(Publisher of Peer Reviewed Open Access Journals)
Navigation

International Journal of Advanced Computer Research (IJACR)

ISSN (Print):2249-7277    ISSN (Online):2277-7970
Volume-6 Issue-24 May-2016
Full-Text PDF
DOI:10.19101/IJACR.2016.624001
Paper Title : Enhancing security against hard AI problems in user authentication using CAPTCHA as graphical passwords
Author Name : S. Murugavalli, S.A.K. Jainulabudeen, G. Senthil Kumar and D. Anuradha
Abstract :

Information and computer security are supported by the passwords, as passwords play a vital role in the authentication process. The traditional authentication method uses text-based passwords, which is also called alphanumeric passwords, is not reliable in data security, and to overcome these drawbacks, the graphical password scheme is introduced as an alternative to text-based passwords. But the graphical password scheme is vulnerable to shoulder surfing attacks, spyware attacks. To overcome this vulnerability of graphical passwords, an emerging technique that is Completely Automated Public Turing Tests to tell Computers and Humans Apart (CAPTCHA), as a challenge response test is generated to distinguish humans from bots in authentication. To ensure security, an alternative method to textual CAPTCHA is replaced by CAPTCHA as gRaphical Password (CaRP). As CaRP scheme has a scope of refinements in cyber security a two-way authentication method is proposed in one of the CaRP techniques of Recognition-based scheme. The graphical password scheme when compared, confer exceptional nascent outcome when it coalesces both CAPTCHA and graphical passwords.
Keywords : Textual CAPTCHAs, Authentication, Shoulder surfing attacks, Cyber security, CaRP.
Cite this article : S. Murugavalli, S.A.K. Jainulabudeen, G. Senthil Kumar and D. Anuradha, " Enhancing security against hard AI problems in user authentication using CAPTCHA as graphical passwords " , International Journal of Advanced Computer Research (IJACR), Volume-6, Issue-24, May-2016 ,pp.93-99.DOI:10.19101/IJACR.2016.624001
References :
[1]Zhu BB, Yan J, Bao G, Yang M, Xu N. Captcha as grRaphical passwords-a new security primitive based on hard AI problems. IEEE Transactions on Information Forensics and Security. 2014; 9(6):891-904.
[Crossref] [Google Scholar]
[2]Yampolskiy RV. AI-complete, AI-hard, or AI-easy: classification of problems in artificial intelligence. 2011.
[Google Scholar]
[3]Goutham RA, Kim DS, Yoo KY. Implicit graphical password mutual authentication using mirror-image encryption. In proceedings of the conference on research in adaptive and convergent systems 2014 (pp. 218-23). ACM.
[Crossref] [Google Scholar]
[4]Thorpe J, Al-Badawi M, MacRae B, Salehi-Abari A. The presentation effect on graphical passwords. In proceedings of the SIGCHI conference on human factors in computing systems 2014 (pp. 2947-50). ACM.
[Crossref] [Google Scholar]
[5]Anshuman S, Aniket AM. Graphical user authentication techniques. International Journal of Advanced Research 2015; 3(11):1101-7.
[6]Davis M, Divya R, Paul V, Sankaranarayanan PN. CAPCHA as graphical password. International Journal of Computer Science and Information Technologies. 2015; 6(1); 148-51.
[Google Scholar]
[7]Haque MA, Imam B. A new graphical password: combination of recall & recognition based approach. World Academy of Science, Engineering and Technology, International Journal of Computer, Electrical, Automation, Control and Information Engineering. 2014; 8(2):320-4.
[Google Scholar]
[8]Jermyn I, Mayer AJ, Monrose F, Reiter MK, Rubin AD. The design and analysis of graphical passwords. In Usenix security 1999.
[Google Scholar]
[9]Tao H, Adams C. Pass-Go: A proposal to improve the usability of graphical passwords. International Journal Network Security. 2008; 7(2):273-92.
[Google Scholar]
[10]Wiedenbeck S, Waters J, Birget JC, Brodskiy A, Memon N. Pass points: design and longitudinal evaluation of a graphical password system. International Journal of Human-Computer Studies. 2005; 63(1):102-27.
[Crossref] [Google Scholar]
[11]Chiasson S, van Oorschot PC, Biddle R. Graphical password authentication using cued click points. In computer security–ESORICS 2007 (pp. 359-74). Springer Berlin Heidelberg.
[Crossref] [Google Scholar]
[12]Rashmi BJ, Maheshwarappa B. Improved security using captcha as graphical password. International Journal of Advanced Research in Computer and Communication Engineering.2015; 4(5):352-4.
[Google Scholar]
[13]Ugochukwu K, Ekeke E, Jusoh YY. A review on the graphical user authentication algorithm: recognition-based and recall-based. International Journal of Information Processing & Management. 2013; 4(3):238-52.
[Google Scholar]
[14]Biddle R, Chiasson S, Van Oorschot PC. Graphical passwords: learning from the first twelve years. ACM Computing Surveys (CSUR). 2012; 44(4):19.
[Crossref] [Google Scholar]
[15]Pinkas B, Sander T. Securing passwords against dictionary attacks. In proceedings of the ACM conference on computer and communications security 2002 (pp.161-70). ACM.
[Crossref] [Google Scholar]
[16]Van Oorschot PC, Stubblebine S. On countering online dictionary attacks with login histories and humans-in-the-loop. ACM Transactions on Information and System Security. 2006; 9(3):235-58.
[Crossref] [Google Scholar]
[17]Sahay D, Merchant M, Sheikh S, Shukla R, Suryavanshi S. Enhanced security in online database system using visual cryptography and water marking. International Journal of Computer Science and Information Technology Research. 2015; 3(4): 297-302.
[18]Kale ND, Nalgirkar MM. An ample-range survey on recall-based graphical password authentication based on multi-line grid and attack patterns. International Journal of Science and Modern Engineering. 2013; 1(5):32-6.
[Google Scholar]
[19]Towhidi F, Masrom M. A survey on recognition based graphical user authentication algorithms. International Journal of Computer Science and Information Security. 2009; 6(2):119-27.
[Google Scholar]
[20]Van Oorschot PC, Salehi-Abari A, Thorpe J. Purely automated attacks on passpoints-style graphical passwords. IEEE Transactions on Information Forensics and Security. 2010; 5(3):393-405.
[Crossref] [Google Scholar]
[21]Van Oorschot PC, Thorpe J. Exploiting predictability in click-based graphical passwords. Journal of Computer Security. 2011; 19(4):669-702.
[Crossref] [Google Scholar]
[22]Kim S, Cao X, Zhang H, Tan D. Enabling concurrent dual views on common LCD screens. In proceedings of the SIGCHI conference on human factors in computing systems 2012 (pp. 2175-84). ACM.
[Crossref] [Google Scholar]
[23]Alsaleh M, Mannan M, Van Oorschot PC. Revisiting defenses against large-scale online password guessing attacks. IEEE Transactions on Dependable and Secure Computing. 2012; 9(1):128-41.
[Crossref] [Google Scholar]
[24]Van Oorschot PC, Thorpe J. On predictive models and user-drawn graphical passwords. ACM Transactions on Information and System Security (TISSEC). 2008; 10(4):5.
[Crossref] [Google Scholar]
[25]Gołofit K. Click passwords under investigation. In Computer Security–ESORICS 2007 (pp. 343-58). Springer Berlin Heidelberg.
[Crossref] [Google Scholar]
[26]The Science Behind Passfaces. http://www.passfaces.com/published/The%20Science%20Behind%20Passfaces.pdf. Accessed 23 December 2015.
[27]Wang L, Chang X, Ren Z, Gao H, Liu X, Aickelin U. Against spyware using CAPTCHA in graphical password scheme. In IEEE international conference on advanced information networking and applications (AINA) 2010 (pp.760-7). IEEE.
[Crossref] [Google Scholar]
[28]Dirik AE, Memon N, Birget JC. Modeling user choice in the pass points graphical password scheme. In proceedings of the 3rd symposium on usable privacy and security 2007 (pp. 20-8). ACM.
[Crossref] [Google Scholar]
[29]Gawande N. Merging CAPTCHA and graphical password on NP hard problems in AI: new security enhancing Tecnhique. International Journal of Science and Research. 2014; 3(12); 980-3.
[Google Scholar]
[30]Thorpe J, Van Oorschot PC. Human-Seeded attacks and exploiting hot-spots in graphical passwords. In USENIX security symposium 2007 (pp.103-18).
[Google Scholar]
[31]T Wolverton. Hackers Attack eBay Accounts. http://www.zdnet.co.uk/news/networking/2002/03/ 26/hackers-attack-ebay-accounts-2107350/. Accessed 23 December 2015.
[32]DVLabs HT. Vienna, Austria. Top Cyber Security Risks Report, SANS Institute and Qualys Research Labs. http://dvlabs.tippingpoint.com/toprisks2010/ Accessed 23 December 2015.
[33]Li S, Shah S, Khan M, Khayam SA, Sadeghi AR, Schmitz R. Breaking e-banking CAPTCHAs. In proceedings of the annual computer security applications conference 2010 (pp. 171-80). ACM.
[Crossref] [Google Scholar]
[34]Von Ahn L, Blum M, Hopper NJ, Langford J. CAPTCHA: using hard AI problems for security. In advances in cryptology-EUROCRYPT 2003 (pp. 294-311). Springer Berlin Heidelberg.
[Crossref] [Google Scholar]