Advertisement

A New Secure and Usable Captcha-Based Graphical Password Scheme

  • Altaf Khan
  • Alexander G. Chefranov
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 935)

Abstract

CaRP are known graphical password schemes using Captcha visual objects for password setting. CaRP contains four schemes with different alphabet symbols used for password specification. We generalize CaRP schemes introducing Click Symbol-Alphanumeric (CS-A) scheme which as CaRP schemes, ClickText (CT), ClickAnimal (CA), AnimalGrid (AG), and ClickPoint (CP), uses a proper symbol selection on the screen by clicking, but does not specify a particular alphabet. In particular, we show that using together in one alphabet Alphanumeric (A) and Visual (V) symbols (CS-AV) improves its usability and users are more motivated towards making strong passwords. For the security analysis, we applied segmentation techniques to identify the symbols on CT and proposed CS-AV. The segmentation and symbols identification of CS-AV and CT scheme do not reveal sensitive information. This paper also studies the usability: Experiments on both schemes show that such usability feature as memorability of CS-AV is greater by 3.75% than that of CT scheme.

Keywords

Graphical password Captcha CaRP Click symbol Alphabet Segmentation Usability 

References

  1. 1.
    Shepard, R.N.: Recognition memory for words, sentences, and pictures. J. Verbal Learn. Verbal Behav. 6(1), 156–163 (1967)CrossRefGoogle Scholar
  2. 2.
    Zhu, B.B., Yan, J.D., Bao, G., Yang, M., Xu, N.: Captcha as graphical passwords - a new security primitive based on hard AI problems. IEEE Trans. Inf. Forensics Secur. 9(6), 891–904 (2014)CrossRefGoogle Scholar
  3. 3.
    von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: using hard AI problems for security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 294–311. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-39200-9_18CrossRefGoogle Scholar
  4. 4.
    Nguyen, V.D., Chow, Y.-W., Susilo, W.: A CAPTCHA scheme based on the identification of character locations. In: Huang, X., Zhou, J. (eds.) ISPEC 2014. LNCS, vol. 8434, pp. 60–74. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-06320-1_6CrossRefGoogle Scholar
  5. 5.
    Biddle, R., Sonia, C., van Oorschot, P.C.: Graphical passwords: learning from the first twelve years. ACM Comput. Surv. 44(4) (2012)CrossRefGoogle Scholar
  6. 6.
    Chellapilla, K., Larson, K., Simard, P., Czerwinski, M.: Designing human friendly human interaction proofs (HIPs). In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 711–720. ACM (2005)Google Scholar
  7. 7.
    Tang, M., Gao, H., Zhang, Y., Liu, Y., Zhang, P., Wang, P.: Research on deep learning techniques in breaking text-based Captchas and designing image-based Captcha. IEEE Trans. Inf. Forensics Secur. 13(10), 2522–2537 (2018)CrossRefGoogle Scholar
  8. 8.
    Gao, H., Tang, M., Liu, Y., Zhang, P., Liu, X.: Research on the security of Microsoft’s two-layer Captcha. IEEE Trans. Inf. Forensics Secur. 12(7), 1671–1685 (2017)CrossRefGoogle Scholar
  9. 9.
    Anton, H., Rorres, C.: Elementary linear algebra: application version - 7th editition, Howard, Drexel Unversity, ISSBN 0471-58741-9, Theorem 11.1.1, pp. 571–572 (1994)Google Scholar
  10. 10.
    El Ahmad, A.S., Yan, J., Tayara, M., The robustness of Google CAPTCHAs University of Newcastle, UK, Technical Report 1278, 1–15 (2011)Google Scholar
  11. 11.
    GSA Captcha segmentation. http://www.gsa-online.de/
  12. 12.
    Captcha Sniper available. http://www.Captchasniper.com/
  13. 13.
    Free online OCR [online]. http://www.i2ocr.com/
  14. 14.
    Free online OCR [online]. http://www.free-ocr.com/
  15. 15.
  16. 16.
    John the Ripper Password Cracker [Online]. http://www.openwall.com/john/
  17. 17.
    Openwall Wordlists Collection [Online]. http://www.openwall.com/wordlists/
  18. 18.
    Furnel, S., Esmael, R., Yang, W., Li, N.: Enhancing security behaviour by supporting the user. Comput. Secur. Jan 31 (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Department of Computer EngineeringEastern Mediterranean University, TRNCMersin 10Turkey

Personalised recommendations