Captcha as Graphical PasswordsA New Security

Primitive Based on Hard AI Problems

ABSTACT
Many security primitives are based on hard mathematical problems. Using hard AI
problems for security is emerging as an exciting new paradigm, but has been underexplored. In
this paper, we present a new security primitive based on hard AI problems, namely, a novel
family of graphical password systems built on top of Captcha technology, which we call Captcha
as graphical passwords (Ca!". Ca! is both a Captcha and a graphical password scheme. Ca!
addresses a number of security problems altogether, such as online guessing attac#s, relay
attac#s, and, if combined with dual$view technologies, shoulder$surfing attac#s. %otably, a Ca!
password can be found only probabilistically by automatic online
guessing attac#s even if the password is in the search set. Ca! also offers a novel approach to
address the well$#nown image hotspot problem in popular graphical password systems, such as
!ass!oints, that often leads to wea# password choices.
Ca! is not a panacea, but it offers reasonable security and usability and appears to fit well with
some practical applications for improving online security.
GLOBALSOFT TECHNOLOGIES
IEEE PROJECTS & SOFTWARE DEVELOPMENTS
IEEE FINAL YEAR PROJECTS|IEEE ENGINEERING PROJECTS|IEEE STUDENTS PROJECTS|IEEE
BULK PROJECTS|BE/BTECH/ME/MTECH/MS/MCA PROJECTS|CSE/IT/ECE/EEE PROJECTS
CELL: +91 9!9" #9$"% +91 99&&' #"(% +91 9!9" "(9$% +91 9($1! !$!$1
V)*)+: ,,,-.)/012304546738+*-649 M0)1 +6:)333.)/01*3:546738+*;9:0)1-86:
GLOBALSOFT TECHNOLOGIES
IEEE PROJECTS & SOFTWARE DEVELOPMENTS
IEEE FINAL YEAR PROJECTS|IEEE ENGINEERING PROJECTS|IEEE STUDENTS PROJECTS|IEEE
BULK PROJECTS|BE/BTECH/ME/MTECH/MS/MCA PROJECTS|CSE/IT/ECE/EEE PROJECTS
CELL: +91 9!9" #9$"% +91 99&&' #"(% +91 9!9" "(9$% +91 9($1! !$!$1
V)*)+: ,,,-.)/012304546738+*-649 M0)1 +6:)333.)/01*3:546738+*;9:0)1-86:
.
!"istin# System
&ecurity primitives are based on hard mathematical problems. Using hard AI
problems for security is emerging as an exciting new paradigm, but has been underexplored. A
'U%(AM)%*A+ tas# in security is to create cryptographic primitives based on hard
mathematical problems that are computationally intractable.
$isadvanta#es
,. *his paradigm has achieved -ust a limited success as compared with the
cryptographic primitives based on hard math problems and their wide
applications.
,. Using hard AI (Artificial Intelligence" problems for security, initially
proposed in .,/0, is an exciting new paradigm. Under this paradigm, the
most notable primitive invented is Captcha, which distinguishes human
users from computers by presenting a challenge.
Proposed System
1e present a new security primitive based on hard AI problems, namely, a novel family
of graphical password systems built on top of Captcha technology,
which we call Captcha as graphical passwords (Ca!". Ca! is both a Captcha and a graphical
password scheme. Ca! addresses a number of security problems altogether, such as online
guessing attac#s, relay attac#s, and, if combined with
dual$view technologies, shoulder$surfing attac#s. %otably, a Ca! password can be found only
probabilistically by automatic online guessing attac#s even if the password is in the search set.
Ca! also offers a novel approach to address the well$#nown image hotspot problem in popular
graphical password systems, such as !ass!oints, that often leads to wea# password choices.
Ca! is not a panacea, but it offers reasonable security and usability and appears to fit well with
some practical applications for improving online security%1e present exemplary Ca!s built on
both text Captcha and image$recognition Captcha. 2ne of them is a text Ca! wherein a
password is a se3uence of characters li#e a text password, but entered by clic#ing the right
character se3uence on Ca! images. Ca! offers protection against online dictionary attac#s on
passwords, which have been for long time a ma-or security threat for various online services.
*his threat is widespread and considered as a top cyber security ris#. (efense against online
dictionary attac#s is a more subtle problem than it might appear.
Advanta#es:
,. It offers reasonable security and usability and appears to fit well with some
practical applications for improving online security.
4. *his threat is widespread and considered as a top cyber security ris#.
(efense against online dictionary attac#s is a more subtle problem than
it might appear.
I&P'!&!NTATI(N
Implementation is the stage of the pro-ect when the theoretical design is turned out
into a wor#ing system. *hus it can be considered to be the most critical stage in achieving a
successful new system and in giving the user, confidence that the new system will wor# and
be effective.
*he implementation stage involves careful planning, investigation of the existing
system and it5s constraints on implementation, designing of methods to achieve changeover
and evaluation of changeover methods.
&ain &odules)*
,. Graphical Password )
In this module, Users are having authentication and security to access the detail which is
presented in the Image system. 6efore accessing or searching the details user should have the
account in that otherwise they should register first.
4. Captica in Authentication)
It was introduced in .,70 to use both Captcha and password in a user authentication
protocol, which we call Captcha-based Password Authentication (CbPA) protocol, to counter
online dictionary attac#s. *he Cb!A$protocol in re3uires solving a Captcha challenge after
inputting a valid pair of user I( and password unless a valid browser coo#ie is received. 'or an
invalid pair of user I( and password, the user has a certain probability to solve a Captcha
challenge before being denied access.
+% Thwart Guessin# Attac,s )
In a guessing attac#, a password guess tested in an unsuccessful trial is determined wrong
and excluded from subse3uent trials. *he number of undetermined password guesses decreases
with more trials, leading to a better chance of finding the password. *o counter guessing attac#s,
traditional approaches in designing graphical passwords aim at increasing the effective password
space to ma#e passwords harder to guess and thus re3uire more trials. %o matter how secure a
graphical password scheme is, the password can always be found by a brute force attac#. In this
paper, we distinguish two types of guessing
attac#s8 automatic guessing attacks apply an automatic trial and error process but S can be
manually constructed whereas human guessing attacks apply a manual trial and error process.
-% Security (. /nderlyin# Captcha)
Computational intractability in recogni9ing ob-ects in Ca! images is fundamental to
Ca!. )xisting analyses on Captcha security were mostly case by case or used an approximate
process. %o theoretic security model has been established yet. 2b-ect segmentation is considered
as a computationallyexpensive,
combinatorially$hard problem, which modern text Captcha schemes rely on.
System Con.i#uration)*
H01 System Con.i#uration)*
Processor * Pentium 2III
Speed * 3%3 Gh4
A& * 567 &B8min9
Hard $is, * 5: GB
;loppy $rive * 3%-- &B
<ey Board * Standard 1indows <eyboard
&ouse * Two or Three Button &ouse
&onitor * S=GA
S01 System Con.i#uration)*
2perating &ystem 81indows:;<:=<4>>><?!
Application &erver 8 *omcat;.><@.?
'ront )nd 8 A*M+, Bava, Bsp
&cripts 8 Bava&cript.
&erver side &cript 8 Bava &erver !ages.
(atabase 8 Mys3l ;.>
(atabase Connectivity 8 B(6C.