Back

Graphical Passwords – A New Security Primitive

Graphical Passwords – A New Security Primitive

ABSTRACT:

Many security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm, but has been under-explored. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphical password systems, such as PassPoints, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security.

PROJECT OUTPUT VIDEO:

EXISTING SYSTEM:

  • The most notable primitive invented is Captcha, which distinguishes human users from computers by presenting a challenge, i.e., a puzzle, beyond the capability of computers but easy for humans. Captcha is now a standard Internet security technique to protect online email and other services from being abused by bots.

DISADVANTAGES OF EXISTING SYSTEM:

  • This existing paradigm has achieved just a limited success as compared with the cryptographic primitives based on hard math problems and their wide applications.

PROPOSED SYSTEM:

  • In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP).
  • CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks.

ADVANTAGES OF PROPOSED SYSTEM:

  • CaRP offers protection against online dictionary attacks on passwords, which have been for long time a major security threat for various online services.
  • CaRP also offers protection against relay attacks, an increasing threat to bypass Captchas protection.

MODULES:-

  • Graphical Password
  • Captcha in Authentication
  • Overcoming Thwart Guessing Attacks
  • Security Of Underlying Captcha

MODULES DESCRIPTION:-

Graphical Password:

In this module, Users are having authentication and security to access the detail which is presented in the Image system. Before accessing or searching the details user should have the account in that otherwise they should register first.

Captcha in Authentication:

In this module we use both Captcha and password in a user authentication protocol, which we call Captcha-based Password Authentication (CbPA) protocol, to counter online dictionary attacks. The CbPA-protocol in requires solving a Captcha challenge after inputting a valid pair of user ID and password unless a valid browser cookie is received. For an invalid pair of user ID and password, the user has a certain probability to solve a Captcha challenge before being denied access.

Overcoming Thwart Guessing Attacks:

In a guessing attack, a password guess tested in an unsuccessful trial is determined wrong and excluded from subsequent trials. The number of undetermined password guesses decreases with more trials, leading to a better chance of finding the password. To counter guessing attacks, traditional approaches in designing graphical passwords aim at increasing the effective password space to make passwords harder to guess and thus require more trials. No matter how secure a graphical password scheme is, the password can always be found by a brute force attack. In this paper, we distinguish two types of guessing attacks: automatic guessing attacks apply an automatic trial and error process but S can be manually constructed whereas human guessing attacksapply a manual trial and error process.

 Security of Underlying Captcha:

Computational intractability in recognizing objects in CaRP images is fundamental to CaRP. Existing analyses on Captcha security were mostly case by case or used an approximate process. No theoretic security model has been established yet. Object segmentation is considered as a computationally expensive, combinatorically-hard problem, which modern text Captcha schemes rely on.

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS: 

  • System : Pentium i3 Processor
  • Hard Disk : 500 GB..
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • RAM : 4 GB.

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows 10/11.
  • Coding Language : C#.net.
  • Frontend : Net, HTML, CSS, JavaScript.
  • IDE Tool : VISUAL STUDIO.
  • Database : SQL SERVER 2005.

Tag:, ,

author avatar
alexandar

You may also like

Cooperative Society Accounting System
April 28, 2024

Cooperative Society Accounting System ABSTRACT: The Cooperative Society Accounting System undertaken as a project is based on relevant technologies. The aim of the project is to develop software for cooperative society accounting system. This project has been developed to carry …

Computer Resource Management System
April 28, 2024

Computer Resource Management System PROJECT ABSTRACT: The “Computer Resource Management System” (CRMS) is a robust Windows application designed to streamline the allocation, monitoring, and maintenance of computer resources within an organization. Developed using C#.NET and backed by a SQL Server …

Fingerprint based Voting System
April 28, 2022

Fingerprint based Voting System ABSTRACT: The most severe and frequently happening situations while conducting elections is rigging (One person give multiple votes). Right now, we are using an electronic voting machine and to identify people who already gave their vote, …