Captcha as Graphical Passwords�A New Security Primitive Based on Hard AI Problems
|Captcha as Graphical Passwords—A New Security Primitive Based|
|on Hard AI Problems|
Many security primitives are based on hard mathematical problems. Using hard AI problems forsecurity is emerging as an exciting new paradigm, but has been under-explored. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphicalpassword systems built on top of Captcha technology, which we call Captcha as graphical passwords(CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number ofsecurity problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphicalpassword systems, such as PassPoints, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security.
Comments are closed.