Paper Title
Providing Security With Captcha As Graphical Passwords
Abstract
There are many security primitives that are based on hard mathematical problems. Using hard AI problems for
security is emerging as an exciting new paradigm, but this solution has been under-explored. In this paper, we present a new
security primitive based on hard AI problems which is a novel family of graphical password systems built on top of Captcha
technology. This technology we call as Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical
password scheme. The graphical-password approach is sometimes called as graphical user authentication(GUA). CaRP
addresses a number of security problems altogether, such as online guessing attacks, relay attacks. If CaRP is combined with
dual-view technologies, shoulder-surfing attacks are addressed. Notably, even if the CaRP password is in the search set it
can be found only probabilistically by automatic online guessing attacks. CaRP also offers a novel approach to address the
well-known image hotspot problem in popular graphical password systems, such as PassPoints, that often leads to weak
password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some
practical applications for improving online security.
Keywords— Graphical Password, Password, Hotspots, Carp, Captcha, Dictionary Attack, Password Guessing Attack,
Security Primitive.