Against spyware using CAPTCHA in graphical password scheme

Text-based password schemes have inherent security and usability problems, leading to the development of graphicalpassword schemes. However, most of these alternate schemes are vulnerable to spyware attacks. We propose a new scheme, using CAPTCHA (Completely Automated Public Turing tests to tell Computers and Humans Apart) that retaining the advantages of graphical password schemes, while simultaneously raising the cost of adversaries by orders of magnitude. Furthermore, some primary experiments are conducted and the results indicate that the usability should be improved in the future work

A Novel method for user authentication by CaRP And Login History

Cyber security is the main challenge nowadays. Many authentication techniques are available for these, for unwanted access for more secure data is prohibited. Graphical and text password are used for user authentication process. Sometimes text passwords are not secured and graphical password are more secure but vulnerable to shoulders surfing attack. The click event on various points for user friend-lines and protection from various security attacks. In system, login history image file combined CaRP for user authentication to enhancing the more security level primitives .The image file contain details of login and logout for date, time all related information. The file is encrypted by DES algorithm and send that file on mail. It is higher security primitives for the user. online guessing attack, relay attacks and if combined with dual technology for shoulder surfing attack are new concepts are available. DOI: 10.17762/ijritcc2321-8169.15075

Secure Authentication Model using Grid based Graphical Images with Three Way Validation

The most common computer authentication method is to use text usernames and passwords which have various drawbacks. For example users tend to pick passwords that can be easily guessed. On the other hand, if a password is hard to guess, then it is often hard to remember. This paper provides additional layer of security to normal textual password by using graphical password for authenticating the user. As graphical passwords are vulnerable to shoulder surfing attack so we will send one-time generated password to users and even send credentials to users authorized email-id. Using the instant messaging service available in internet, user will obtain the One Time Password (OTP)

Implementation of Captcha as Graphical Passwords For Multi Security

To validate human users, passwords play a vital role in computer security. Graphical passwords offer more security than text-based passwords, this is due to the reason that the user replies on graphical passwords. Normal users choose regular or unforgettable passwords which can be easy to guess and are prone to Artificial Intelligence problems. Many harder to guess passwords involve more mathematical or computational complications. To counter these hard AI problems a new Captcha technology known as, Captcha as Graphical Password (CaRP), from a novel family of graphical password systems has been developed. CaRP is both a Captcha and graphical password scheme in one. CaRP mainly helps in hard AI problems and security issues like online guess attacks, relay attacks, and shoulder-surfing attacks if combined with dual view technologies. Pass-points, a new methodology from CaRP, addresses the image hotspot problem in graphical password systems which lead to weak passwords. CaRP also implements a combination of images or colors with text which generates session passwords, that helps in authentication because with session passwords every time a new password is generated and is used only once. To counter shoulder surfing, CaRP provides cheap security and usability and thus improves online security. CaRP is not a panacea; however, it gives protection and usability to some online applications for improving online security

Spyware prevention using graphical passwords

our future work will be based on Click-based graphical password schemes require a user to click on a set of points on one or more presented background images. With the Pass Points and to create users to a password by clicking five ordered points anywhere on the given image.  CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. To log in, users must correctly the repeated sequence of clicks, with each click falling within the acceptable tolerance of original point. To implemented this aspect, along with a scheme converting the user-entered graphical password into a cryptographic verification key and “robust discretization” scheme. It consisted of three overlapping grids (invisible to the user) used to determine whether the click-points are login attempt were close enough to the original points to be accepted.

A Novel Security Scheme against Spyware using Sequence Selection of CAPTCHA as Graphical Password

our proposed work will be founded on Click-based graphical secret word plans require a client to tap on an arrangement of focuses on one or more exhibited foundation pictures. With Pass Points, clients make a secret word by clicking five requested focuses anyplace on the given picture. To sign in, clients should accurately rehash the succession of snaps, with every snap falling inside of a satisfactory resilience of the first point. To actualize this angle, alongside a plan changing over the client entered graphical secret key into a cryptographic check key, a "vigorous discretization" plan. It comprised of three covering lattices (imperceptible to the client) used to figure out if the snap purposes of a login endeavor were sufficiently close to the first indicates be acknowledged

Graphical One-Time Password (GOTPass): A usability evaluation

Journal has two ISSNs: 1939-3555 (Print), 1939-3547 (Online)Complying with a security policy often requires users to create long and complex passwords to protect their accounts. However, remembering such passwords is difficult for many and may lead to insecure practices, such as choosing weak passwords or writing them down. In addition, they are vulnerable to various types of attacks, such as shoulder surfing, replay, and keylogger attacks (Gupta, Sahni, Sabbu, Varma, & Gangashetty, 2012) One-Time Passwords (OTPs) aim to overcome such problems (Gupta et al., 2012); however, most implemented OTP techniques require special hardware, which not only adds cost, but there are also issues regarding its availability (Brostoff, Inglesant, & Sasse, 2010). In contrast, the use of graphical passwords is an alternative authentication mechanism designed to aid memorability and ease of use, often forming part of a multifactor authentication process. This article is complementary to the earlier work that introduced and evaluated the security of the new hybrid user-authentication approach: Graphical One-Time Password (GOTPass) (Alsaiari et al., 2015). The scheme aims to combine the usability of recognition-based and draw-based graphical passwords with the security of OTP. The article presents the results of an empirical user study that investigates the usability features of the proposed approach, as well as pretest and posttest questionnaires. The experiment was conducted during three separate sessions, which took place over five weeks, to measure the efficiency, effectiveness, memorability, and user satisfaction of the new scheme. The results showed that users were able to easily create and enter their credentials as well as remember them over time. Participants carried out a total of 1,302 login attempts with a 93% success rate and an average login time of 24.5s

Advanced Security Functions Based on CaRP Using Random Image Grid

A new security primitive for secure applications are required these days. Captcha technology solves the most security based problems. Captcha as graphical passwords (CaRP) is proposed in this work along with secure upload of events and an Improved method of CaRP. We consider an event update application, where security is highly required. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. CaRP deals only with the security related to authentication, in most of the application, only authentication security is not enough, thus we develop a secure event upload model even after CaRP authentication. This system offers high security to the authentication and published content Along with an Improved Method of CaRP. DOI: 10.17762/ijritcc2321-8169.150513

E-CAPTCHA: A Two Way Graphical Password based Hard AI Problem

CAPTCHA is a Turing test that people can succeed, however current PC program could not succeed. The primary motivation behind CAPTCHA is to restrict automated scripts that are posted spam content. To upgrade the security another system Enhanced-CAPTCHA(E-CAPTCHA) is going to develop which includes some new elements specifically the Novel security based Grid-Box method where high security can accomplished by including 2 level of accessing

Completely Automated Public Physical test to tell Computers and Humans Apart: A usability study on mobile devices

A very common approach adopted to fight the increasing sophistication and dangerousness of malware and hacking is to introduce more complex authentication mechanisms. This approach, however, introduces additional cognitive burdens for users and lowers the whole authentication mechanism acceptability to the point of making it unusable. On the contrary, what is really needed to fight the onslaught of automated attacks to users data and privacy is to first tell human and computers apart and then distinguish among humans to guarantee correct authentication. Such an approach is capable of completely thwarting any automated attempt to achieve unwarranted access while it allows keeping simple the mechanism dedicated to recognizing the legitimate user. This kind of approach is behind the concept of Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA), yet CAPTCHA leverages cognitive capabilities, thus the increasing sophistication of computers calls for more and more difficult cognitive tasks that make them either very long to solve or very prone to false negatives. We argue that this problem can be overcome by substituting the cognitive component of CAPTCHA with a different property that programs cannot mimic: the physical nature. In past work we have introduced the Completely Automated Public Physical test to tell Computer and Humans Apart (CAPPCHA) as a way to enhance the PIN authentication method for mobile devices and we have provided a proof of concept implementation. Similarly to CAPTCHA, this mechanism can also be used to prevent automated programs from abusing online services. However, to evaluate the real efficacy of the proposed scheme, an extended empirical assessment of CAPPCHA is required as well as a comparison of CAPPCHA performance with the existing state of the art. To this aim, in this paper we carry out an extensive experimental study on both the performance and the usability of CAPPCHA involving a high number of physical users, and we provide comparisons of CAPPCHA with existing flavors of CAPTCHA