Home > Research > Publications & Outputs > Captcha as graphical passwords

Research

Links

Text available via DOI:

View graph of relations

Captcha as graphical passwords: a new security primitive based on hard AI problems

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Published

Standard

Captcha as graphical passwords: a new security primitive based on hard AI problems. / Zhu, Bin B.; Yan, Jeff; Bao, Guanbo et al.
In: IEEE Transactions on Information Forensics and Security, Vol. 9, No. 6, 6775249, 2014, p. 891-904.

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Harvard

Zhu, BB, Yan, J, Bao, G, Yang, M & Xu, N 2014, 'Captcha as graphical passwords: a new security primitive based on hard AI problems', IEEE Transactions on Information Forensics and Security, vol. 9, no. 6, 6775249, pp. 891-904. https://doi.org/10.1109/TIFS.2014.2312547

APA

Zhu, B. B., Yan, J., Bao, G., Yang, M., & Xu, N. (2014). Captcha as graphical passwords: a new security primitive based on hard AI problems. IEEE Transactions on Information Forensics and Security, 9(6), 891-904. Article 6775249. https://doi.org/10.1109/TIFS.2014.2312547

Vancouver

Zhu BB, Yan J, Bao G, Yang M, Xu N. Captcha as graphical passwords: a new security primitive based on hard AI problems. IEEE Transactions on Information Forensics and Security. 2014;9(6):891-904. 6775249. doi: 10.1109/TIFS.2014.2312547

Author

Zhu, Bin B. ; Yan, Jeff ; Bao, Guanbo et al. / Captcha as graphical passwords : a new security primitive based on hard AI problems. In: IEEE Transactions on Information Forensics and Security. 2014 ; Vol. 9, No. 6. pp. 891-904.

Bibtex

@article{b89a45d268704359bbf673c7917bce9a,
title = "Captcha as graphical passwords: a new security primitive based on hard AI problems",
abstract = "Many security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm, but has been under-explored. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphical password systems, such as PassPoints, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security. ",
author = "Zhu, {Bin B.} and Jeff Yan and Guanbo Bao and Maowei Yang and Ning Xu",
year = "2014",
doi = "10.1109/TIFS.2014.2312547",
language = "English",
volume = "9",
pages = "891--904",
journal = "IEEE Transactions on Information Forensics and Security",
issn = "1556-6013",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "6",

}

RIS

TY - JOUR

T1 - Captcha as graphical passwords

T2 - a new security primitive based on hard AI problems

AU - Zhu, Bin B.

AU - Yan, Jeff

AU - Bao, Guanbo

AU - Yang, Maowei

AU - Xu, Ning

PY - 2014

Y1 - 2014

N2 - Many security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm, but has been under-explored. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphical password systems, such as PassPoints, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security. 

AB - Many security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm, but has been under-explored. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphical password systems, such as PassPoints, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security. 

U2 - 10.1109/TIFS.2014.2312547

DO - 10.1109/TIFS.2014.2312547

M3 - Journal article

AN - SCOPUS:84899893060

VL - 9

SP - 891

EP - 904

JO - IEEE Transactions on Information Forensics and Security

JF - IEEE Transactions on Information Forensics and Security

SN - 1556-6013

IS - 6

M1 - 6775249

ER -