Captcha as graphical passwords - a new security primitive based on hard AI problems
Captcha as graphical passwords - a new security primitive based on hard AI problems
Many security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm, but has been under-explored. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphical password systems, such as PassPoints, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security.
891-904
Zhu, Bin B.
ac66f851-8282-4ebf-918e-284693cc1d4f
Yan, Jeff
a2c03187-3722-46c8-b73b-439eb9d1a10e
Bao, Guanbo
0bc507a3-ecf3-4556-a011-e632d10c56c1
Yang, Maowei
ee8d852b-f889-4077-b74b-3045a40b3a8f
Xu, Ning
bf61c09c-898d-446b-8d00-dea5ec938797
June 2014
Zhu, Bin B.
ac66f851-8282-4ebf-918e-284693cc1d4f
Yan, Jeff
a2c03187-3722-46c8-b73b-439eb9d1a10e
Bao, Guanbo
0bc507a3-ecf3-4556-a011-e632d10c56c1
Yang, Maowei
ee8d852b-f889-4077-b74b-3045a40b3a8f
Xu, Ning
bf61c09c-898d-446b-8d00-dea5ec938797
Zhu, Bin B., Yan, Jeff, Bao, Guanbo, Yang, Maowei and Xu, Ning
(2014)
Captcha as graphical passwords - a new security primitive based on hard AI problems.
IEEE Transactions on Information Forensics and Security, 9 (6), , [6775249].
(doi:10.1109/TIFS.2014.2312547).
Abstract
Many security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm, but has been under-explored. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphical password systems, such as PassPoints, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security.
This record has no associated files available for download.
More information
Published date: June 2014
Identifiers
Local EPrints ID: 500860
URI: http://eprints.soton.ac.uk/id/eprint/500860
ISSN: 1556-6013
PURE UUID: 16389f45-3060-4225-a4fe-bb3e1c7950de
Catalogue record
Date deposited: 14 May 2025 16:50
Last modified: 14 May 2025 16:50
Export record
Altmetrics
Contributors
Author:
Bin B. Zhu
Author:
Jeff Yan
Author:
Guanbo Bao
Author:
Maowei Yang
Author:
Ning Xu
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics