889-4077-b74b-3045a40b3a8f
Xu, Ning
bf61c09c-898d-446b-8d00-dea5ec938797
Zhu, Bin B.
ac66f851-8282-4ebf-918e-284693cc1d4f
Yan, Jeff
a2c03187-3722-46c8-b73b-439eb9d1a10e
Bao, Guanbo
0bc507a3-ecf3-4556-a011-e632d10c56c1
Yang, Maowei
ee8d852b-f889-4077-b74b-3045a40b3a8f
Xu, Ning
bf61c09c-898d-446b-8d00-dea5ec938797

Zhu, Bin B., Yan, Jeff, Bao, Guanbo, Yang, Maowei and Xu, Ning (2014) Captcha as graphical passwords - a new security primitive based on hard AI problems. IEEE Transactions on Information Forensics and Security, 9 (6), 891-904, [6775249]. (doi:10.1109/TIFS.2014.2312547).

Record type: Article

Abstract

Many security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm, but has been under-explored. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphical password systems, such as PassPoints, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security.

This record has no associated files available for download.

More information

Published date: June 2014

Identifiers

Local EPrints ID: 500860
URI: http://eprints.soton.ac.uk/id/eprint/500860
ISSN: 1556-6013
PURE UUID: 16389f45-3060-4225-a4fe-bb3e1c7950de

Catalogue record

Date deposited: 14 May 2025 16:50
Last modified: 14 May 2025 16:50

Export record

Altmetrics

Contributors

Author: Bin B. Zhu
Author: Jeff Yan
Author: Guanbo Bao
Author: Maowei Yang
Author: Ning Xu

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×