Abstract
Text-based password schemes have inherent security and usability problems, leading to the development of graphical password schemes. However, most of these alternate schemes are vulnerable to spyware attacks. We propose a new scheme, using CAPTCHA (Completely Automated Public Turing tests to tell Computers and Humans Apart) that retaining the advantages of graphical password schemes, while simultaneously raising the cost of adversaries by orders of magnitude. Furthermore, some primary experiments are conducted and the results indicate that the usability should be improved in the future work.
Highlights
A key area in security research and practice is authentication, the determination of whether a user should be allowed to access to a given system or resource
There have been several graphical password schemes, such as [7, 18, 2026]. They have overcome some drawbacks of traditional password schemes, but most of the current graphical password schemes remain vulnerable to spyware attacks
Observing that a practical spyware attack is done by an automated program, we propose a new approach where CAPTCHA is exploited
Summary
A key area in security research and practice is authentication, the determination of whether a user should be allowed to access to a given system or resource. The most common and convenient authentication method is the traditional alphanumeric password. Their inherent security and usability problems [6,7,8,9,10,11] led to the development of graphical passwords as an alternative. How to protect passwords effectively against spyware attack continues to be a problem. Observing that a practical spyware attack is done by an automated program, we propose a new approach where CAPTCHA is exploited. Our proposal creates an innovative use of CAPTCHA in the context of graphical passwords to provide better password protection against spyware attacks. We have proposed a new authentication scheme combining graphical passwords with text-based CAPTCHA.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have