Abstract

Text-based password schemes have inherent security and usability problems, leading to the development of graphical password schemes. However, most of these alternate schemes are vulnerable to spyware attacks. We propose a new scheme, using CAPTCHA (Completely Automated Public Turing tests to tell Computers and Humans Apart) that retaining the advantages of graphical password schemes, while simultaneously raising the cost of adversaries by orders of magnitude. Furthermore, some primary experiments are conducted and the results indicate that the usability should be improved in the future work.

Highlights

  • A key area in security research and practice is authentication, the determination of whether a user should be allowed to access to a given system or resource

  • There have been several graphical password schemes, such as [7, 18, 2026]. They have overcome some drawbacks of traditional password schemes, but most of the current graphical password schemes remain vulnerable to spyware attacks

  • Observing that a practical spyware attack is done by an automated program, we propose a new approach where CAPTCHA is exploited

Read more

Summary

INTRODUCTION

A key area in security research and practice is authentication, the determination of whether a user should be allowed to access to a given system or resource. The most common and convenient authentication method is the traditional alphanumeric password. Their inherent security and usability problems [6,7,8,9,10,11] led to the development of graphical passwords as an alternative. How to protect passwords effectively against spyware attack continues to be a problem. Observing that a practical spyware attack is done by an automated program, we propose a new approach where CAPTCHA is exploited. Our proposal creates an innovative use of CAPTCHA in the context of graphical passwords to provide better password protection against spyware attacks. We have proposed a new authentication scheme combining graphical passwords with text-based CAPTCHA.

RELATED WORKS
OUR SCHEME
The Basic Scheme
The Imporved Scheme
Capability to Withstand Spyware
The Size of the Password Space
Brute Force Attacks
EXPERIMENTAL MENTHODOLOGY
The Mean Success Login Percentage
The Mean Login Time
Password Memorability
DISCUSSION
VIII. CONCLUSION AND FUTURE WORKS
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Against Spyware Using CAPTCHA in Graphical Password Scheme
Liming Wang ... Xiuling Chang
-
Liming Wang, et. al.Liming Wang ... Xiuling Chang
01 Jan 2009
An Improved Adaptive Noise Reduction for Secured CAPTCHA
Anjali Chandavale ... Ashok Sapkal
-
Anjali Chandavale, et. al.Anjali Chandavale ... Ashok Sapkal
01 Nov 2011
사용자 편의성과 효율성을 증진하기 위한 신뢰도 높은 이미지-텍스트 융합 CAPTCHA
Kwang-Ho Moon ... Yoo-Sung Kim
The KIPS Transactions:PartC | VOL. 17C
Kwang-Ho Moon, et. al.Kwang-Ho Moon ... Yoo-Sung Kim
28 Feb 2010
Automated CAPTCHA Generation from Annotated Images Using Encoder Decoder Architecture
Madhura Das ... Anantharaman Narayana
-
Madhura Das, et. al.Madhura Das ... Anantharaman Narayana
01 Dec 2016
View more papers

More From: SSRN

Paper Title
Journal
Date
Author
CAKE: An Efficient Group Key Management for Dynamic Groups
Peter Hillmann ... Klement Streit
SSRN | VOL. -
Peter Hillmann, et. al.Peter Hillmann ... Klement Streit
01 Jan 2024
The Truth About Assertion and Retraction: a Review of the Empirical Literature
Markus Kneer ... Neri Marsili
SSRN | VOL. -
Markus Kneer, et. al.Markus Kneer ... Neri Marsili
01 Jan 2024
Choosing and Using Information in Evaluation Decisions
Katherine Coffman ... Scott Kostyshak
SSRN | VOL. -
Katherine Coffman, et. al.Katherine Coffman ... Scott Kostyshak
01 Jan 2024
Optimal Monotone Market-Based Contracts
Nikolaj Niebuhr Lambertsen
SSRN | VOL. -
Nikolaj Niebuhr LambertsenNikolaj Niebuhr Lambertsen
01 Jan 2024
View more papers