Captcha
ABSTRACT
Many security
primitives are based on hard mathematical problems. Using hard AI problems for
security is emerging as an exciting new paradigm, but has been underexplored. In
this paper, we present a new security primitive based on hard AI problems,
namely, a novel family of graphical password systems built on top of Captcha
technology, which we call Captcha as graphical passwords (CaRP).
CaRP is both a Captcha and a graphical
password scheme. CaRP addresses a number of security problems altogether, such
as online guessing attacks, relay attacks, and, if combined with dual-view
technologies, shoulder-surfing attacks. Notably, a CaRP password can be found
only probabilistically by automatic online
Guessing attacks
even if the password is in the search set. CaRP also offers a novel approach to
address the well-known image hotspot problem in popular graphical password
systems, such as Pass Points that often leads to weak password choices.
Carp is not a panacea,
but it offers reasonable security and usability and appears to fit well with
some practical applications for improving online security.
No comments:
Post a Comment