IEEETRANSACTIONSONINFORMATIONFORENSICSANDSECURITY,VOL.9,NO.

6,JUNE2014

891

CaptchaasGraphicalPasswordsANewSecurity
PrimitiveBasedonHardAIProblems
BinB.Zhu,JeffYan,GuanboBao,MaoweiYang,andNingXu
the capability of computers

AbstractManysecurityprimitivesarebasedonhardmathbuteasyforhumans.Captcha
ematical problems. Using hard AI problems for security isis now a standard Internet
emerging as an exciting new paradigm, but has been under
security technique to protect
explored.Inthispaper,wepresentanewsecurityprimitivebased
on hard AI problems, namely, a novel family of graphicalonline email and other
passwordsystemsbuiltontopofCaptchatechnology,whichweservicesfrombeingabusedby
call Captcha as graphical passwords (CaRP). CaRP is both a bots.
Captcha and a graphical password scheme. CaRP addresses a However,thisnewparadigm
numberofsecurityproblemsaltogether,suchasonlineguessinghas achieved just a limited
attacks, relay attacks, and, if combined with dualviewsuccess as compared with the
technologies,shouldersurfingattacks.Notably,aCaRPpassword
cryptographic primitives based
canbefoundonlyprobabilisticallybyautomaticonlineguessing
attacksevenifthepasswordisinthesearchset.CaRPalsooffersa on hard math problems and
novelapproachtoaddressthewellknownimagehotspotproblemtheir wide applications. Is it
inpopulargraphicalpasswordsystems,suchasPassPoints,thatpossible to create any new
oftenleadstoweakpasswordchoices.CaRPisnotapanacea,but securityprimitivebasedonhard
itoffersreasonablesecurityandusabilityandappearstofitwellAI problems? This is a
withsomepracticalapplicationsforimprovingonlinesecurity.

challenging and interesting

IndexTermsGraphicalpassword,password,hotspots,CaRP,open problem. In this paper,

Captcha, dictionary attack, password guessing attack, securitywe introduce a new security
primitive.
primitive based on hard AI

problems, namely, a novel

family of graphical password
systems integrating Captcha
FUNDAMENTALtaskinsecurityistocreatecryptographictechnology,whichwecall
primitivesbasedonhardmathematicalproblemsthatarecomputationally
intractable.Forexample,theproblemCaRP (Captcha as gRaphical
ofintegerfactorizationisfundamentaltotheRSApublickey Passwords). CaRP is click
cryptosystemandtheRabinencryption.Thediscretelogarithm based graphical passwords,
problemisfundamentaltotheElGamalencryption,theDiffie whereasequenceofclickson
Hellman key exchange, the Digital Signature Algorithm, the an image is used to derive a
ellipticcurvecryptographyandsoon.
password. Unlike other click
UsinghardAI(ArtificialIntelligence)problemsforsecurity, based graphical passwords,
initiallyproposedin[17],isanexcitingnewparadigm.Under images used in CaRP are
thisparadigm,themostnotableprimitiveinventedisCaptcha, Captchachallenges,andanew
whichdistinguisheshumanusersfromcomputersbypresenting CaRP image is generated for
achallenge,i.e.,apuzzle,beyond
everyloginattempt.

clicking the right character

sequenceonCaRPimages.
CaRP offers protection
against online dictionary
attacks on passwords, which
have been for long time a
major security threat for
various online services. This
threat is widespread and
considered as a top cyber
security risk [13]. Defense
against online dictionary
attacks is a more subtle
problemthanitmightappear.
Intuitive countermeasures
such as throttling logon
attemptsdonotworkwellfor
tworeasons:

1) It causes denialof

I.INTRODUCTION

ManuscriptreceivedApril15,2013;revisedJuly22,2013andOctober14, The notion of CaRP is

2013;acceptedFebruary21,2014.DateofpublicationMarch19,2014;dateof simplebutgeneric.CaRPcan
currentversionApril21,2014.ThisworkwasdonewhenG.BaoandM.Yang have multiple instantiations.
workedasinternsatMicrosoftResearchAsia.Theassociateeditorcoordinating
thereviewofthismanuscriptandapprovingitforpublicationwasProf.Carlo In theory, any Captcha
Blundo.
scheme relying on multiple
B.B.ZhuandN.XuarewithMicrosoftResearchAsia,Beijing100080,object classification can be
China(email:binzhu@microsoft.com;ningx@microsoft.com).
J.YaniswithNewcastleUniversity,NewcastleNE17RU,U.K.(email: convertedtoaCaRPscheme.
jeff.yan@ncl.ac.uk).
WepresentexemplaryCaRPs
G.BaoiswiththeInstituteofAutomation,ChineseAcademyofSciences, builtonbothtextCaptchaand
Beijing100190,China(email:guanbo.bao@gmail.com).
M. Yang is with Sichuan University, Chengdu 610207, China (email: imagerecognition Captcha.
djyangmaowei@gmail.com).
One of them is a text CaRP
Colorversionsofoneormoreofthefiguresinthispaperareavailableonline wherein a password is a
athttp://ieeexplore.ieee.org.
sequenceofcharacterslikea
DigitalObjectIdentifier10.1109/TIFS.2014.2312547

textpassword,butenteredby

2)

service attacks (which

were exploited to lock
highest bidders out in
final minutes of eBay
auctions [12]) and
incurs

expensive
helpdesk costs for
accountreactivation.
Itisvulnerabletoglobal
password attacks [14]
whereby adversaries
intendtobreakintoany
account rather than a
specific one, and thus
try each password
candidate on multiple
accountsandensurethat
thenumberoftrialson
each account is below
the threshold to avoid
triggering account
lockout.

CaRPalsooffersprotection
against relay attacks, an
increasing threat to bypass
Captchas protection, wherein
Captcha challenges are
relayed to humans to solve.
Koobface [33] was a relay
attack to bypass Facebooks
Captcha in creating new

accounts. CaRP is robust to shouldersurfing attacks ifcombined with dualview

155660132014IEEE.Personaluseispermitted,but

republication/redistribution
requiresIEEEpermission.

technologies.

See
tions_standards/publications/rights/inde
http://www.ieee.org/publica x.htmlformoreinformation.

892

IEEETRANSACTIONSONINFORMATIONFORENSICSANDSECURITY,VOL.9,NO.6,JUNE2014

The user identifies among

decoystheroworcolumnlabel
CaRPrequiressolvingaCaptchachallengeineverylogin.thatthepathends.

ThisimpactonusabilitycanbemitigatedbyadaptingtheCaRP
images difficulty level based on the login history of the
accountandthemachineusedtologin.
TypicalapplicationscenariosforCaRPinclude:

1) CaRPcanbeappliedontouchscreendeviceswhereon

2)

typingpasswordsiscumbersome,esp.forsecureInternet
applications such as ebanks. Many ebanking systems
haveappliedCaptchasinuserlogins[39].Forexample,
ICBC(www.icbc.com.cn),thelargestbankintheworld,
requires solving a Captcha challenge for every online
loginattempt.
CaRPincreasesspammersoperatingcostandthushelps
reducespamemails.Foranemailserviceproviderthat
deploys CaRP, a spam bot cannot log into an email
accountevenifitknowsthepassword.Instead,human
involvementiscompulsorytoaccessanaccount.IfCaRP
iscombinedwithapolicytothrottlethenumberofemails
senttonewrecipientsperloginsession,aspambotcan
send only a limited number of emails before asking
humanassistanceforlogin,leadingtoreducedoutbound
spamtraffic.

The remaining paper is organized as follows: Background

andrelatedworkarepresentedinSectionII.WeoutlineCaRP
in Section III, and present a variety of CaRP schemes in
SectionsIVandV.SecurityanalysisisprovidedinSectionVI.
AusabilitystudyontwoCaRPschemesthatwehaveimple
mented is reported in Section VII. Balance of security and
usabilityisdiscussedinSectionVIII.Weconcludethepaper
withSectionIX.

35. BACKGROUNDANDRELATEDWORK
A.GraphicalPasswords
Alargenumberofgraphicalpasswordschemeshavebeen
proposed.Theycanbeclassifiedintothreecategoriesaccord
ingtothetaskinvolvedinmemorizingandenteringpasswords:
recognition,recall,andcuedrecall.Eachtypewillbebriefly
described here. More can be found in a recent review of
graphicalpasswords[1].
Arecognitionbasedschemerequiresidentifyingamongdecoys
the visual objects belonging to a password portfolio. A typical
schemeisPassfaces[2]whereinauserselectsaportfoliooffaces
fromadatabaseincreatingapassword.Duringauthentication,a
panelofcandidatefacesispresentedfortheusertoselecttheface
belongingtoherportfolio.Thisprocessisrepeatedseveralrounds,
each round with a different panel. A successful login requires
correct selection in each round. The set of images in a panel
remainsthesamebetweenlogins,buttheirlocationsarepermuted.
Story[20]issimilartoPassfacesbuttheimagesintheportfolioare
ordered, and a user must identify her portfolio images in the
correctorder.DjVu[21]isalsosimilarbutusesalargesetof
computergenerated randomart images. Cognitive
Authentication[22]requiresausertogenerateapaththrougha
panel of images as follows: starting from the topleft image,
movingdowniftheimageisinherportfolio,orrightotherwise.

Thisprocessisrepeated,each
timewithadifferentpanel.A
successfulloginrequiresthat
the cumulative probability
thatcorrectanswerswerenot
entered by chance exceeds a
threshold within a given
numberofrounds.
A recallbased scheme
requires a user to regenerate
the same interaction result
without cueing. DrawA
Secret(DAS)[3]wasthefirst
recallbased

scheme
proposed. A user draws her
password on a 2D grid. The
systemencodesthesequence
of grid cells along the
drawingpathasauserdrawn
password. PassGo [4]
improvesDASsusabilityby
encodingthegridintersection
points rather than the grid
cells. BDAS [23] adds
backgroundimagestoDASto
encourage users to create
morecomplexpasswords.
Inacuedrecallscheme,an
external cue is provided to
help memorize and enter a
password.PassPoints[5]isa
widely studied clickbased
cuedrecallschemewhereina
user clicks a sequence of
pointsanywhereonanimage
in creating a password, and
reclicks the same sequence
during authentication. Cued
Click Points (CCP) [18] is
similartoPassPointsbutuses
oneimageperclick,withthe
next image selected by a
deterministic

function.
PersuasiveCuedClickPoints
(PCCP)[19]extendsCCPby
requiring a user to select a
point inside a randomly
positioned viewport when
creatingapassword,resulting
inmorerandomlydistributed
clickpointsinapassword.
Among the three types,
recognition is considered the
easiest for human memory
whereas pure recall is the
hardest [1]. Recognition is
typically the weakest in
resisting guessing attacks.
Many proposed recognition
based schemes practically

haveapasswordspaceintherangeof2 to2 passwords[1]. visual Captcha: text Captcha

Astudy[6]reportedthatasignificantportionofpasswordsof and ImageRecognition
DASandPassGo[4]weresuccessfullybrokenwithguessing Captcha (IRC). The former
31
41
attacksusingdictionariesof2 to2 entries,ascomparedto relies on character recogni
58
thefullpasswordspaceof2 entries.Imagescontainhotspots tionwhilethelatterrelieson
[7], [8], i.e., spots likely selected in creating passwords. recognition of noncharacter
Hotspotswereexploitedtomountsuccessfulguessingattacks objects. Security of text
onPassPoints[8][11]:asignificantportionofpasswordswere
Captchashasbeenextensively
26
35
brokenwithdictionariesof2 to2 entries,ascomparedto studied [26][30]. The
43
thefullspaceof2 passwords.
following principle has been
established: text Captcha
should rely on the difficulty
B.Captcha
of character segmentation,
Captchareliesonthegapofcapabilitiesbetweenhumansand
which is computationally
botsinsolvingcertainhardAIproblems.Therearetwotypesof
expensive

and
13

16

combinatoriallyhard[30].
Machinerecognitionofnon
character objects is far less
capable than character
recognition. IRCs rely on the
difficulty of object
identification or classification,
possibly combined with the
difficulty of object
segmentation.Asirra[31]relies
onbinaryobjectclassification:
a user is asked to identify all
the cats from a panel of 12
images of cats and dogs.
Securityof

ZHUetal.:NEWSECURITYPRIMITIVEBASEDONHARDAIPROBLEMS

Mathematically,letSbetheset
ofpasswordguessesbeforeany
IRCshasalsobeenstudied.Asirrawasfoundtobesusceptibleto trial,bethepasswordtofind,
machinelearning attacks [24]. IRCs based on binary object Tdenote
classificationoridentificationofoneconcretetypeofobjectsare
likely insecure [25]. Multilabel classification problems are
consideredmuchharderthanbinaryclassificationproblems.

Captchacanbecircumventedthroughrelayattackswhereby
Captcha challenges are relayed to human solvers, whose
answersarefedbacktothetargetedapplication.

893

atrialwhereasTndenotethen
th trial, and p(T = ) be the
probability that is tested in
trial T . Let En be the set of
password guesses tested in
trialsupto(including)Tn.The
passwordguesstobetestedin
nthtrial Tn isfromset S\E n
1,i.e.,therelativecomplement

C.CaptchainAuthentication

ofEn1inS.IfS,thenwe

Itwasintroducedin[14]tousebothCaptchaandpassword
inauserauthenticationprotocol,whichwecallCaptchabased
Password Authentication (CbPA) protocol, to counter online
dictionaryattacks.TheCbPAprotocolin[14]requiressolving
aCaptchachallengeafterinputtingavalidpairofuserIDand
password unless a valid browser cookie is received. For an
invalidpairofuserIDandpassword,theuserhasacertain
probabilitytosolveaCaptchachallengebeforebeingdenied
access. An improved CbPAprotocol is proposed in [15] by
storingcookiesonlyonusertrustedmachinesandapplyinga
Captcha challenge only when the number of failed login
attemptsfortheaccounthasexceededathreshold.Itisfurther
improvedin[16]byapplyingasmallthresholdforfailedlogin
attempts from unknown machines but a large threshold for
failed attempts from known machines with a previous
successfulloginwithinagiventimeframe.
Captcha was also used with recognitionbased graphical
passwords to address spyware [40], [41], wherein a text
Captchaisdisplayedbeloweachimage;auserlocatesherown
passimagesfrom decoyimages,andentersthecharactersat
specificlocationsoftheCaptchabeloweachpassimageasher
passwordduringauthentication.Thesespecificlocationswere
selectedforeachpassimageduringpasswordcreationasapart
ofthepassword.
Intheaboveschemes,Captchaisanindependententity,used
togetherwithatextorgraphicalpassword.Onthecontrary,a
CaRP is both a Captcha and a graphical password scheme,
whichareintrinsicallycombinedintoasingleentity.

have

D.OtherRelatedWork
Captcha is used to protect sensitive user inputs on an
untrustedclient[35].Thisschemeprotectsthecommunication
channel between user and Web server from keyloggers and
spyware, while CaRP is a family of graphical password
schemes for user authentication. The paper [35] did not
introducethenotionofCaRPorexploreitsrichpropertiesand
thedesignspaceofavarietyofCaRPinstantiations.

61. CAPTCHAASGRAPHICALPASSWORDS
A.ANewWaytoThwartGuessingAttacks
Inaguessingattack,apasswordguesstestedinanunsuccessful
trial isdeterminedwrongandexcludedfromsubsequenttrials.
The number of undetermined password guesses decreases with
more trials,leadingtoabetterchance offindingthe password.

p(T=|T1=, . . . ,Tn1= ) >

and
EnS
p(T=|T1=, . . . ,Tn1=)1
where |S | denotes the
cardinalityofS.FromEq.(2),
thepasswordisalwaysfound
within |S| trialsifitisin S;
otherwiseSisexhaustedafter
|S| trials. Each trial
determines if the tested
password guess is the actual
password or not, and the
trialsresultisdeterministic.
Tocounterguessingattacks,
traditional approaches in
designing graphical passwords
aim atincreasing the effective
password space to make
passwordshardertoguessand
thus require more trials. No
matter how secure a graphical
password scheme is, the
passwordcanalwaysbefound
byabruteforceattack.Inthis
paper,wedistinguishtwotypes
of guessing attacks: automatic
guessing attacks apply an
automatic trial and error
processbut S canbemanually
constructed whereas human
guessing attacks apply a
manualtrialanderrorprocess.

CaRP adopts a completely

different approachtocounter
automaticguessingattacks.It
aims at realizing the
followingequation:

p(T=|T1, . . . ,Tn1)=p(T=

ecosystem

of

user

inanautomaticguessingattack.Eq.(3)meansthateachtrialis
authentication, we noticed
computationallyindependentofothertrials.Specifically,nomatter
that human users enter
how many trials executed previously, the chance of finding the
passwords

during
passwordinthecurrenttrialalwaysremainsthesame.Thatis,a
authentication, whereas the
passwordin S canbefoundonly probabilistically byautomatic
trial and error process in
guessing (including bruteforce) attacks, in contrast to existing
guessing attacks is executed
graphicalpasswordschemeswhereapasswordcanbefoundwithin
automatically. The capability
afixednumberoftrials.

gap between humans and

Howtoachievethegoal?Ifanewimageisusedforeach
machinescanbeexploitedto
trial, and images of different trials are independent of each
generate images so that they
other,thenEq.(3)holds.Independentimagesamongdifferent
are
computationally
loginattemptsmustcontaininvariantinformationsothatthe
independent
yet retain
authenticationservercanverifyclaimants.Byexaminingthe

invariants that only humans

canidentify,andthususeas
passwords. The invariants
among images must be
intractable to machines to
thwart automatic guessing
attacks. This requirement is
the same as that of an ideal
Captcha [25], leading to
creation of CaRP, a new
familyofgraphicalpasswords
robust to online guessing
attacks.

894

IEEETRANSACTIONSONINFORMATIONFORENSICSANDSECURITY,VOL.9,NO.6,JUNE2014

IV.
RECOGNITION
BASEDCaRP

B.CaRP:AnOverview
InCaRP,anewimageisgeneratedforeveryloginattempt,
evenforthesameuser.CaRPusesanalphabetofvisualobjects
(e.g.,alphanumericalcharacters,similaranimals)togeneratea
CaRP image, which is also a Captcha challenge. A major
differencebetweenCaRPimagesandCaptchaimagesisthatall
the visual objects in the alphabet should appear in a CaRP
imagetoallowausertoinputanypasswordbutnotnecessarily
Fig.1.Flowchartof
inaCaptchaimage.ManyCaptchaschemescanbeconverted
basicCaRP
toCaRPschemes,asdescribedinthenextsubsection.
authentication.
CaRP schemes are clickedbased graphical passwords.
Accordingtothememorytasksinmemorizingandenteringa
password,CaRPschemescanbeclassifiedintotwocategories:
recognition and a new category, recognitionrecall, whichwiththeuserID.ASmapsthe
requires recognizing an image and using the recognized receivedcoordinatesontothe
objects as cues to enter a password. RecognitionrecallCaRP image, and recovers a
combines the tasks of both recognition and cuedrecall, and sequenceofvisualobjectIDs
retainsboththerecognitionbasedadvantageofbeingeasyfor or clickable points of visual
human memory and the cuedrecall advantage of a largeobjects, , that the user
passwordspace.ExemplaryCaRPschemesofeachtypewillbe clicked on the image. Then
AS retrieves salt s of the
presentedlater.
account, calculates the hash
valueof withthesalt,and
C.ConvertingCaptchatoCaRP
compares the result with the
Inprinciple,anyvisualCaptchaschemerelyingonrecogniz hash value stored for the
ingtwoormorepredefinedtypesofobjectscanbeconvertedto account. Authentication
aCaRP.AlltextCaptchaschemesandmostIRCsmeetthis succeedsonlyifthetwohash
requirement. Those IRCs that rely on recognizing a single valuesmatch.Thisprocessis
predefinedtypeofobjectscanalsobeconvertedtoCaRPsin called the basic CaRP
generalbyaddingmoretypesofobjects.Inpractice,conversion authentication and shown in
Fig.1.
of a specific Captcha scheme to a CaRP scheme typically
requiresacasebycasestudy,inordertoensurebothsecurity Advanced authentication
and usability.Wewill present inSectionsIVand Vseveral with CaRP, for example,
challengeresponse, will be
CaRPs built on top of text and imagerecognition Captcha
presentedinSectionVB.We
schemes.
assume in the following that
SomeIRCsrelyonidentifyingobjectswhosetypesarenot
CaRP is used with the basic
predefined.AtypicalexampleisCortcha[25]whichrelieson
CaRP authentication unless
contextbased object recognition wherein the object to be
explicitlystatedotherwise.
recognizedcanbeofanytype.TheseIRCscannotbeconverted
To recover a password
intoCaRPsinceasetofpredefinedobjecttypesisessentialfor
successfully, each user
constructingapassword.
clickedpointmustbelongtoa
single object or a clickable
D.UserAuthenticationWithCaRPSchemes
pointofanobject.Objectsin
Like other graphical passwords, we assume that CaRP a CaRP image may overlap
schemes are used with additional protection such as secureslightly with neighboring
channelsbetweenclientsandtheauthenticationserverthrough objectstoresistsegmentation.
TransportLayerSecurity(TLS).AtypicalwaytoapplyCaRP Usersshouldnotclickinside
schemesinuserauthenticationisasfollows.Theauthentica an overlapping region to
tionserverASstoresasaltsandahashvalueH(,s)foreach
userID,whereisthepasswordoftheaccountandnotstored. avoidambiguityinidentifying
A CaRP password is a sequence of visual object IDs ortheclickedobject.Thisisnot
clickablepoints of visual objects that the user selects. Upon ausabilityconcerninpractice
receivingaloginrequest,ASgeneratesaCaRPimage,recordssince overlapping areas
thelocationsoftheobjectsintheimage,andsendstheimageto generally take a tiny portion
theusertoclickherpassword.Thecoordinatesoftheclicked ofanobject.
pointsarerecordedandsenttoASalong

For this type of CaRP, a

password is a sequence of
visualobjectsinthealphabet.
Per view of traditional
recognitionbased graphical
passwords, recognitionbased
CaRPseemstohaveaccessto
aninfinitenumberofdifferent
visualobjects.Wepresenttwo
recognitionbased CaRP
schemesandavariationnext.
A.ClickText
ClickText is a recognition
based CaRP scheme built on
top of text Captcha. Its
alphabetcomprisescharacters
without any visually
confusing characters. For
example,LetterOanddigit
0 may cause confusion in
CaRP images, and thus one
character shouldbe excluded
from the alphabet. A
ClickText password is a
sequenceofcharactersinthe
alphabet, e.g.,

=AB#9CD87, which is
similartoatextpassword.A
ClickTextimageisgenerated
by the underlying Captcha
engineasifaCaptchaimage
weregeneratedexceptthatall
thealphabetcharactersshould
appear in the image. During
generation, each characters
locationistrackedtoproduce
ground truth for the location
of the character in the
generated image. The
authenticationserverrelieson
the ground truth to identify
the characters corresponding
to userclicked points. In
ClickText images, characters
canbearrangedrandomly

ZHUetal.:NEWSECURITYPRIMITIVEBASEDONHARDAIPROBLEMS

895

eachofthem.Fig.4showsa
ClickAnimal image with an
alphabetof10animals.Note
thatdifferentviewsappliedin
mapping 3D models to 2D
animals, together with
occlusionin

Fig.2.AClickTextimagewith33characters.

the following step, produce

manydifferentshapesforthe
same animals instantiations
in the generated images.
Combinedwiththeadditional
antirecognition mechanisms
applied in the mapping step,
these make it hard for
computers to recognize
animals in the generated
image,yethumanscaneasily
identify

different
instantiationsofanimals.
C.AnimalGrid

Fig.3.CaptchaZoowithhorsescircledred.

Fig.4.AClickAnimalimage(left)and6 6grid(right)determinedbyred
turkeysboundingrectangle.

on2Dspace.ThisisdifferentfromtextCaptchachallengesin
whichcharactersaretypicallyorderedfromlefttorightinorder
foruserstotypethemsequentially.Fig.2showsaClickText
image with an alphabet of 33 characters. In entering a
password,theuserclicksonthisimagethecharactersinher
password,inthesameorder,forexampleA,B,#,9,
C,D,8,andthen7forpassword=AB#9CD87.
B.ClickAnimal
Captcha Zoo [32] is a Captcha scheme which uses 3D
modelsofhorseanddogtogenerate2Danimalswithdifferent
textures,colors,lightingsandposes,andarrangesthemona
clutteredbackground.Auserclicksallthehorsesinachallenge
imagetopassthetest.Fig.3showsasamplechallengewherein
allthehorsesarecircledred.
ClickAnimal is a recognitionbased CaRP scheme built on
topofCaptchaZoo[32],withanalphabetofsimilaranimals
such as dog, horse, pig, etc. Its password is a sequence of
animalnamessuchas = Turkey,Cat,Horse,Dog,.For
eachanimal,oneormore3Dmodelsarebuilt.TheCaptcha
generationprocessisappliedtogenerateClickAnimalimages:
3D models are used to generate 2D animals by applying
different views, textures, colors, lightning effects, and
optionally distortions. The resulting 2D animals are then
arrangedonaclutteredbackgroundsuchasgrassland.Some
animalsmaybeoccludedbyotheranimalsintheimage,but
theircorepartsarenotoccludedinorderforhumanstoidentify

The number of similar

animalsismuchlessthanthe
number of available
characters.ClickAnimalhasa
smaller alphabet, and thus a
smallerpasswordspace,than
ClickText.CaRPshouldhave
a sufficientlylarge effective
password space to resist
human guessing attacks.
AnimalGridspasswordspace
can be increased by
combining it with a grid
based graphical password,
withthegriddependingonthe
sizeoftheselectedanimal.
DAS[3]isacandidatebut
requiresdrawingonthegrid.
To be consistent with
ClickAnimal,wechangefrom
drawingtoclicking: ClickA
Secret (CAS) wherein a user
clicks the grid cells in her
password. AnimalGrid is a
combination of ClickAnimal
and CAS. The number of
gridcellsinagridshouldbe
muchlargerthanthealphabet
size.UnlikeDAS,gridsinour
CASareobjectdependent,as
we will see next. It has the
advantage that a correct
animal should be clicked in
order for the clicked grid
cell(s) on the followup grid
to be correct. If a wrong
animalisclicked,thefollow
upgridiswrong.Aclickon
thecorrectlylabeledgridcell
ofthewronggridwouldlikely
produce a wrong gridcell at
theauthenticationserverside

whenthecorrectgridisused.
satisfiedwiththeaccuracyof
Toenterapassword,aClickAnimalimageisdisplayedfirst.After
ananimalisselected,animageofnngridappears,withthegrid
cellsizeequalingtheboundingrectangleoftheselectedanimal.
Eachgridcellislabeledtohelpusersidentify.Fig.4showsa66
gridwhentheredturkeyintheleftimageofFig.4wasselected.A
usercanselectzerotomultiplegridcellsmatchingherpassword.
Thereforeapasswordisasequenceofanimalsinterleavingwith
gridcells,e.g.,=Dog,Grid
the bounding rectangle. In
When a ClickAnimal image appears, the user clicks the most cases, the calculated
animal on the image that matches the first animal in her boundingrectangleisaccurate
password.Thecoordinatesoftheclickedpointarerecorded. enough without needing
The bounding rectangle of the clicked animal is then found manualcorrection.
interactivelyasfollows:aboundingrectangleiscalculatedand Once the bounding
displayed,e.g.,thewhiterectangleshowninFig.4.Theuser rectangle of the selected
checksthedisplayedrectangleandcorrectsinaccurateedgesby animalisidentified,animage
draggingifneeded.Thisprocessisrepeateduntiltheuseris of n n grid with the

identified bounding rectangle

as its gridcell size is
generated and displayed. If
thegridimageistoolargeor
toosmallforausertoview,
thegridimageisscaledtoa
fitting size. The user then
clicks a sequence of zero to
multiplegridcellsthatmatch
thegrid

896

IEEETRANSACTIONSONINFORMATIONFORENSICSANDSECURITY,VOL.9,NO.6,JUNE2014

cellsfollowingthefirstanimalsinherpassword,andthengets
backtotheClickAnimalimage.Fortheexamplepassword
givenpreviously,sheclicksapointinsidegridcell
finishedentering
herpassword.The
resultingsequence
ofcoordinatesof
userclickedpoints,
Fig.5.Someinvariant
e.g.,AP
points(redcrosses)of
A.
150,50,
GP
Usingthegroundtruth,theserverrecoversthefirstanimal
from thereceivedsequence,regeneratesthegridimagefrom
theanimalsboundingrectangle,andrecoverstheclickedgrid
cells.Thisprocessisrepeatedtorecoverthepasswordtheuser a different point from the
clicked. Its hash is then calculated and compared with the strokesegment,e.g.,apointat
onethirdlengthofthestroke
storedhash.
segment to an end. This
variation in selecting
V.RECOGNITIONRECALLCaRP
clickablepointsensuresthata
In recognitionrecall CaRP, a password is a sequence of clickable point is context
some invariant points of objects. An invariant point of andependent: a similarly
object (e.g. letter A) is a point that has a fixed relative structured point may or may
positionindifferentincarnations(e.g.,fonts)oftheobject,and not be a clickable point,
thuscanbeuniquelyidentifiedbyhumansnomatterhowthedepending on the character
object appearsinCaRPimages.Toenterapassword,auser that the point lies in.
mustidentifytheobjectsinaCaRPimage,andthenusethe Character recognition is
identifiedobjectsascuestolocateandclicktheinvariantpoints requiredinlocatingclickable
matchingherpassword.EachpasswordpointhasatolerancepointsonaTextPointsimage
rangethataclickwithinthetolerancerangeisacceptableasthe although the clickable points
passwordpoint.Mostpeoplehaveaclickvariationof3pixels areknownforeachcharacter.
orless[18].TextPoint,arecognitionrecallCaRPschemewith Thisisataskbeyondabots
an alphabet of characters, is presented next, followed by a capability.
variationforchallengeresponseauthentication.
A password is a sequence
of clickable points. A
character can typically
A.TextPoints
Characters contain invariant points. Fig. 5 shows some contribute multiple clickable
invariant points of letter A, which offers a strong cue to points. Therefore TextPoints
memorizeandlocateitsinvariantpoints.Apointissaidtobe has a much larger password
spacethanClickText.
an internal point of an object if its distance to the closest

Generation.
boundaryoftheobjectexceedsathreshold.Asetofinternal Image
invariant points of characters is selected to form a set of TextPoints images look
clickablepoints forTextPoints.Theinternalityensuresthataidenticalto ClickTextimages
clickablepointisunlikelyoccludedbyaneighboringcharacter andaregeneratedinthesame
and that its tolerance region unlikely overlaps with any wayexceptthatthelocations
toleranceregionofaneighboringcharactersclickablepoints ofalltheclickablepointsare
ontheimagegeneratedbytheunderlyingCaptchaengine.In checkedtoensurethatnoneof
determiningclickablepoints,thedistancebetweenanypairof them is occluded or its
clickablepointsinacharactermustexceedathresholdsothat tolerance region overlaps
theyareperceptuallydistinguishableandtheirtoleranceregions anotherclickablepoints.We
donotoverlaponCaRPimages.Inaddition,variationshouldsimply generate another
alsobetakenintoconsideration.Forexample,ifthecenterofa image if the check fails. As
strokesegmentinonecharacterisselected,weshouldavoid suchfailuresoccurrarelydue
selecting the center of a similar stroke segment in another to the fact that clickable
pointsare all internal points,
character.Instead,weshouldselect
the restriction due to the
checkhasanegligibleimpact
on the security of generated
images.
Authentication.

When

creating a password, all

clickable pointsaremarkedon
corresponding characters in a
CaRPimageforausertoselect.
Duringauthentication,theuser
first identifies her chosen
characters, and clicks the
password points on the right
characters. The authentication
server maps each userclicked
pointontheimagetofindthe
closestclickable point.Iftheir
distance exceeds a tolerable
range, login fails. Otherwise a
sequenceofclickablepointsis
recovered,anditshashvalueis
computedtocomparewiththe
storedvalue.

It is worth comparing
potential password points
between TextPoints and
traditional

clickbased
graphical passwords such as
PassPoints[5].InPassPoints,
salient points should be
avoidedsincetheyarereadily
picked up by adversaries to
mount dictionaryattacks,but
avoidingsalientpointswould
increase the burden to
remember a password. This
conflict does not exist in
TextPoints. Clickable points
in TextPoints are salient
pointsoftheircharactersand
thus help remember a
password, but cannot be
exploited by bots since they
are both dynamic (as
compared to static points in
traditionalgraphicalpassword
schemes)andcontextual:

Dynamic: locations
of clickable points and
their contexts (i.e.,
characters) vary from
one image to another.
The clickable points in
one image are
computationally inde
pendent of the clickable
pointsinanotherimage,
aswewillseeinSection
VIB.
2 Contextual:
Whether a similarly
structured point is a

clickablepointornotdependsonitscontext.Itisonlyif
withintherightcontext,i.e.,attherightlocationofaright

character.

ZHUetal.:NEWSECURITYPRIMITIVEBASEDONHARDAIPROBLEMS

897

each userclicked point falls

intothesamegridcellasthe
Thesetwofeaturesrequirerecognizingthecorrectcontexts, original password point.
i.e.,characters,first.BytheverynatureofCaptcha,recogniz Therefore the sequence of
ingcharactersinaCaptchaimageisataskbeyondcomputers gridcells generated from
capability.Therefore,thesesalientpointsofcharacterscannot userclickedpointsisidentical
beexploitedtomountdictionaryattacksonTextPoints.
to the one that the
authentication

server
generates

from

the

stored
B.TextPoints4CR
passwordoftheaccount.This
FortheCaRPschemespresenteduptonow,thecoordinatesof
sequence is used as if the
userclicked points are sent directly to the authentication server
sharedsecretbetweenthetwo
during authentication. For more complex protocols, say a
parties in a challenge
challengeresponse authentication protocol, a response is sentto
response authentication
theauthenticationserverinstead.TextPointscanbemodifiedtofit protocol.
challengeresponseauthentication.Thisvariationiscalled
Unlike other CaRP
TextPointsforChallengeResponseorTextPoints4CR.
schemes presented in this
UnlikeTextPointswhereintheauthenticationserverstoresapaper,

TextPoints4CR
saltandapasswordhashvalueforeachaccount,theserverin requires the authentication
TextPoints4CRstoresthepasswordforeachaccount.Another server to store passwords
difference is that each character appears only once in a instead of their hash values.
TextPoints4CR image but may appear multiple times in a Stored passwords must be
TextPoints image. This is because both server and client in protectedfrominsiderattacks;
TextPoints4CR should generate the same sequence offor example, they are
discretizedgridcellsindependently.Thatrequiresauniquewayencrypted with a master key
togeneratethesequencefromthesharedsecret,i.e.,password. that only the authentication
Repeatedcharacterswouldleadtoseveralpossiblesequences serverknows.Apasswordis
forthesamepassword.Thisuniquesequenceisusedasifthe decrypted only when its
shared secret in a conventional challengeresponseassociatedaccountattemptsto
authenticationprotocol.
login.
InTextPoints4CR,animageispartitionedintoafixedgrid
withthediscretizationgridcellofsizealongbothdirections.
The minimal distance between any pair of clickable points
VI.
shouldbelargerthan byamarginexceedingathresholdto
SECURITY
preventtwoclickablepointsfromfallingintoasinglegridcell
inanimage.Supposethataguaranteedtoleranceofclickerrors
ANALYSIS
alongbothxaxisandyaxisis,werequirethat4.
ImageGeneration.TogenerateaTextPoints4CRimage,theA.SecurityofUnderlying
sameproceduretogenerateaTextPointsimageisapplied.ThenCaptcha
the following procedure is applied to make every clickable Computational
pointatleastdistancefromtheedgesofthegridcellitliesin. intractability in recognizing
All the clickable points, denoted as set , are located on theobjects in CaRP images is
image.Foreverypointin ,wecalculateitsdistancealongxfundamental to CaRP.
axisoryaxistothecenterofthegridcellitliesin.Apointis ExistinganalysesonCaptcha
saidtobeaninternalpointifthedistanceislessthan0.5securityweremostlycaseby
along both directions; otherwise a boundary point. For eachcase or used an approximate
boundarypointin,anearbyinternalpointinthesamegridcellprocess.Notheoreticsecurity
isselected.Theselectedpointiscalleda targetpoint ofthemodel has been established
boundarypoint.Afterprocessingallthepointsin,weobtainayet. Object segmentation is

as

a
newset comprisinginternal points;theseareeitherinternal considered
computationallyexpensive,
clickablepointsortargetpointsofboundaryclickablepoints.
Mesh warping [36], widely used in generating text Captcha combinatoriallyhard problem
challenges,isthenusedtowarptheimagesothat mapsto .[30], which modern text
Theresult isaTextPoint4CR imagewhereineveryclickable Captcha schemes rely on.
According to [30], the com
point would tolerate at least of click errors. Selection of
plexity of object
targetpointsshouldtrytoreduce warpingdistortioncausedby
segmentation,
C, is
mappingto.
exponentially dependent of
Authentication. In entering a password, a userclicked point is
the number M of objects
replacedbythegridcellitliesin.Ifclickerrorsarewithin,

containedinachallenge,and
polynomially dependent of

the size N of the Captcha

M

alphabet: C = P( N),
where > 1isaparameter,
and P() is a polynomial
function.ACaptchachallenge
typically contains 6 to 10
characters, whereas a CaRP
imagetypicallycontains
30 or more characters. The
complexitytobreak aClick
30
Text image is about P(
10
20
N)/( P( N)) = times
the
complexitytobreakaCaptcha
challenge generated by its
underlying Captcha scheme.
Therefore ClickText is much
harder to break than its
underlying Captcha scheme.
Furthermore, characters in a
CaRP scheme are arranged
twodimensionally, further
increasing segmentation
difficulty due to one more
dimension to segment. As a
result, we can reduce
distortions in ClickText
imagesforimprovedusability
yetmaintainthesamesecurity
level as the underlying text
Captcha. ClickAnimal relies
on both object segmentation
and

multiplelabel
classification. Its security
remainsanopenquestion.
Asaframeworkofgraphical
passwords,CaRPdoesnotrely
on any specific Captcha
scheme.IfoneCaptchascheme
gets broken, a new and more
robust Captcha scheme may
appearandbeusedtoconstruct
a new CaRP scheme. In the
remainingsecurityanalysis,we
assumethatitisintractablefor
computers to recognize any
objectsinanychallengeimage
generated by the underlying
Captcha of CaRP. More
accurately, the Captcha is
assumed to be chosenpixel
attack (CPA)secure defined
withthefollowingexperiment:
anadversaryAfirstlearnsfrom
an arbitrary number of
challengeimagesbyqueryinga
groundtruth oracle O as
follows: A selects an arbitrary

numberofinternalobjectpointsandsendsto O,whichrespondschallengeimageandselectsan
with the object that each point lies in. Then A receives a newinternalobjectpointtoqueryO

again.

898

IEEETRANSACTIONSONINFORMATIONFORENSICSANDSECURITY,VOL.9,NO.6,JUNE2014

C.HumanGuessingAttacks
Inhumanguessingattacks,
ThistimeOchoosesarandombitb {0,1}todeterminewhathumans
are used to enter
toreturn:Itreturnsthetrueobjectif b = 1;otherwiseafalsepasswords in the trial and
error

process.
Humans are
objectselectedwithacertainstrategy.Aisaskedtodetermine
much slower than computers
whetherthereturnedobjectisthetrueobjectthattheinternal inmountingguessingattacks.
objectpointliesinornot.ACaptchaschemeissaidtobeCPA For 8character passwords,
secure if A cannot succeedwithaprobabilitynonnegligibly thetheoreticalpasswordspace
8
40
is 33 2 for ClickText
higherthan,theprobabilityofarandomguess.
with an alphabet of 33
8

26

characters, 10 2 for
ClickAnimalwithanalphabet
7
of10animals,and1046
B.AutomaticOnlineGuessingAttacks
42
2 for AnimalGrid with the
In automatic online guessing attacks, the trial and error settingasClickAnimalplus6
6grids.Ifweassumethat
processisexecutedautomaticallywhereasdictionariescanbe
1000peopleareemployedto
constructed manually. If we ignore negligible probabilities, work8hoursperdaywithout
anystopinahumanguessing
CaRPwithunderlyingCPAsecureCaptchahasthefollowing attack, and that each person
takes30secondstofinishone
properties:
trial. It would take them on

8
1. Internal objectpoints on one CaRP image are average0.533 30/(3600

8 1000 365) 2007

computationallyindependent of internal objectpoints onyears to break a ClickText
8
anotherCaRPimage.Particularly,clickablepointsonone password, 0.5 10 30/
(360081000)52daysto
imagearecomputationallyindependentofclickablepoints break a ClickAnimal
7
onanotherimage.
password,or0.5 10 46
30/(3600

1000

365)
2. Eq.(3)holds,i.e.,trialsinguessingattacksaremutually 6219 years to break an
AnimalGrid

password.
independent.
Human guessing attacks on
Thefirstpropertycanbeprovedbycontradiction.Assume TextPoints require a much
thatthepropertydoesnothold,i.e.,thereexistsaninternal longer time than those on
objectpointononeimageAthatisnonnegligiblydependentClickText since TextPoints
a much larger password
ofaninternalobjectpointonanotherimageB.Anadversaryhas
can exploit thisdependency to launch the followingchosenspace.
pixelattack.Inthelearningphase,imageAisusedtolearnthe Just like any password
objectthatcontainspoint .Inthe testingphase,point onscheme, a longitudinal
image B is used to query the oracle. Since point is non
negligiblydependentofpoint ,thisCPAexperimentwouldevaluation is needed to
result in a success probability nonnegligibly higher than a establish the effective
randomguess,whichcontradictstheCPAsecureassumption.
password space for each
Weconcludethatthefirstpropertyholds.
Thesecondpropertyisaconsequenceofthefirstproperty CaRP instantiation. This
since userclicked internal objectpoints in one trial are requires a separate study
computationallyindependent of userclicked internal objectsimilartowhatBonneau[42]
pointsinanothertrialduetothefirstproperty.Wehaveignored didfortextpasswords.
backgroundandboundaryobjectpointssinceclickinganyof A recent study on text
themwouldleadtoauthenticationfailure.
passwords[42] indicatesthat
Eq.(3)indicatesthatautomaticonlineguessingattackscan users tend to choose
find a password only probabilistically no matter how many passwords of 68 characters
trialsareexecuted.Evenifthepasswordguesstobetestedina and have a strong dislike of
trial is the actual password, the trial has a slim chance to using nonalphanumeric
succeedsinceamachinecannot recognizetheobjectsinthe characters, and that an
CaRPimagetoinputthepasswordcorrectly.Thisisagreat acceptable benchmark of
contrast to automatic online guessing attacks on existingeffective password space is
graphical passwords which are deterministic, i.e., that each the expected number of
trial in a guessing attack can always determine if the tested optimal guesses per account
password guess is the actual password or not, and all the needed to break 50% of
passwordguessescanbedeterminedbyalimitednumberofaccounts,whichisequivalent
trials.Particularly,bruteforceattacksordictionaryattackswith to21.6bitsforYahoo!users.
thetargetedpasswordinthedictionarywouldalwayssucceed If we assume that ClickText
inattackingexistinggraphicalpasswords.
hasroughlythesameeffective
password space as text
passwords, it requires on

average1000peopletowork
1.65 days or one person to
work 4.54 years to find a
ClickTextpassword.
D.RelayAttacks
Relay attacks may be
executed in several ways.
Captcha challenges can be
relayed to a highvolume
Websitehackedorcontrolled
byadversariestohavehuman
surferssolvethechallengesin
order to continue surfing the
Website, or relayed to
sweatshopswherehumansare
hired to solve Captcha
challenges for small
payments.IsCaRPvulnerable
torelayattacks?Wemakethe
same assumption as Van
Oorschot and Stubblebine
[15] in discussing CbPA
protocolsrobustnesstorelay
attacks: a person will not
deliberately participate in
relay attacks unless paid for
thetask.Thetasktoperform
andtheimageusedinCaRP
areverydifferent from those
used to solve a Captcha
challenge. This noticeable
differencemakesithardfora
persontomistakenlyhelptest
a password guess by
attemptingtosolveaCaptcha
challenge.Thereforeitwould
be unlikely to get a large
numberofunwittingpeopleto
mount human guessing
attacksonCaRP.Inaddition,
human input obtained by
performingaCaptchataskon
a CaRP image is useless for
testingapasswordguess.
If sweatshops are hired to
mounthumanguessingattack,
we can make a rough
estimation of the cost. We
assumethat the cost toclick
one password on a CaRP
imageisthesameassolvinga
Captchachallenge.Usingthe
lowestretailprice,$1,

ZHUetal.:NEWSECURITYPRIMITIVEBASEDONHARDAIPROBLEMS

urable text Captcha engine

commercially used by
reported [34] to solve 1000 Captcha challenges, the average Microsoft.
26
costtobreaka26bitpasswordis0.52 1/1000,orabout
33.6thousandUSdollars.
E.ShoulderSurfingAttacks
Shouldersurfing attacks are a threat when graphical
passwords are entered in a public place such as bank ATM
machines. CaRP is not robust to shouldersurfing attacks by
itself. However, combined with the following dualview
technology,CaRPcanthwartshouldersurfingattacks.
By exploiting the technical limitation that commonlyused
LCDs show varying brightness and color depending on the
viewingangle,thedualviewtechnologycanusesoftwarealone
to display two images on a LCD screen concurrently, one
public image viewable at most viewangles, and the other
private image viewable only at a specific viewangle [38].
WhenaCaRPimageisdisplayedastheprivateimagebythe
dualviewsystem,ashouldersurfingattackercancaptureuser
clickedpointsonthescreen,butcannotcapturetheprivate
CaRPimagethatonlytheusercansee.However,theobtained
userclickedpointsareuselessforanotherloginattempt,where
a new, computationallyindependent image will be used and
thusthecapturedpointswillnotrepresentthecorrectpassword
onthenewimageanymore.
To the contrary, common implementations of graphical
passwordschemessuchasPassPointsuseastaticinputimage
in the same location of the screen for each login attempt.
Althoughthisimagecanbehiddenastheprivateimagebythe
dualviewtechnologyfrombeingcapturedbyashouldersurfer,
theuserclickedpointscapturedinasuccessfulloginarestill
thevalidpasswordfornextloginattempt.Thatis,capturingthe
pointsaloneissufficientforaneffectiveattackinthiscase.
Ingeneral,thehigherthecorrelationofuserclickedpoints
betweendifferentloginattemptsis,thelesseffectiveprotection
the dualview technology would provide to thwart shoulder
surfingattacks.
F.Others
CaRP is not bulletproof to all possible attacks. CaRP is
vulnerableifaclientiscompromisedsuchthatboththeimageand
userclicked points can be captured. Like many other graphical
passwordssuchasCCPandPCCP,CaRPschemesusingthebasic
CaRPauthenticationarevulnerabletophishingsinceuserclicked
points are sent to the authentication server. However, CaRP
schemes such as TextPoints4CR used with challengeresponse
authenticationarerobusttophishingtoacertainlevel:aphishing
adversary has to mount offline guessing attacks to find out the
passwordusingtheverifiabledataobtainedthroughasuccessful
phishingattack.

VII.EMPIRICALEVALUATIONS
A.Implementations
ClickText and AnimalGrid were implemented using
ASP.NET. ClickText was implemented by calling a config

899

This Captcha engine accepts

only capital letters. As a
result,wechosethefollowing
33charactersinourusability
studies: capital letters except
I,J,O,andZ,digitsexcept0
and 1, and three special
characters#,@,and&.
The last three special
characters were chosen to
balance security and users
strong dislike of using non
alphanumeric characters in
text passwords [42].
Characterswerearrangedin5
rows. Each character was

randomlyrotatedfrom30 to

30 and scaled from 60% to

120%.Neighboringcharacters
couldoverlapupto3pixels.
Warpingeffectwassettothe
light level. Each image was
setto400by400pixels.Fig.
2 in Section IVA shows an
image generated with the
abovesetting.
In our implementation of
AnimalGrid, we used an
alphabet of10animals:bird,
cow,horse,dog,giraffe,pig,
rabbit, camel, element, and
dinosaur. Each animal had
three3Dmodels.Thenumber
of animals in a ClickAnimal
imagerangedrandomlyfrom
10 to 12, with the extra
animals randomly selected
from the alphabet. In
generating an animal object,
one of the three 3D animal
models was randomly
selected, and posed at a
random view ingeneratinga
2D object. Each animal was
assigned a color randomly
selected from a set of 12
colors. Generated 2D objects
were placed randomly on a
grass background, with the
mainpartofeachanimalnot
occluded by other animals.
EachClickAnimalimagewas
alsosetto400by400pixels.
A 6 6 grid was used for
CAS. Cells were labeled
clockwisestartingfromcell0.
Fig.4inSectionIVshowsan
example of generated

ClickAnimalimagesandanexampleofgridimages.Therewas for all the schemes. As

acrossiconontopofagridimagethatausercouldclickto explainedlater,TextandP +
closethegridimage.
C were conducted as if they
were a single scheme to
participants.
B.UsabilityStudy
Werecruited40(30males
1)ExperimentalSettings
and 10 females) voluntary
WeconductedaninlabusabilitystudytocompareClick senior and graduate students
Text,AnimalGrid,PassPoints,textpassword(Text),andtextmajoring in engineering and
passwordcombinedwithtextCaptcha(P+C).P+Cwasusedsciences, with ages ranging
to simulate a CbPAprotocol when a Captcha challenge was from 20 to 28 years (the
usedinlogin.InP+C,auserwasaskedtoenterapasswordaverage age = 23.4 and the
andsolveaCaptchachallengegeneratedwiththesameCaptcha standard deviation = 1.74).
engineusedinClickText.EachCaptchachallengecontained6 For pragmatic reasons, they
to8randomcharacters.Keyboardinputwasusedtocreateand were recruited from interns
enterpasswordsforTextandP+CaswellastoenteruserIDs working at Microsoft

ResearchAsia.Noneofthem
had studied security or was
involved in any security
usability study before. They
were involved in this work
solely as participants in our
usability study. All
participants were trained to
get familiar with each
authentication scheme and
their experimental tasks
before our data collection.
Duringtheexperiment,oneof
the authors got each
participant when it was time
fortheparticipanttotake

900

IEEETRANSACTIONSONINFORMATIONFORENSICSANDSECURITY,VOL.9,NO.6,JUNE2014

senttotheusertosolve.Ifthe
participant failed with the
atest,whichensuresthatwecouldcollecttherequireddata challenge, another challenge
fromeveryparticipant.
wasgeneratedandused.This
Eachschemewastestedinthefollowingsetting:apartic
ipant used a web browser to interact with an authentication
server,creatingpasswordsorloggingintotheserver.Oncea
participant submitted his/her credentials to the server, the
browserwouldshowtheloginresult.
Theschemeswereclassifiedintotwocategoriesaccordingto
theirtypesofpasswords:AnimalGridandPassPointsinthefirst
category,andtheremainingschemesinthesecondcategory.A
passwordfortheschemesinthesecondcategorywasastringof
characters.
Eachparticipantwasaskedtocreateanewpassword never
usedpreviouslyforeachscheme,4intotal,andauserIDforall
theschemes.Eachcreatedpasswordconsistedof8characters
orclickpoints.Wealsomadeitexplicitthatparticipantswere
notallowedtowritedowntheirpasswords.
Each password must meet the following minimum com
plexity requirements. A password must contain at least one
letter,onedigit,andonenonalphanumericalcharacterforboth
Text and ClickText, and at least three different animals for
AnimalGrid.NorepeatingpatternssuchasA#A#orDog,
Dog, were allowed. For PassPoints, clickpoints in a
password must be distinct (i.e., no clickpoint was inside
another clickpoints tolerance range). Each password was
verifiedimmediatelyaftercreation.
The study was partitioned into two stages. Two schemes
weretestedineachstage.Inthefirststage,twoschemes,one
fromeachcategory,wererandomlyselectedforaparticipantto
test.Oneschemehadastringoftextcharactersasapassword
whiletheotherhadastringofanimalsandgridcellsorclick
pointsasapassword.
Duringthestudy,eachparticipantwasaskedtologinwith
thefollowingintervalsbetweentwoconsecutivelogintests:one
houraftercreation,oneday,oneweek,andthreeweeks.Ineach
test,aparticipantwasallowedthreetriestologin.Ifhe/she
failed three attempts, his/her password was considered
forgotten, and no more test would be conducted with the
participantforthatspecificscheme.
Inthesecondstage,theremainingtwoschemesweretested
inthesamewayasabove.
Intheend,eachparticipantwasrequiredtofillaquestion
nairetocompareClickText andAnimalGridwithPassPoints
andText,andtocompareClickTextwithP+C,intermsofease
of use as a password system, taking both memorizing and
enteringapasswordintoconsideration.
Aparticipantslogintimeineachtrialwasrecordedbythe
server.Wedefinethelogintimeasthedurationfromthetime
whentheserverreceivedaloginrequesttothetimewhenthe
servergaveitsresponsetotheloginrequest,whichincludesthe
timetoenteruserIDandpassword,togenerateaCaRPimage,
and to communicate between the server and a participants
browser.
For Text and P + C, a participant was asked to enter a
password. If successful, the server recorded the time as the
logintimeforText,andthengeneratedaCaptchachallengeand

processwasrepeateduntilthe
server received a correct
answer to a challenge. Then
theserverrecordedthetimeas
the login time for P + C,
which included the time that
theparticipantfailedtosolve
achallenge.
2)ExperimentalResults
Usability. Among all the
recorded login attempts,
24.4% failed. Tests after a
largerintervaltendedtohave
more failed attempts. Some
participants contributed
significantly more failed
attempts than others. At the
end of tests, 40 (100%)
participantsrememberedtheir
PassPoints passwords, 39
(97.5%) remembered their
passwords of both ClickText
and AnimalGrid, and 34
(85%)rememberedtheirText
passwords. One participant
forgot the AnimalGrid
passwordattheonehourtest,
and another one forgot the
ClickText password at the
oneweektest.ForText,two
participants forgot their
passwords at the oneweek
test, and four forgot at the
threeweek test. PassPoints
scored the best in
memorability whereas Text
scoredtheworst.Thismaybe
partially due to the fact that
hotspots were allowed for
PassPoints passwords, and
that Text passwords had a
much larger alphabet than
both ClickText and
AnimalGrid.
Table I shows the login
time averaged over the 40
participants successful login
attempts and the sample
standarddeviationaswell as
the maximum and minimum
logintimesforeachscheme.
ClickText,AnimalGridandP
+Chadsimilaraveragelogin
timewhereasPassPointshada
little shorter average login
time.Texthadamuchshorter
average login time than the

other schemes. Each scheme had a large sample standard ease of use as a password as compared to Text.
deviation relative to the average login time, indicating large system. We assign a value ClickText has a mean of
variationsoflogintimeforeachscheme,whichisconfirmedby ranging from 1 to 5 to each 3.875 and a median of 4 as
thegreatdifferencebetweentheminimumandmaximumlogin category, indicating the comparedtoP+C.
timesineachcolumnshowninTableI.Thisismainlycaused spectrum from much more
Security. We also analyzed
by large individual differences. We did not detect obvious difficult to much easier. the security of the passwords
patternsindicatingthatatestwithalongerintervalhadalarger ClickTexthasameanvalueof we collected for Text and
logintimethanatestwithashorterinterval.Wedidnoticethat 3.2andamedianvalueof3as ClickText, with a popular
some participants had a much larger login time when the comparedtoPassPoints,anda passwordcracking tool, John
precedingtrialfailed,butmanyotherparticipantsdidntfollow meanof2.85andamedianof the Ripper version 1.7.9 [43].
thisobservation.
2 as compared to Text. Given our sample size of 40
Thepasswordsinourtestswereusedmuchlessfrequently AnimalGrid has a mean of users, the distribution of
thantypicalusageofapasswordinpracticesincewewouldlike3.325 and a median of 4 as passwords will not be as
to test password memorability for each scheme. We expectcomparedtoPassPoints,anda completeasalargerstudywith
improvedresultswhenapasswordisusedmorefrequently.
meanof3.5andamedianof4 significantlymoreusers,
TableIIshowsthecomparisonresultsofdifferentschemefor
ZHUetal.:NEWSECURITYPRIMITIVEBASEDONHARDAIPROBLEMS
to8characters,andthattherecommendedwordlistall.lst
from[44]wasusedinthewordlistmode.Whenoperating
TABLEI
inbothsinglecrackandwordlistmodes,JohntheRipper
LOGINTIMEFORDIFFERENTSCHEMES:AVERAGE(T),SAMPLE
didntfindanypasswordforeitherTextorClickText.When
STANDARDDEVIATION(),MAX.ANDMIN.
running in the incremental mode for 24 hours on a HP
Compaq Elite 8100 PC with Intel Core i7870 CPU, 8GB
RAMand64bitWindows7OS,JohntheRipperfoundtwo
of 40 (i.e., 5.0%) passwords for Text but didnt find any
passwordforClickText.Thesmalldifferenceintheresultsof
the incremental mode is probably because the unusual
alphabetsetinClickTextincreasedauserschancetochoose
morerandompasswordsinordertomeetthesamepassword
complexityrequirementappliedtobothTextandClickText.A
separatelongitudinalstudyisneededtofullyunderstandthe
distribution and security of ClickText passwords that users
TABLEII
wouldselect.
COMPARINGDIFFERENTSCHEMESFOREASEOFUSE
Weconcludefromthecrackingresultsthatthepasswords
the participants selected for Text and ClickText were
reasonablystrong,whichmatchesourexpectationofthe

butsuchananalysiscanprovideatleastanindicationoftheir
security.
JohntheRipperhasthreeoperationmodes:singlecrack,
wordlist, and incremental. In the single crack mode,
loginnamesandotheraccountinformationaswellasalarge
setofmanglingrulesareusedtogeneratepasswordguesses.
Inthewordlistmode,alistofwordsandwordmangling
rules are used to generate password guesses. In the
incremental mode, a brute force attack is applied, with
guesses being tested at the descending order of their
likelihoodtobeapassword.
Inourstudy,thedefaultparametersandsettingswereused
forJohntheRipperexceptthatlengthofapasswordwasset

901

C.ComputationLoadonServer
passwordcomplexityrequirement described intheprevious
subsection.
3)Discussions
Wiedenbecket al.[5]studiedmemorabilityoftextpass
wordsandPassPointswith20participantsforeachscheme:
their recall rate after one week was 65% and 70%,
respectively.Ourmemorabilityresultsarehigherthantheirs
forbothtextandPassPointspasswords.
Thesamplesizesinboth[5]andourstudiesweretoosmall
toexplainconclusivelythedifferenceintheresults.However,
thisdifferencecouldprobablybeexplainedbythedifference
of the subjects in both studies. First, although randomly
chosen,ourparticipantswerefromthepoolofinternsworking
atMicrosoftResearchAsia,whowereselectedtypicallyfrom
leading universities. Second, our participants were used to
strongtextpasswordsastheirMicrosoftaccountswerestrictly
enforced with strong password policies (e.g. each account
must use a complex password, and a password has to be
changed regularly, with the new password having to be
significantlydifferentfrompreviouslyusedones).Third,our
participantsweremuchyounger,withanaverageageof23.4
yearsascomparedtotheaverageof32.9yearsinWiedenbeck
etal.sexperiment.
However,wedonotthinkthissamplebiasintroducedan
undueimpactonthemaingoal ofourexperiment,namely,
comparingtheperformanceofCaRPwithotherauthentication
schemes.Nonetheless,userstudieswithadiversesamplepool
areneededforCaRP,whichareourfuturework.

Comparedwithmanygraphicalpasswordschemes,gener
ationofCaRPimagesisanextraloadontheserverside.We
testedourimplementationsofClickTextandAnimalGridon
thesameHPCompaqElite8100PCweusedtorunJohnthe
Ripper,asdescribedinSectionVIIB.Forimagesof400x400
pixels, the average speed was 10.68 images per second in
generating a ClickText image with 33 characters and 0.86
images/singeneratinganAnimalGridimagewith10to12
animals. Our implementations were singlethreaded without
codeoptimization,anddidnottakeanyadvantageofmulti
core capability of the test machine. Much faster image
generation should be viable by exploiting multicore
architectureoftodaysserversandbyoptimizingthecode.
VIII.BALANCEOFSECURITYANDUSABILITY
Some configurations of CaRP offer acceptable usability
acrosscommondevicetypes,e.g.ourusabilitystudiesused
400400images,whichfitdisplaysofsmartphones,iPads,
andPCs.While
CaRPmaytakeasimilartimeto enter
a passwordas
othergraphicalpasswordschemes,it takes
a longertime to
enterapasswordthanwidelyused text
passwords.WediscusstwoapproachesforbalancingCaRPs
securityandusability.
A.AlphabetSize
Increasingalphabetsizeproducesalargerpasswordspace,
andthusismoresecure,butalsoleadstomorecomplexCaRP

902

IEEETRANSACTIONSONINFORMATIONFORENSICSANDSECURITY,VOL.9,NO.6,JUNE2014

images.WhenthecomplexityofCaRPimagesgetsbeyonda
certainpoint,humansmayneedasignificantamountoftimeto
recognize the characters in a CaRP image and may get
frustrated.TheoptimalalphabetsizeforaCaRPschemesuch
asClickTextremainsanopenquestion.
Itispossibletouseafixedsubsetofthealphabettogenerate
CaRPimagesforauseriftheserverreceivesheruserIDbefore
sendinganimage.Inthiscase,theauthenticationserverallows
ausertocreateherpasswordfromthefullalphabet.Oncethe
password is created, the server finds a suitable subset of a
reasonablesize,whichcontainsallthesymbolsinthepassword.
Theserverstoresthesubsetoritsindexfortheaccount,and
retrievesitlaterwhentheaccountattemptstologintogenerate
aCaRPimage.Thisschemeissuitablewhenthealphabetmust
be large while some people would log in on smallscreen
devicesforwhichanimageusingthefullalphabetwouldbetoo
complextoquicklyidentifytheobjectsintheimage.
B.AdvancedMechanisms
TheCbPAprotocolsdescribedinSectionIICrequireauser
tosolveaCaptchachallengeinadditiontoinputtingapassword
undercertainconditions.Forexample,theschemedescribedin
[16] applies a Captcha challenge when the number of failed
loginattemptshasreachedathresholdforanaccount.Asmall
threshold is applied for failed login attempts from unknown
machinesbut alargethresholdisappliedforfailedattempts
from known machines on which a successful login occurred
withinagiventimeframe.Thistechniquecanbeintegratedinto
CaRPtoenhanceusability:

1. A regular CaRP image is applied when an account has

reachedathresholdoffailedloginattempts.Asin[16],
differentthresholdsareappliedforloginsfromknownand
unknownmachines.
2. OtherwiseaneasyCaRPimageisapplied.
AneasyCaRPimagemaytakeseveralformsdependingon
theapplicationrequirements.Itcanbeanimagegeneratedby
the underlying Captcha generator with less distortion or
overlapping,apermutedkeypadwhereinundistortedvisual
objects (e.g. characters) are permuted, or even a regular
keypadwhereineachvisualobject(e.g.,character)isalways
located at a fixed position. These different forms of easy
CaRPimagesallowasystemtoadjustthelevelofdifficultyto
fititsneeds.
WithsuchamodifiedCaRP,auserwouldalwaysentera
passwordonanimageforbothcaseslistedabove.Noextratask
isrequired.Theonlydifferencebetweenthetwocasesisthata
hardimageisusedinthefirstcasewhereasaneasyimageis
usedinthesecondcase.
IX.CONCLUSION
WehaveproposedCaRP,anewsecurityprimitiverelyingon
unsolved hard AI problems. CaRP is both a Captcha and a
graphicalpasswordscheme.ThenotionofCaRPintroducesa
new family of graphical passwords, which adopts a new
approach to counter online guessing attacks: a new CaRP

image, which is also a

Captchachallenge,isused

for every login attempt to

make trials of an online
guessing

attack
computationally independent
ofeachother.Apasswordof
CaRP can be found only
probabilisticallybyautomatic
online guessing attacks
including bruteforce attacks,
a desired security property
thatothergraphicalpassword
schemes lack. Hotspots in
CaRP images can no longer
be exploited to mount
automatic online guessing
attacks, an inherent
vulnerability in many
graphical password systems.
CaRP forces adversaries to
resort to significantly less
efficient and much more
costly humanbased attacks.
In addition to offering
protection from online
guessingattacks,CaRPisalso
resistant to Captcha relay
attacks,and,ifcombinedwith
dualview technologies,
shouldersurfing attacks.
CaRP can also help reduce
spamemailssentfromaWeb
emailservice.
Ourusabilitystudyoftwo
CaRP schemes we have
implemented is encouraging.
For example, more
participants

considered
AnimalGrid and ClickText
easiertousethan PassPoints
and a combination of text
password and Captcha. Both
AnimalGrid and ClickText
hadbetterpasswordmemora
bility than the conventional
text passwords. On the other
hand, the usability of CaRP
can be further improved by
using images of different
levels of difficulty based on
the login history of the user
and the machine used to log
in. The optimal tradeoff
betweensecurityandusability
remainsanopenquestionfor
CaRP,andfurtherstudiesare
needed to refine CaRP for
actualdeployments.

Like Captcha, CaRP utilizes unsolved AI problems. forrefinements,whichcallfor

However,apasswordismuchmorevaluabletoattackersthana useful future work. More
free email account that Captcha is typically used to protect.importantly,weexpectCaRP
ThereforetherearemoreincentivesforattackerstohackCaRP to inspire new inventions of
than Captcha. That is, more efforts will be attracted to the such AI based security
following winwin game byCaRP than ordinary Captcha: Ifprimitives.
attackerssucceed,theycontributetoimprovingAIbyproviding
REFE
solutions to open problems such as segmenting 2D texts.
RENC
Otherwise, our system stays secure, contributing to practical
ES
security.Asaframework,CaRPdoesnotrelyonanyspecific
Captchascheme.WhenoneCaptchaschemeisbroken,anew [1]R. Biddle,S.Chiasson,andP.
C. van Oorschot, Graphical
andmoresecureonemayappearandbeconvertedtoaCaRP
passwords: Learning from the
scheme.
first twelve years, ACM
Comput.Surveys,vol.44,no.4,
Overall,our work isone step forward inthe paradigm of
2012.
usinghardAIproblemsforsecurity.Ofreasonablesecurityand
[2](2012, Feb.). The Science
usabilityandpracticalapplications,CaRPhasgoodpotential
Behind Passfaces [Online].
ZHUetal.:NEWSECURITYPRIMITIVEBASEDONHARDAIPROBLEMS

[6]P. C. vanOorschot and J.Thorpe,On predictive models and user

drawngraphicalpasswords,ACMTrans.Inf.Syst.Security,vol.10,no.
4,pp.133,2008.

[7]K.Golofit,Clickpasswordsunderinvestigation,in Proc.ESORICS,
2007,pp.343358.

[8]A.E.Dirik,N.Memon,andJ.C.Birget,Modelinguserchoiceinthe

passpointsgraphicalpasswordscheme,inProc.Symp.UsablePrivacy
Security,2007,pp.2028.

[9]J.ThorpeandP.C.vanOorschot,Humanseededattacksandexploitinghot
spotsingraphicalpasswords,inProc.USENIXSecurity,2007,

42. 103118.
[10] P. C. van Oorschot, A. SalehiAbari, and J. Thorpe, Purely
automated attacks on passpointsstyle graphical passwords, IEEE
Trans.Inf.ForensicsSecurity,vol.5,no.3,pp.393405,Sep.2010.

[11]

P. C.vanOorschotandJ.Thorpe,Exploiting predictability in
clickbasedgraphicalpasswords,J.Comput.Security,vol.19,no.4,

Available:

[15]

P. C. van Oorschot and S. Stubblebine, On countering online

dictionaryattackswithloginhistoriesandhumansintheloop, ACM
Trans.Inf.Syst.Security,vol.9,no.3,pp.235258,2006.

[16]

M. Alsaleh, M. Mannan, and P. C. van Oorschot, Revisiting

defensesagainstlargescale onlinepasswordguessingattacks, IEEE
Trans. Dependable Secure Comput., vol. 9, no. 1, pp. 128141,
Jan./Feb.2012.

[17]

L. von Ahn, M. Blum, N. J. Hopper, and J. Langford,

CAPTCHA:
UsinghardAIproblemsforsecurity,inProc.Eurocrypt,2003,
pp.294311.

[18]

S. Chiasson, P. C. van Oorschot, and R. Biddle, Graphical

password
authenticationusingcuedclickpoints,inProc.ESORICS,2007,
pp.359374.

[19]

S. Chiasson, A. Forget, R. Biddle, and P. C. van Oorschot,

Influencing users towards better passwords: Persuasive cued click
points, in Proc. Brit. HCI Group Annu. Conf. People Comput.,
Culture,Creativity,Interaction,vol.1.2008,pp.121130.

Go:Aproposaltoimprovethe
usability of graphical
passwords, Int. J. Netw.
Security,vol.7,no.2,pp.273
292,2008.

[5]S.Wiedenbeck,J.Waters,J.C.

Birget, A. Brodskiy, and N.

Memon, PassPoints: Design
andlongitudinalevaluationofa
graphical password system,
Int. J. HCI, vol. 63, pp. 102
127,Jul.2005.

R.DhamijaandA.Perrig,DjVu:Auserstudyusingimages
forauthentication,inProc.9thUSENIXSecurity,2000,pp.14.

[22]

D. Weinshall, Cognitive authentication schemes safe against

spyware,in Proc.IEEESymp.SecurityPrivacy,May2006,pp.300
306.

[23]

P.DunphyandJ.Yan,DobackgroundimagesimproveDrawa
Secretgraphicalpasswords,inProc.ACMCCS,2007,pp.112.

[24]

P. Golle, Machine learning attacks against the Asirra

CAPTCHA,inProc.ACMCCS,2008,pp.535542.

[25]

B. B. Zhu et al., Attacks and design of image recognition

CAPTCHAs,inProc.ACMCCS,2010,pp.187200.

[26]

J.YanandA.S.ElAhmad,Alowcostattackonamicrosoft
CAPTCHA,inProc.ACMCCS,2008,pp.543554.

[27] G.MoriandJ.Malik,Recognizingobjectsinadversarialclutter,in
Proc.IEEEComput.SocietyConf.Comput.Vis.PatternRecognit.,Jun.
2003,pp.134141.

[29]

B.PinkasandT.Sander,Securingpasswordsagainstdictionary
attacks,inProc.ACMCCS,2002,pp.161170.

[4]H. Tao and C. Adams, Pass

[21]

[13]
[14]

Jermyn, A. Mayer, F.
Monrose, M. Reiter, and A.
Rubin,Thedesignandanalysis
of graphical passwords, in
Proc. 8th USENIX Security
Symp.,1999,pp.115.

D.Davis,F.Monrose,andM.Reiter,Onuserchoiceingraphical
passwordschemes,inProc.USENIXSecurity,2004,pp.111.

[28]

HP TippingPoint DVLabs, Vienna, Austria. (2010). Top Cyber

Security Risks Report, SANS Institute and Qualys Research Labs
[Online].Available:http://dvlabs.tippingpoint.com/toprisks2010

[3]I.

[20]

42. 669702,2011.
[12] T. Wolverton. (2002, Mar. 26). Hackers Attack eBay Accounts
[Online].Available:http://www.zdnet.co.uk/news/networking/2002/03/
26/hackersattackebayaccounts2107350/

http://www.realuser.com/publis
hed/ScienceBehindPassfaces.pd
f

G. Moy, N. Jones, C. Harkless, and R. Potter, Distortion

estimationtechniquesinsolvingvisualCAPTCHAs,in Proc.IEEE
Comput.Soc.Conf.Comput.Vis.PatternRecognit.,Jul.2004,pp.23
28.
K. Chellapilla, K. Larson, P. Simard, and M. Czerwinski,
Computers beat humans at single character recognition in reading
basedhumaninteractionproofs,inProc.2ndConf.EmailAntiSpam,
2005,pp.13.

[30]

K. Chellapilla, K. Larson, P. Simard, and M. Czerwinski,

Building segmentation based humanfriendly human interaction
proofs,in Proc. 2ndInt.WorkshopHumanInteractionProofs,2005,
pp.110.

[31]

J. Elson, J. R. Douceur, J. Howell, and J. Saul, Asirra: A

CAPTCHAthatexploitsinterestalignedmanualimagecategorization,
inProc.ACMCCS,2007,pp.366374.

[32]

R. Lin, S.Y. Huang, G. B. Bell, and Y.K. Lee, A new

CAPTCHAinterfacedesignformobiledevices,inProc.12thAustral.
UserInter.Conf.,2011,pp.38.

903

[33]

N.Joshi.(2009,Nov.29). KoobfaceWormAsksforCAPTCHA
[Online]. Available: http://blogs.mcafee.com/mcafeelabs/koobface
wormasksforCAPTCHA

[34]

M. Motoyama, K. Levchenko, C. Kanich, D. McCoy, G. M.

Voelker, and S. Savage, Re: CAPTCHAsUnderstanding
CAPTCHASolving Services in an Economic Context, in Proc.
USENIXSecurity,2010,pp.435452.

[35]

M.Szydlowski,C.Kruegel,andE.Kirda,Secureinputforweb
applications,inProc.ACSAC,2007,pp.375384.

[36]

G.Wolberg,2passmeshwarping,in DigitalImageWarping.
Hoboken,NJ,USA:Wiley,1990.

[37]

HP TippingPoint DVLabs, New York, NY, USA. (2011). The

MidYear Top Cyber Security Risks Report [Online]. Available:
http://h20195.www2.hp.com/v2/GetPDF.aspx/4AA37045ENW.pdf

[44]

Openwall Wordlists Collection [Online]. Available: http://www.

openwall.com/wordlists/
Bin B. Zhu received the B.S. degree in physics
fromtheUniversityofScienceandTechnologyof
China, Hefei, China, and the M.S. and Ph.D.
degreesinelectricalengineeringfromtheUniversity
ofMinnesota,Minneapolis,MN,in1986,1993,and
1998, respectively. From 1997to 2001,he wasa
Lead Scientist with Cognicity, Inc., a startup
companyhecofoundedwithhisdissertationAdvisor
andaColleaguein1997.Since2001,hehasbeena
ResearcherwithMicrosoftResearchAsia,Beijing,
China.Hehaspublishedfourbookchaptersand

morethan60journalandconferencepapers.Hehasalsoreceived38U.S.
patents.HisresearchinterestsincludeInternetsecurity,appliedcryptography,
datasecurityandprivacy,andmultimediaprocessing.

[38]

S.Kim,X.Cao,H.Zhang,andD.Tan,Enablingconcurrentdual
viewsoncommonLCDscreens,in Proc.ACMAnnu.Conf.Human
FactorsComput.Syst.,2012,pp.21752184.

[39]

S. Li, S. A. H. Shah, M. A. U. Khan, S. A. Khayam, A.R.

Sadeghi,andR.Schmitz,BreakingebankingCAPTCHAs,inProc.
ACSAC,2010,pp.110.

[40]

H.Gao,X.Liu,S.Wang,andR.Dai,Anewgraphicalpassword
schemeagainstspywarebyusingCAPTCHA,inProc.Symp.Usable
PrivacySecurity,2009,pp.760767.

[41]

L.Wang,X.Chang,Z.Ren,H.Gao,X.Liu,andU.Aickelin,
AgainstspywareusingCAPTCHAingraphicalpasswordscheme,in
Proc.IEEEInt.Conf.Adv.Inf.Netw.Appl.,Jun.2010,pp.19.

Jeff Yan received the Ph.D. degree in computer

securityfromCambridgeUniversity.Heisonthe
facultyofcomputerscience,NewcastleUniversity,
England. His recent research includes breaking
variousgraphicalpasswordsandCAPTCHAs,and
inventingnewones.Hehaspublishednovelattacks
thatbrokereCAPTCHA,andCAPTCHAsdesigned
byMicrosoft,Yahoo,andGoogle.Avariantofhis
graphical password design, Background Draw a
Secret,isdeployedinMicrosoftWindows8.

[42]

J.Bonneau,Thescienceofguessing:Analyzingananonymized
corpusof70millionpasswords,inProc.IEEESymp.SecurityPrivacy,
Jun.2012,pp.2025.

[43]

John the Ripper Password Cracker [Online]. Available:

http://www.openwall.com/john/

GuanboBaoreceivedthePh.D.degreeincomputer
sciencefromtheInstituteofAutomation,Chinese
Academy of Sciences, in 2012, where he is an
Assistant Professor. His research interests include
highperformancerenderingandimageediting.

904

IEEETRANSACTIONSONINFORMATIONFORENSICSANDSECURITY,VOL.9,NO.6,JUNE2014

MaoweiYangwasborninChongqingin1986.HereceivedtheB.S.andM.S.degrees NingXureceivedthe
in computer science and technology from Sichuan University, China, in2009 and B.S.degreefromthe
2012,respectively.HejoinedTencent,Guangzhou,China,in2012,andiscurrently NanjingUniversityof
workingonmobileInternetapplications.
Science

and
Technology and the
M.S. degree from
Shanghai Jiao Tong
University, both in
automation, in 2005
and

2008,

respectively. He is a
Research Software
Development
Engineer with the
Innovation
Engineering Group,
Microsoft Research
Asia.Heiscurrently
working on image
processing and
computer vision
relatedprojects.