Date of Publication :7th May 2015
Abstract: Textual passwords are the most common method used for authentication. But textual passwords are vulnerable to eves dropping, dictionary attacks, social engineering and shoulder surfing. New security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP also offers a novel approach to address the well- known image hotspot problem in popular graphical password systems, such as Pass Points, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security and also implement for Text can be combined with images or colors to generate session passwords for authentication. Session passwords can be used only once and every time a new password is generated. The two techniques are proposed to generate session passwords using text and colours which are resistant to shoulder surfing, and also implement PGRP protocol for prevent any vulnerable attackers.
Reference :
-
- Alsaleh.M, Mannan.M, and van Oorschot P.C(Jan./Feb. 2012), “Revisiting defenses against large-scale online password guessing attacks,” IEEE Trans. Dependable Secure Comput., vol. 9, no. 1, pp.128–141.
- Biddle.R, Chiasson.S, and van Oorschot.P.C(2012), “Graphical passwords: Learning from the first twelve years,” ACM Comput. Surveys, vol. 44, no. 4.
- Bonneau.J(Jun. 2012), “The science of guessing: Analyzing an anonymized corpus of 70 million passwords,” in Proc. IEEE Symp. Security Privacy, , pp. 20–25.
- Chellapilla.K, Larson.K, Simard.L, and Czerwinski.M(2005), “Computers beat humans at single character recognition in reading-based human interaction proofs,” in Proc. 2nd Conf. Email Anti- Spam, pp. 1–3
- Chiasson.S, van Oorschot.P.C, and Biddle.R(2007), “Graphical password authentication using cued click points,” in Proc. ESORICS,pp. 359–374.
- .Chiasson.S, Forget.A, Biddle.R(2008), and van Oorschot.P.C, “Influencing users towards better passwords: Persuasive cued click-points,” in Proc. Brit. HCI Group Annu. Conf. People Comput., Culture, Creativity, Interaction, vol. 1, pp. 121–130.
- Dirik.E, Memon.N, and Birget(2007), “Modeling user choice in the passpoints graphical password scheme,” in Proc. Symp. Usable Privacy Security, pp. 20–28.
- Davis.D, Monrose.F, and Reiter.M(2004), “On user choice in graphical password schemes,” in Proc. USENIX Security, pp. 1–11.
- Dunphy.P and Yan.J(2007), “Do background images improve ‘Draw a Secret’ graphical passwords,” in Proc. ACM CCS, pp. 1–12.
- Elson.J, Douceur.J.R, Howell.J, and Saul.J(2007), “Asirra: A CAPTCHA that exploits interest-aligned manual image categorization,” in Proc. ACM CCS, pp. 366–374.
- Gao.H, Liu.X, Wang.S, and Dai.R(2009), “A new graphical password scheme against spyware by using CAPTCHA,” in Proc. Symp. Usable Privacy Security, pp. 760–767.
- Golle.P(2008), “Machine learning attacks against the Asirra CAPTCHA,” in Proc. ACM CCS, pp. 535–542.
- Golofit.K(2007), “Click passwords under investigation,” in Proc. ESORICS, pp. 343–358
- .Joshi.N (2009, Nov. 29). Koobface Worm Asks for CAPTCHA [Online]. Available: http://blogs.mcafee.com/mcafee-labs/koobface