Académique Documents
Professionnel Documents
Culture Documents
6,JUNE2014
891
CaptchaasGraphicalPasswordsANewSecurity
PrimitiveBasedonHardAIProblems
BinB.Zhu,JeffYan,GuanboBao,MaoweiYang,andNingXu
the capability of computers
AbstractManysecurityprimitivesarebasedonhardmathbuteasyforhumans.Captcha
ematical problems. Using hard AI problems for security isis now a standard Internet
emerging as an exciting new paradigm, but has been under
security technique to protect
explored.Inthispaper,wepresentanewsecurityprimitivebased
on hard AI problems, namely, a novel family of graphicalonline email and other
passwordsystemsbuiltontopofCaptchatechnology,whichweservicesfrombeingabusedby
call Captcha as graphical passwords (CaRP). CaRP is both a bots.
Captcha and a graphical password scheme. CaRP addresses a However,thisnewparadigm
numberofsecurityproblemsaltogether,suchasonlineguessinghas achieved just a limited
attacks, relay attacks, and, if combined with dualviewsuccess as compared with the
technologies,shouldersurfingattacks.Notably,aCaRPpassword
cryptographic primitives based
canbefoundonlyprobabilisticallybyautomaticonlineguessing
attacksevenifthepasswordisinthesearchset.CaRPalsooffersa on hard math problems and
novelapproachtoaddressthewellknownimagehotspotproblemtheir wide applications. Is it
inpopulargraphicalpasswordsystems,suchasPassPoints,thatpossible to create any new
oftenleadstoweakpasswordchoices.CaRPisnotapanacea,but securityprimitivebasedonhard
itoffersreasonablesecurityandusabilityandappearstofitwellAI problems? This is a
withsomepracticalapplicationsforimprovingonlinesecurity.
1) It causes denialof
I.INTRODUCTION
textpassword,butenteredby
2)
expensive
helpdesk costs for
accountreactivation.
Itisvulnerabletoglobal
password attacks [14]
whereby adversaries
intendtobreakintoany
account rather than a
specific one, and thus
try each password
candidate on multiple
accountsandensurethat
thenumberoftrialson
each account is below
the threshold to avoid
triggering account
lockout.
CaRPalsooffersprotection
against relay attacks, an
increasing threat to bypass
Captchas protection, wherein
Captcha challenges are
relayed to humans to solve.
Koobface [33] was a relay
attack to bypass Facebooks
Captcha in creating new
republication/redistribution
requiresIEEEpermission.
technologies.
See
tions_standards/publications/rights/inde
http://www.ieee.org/publica x.htmlformoreinformation.
892
IEEETRANSACTIONSONINFORMATIONFORENSICSANDSECURITY,VOL.9,NO.6,JUNE2014
ThisimpactonusabilitycanbemitigatedbyadaptingtheCaRP
images difficulty level based on the login history of the
accountandthemachineusedtologin.
TypicalapplicationscenariosforCaRPinclude:
1) CaRPcanbeappliedontouchscreendeviceswhereon
2)
typingpasswordsiscumbersome,esp.forsecureInternet
applications such as ebanks. Many ebanking systems
haveappliedCaptchasinuserlogins[39].Forexample,
ICBC(www.icbc.com.cn),thelargestbankintheworld,
requires solving a Captcha challenge for every online
loginattempt.
CaRPincreasesspammersoperatingcostandthushelps
reducespamemails.Foranemailserviceproviderthat
deploys CaRP, a spam bot cannot log into an email
accountevenifitknowsthepassword.Instead,human
involvementiscompulsorytoaccessanaccount.IfCaRP
iscombinedwithapolicytothrottlethenumberofemails
senttonewrecipientsperloginsession,aspambotcan
send only a limited number of emails before asking
humanassistanceforlogin,leadingtoreducedoutbound
spamtraffic.
35. BACKGROUNDANDRELATEDWORK
A.GraphicalPasswords
Alargenumberofgraphicalpasswordschemeshavebeen
proposed.Theycanbeclassifiedintothreecategoriesaccord
ingtothetaskinvolvedinmemorizingandenteringpasswords:
recognition,recall,andcuedrecall.Eachtypewillbebriefly
described here. More can be found in a recent review of
graphicalpasswords[1].
Arecognitionbasedschemerequiresidentifyingamongdecoys
the visual objects belonging to a password portfolio. A typical
schemeisPassfaces[2]whereinauserselectsaportfoliooffaces
fromadatabaseincreatingapassword.Duringauthentication,a
panelofcandidatefacesispresentedfortheusertoselecttheface
belongingtoherportfolio.Thisprocessisrepeatedseveralrounds,
each round with a different panel. A successful login requires
correct selection in each round. The set of images in a panel
remainsthesamebetweenlogins,buttheirlocationsarepermuted.
Story[20]issimilartoPassfacesbuttheimagesintheportfolioare
ordered, and a user must identify her portfolio images in the
correctorder.DjVu[21]isalsosimilarbutusesalargesetof
computergenerated randomart images. Cognitive
Authentication[22]requiresausertogenerateapaththrougha
panel of images as follows: starting from the topleft image,
movingdowniftheimageisinherportfolio,orrightotherwise.
Thisprocessisrepeated,each
timewithadifferentpanel.A
successfulloginrequiresthat
the cumulative probability
thatcorrectanswerswerenot
entered by chance exceeds a
threshold within a given
numberofrounds.
A recallbased scheme
requires a user to regenerate
the same interaction result
without cueing. DrawA
Secret(DAS)[3]wasthefirst
recallbased
scheme
proposed. A user draws her
password on a 2D grid. The
systemencodesthesequence
of grid cells along the
drawingpathasauserdrawn
password. PassGo [4]
improvesDASsusabilityby
encodingthegridintersection
points rather than the grid
cells. BDAS [23] adds
backgroundimagestoDASto
encourage users to create
morecomplexpasswords.
Inacuedrecallscheme,an
external cue is provided to
help memorize and enter a
password.PassPoints[5]isa
widely studied clickbased
cuedrecallschemewhereina
user clicks a sequence of
pointsanywhereonanimage
in creating a password, and
reclicks the same sequence
during authentication. Cued
Click Points (CCP) [18] is
similartoPassPointsbutuses
oneimageperclick,withthe
next image selected by a
deterministic
function.
PersuasiveCuedClickPoints
(PCCP)[19]extendsCCPby
requiring a user to select a
point inside a randomly
positioned viewport when
creatingapassword,resulting
inmorerandomlydistributed
clickpointsinapassword.
Among the three types,
recognition is considered the
easiest for human memory
whereas pure recall is the
hardest [1]. Recognition is
typically the weakest in
resisting guessing attacks.
Many proposed recognition
based schemes practically
and
13
16
combinatoriallyhard[30].
Machinerecognitionofnon
character objects is far less
capable than character
recognition. IRCs rely on the
difficulty of object
identification or classification,
possibly combined with the
difficulty of object
segmentation.Asirra[31]relies
onbinaryobjectclassification:
a user is asked to identify all
the cats from a panel of 12
images of cats and dogs.
Securityof
ZHUetal.:NEWSECURITYPRIMITIVEBASEDONHARDAIPROBLEMS
Mathematically,letSbetheset
ofpasswordguessesbeforeany
IRCshasalsobeenstudied.Asirrawasfoundtobesusceptibleto trial,bethepasswordtofind,
machinelearning attacks [24]. IRCs based on binary object Tdenote
classificationoridentificationofoneconcretetypeofobjectsare
likely insecure [25]. Multilabel classification problems are
consideredmuchharderthanbinaryclassificationproblems.
Captchacanbecircumventedthroughrelayattackswhereby
Captcha challenges are relayed to human solvers, whose
answersarefedbacktothetargetedapplication.
893
atrialwhereasTndenotethen
th trial, and p(T = ) be the
probability that is tested in
trial T . Let En be the set of
password guesses tested in
trialsupto(including)Tn.The
passwordguesstobetestedin
nthtrial Tn isfromset S\E n
1,i.e.,therelativecomplement
C.CaptchainAuthentication
ofEn1inS.IfS,thenwe
Itwasintroducedin[14]tousebothCaptchaandpassword
inauserauthenticationprotocol,whichwecallCaptchabased
Password Authentication (CbPA) protocol, to counter online
dictionaryattacks.TheCbPAprotocolin[14]requiressolving
aCaptchachallengeafterinputtingavalidpairofuserIDand
password unless a valid browser cookie is received. For an
invalidpairofuserIDandpassword,theuserhasacertain
probabilitytosolveaCaptchachallengebeforebeingdenied
access. An improved CbPAprotocol is proposed in [15] by
storingcookiesonlyonusertrustedmachinesandapplyinga
Captcha challenge only when the number of failed login
attemptsfortheaccounthasexceededathreshold.Itisfurther
improvedin[16]byapplyingasmallthresholdforfailedlogin
attempts from unknown machines but a large threshold for
failed attempts from known machines with a previous
successfulloginwithinagiventimeframe.
Captcha was also used with recognitionbased graphical
passwords to address spyware [40], [41], wherein a text
Captchaisdisplayedbeloweachimage;auserlocatesherown
passimagesfrom decoyimages,andentersthecharactersat
specificlocationsoftheCaptchabeloweachpassimageasher
passwordduringauthentication.Thesespecificlocationswere
selectedforeachpassimageduringpasswordcreationasapart
ofthepassword.
Intheaboveschemes,Captchaisanindependententity,used
togetherwithatextorgraphicalpassword.Onthecontrary,a
CaRP is both a Captcha and a graphical password scheme,
whichareintrinsicallycombinedintoasingleentity.
have
D.OtherRelatedWork
Captcha is used to protect sensitive user inputs on an
untrustedclient[35].Thisschemeprotectsthecommunication
channel between user and Web server from keyloggers and
spyware, while CaRP is a family of graphical password
schemes for user authentication. The paper [35] did not
introducethenotionofCaRPorexploreitsrichpropertiesand
thedesignspaceofavarietyofCaRPinstantiations.
61. CAPTCHAASGRAPHICALPASSWORDS
A.ANewWaytoThwartGuessingAttacks
Inaguessingattack,apasswordguesstestedinanunsuccessful
trial isdeterminedwrongandexcludedfromsubsequenttrials.
The number of undetermined password guesses decreases with
more trials,leadingtoabetterchance offindingthe password.
p(T=|T1, . . . ,Tn1)=p(T=
ecosystem
of
user
inanautomaticguessingattack.Eq.(3)meansthateachtrialis
authentication, we noticed
computationallyindependentofothertrials.Specifically,nomatter
that human users enter
how many trials executed previously, the chance of finding the
passwords
during
passwordinthecurrenttrialalwaysremainsthesame.Thatis,a
authentication, whereas the
passwordin S canbefoundonly probabilistically byautomatic
trial and error process in
guessing (including bruteforce) attacks, in contrast to existing
guessing attacks is executed
graphicalpasswordschemeswhereapasswordcanbefoundwithin
automatically. The capability
afixednumberoftrials.
894
IEEETRANSACTIONSONINFORMATIONFORENSICSANDSECURITY,VOL.9,NO.6,JUNE2014
IV.
RECOGNITION
BASEDCaRP
B.CaRP:AnOverview
InCaRP,anewimageisgeneratedforeveryloginattempt,
evenforthesameuser.CaRPusesanalphabetofvisualobjects
(e.g.,alphanumericalcharacters,similaranimals)togeneratea
CaRP image, which is also a Captcha challenge. A major
differencebetweenCaRPimagesandCaptchaimagesisthatall
the visual objects in the alphabet should appear in a CaRP
imagetoallowausertoinputanypasswordbutnotnecessarily
Fig.1.Flowchartof
inaCaptchaimage.ManyCaptchaschemescanbeconverted
basicCaRP
toCaRPschemes,asdescribedinthenextsubsection.
authentication.
CaRP schemes are clickedbased graphical passwords.
Accordingtothememorytasksinmemorizingandenteringa
password,CaRPschemescanbeclassifiedintotwocategories:
recognition and a new category, recognitionrecall, whichwiththeuserID.ASmapsthe
requires recognizing an image and using the recognized receivedcoordinatesontothe
objects as cues to enter a password. RecognitionrecallCaRP image, and recovers a
combines the tasks of both recognition and cuedrecall, and sequenceofvisualobjectIDs
retainsboththerecognitionbasedadvantageofbeingeasyfor or clickable points of visual
human memory and the cuedrecall advantage of a largeobjects, , that the user
passwordspace.ExemplaryCaRPschemesofeachtypewillbe clicked on the image. Then
AS retrieves salt s of the
presentedlater.
account, calculates the hash
valueof withthesalt,and
C.ConvertingCaptchatoCaRP
compares the result with the
Inprinciple,anyvisualCaptchaschemerelyingonrecogniz hash value stored for the
ingtwoormorepredefinedtypesofobjectscanbeconvertedto account. Authentication
aCaRP.AlltextCaptchaschemesandmostIRCsmeetthis succeedsonlyifthetwohash
requirement. Those IRCs that rely on recognizing a single valuesmatch.Thisprocessis
predefinedtypeofobjectscanalsobeconvertedtoCaRPsin called the basic CaRP
generalbyaddingmoretypesofobjects.Inpractice,conversion authentication and shown in
Fig.1.
of a specific Captcha scheme to a CaRP scheme typically
requiresacasebycasestudy,inordertoensurebothsecurity Advanced authentication
and usability.Wewill present inSectionsIVand Vseveral with CaRP, for example,
challengeresponse, will be
CaRPs built on top of text and imagerecognition Captcha
presentedinSectionVB.We
schemes.
assume in the following that
SomeIRCsrelyonidentifyingobjectswhosetypesarenot
CaRP is used with the basic
predefined.AtypicalexampleisCortcha[25]whichrelieson
CaRP authentication unless
contextbased object recognition wherein the object to be
explicitlystatedotherwise.
recognizedcanbeofanytype.TheseIRCscannotbeconverted
To recover a password
intoCaRPsinceasetofpredefinedobjecttypesisessentialfor
successfully, each user
constructingapassword.
clickedpointmustbelongtoa
single object or a clickable
D.UserAuthenticationWithCaRPSchemes
pointofanobject.Objectsin
Like other graphical passwords, we assume that CaRP a CaRP image may overlap
schemes are used with additional protection such as secureslightly with neighboring
channelsbetweenclientsandtheauthenticationserverthrough objectstoresistsegmentation.
TransportLayerSecurity(TLS).AtypicalwaytoapplyCaRP Usersshouldnotclickinside
schemesinuserauthenticationisasfollows.Theauthentica an overlapping region to
tionserverASstoresasaltsandahashvalueH(,s)foreach
userID,whereisthepasswordoftheaccountandnotstored. avoidambiguityinidentifying
A CaRP password is a sequence of visual object IDs ortheclickedobject.Thisisnot
clickablepoints of visual objects that the user selects. Upon ausabilityconcerninpractice
receivingaloginrequest,ASgeneratesaCaRPimage,recordssince overlapping areas
thelocationsoftheobjectsintheimage,andsendstheimageto generally take a tiny portion
theusertoclickherpassword.Thecoordinatesoftheclicked ofanobject.
pointsarerecordedandsenttoASalong
=AB#9CD87, which is
similartoatextpassword.A
ClickTextimageisgenerated
by the underlying Captcha
engineasifaCaptchaimage
weregeneratedexceptthatall
thealphabetcharactersshould
appear in the image. During
generation, each characters
locationistrackedtoproduce
ground truth for the location
of the character in the
generated image. The
authenticationserverrelieson
the ground truth to identify
the characters corresponding
to userclicked points. In
ClickText images, characters
canbearrangedrandomly
ZHUetal.:NEWSECURITYPRIMITIVEBASEDONHARDAIPROBLEMS
895
eachofthem.Fig.4showsa
ClickAnimal image with an
alphabetof10animals.Note
thatdifferentviewsappliedin
mapping 3D models to 2D
animals, together with
occlusionin
Fig.2.AClickTextimagewith33characters.
different
instantiationsofanimals.
C.AnimalGrid
Fig.3.CaptchaZoowithhorsescircledred.
Fig.4.AClickAnimalimage(left)and6 6grid(right)determinedbyred
turkeysboundingrectangle.
on2Dspace.ThisisdifferentfromtextCaptchachallengesin
whichcharactersaretypicallyorderedfromlefttorightinorder
foruserstotypethemsequentially.Fig.2showsaClickText
image with an alphabet of 33 characters. In entering a
password,theuserclicksonthisimagethecharactersinher
password,inthesameorder,forexampleA,B,#,9,
C,D,8,andthen7forpassword=AB#9CD87.
B.ClickAnimal
Captcha Zoo [32] is a Captcha scheme which uses 3D
modelsofhorseanddogtogenerate2Danimalswithdifferent
textures,colors,lightingsandposes,andarrangesthemona
clutteredbackground.Auserclicksallthehorsesinachallenge
imagetopassthetest.Fig.3showsasamplechallengewherein
allthehorsesarecircledred.
ClickAnimal is a recognitionbased CaRP scheme built on
topofCaptchaZoo[32],withanalphabetofsimilaranimals
such as dog, horse, pig, etc. Its password is a sequence of
animalnamessuchas = Turkey,Cat,Horse,Dog,.For
eachanimal,oneormore3Dmodelsarebuilt.TheCaptcha
generationprocessisappliedtogenerateClickAnimalimages:
3D models are used to generate 2D animals by applying
different views, textures, colors, lightning effects, and
optionally distortions. The resulting 2D animals are then
arrangedonaclutteredbackgroundsuchasgrassland.Some
animalsmaybeoccludedbyotheranimalsintheimage,but
theircorepartsarenotoccludedinorderforhumanstoidentify
whenthecorrectgridisused.
satisfiedwiththeaccuracyof
Toenterapassword,aClickAnimalimageisdisplayedfirst.After
ananimalisselected,animageofnngridappears,withthegrid
cellsizeequalingtheboundingrectangleoftheselectedanimal.
Eachgridcellislabeledtohelpusersidentify.Fig.4showsa66
gridwhentheredturkeyintheleftimageofFig.4wasselected.A
usercanselectzerotomultiplegridcellsmatchingherpassword.
Thereforeapasswordisasequenceofanimalsinterleavingwith
gridcells,e.g.,=Dog,Grid
the bounding rectangle. In
When a ClickAnimal image appears, the user clicks the most cases, the calculated
animal on the image that matches the first animal in her boundingrectangleisaccurate
password.Thecoordinatesoftheclickedpointarerecorded. enough without needing
The bounding rectangle of the clicked animal is then found manualcorrection.
interactivelyasfollows:aboundingrectangleiscalculatedand Once the bounding
displayed,e.g.,thewhiterectangleshowninFig.4.Theuser rectangle of the selected
checksthedisplayedrectangleandcorrectsinaccurateedgesby animalisidentified,animage
draggingifneeded.Thisprocessisrepeateduntiltheuseris of n n grid with the
896
IEEETRANSACTIONSONINFORMATIONFORENSICSANDSECURITY,VOL.9,NO.6,JUNE2014
cellsfollowingthefirstanimalsinherpassword,andthengets
backtotheClickAnimalimage.Fortheexamplepassword
givenpreviously,sheclicksapointinsidegridcell
finishedentering
herpassword.The
resultingsequence
ofcoordinatesof
userclickedpoints,
Fig.5.Someinvariant
e.g.,AP
points(redcrosses)of
A.
150,50,
GP
Usingthegroundtruth,theserverrecoversthefirstanimal
from thereceivedsequence,regeneratesthegridimagefrom
theanimalsboundingrectangle,andrecoverstheclickedgrid
cells.Thisprocessisrepeatedtorecoverthepasswordtheuser a different point from the
clicked. Its hash is then calculated and compared with the strokesegment,e.g.,apointat
onethirdlengthofthestroke
storedhash.
segment to an end. This
variation in selecting
V.RECOGNITIONRECALLCaRP
clickablepointsensuresthata
In recognitionrecall CaRP, a password is a sequence of clickable point is context
some invariant points of objects. An invariant point of andependent: a similarly
object (e.g. letter A) is a point that has a fixed relative structured point may or may
positionindifferentincarnations(e.g.,fonts)oftheobject,and not be a clickable point,
thuscanbeuniquelyidentifiedbyhumansnomatterhowthedepending on the character
object appearsinCaRPimages.Toenterapassword,auser that the point lies in.
mustidentifytheobjectsinaCaRPimage,andthenusethe Character recognition is
identifiedobjectsascuestolocateandclicktheinvariantpoints requiredinlocatingclickable
matchingherpassword.EachpasswordpointhasatolerancepointsonaTextPointsimage
rangethataclickwithinthetolerancerangeisacceptableasthe although the clickable points
passwordpoint.Mostpeoplehaveaclickvariationof3pixels areknownforeachcharacter.
orless[18].TextPoint,arecognitionrecallCaRPschemewith Thisisataskbeyondabots
an alphabet of characters, is presented next, followed by a capability.
variationforchallengeresponseauthentication.
A password is a sequence
of clickable points. A
character can typically
A.TextPoints
Characters contain invariant points. Fig. 5 shows some contribute multiple clickable
invariant points of letter A, which offers a strong cue to points. Therefore TextPoints
memorizeandlocateitsinvariantpoints.Apointissaidtobe has a much larger password
spacethanClickText.
an internal point of an object if its distance to the closest
Generation.
boundaryoftheobjectexceedsathreshold.Asetofinternal Image
invariant points of characters is selected to form a set of TextPoints images look
clickablepoints forTextPoints.Theinternalityensuresthataidenticalto ClickTextimages
clickablepointisunlikelyoccludedbyaneighboringcharacter andaregeneratedinthesame
and that its tolerance region unlikely overlaps with any wayexceptthatthelocations
toleranceregionofaneighboringcharactersclickablepoints ofalltheclickablepointsare
ontheimagegeneratedbytheunderlyingCaptchaengine.In checkedtoensurethatnoneof
determiningclickablepoints,thedistancebetweenanypairof them is occluded or its
clickablepointsinacharactermustexceedathresholdsothat tolerance region overlaps
theyareperceptuallydistinguishableandtheirtoleranceregions anotherclickablepoints.We
donotoverlaponCaRPimages.Inaddition,variationshouldsimply generate another
alsobetakenintoconsideration.Forexample,ifthecenterofa image if the check fails. As
strokesegmentinonecharacterisselected,weshouldavoid suchfailuresoccurrarelydue
selecting the center of a similar stroke segment in another to the fact that clickable
pointsare all internal points,
character.Instead,weshouldselect
the restriction due to the
checkhasanegligibleimpact
on the security of generated
images.
Authentication.
When
It is worth comparing
potential password points
between TextPoints and
traditional
clickbased
graphical passwords such as
PassPoints[5].InPassPoints,
salient points should be
avoidedsincetheyarereadily
picked up by adversaries to
mount dictionaryattacks,but
avoidingsalientpointswould
increase the burden to
remember a password. This
conflict does not exist in
TextPoints. Clickable points
in TextPoints are salient
pointsoftheircharactersand
thus help remember a
password, but cannot be
exploited by bots since they
are both dynamic (as
compared to static points in
traditionalgraphicalpassword
schemes)andcontextual:
Dynamic: locations
of clickable points and
their contexts (i.e.,
characters) vary from
one image to another.
The clickable points in
one image are
computationally inde
pendent of the clickable
pointsinanotherimage,
aswewillseeinSection
VIB.
2 Contextual:
Whether a similarly
structured point is a
clickablepointornotdependsonitscontext.Itisonlyif
withintherightcontext,i.e.,attherightlocationofaright
character.
ZHUetal.:NEWSECURITYPRIMITIVEBASEDONHARDAIPROBLEMS
897
server
generates
from
the
stored
B.TextPoints4CR
passwordoftheaccount.This
FortheCaRPschemespresenteduptonow,thecoordinatesof
sequence is used as if the
userclicked points are sent directly to the authentication server
sharedsecretbetweenthetwo
during authentication. For more complex protocols, say a
parties in a challenge
challengeresponse authentication protocol, a response is sentto
response authentication
theauthenticationserverinstead.TextPointscanbemodifiedtofit protocol.
challengeresponseauthentication.Thisvariationiscalled
Unlike other CaRP
TextPointsforChallengeResponseorTextPoints4CR.
schemes presented in this
UnlikeTextPointswhereintheauthenticationserverstoresapaper,
TextPoints4CR
saltandapasswordhashvalueforeachaccount,theserverin requires the authentication
TextPoints4CRstoresthepasswordforeachaccount.Another server to store passwords
difference is that each character appears only once in a instead of their hash values.
TextPoints4CR image but may appear multiple times in a Stored passwords must be
TextPoints image. This is because both server and client in protectedfrominsiderattacks;
TextPoints4CR should generate the same sequence offor example, they are
discretizedgridcellsindependently.Thatrequiresauniquewayencrypted with a master key
togeneratethesequencefromthesharedsecret,i.e.,password. that only the authentication
Repeatedcharacterswouldleadtoseveralpossiblesequences serverknows.Apasswordis
forthesamepassword.Thisuniquesequenceisusedasifthe decrypted only when its
shared secret in a conventional challengeresponseassociatedaccountattemptsto
authenticationprotocol.
login.
InTextPoints4CR,animageispartitionedintoafixedgrid
withthediscretizationgridcellofsizealongbothdirections.
The minimal distance between any pair of clickable points
VI.
shouldbelargerthan byamarginexceedingathresholdto
SECURITY
preventtwoclickablepointsfromfallingintoasinglegridcell
inanimage.Supposethataguaranteedtoleranceofclickerrors
ANALYSIS
alongbothxaxisandyaxisis,werequirethat4.
ImageGeneration.TogenerateaTextPoints4CRimage,theA.SecurityofUnderlying
sameproceduretogenerateaTextPointsimageisapplied.ThenCaptcha
the following procedure is applied to make every clickable Computational
pointatleastdistancefromtheedgesofthegridcellitliesin. intractability in recognizing
All the clickable points, denoted as set , are located on theobjects in CaRP images is
image.Foreverypointin ,wecalculateitsdistancealongxfundamental to CaRP.
axisoryaxistothecenterofthegridcellitliesin.Apointis ExistinganalysesonCaptcha
saidtobeaninternalpointifthedistanceislessthan0.5securityweremostlycaseby
along both directions; otherwise a boundary point. For eachcase or used an approximate
boundarypointin,anearbyinternalpointinthesamegridcellprocess.Notheoreticsecurity
isselected.Theselectedpointiscalleda targetpoint ofthemodel has been established
boundarypoint.Afterprocessingallthepointsin,weobtainayet. Object segmentation is
as
a
newset comprisinginternal points;theseareeitherinternal considered
computationallyexpensive,
clickablepointsortargetpointsofboundaryclickablepoints.
Mesh warping [36], widely used in generating text Captcha combinatoriallyhard problem
challenges,isthenusedtowarptheimagesothat mapsto .[30], which modern text
Theresult isaTextPoint4CR imagewhereineveryclickable Captcha schemes rely on.
According to [30], the com
point would tolerate at least of click errors. Selection of
plexity of object
targetpointsshouldtrytoreduce warpingdistortioncausedby
segmentation,
C, is
mappingto.
exponentially dependent of
Authentication. In entering a password, a userclicked point is
the number M of objects
replacedbythegridcellitliesin.Ifclickerrorsarewithin,
containedinachallenge,and
polynomially dependent of
alphabet: C = P( N),
where > 1isaparameter,
and P() is a polynomial
function.ACaptchachallenge
typically contains 6 to 10
characters, whereas a CaRP
imagetypicallycontains
30 or more characters. The
complexitytobreak aClick
30
Text image is about P(
10
20
N)/( P( N)) = times
the
complexitytobreakaCaptcha
challenge generated by its
underlying Captcha scheme.
Therefore ClickText is much
harder to break than its
underlying Captcha scheme.
Furthermore, characters in a
CaRP scheme are arranged
twodimensionally, further
increasing segmentation
difficulty due to one more
dimension to segment. As a
result, we can reduce
distortions in ClickText
imagesforimprovedusability
yetmaintainthesamesecurity
level as the underlying text
Captcha. ClickAnimal relies
on both object segmentation
and
multiplelabel
classification. Its security
remainsanopenquestion.
Asaframeworkofgraphical
passwords,CaRPdoesnotrely
on any specific Captcha
scheme.IfoneCaptchascheme
gets broken, a new and more
robust Captcha scheme may
appearandbeusedtoconstruct
a new CaRP scheme. In the
remainingsecurityanalysis,we
assumethatitisintractablefor
computers to recognize any
objectsinanychallengeimage
generated by the underlying
Captcha of CaRP. More
accurately, the Captcha is
assumed to be chosenpixel
attack (CPA)secure defined
withthefollowingexperiment:
anadversaryAfirstlearnsfrom
an arbitrary number of
challengeimagesbyqueryinga
groundtruth oracle O as
follows: A selects an arbitrary
numberofinternalobjectpointsandsendsto O,whichrespondschallengeimageandselectsan
with the object that each point lies in. Then A receives a newinternalobjectpointtoqueryO
again.
898
IEEETRANSACTIONSONINFORMATIONFORENSICSANDSECURITY,VOL.9,NO.6,JUNE2014
C.HumanGuessingAttacks
Inhumanguessingattacks,
ThistimeOchoosesarandombitb {0,1}todeterminewhathumans
are used to enter
toreturn:Itreturnsthetrueobjectif b = 1;otherwiseafalsepasswords in the trial and
error
process.
Humans are
objectselectedwithacertainstrategy.Aisaskedtodetermine
much slower than computers
whetherthereturnedobjectisthetrueobjectthattheinternal inmountingguessingattacks.
objectpointliesinornot.ACaptchaschemeissaidtobeCPA For 8character passwords,
secure if A cannot succeedwithaprobabilitynonnegligibly thetheoreticalpasswordspace
8
40
is 33 2 for ClickText
higherthan,theprobabilityofarandomguess.
with an alphabet of 33
8
26
characters, 10 2 for
ClickAnimalwithanalphabet
7
of10animals,and1046
B.AutomaticOnlineGuessingAttacks
42
2 for AnimalGrid with the
In automatic online guessing attacks, the trial and error settingasClickAnimalplus6
6grids.Ifweassumethat
processisexecutedautomaticallywhereasdictionariescanbe
1000peopleareemployedto
constructed manually. If we ignore negligible probabilities, work8hoursperdaywithout
anystopinahumanguessing
CaRPwithunderlyingCPAsecureCaptchahasthefollowing attack, and that each person
takes30secondstofinishone
properties:
trial. It would take them on
8
1. Internal objectpoints on one CaRP image are average0.533 30/(3600
1000
365)
2. Eq.(3)holds,i.e.,trialsinguessingattacksaremutually 6219 years to break an
AnimalGrid
password.
independent.
Human guessing attacks on
Thefirstpropertycanbeprovedbycontradiction.Assume TextPoints require a much
thatthepropertydoesnothold,i.e.,thereexistsaninternal longer time than those on
objectpointononeimageAthatisnonnegligiblydependentClickText since TextPoints
a much larger password
ofaninternalobjectpointonanotherimageB.Anadversaryhas
can exploit thisdependency to launch the followingchosenspace.
pixelattack.Inthelearningphase,imageAisusedtolearnthe Just like any password
objectthatcontainspoint .Inthe testingphase,point onscheme, a longitudinal
image B is used to query the oracle. Since point is non
negligiblydependentofpoint ,thisCPAexperimentwouldevaluation is needed to
result in a success probability nonnegligibly higher than a establish the effective
randomguess,whichcontradictstheCPAsecureassumption.
password space for each
Weconcludethatthefirstpropertyholds.
Thesecondpropertyisaconsequenceofthefirstproperty CaRP instantiation. This
since userclicked internal objectpoints in one trial are requires a separate study
computationallyindependent of userclicked internal objectsimilartowhatBonneau[42]
pointsinanothertrialduetothefirstproperty.Wehaveignored didfortextpasswords.
backgroundandboundaryobjectpointssinceclickinganyof A recent study on text
themwouldleadtoauthenticationfailure.
passwords[42] indicatesthat
Eq.(3)indicatesthatautomaticonlineguessingattackscan users tend to choose
find a password only probabilistically no matter how many passwords of 68 characters
trialsareexecuted.Evenifthepasswordguesstobetestedina and have a strong dislike of
trial is the actual password, the trial has a slim chance to using nonalphanumeric
succeedsinceamachinecannot recognizetheobjectsinthe characters, and that an
CaRPimagetoinputthepasswordcorrectly.Thisisagreat acceptable benchmark of
contrast to automatic online guessing attacks on existingeffective password space is
graphical passwords which are deterministic, i.e., that each the expected number of
trial in a guessing attack can always determine if the tested optimal guesses per account
password guess is the actual password or not, and all the needed to break 50% of
passwordguessescanbedeterminedbyalimitednumberofaccounts,whichisequivalent
trials.Particularly,bruteforceattacksordictionaryattackswith to21.6bitsforYahoo!users.
thetargetedpasswordinthedictionarywouldalwayssucceed If we assume that ClickText
inattackingexistinggraphicalpasswords.
hasroughlythesameeffective
password space as text
passwords, it requires on
average1000peopletowork
1.65 days or one person to
work 4.54 years to find a
ClickTextpassword.
D.RelayAttacks
Relay attacks may be
executed in several ways.
Captcha challenges can be
relayed to a highvolume
Websitehackedorcontrolled
byadversariestohavehuman
surferssolvethechallengesin
order to continue surfing the
Website, or relayed to
sweatshopswherehumansare
hired to solve Captcha
challenges for small
payments.IsCaRPvulnerable
torelayattacks?Wemakethe
same assumption as Van
Oorschot and Stubblebine
[15] in discussing CbPA
protocolsrobustnesstorelay
attacks: a person will not
deliberately participate in
relay attacks unless paid for
thetask.Thetasktoperform
andtheimageusedinCaRP
areverydifferent from those
used to solve a Captcha
challenge. This noticeable
differencemakesithardfora
persontomistakenlyhelptest
a password guess by
attemptingtosolveaCaptcha
challenge.Thereforeitwould
be unlikely to get a large
numberofunwittingpeopleto
mount human guessing
attacksonCaRP.Inaddition,
human input obtained by
performingaCaptchataskon
a CaRP image is useless for
testingapasswordguess.
If sweatshops are hired to
mounthumanguessingattack,
we can make a rough
estimation of the cost. We
assumethat the cost toclick
one password on a CaRP
imageisthesameassolvinga
Captchachallenge.Usingthe
lowestretailprice,$1,
ZHUetal.:NEWSECURITYPRIMITIVEBASEDONHARDAIPROBLEMS
VII.EMPIRICALEVALUATIONS
A.Implementations
ClickText and AnimalGrid were implemented using
ASP.NET. ClickText was implemented by calling a config
899
randomlyrotatedfrom30 to
ResearchAsia.Noneofthem
had studied security or was
involved in any security
usability study before. They
were involved in this work
solely as participants in our
usability study. All
participants were trained to
get familiar with each
authentication scheme and
their experimental tasks
before our data collection.
Duringtheexperiment,oneof
the authors got each
participant when it was time
fortheparticipanttotake
900
IEEETRANSACTIONSONINFORMATIONFORENSICSANDSECURITY,VOL.9,NO.6,JUNE2014
senttotheusertosolve.Ifthe
participant failed with the
atest,whichensuresthatwecouldcollecttherequireddata challenge, another challenge
fromeveryparticipant.
wasgeneratedandused.This
Eachschemewastestedinthefollowingsetting:apartic
ipant used a web browser to interact with an authentication
server,creatingpasswordsorloggingintotheserver.Oncea
participant submitted his/her credentials to the server, the
browserwouldshowtheloginresult.
Theschemeswereclassifiedintotwocategoriesaccordingto
theirtypesofpasswords:AnimalGridandPassPointsinthefirst
category,andtheremainingschemesinthesecondcategory.A
passwordfortheschemesinthesecondcategorywasastringof
characters.
Eachparticipantwasaskedtocreateanewpassword never
usedpreviouslyforeachscheme,4intotal,andauserIDforall
theschemes.Eachcreatedpasswordconsistedof8characters
orclickpoints.Wealsomadeitexplicitthatparticipantswere
notallowedtowritedowntheirpasswords.
Each password must meet the following minimum com
plexity requirements. A password must contain at least one
letter,onedigit,andonenonalphanumericalcharacterforboth
Text and ClickText, and at least three different animals for
AnimalGrid.NorepeatingpatternssuchasA#A#orDog,
Dog, were allowed. For PassPoints, clickpoints in a
password must be distinct (i.e., no clickpoint was inside
another clickpoints tolerance range). Each password was
verifiedimmediatelyaftercreation.
The study was partitioned into two stages. Two schemes
weretestedineachstage.Inthefirststage,twoschemes,one
fromeachcategory,wererandomlyselectedforaparticipantto
test.Oneschemehadastringoftextcharactersasapassword
whiletheotherhadastringofanimalsandgridcellsorclick
pointsasapassword.
Duringthestudy,eachparticipantwasaskedtologinwith
thefollowingintervalsbetweentwoconsecutivelogintests:one
houraftercreation,oneday,oneweek,andthreeweeks.Ineach
test,aparticipantwasallowedthreetriestologin.Ifhe/she
failed three attempts, his/her password was considered
forgotten, and no more test would be conducted with the
participantforthatspecificscheme.
Inthesecondstage,theremainingtwoschemesweretested
inthesamewayasabove.
Intheend,eachparticipantwasrequiredtofillaquestion
nairetocompareClickText andAnimalGridwithPassPoints
andText,andtocompareClickTextwithP+C,intermsofease
of use as a password system, taking both memorizing and
enteringapasswordintoconsideration.
Aparticipantslogintimeineachtrialwasrecordedbythe
server.Wedefinethelogintimeasthedurationfromthetime
whentheserverreceivedaloginrequesttothetimewhenthe
servergaveitsresponsetotheloginrequest,whichincludesthe
timetoenteruserIDandpassword,togenerateaCaRPimage,
and to communicate between the server and a participants
browser.
For Text and P + C, a participant was asked to enter a
password. If successful, the server recorded the time as the
logintimeforText,andthengeneratedaCaptchachallengeand
processwasrepeateduntilthe
server received a correct
answer to a challenge. Then
theserverrecordedthetimeas
the login time for P + C,
which included the time that
theparticipantfailedtosolve
achallenge.
2)ExperimentalResults
Usability. Among all the
recorded login attempts,
24.4% failed. Tests after a
largerintervaltendedtohave
more failed attempts. Some
participants contributed
significantly more failed
attempts than others. At the
end of tests, 40 (100%)
participantsrememberedtheir
PassPoints passwords, 39
(97.5%) remembered their
passwords of both ClickText
and AnimalGrid, and 34
(85%)rememberedtheirText
passwords. One participant
forgot the AnimalGrid
passwordattheonehourtest,
and another one forgot the
ClickText password at the
oneweektest.ForText,two
participants forgot their
passwords at the oneweek
test, and four forgot at the
threeweek test. PassPoints
scored the best in
memorability whereas Text
scoredtheworst.Thismaybe
partially due to the fact that
hotspots were allowed for
PassPoints passwords, and
that Text passwords had a
much larger alphabet than
both ClickText and
AnimalGrid.
Table I shows the login
time averaged over the 40
participants successful login
attempts and the sample
standarddeviationaswell as
the maximum and minimum
logintimesforeachscheme.
ClickText,AnimalGridandP
+Chadsimilaraveragelogin
timewhereasPassPointshada
little shorter average login
time.Texthadamuchshorter
average login time than the
other schemes. Each scheme had a large sample standard ease of use as a password as compared to Text.
deviation relative to the average login time, indicating large system. We assign a value ClickText has a mean of
variationsoflogintimeforeachscheme,whichisconfirmedby ranging from 1 to 5 to each 3.875 and a median of 4 as
thegreatdifferencebetweentheminimumandmaximumlogin category, indicating the comparedtoP+C.
timesineachcolumnshowninTableI.Thisismainlycaused spectrum from much more
Security. We also analyzed
by large individual differences. We did not detect obvious difficult to much easier. the security of the passwords
patternsindicatingthatatestwithalongerintervalhadalarger ClickTexthasameanvalueof we collected for Text and
logintimethanatestwithashorterinterval.Wedidnoticethat 3.2andamedianvalueof3as ClickText, with a popular
some participants had a much larger login time when the comparedtoPassPoints,anda passwordcracking tool, John
precedingtrialfailed,butmanyotherparticipantsdidntfollow meanof2.85andamedianof the Ripper version 1.7.9 [43].
thisobservation.
2 as compared to Text. Given our sample size of 40
Thepasswordsinourtestswereusedmuchlessfrequently AnimalGrid has a mean of users, the distribution of
thantypicalusageofapasswordinpracticesincewewouldlike3.325 and a median of 4 as passwords will not be as
to test password memorability for each scheme. We expectcomparedtoPassPoints,anda completeasalargerstudywith
improvedresultswhenapasswordisusedmorefrequently.
meanof3.5andamedianof4 significantlymoreusers,
TableIIshowsthecomparisonresultsofdifferentschemefor
ZHUetal.:NEWSECURITYPRIMITIVEBASEDONHARDAIPROBLEMS
to8characters,andthattherecommendedwordlistall.lst
from[44]wasusedinthewordlistmode.Whenoperating
TABLEI
inbothsinglecrackandwordlistmodes,JohntheRipper
LOGINTIMEFORDIFFERENTSCHEMES:AVERAGE(T),SAMPLE
didntfindanypasswordforeitherTextorClickText.When
STANDARDDEVIATION(),MAX.ANDMIN.
running in the incremental mode for 24 hours on a HP
Compaq Elite 8100 PC with Intel Core i7870 CPU, 8GB
RAMand64bitWindows7OS,JohntheRipperfoundtwo
of 40 (i.e., 5.0%) passwords for Text but didnt find any
passwordforClickText.Thesmalldifferenceintheresultsof
the incremental mode is probably because the unusual
alphabetsetinClickTextincreasedauserschancetochoose
morerandompasswordsinordertomeetthesamepassword
complexityrequirementappliedtobothTextandClickText.A
separatelongitudinalstudyisneededtofullyunderstandthe
distribution and security of ClickText passwords that users
TABLEII
wouldselect.
COMPARINGDIFFERENTSCHEMESFOREASEOFUSE
Weconcludefromthecrackingresultsthatthepasswords
the participants selected for Text and ClickText were
reasonablystrong,whichmatchesourexpectationofthe
butsuchananalysiscanprovideatleastanindicationoftheir
security.
JohntheRipperhasthreeoperationmodes:singlecrack,
wordlist, and incremental. In the single crack mode,
loginnamesandotheraccountinformationaswellasalarge
setofmanglingrulesareusedtogeneratepasswordguesses.
Inthewordlistmode,alistofwordsandwordmangling
rules are used to generate password guesses. In the
incremental mode, a brute force attack is applied, with
guesses being tested at the descending order of their
likelihoodtobeapassword.
Inourstudy,thedefaultparametersandsettingswereused
forJohntheRipperexceptthatlengthofapasswordwasset
901
C.ComputationLoadonServer
passwordcomplexityrequirement described intheprevious
subsection.
3)Discussions
Wiedenbecket al.[5]studiedmemorabilityoftextpass
wordsandPassPointswith20participantsforeachscheme:
their recall rate after one week was 65% and 70%,
respectively.Ourmemorabilityresultsarehigherthantheirs
forbothtextandPassPointspasswords.
Thesamplesizesinboth[5]andourstudiesweretoosmall
toexplainconclusivelythedifferenceintheresults.However,
thisdifferencecouldprobablybeexplainedbythedifference
of the subjects in both studies. First, although randomly
chosen,ourparticipantswerefromthepoolofinternsworking
atMicrosoftResearchAsia,whowereselectedtypicallyfrom
leading universities. Second, our participants were used to
strongtextpasswordsastheirMicrosoftaccountswerestrictly
enforced with strong password policies (e.g. each account
must use a complex password, and a password has to be
changed regularly, with the new password having to be
significantlydifferentfrompreviouslyusedones).Third,our
participantsweremuchyounger,withanaverageageof23.4
yearsascomparedtotheaverageof32.9yearsinWiedenbeck
etal.sexperiment.
However,wedonotthinkthissamplebiasintroducedan
undueimpactonthemaingoal ofourexperiment,namely,
comparingtheperformanceofCaRPwithotherauthentication
schemes.Nonetheless,userstudieswithadiversesamplepool
areneededforCaRP,whichareourfuturework.
Comparedwithmanygraphicalpasswordschemes,gener
ationofCaRPimagesisanextraloadontheserverside.We
testedourimplementationsofClickTextandAnimalGridon
thesameHPCompaqElite8100PCweusedtorunJohnthe
Ripper,asdescribedinSectionVIIB.Forimagesof400x400
pixels, the average speed was 10.68 images per second in
generating a ClickText image with 33 characters and 0.86
images/singeneratinganAnimalGridimagewith10to12
animals. Our implementations were singlethreaded without
codeoptimization,anddidnottakeanyadvantageofmulti
core capability of the test machine. Much faster image
generation should be viable by exploiting multicore
architectureoftodaysserversandbyoptimizingthecode.
VIII.BALANCEOFSECURITYANDUSABILITY
Some configurations of CaRP offer acceptable usability
acrosscommondevicetypes,e.g.ourusabilitystudiesused
400400images,whichfitdisplaysofsmartphones,iPads,
andPCs.While
CaRPmaytakeasimilartimeto enter
a passwordas
othergraphicalpasswordschemes,it takes
a longertime to
enterapasswordthanwidelyused text
passwords.WediscusstwoapproachesforbalancingCaRPs
securityandusability.
A.AlphabetSize
Increasingalphabetsizeproducesalargerpasswordspace,
andthusismoresecure,butalsoleadstomorecomplexCaRP
902
IEEETRANSACTIONSONINFORMATIONFORENSICSANDSECURITY,VOL.9,NO.6,JUNE2014
images.WhenthecomplexityofCaRPimagesgetsbeyonda
certainpoint,humansmayneedasignificantamountoftimeto
recognize the characters in a CaRP image and may get
frustrated.TheoptimalalphabetsizeforaCaRPschemesuch
asClickTextremainsanopenquestion.
Itispossibletouseafixedsubsetofthealphabettogenerate
CaRPimagesforauseriftheserverreceivesheruserIDbefore
sendinganimage.Inthiscase,theauthenticationserverallows
ausertocreateherpasswordfromthefullalphabet.Oncethe
password is created, the server finds a suitable subset of a
reasonablesize,whichcontainsallthesymbolsinthepassword.
Theserverstoresthesubsetoritsindexfortheaccount,and
retrievesitlaterwhentheaccountattemptstologintogenerate
aCaRPimage.Thisschemeissuitablewhenthealphabetmust
be large while some people would log in on smallscreen
devicesforwhichanimageusingthefullalphabetwouldbetoo
complextoquicklyidentifytheobjectsintheimage.
B.AdvancedMechanisms
TheCbPAprotocolsdescribedinSectionIICrequireauser
tosolveaCaptchachallengeinadditiontoinputtingapassword
undercertainconditions.Forexample,theschemedescribedin
[16] applies a Captcha challenge when the number of failed
loginattemptshasreachedathresholdforanaccount.Asmall
threshold is applied for failed login attempts from unknown
machinesbut alargethresholdisappliedforfailedattempts
from known machines on which a successful login occurred
withinagiventimeframe.Thistechniquecanbeintegratedinto
CaRPtoenhanceusability:
attack
computationally independent
ofeachother.Apasswordof
CaRP can be found only
probabilisticallybyautomatic
online guessing attacks
including bruteforce attacks,
a desired security property
thatothergraphicalpassword
schemes lack. Hotspots in
CaRP images can no longer
be exploited to mount
automatic online guessing
attacks, an inherent
vulnerability in many
graphical password systems.
CaRP forces adversaries to
resort to significantly less
efficient and much more
costly humanbased attacks.
In addition to offering
protection from online
guessingattacks,CaRPisalso
resistant to Captcha relay
attacks,and,ifcombinedwith
dualview technologies,
shouldersurfing attacks.
CaRP can also help reduce
spamemailssentfromaWeb
emailservice.
Ourusabilitystudyoftwo
CaRP schemes we have
implemented is encouraging.
For example, more
participants
considered
AnimalGrid and ClickText
easiertousethan PassPoints
and a combination of text
password and Captcha. Both
AnimalGrid and ClickText
hadbetterpasswordmemora
bility than the conventional
text passwords. On the other
hand, the usability of CaRP
can be further improved by
using images of different
levels of difficulty based on
the login history of the user
and the machine used to log
in. The optimal tradeoff
betweensecurityandusability
remainsanopenquestionfor
CaRP,andfurtherstudiesare
needed to refine CaRP for
actualdeployments.
drawngraphicalpasswords,ACMTrans.Inf.Syst.Security,vol.10,no.
4,pp.133,2008.
[7]K.Golofit,Clickpasswordsunderinvestigation,in Proc.ESORICS,
2007,pp.343358.
[8]A.E.Dirik,N.Memon,andJ.C.Birget,Modelinguserchoiceinthe
passpointsgraphicalpasswordscheme,inProc.Symp.UsablePrivacy
Security,2007,pp.2028.
[9]J.ThorpeandP.C.vanOorschot,Humanseededattacksandexploitinghot
spotsingraphicalpasswords,inProc.USENIXSecurity,2007,
42. 103118.
[10] P. C. van Oorschot, A. SalehiAbari, and J. Thorpe, Purely
automated attacks on passpointsstyle graphical passwords, IEEE
Trans.Inf.ForensicsSecurity,vol.5,no.3,pp.393405,Sep.2010.
[11]
P. C.vanOorschotandJ.Thorpe,Exploiting predictability in
clickbasedgraphicalpasswords,J.Comput.Security,vol.19,no.4,
Available:
[15]
[16]
[17]
[18]
[19]
Go:Aproposaltoimprovethe
usability of graphical
passwords, Int. J. Netw.
Security,vol.7,no.2,pp.273
292,2008.
[5]S.Wiedenbeck,J.Waters,J.C.
R.DhamijaandA.Perrig,DjVu:Auserstudyusingimages
forauthentication,inProc.9thUSENIXSecurity,2000,pp.14.
[22]
[23]
P.DunphyandJ.Yan,DobackgroundimagesimproveDrawa
Secretgraphicalpasswords,inProc.ACMCCS,2007,pp.112.
[24]
[25]
[26]
J.YanandA.S.ElAhmad,Alowcostattackonamicrosoft
CAPTCHA,inProc.ACMCCS,2008,pp.543554.
[27] G.MoriandJ.Malik,Recognizingobjectsinadversarialclutter,in
Proc.IEEEComput.SocietyConf.Comput.Vis.PatternRecognit.,Jun.
2003,pp.134141.
[29]
B.PinkasandT.Sander,Securingpasswordsagainstdictionary
attacks,inProc.ACMCCS,2002,pp.161170.
[21]
[13]
[14]
Jermyn, A. Mayer, F.
Monrose, M. Reiter, and A.
Rubin,Thedesignandanalysis
of graphical passwords, in
Proc. 8th USENIX Security
Symp.,1999,pp.115.
D.Davis,F.Monrose,andM.Reiter,Onuserchoiceingraphical
passwordschemes,inProc.USENIXSecurity,2004,pp.111.
[28]
[3]I.
[20]
42. 669702,2011.
[12] T. Wolverton. (2002, Mar. 26). Hackers Attack eBay Accounts
[Online].Available:http://www.zdnet.co.uk/news/networking/2002/03/
26/hackersattackebayaccounts2107350/
http://www.realuser.com/publis
hed/ScienceBehindPassfaces.pd
f
[30]
[31]
[32]
903
[33]
N.Joshi.(2009,Nov.29). KoobfaceWormAsksforCAPTCHA
[Online]. Available: http://blogs.mcafee.com/mcafeelabs/koobface
wormasksforCAPTCHA
[34]
[35]
M.Szydlowski,C.Kruegel,andE.Kirda,Secureinputforweb
applications,inProc.ACSAC,2007,pp.375384.
[36]
G.Wolberg,2passmeshwarping,in DigitalImageWarping.
Hoboken,NJ,USA:Wiley,1990.
[37]
[44]
morethan60journalandconferencepapers.Hehasalsoreceived38U.S.
patents.HisresearchinterestsincludeInternetsecurity,appliedcryptography,
datasecurityandprivacy,andmultimediaprocessing.
[38]
S.Kim,X.Cao,H.Zhang,andD.Tan,Enablingconcurrentdual
viewsoncommonLCDscreens,in Proc.ACMAnnu.Conf.Human
FactorsComput.Syst.,2012,pp.21752184.
[39]
[40]
H.Gao,X.Liu,S.Wang,andR.Dai,Anewgraphicalpassword
schemeagainstspywarebyusingCAPTCHA,inProc.Symp.Usable
PrivacySecurity,2009,pp.760767.
[41]
L.Wang,X.Chang,Z.Ren,H.Gao,X.Liu,andU.Aickelin,
AgainstspywareusingCAPTCHAingraphicalpasswordscheme,in
Proc.IEEEInt.Conf.Adv.Inf.Netw.Appl.,Jun.2010,pp.19.
[42]
J.Bonneau,Thescienceofguessing:Analyzingananonymized
corpusof70millionpasswords,inProc.IEEESymp.SecurityPrivacy,
Jun.2012,pp.2025.
[43]
GuanboBaoreceivedthePh.D.degreeincomputer
sciencefromtheInstituteofAutomation,Chinese
Academy of Sciences, in 2012, where he is an
Assistant Professor. His research interests include
highperformancerenderingandimageediting.
904
IEEETRANSACTIONSONINFORMATIONFORENSICSANDSECURITY,VOL.9,NO.6,JUNE2014
MaoweiYangwasborninChongqingin1986.HereceivedtheB.S.andM.S.degrees NingXureceivedthe
in computer science and technology from Sichuan University, China, in2009 and B.S.degreefromthe
2012,respectively.HejoinedTencent,Guangzhou,China,in2012,andiscurrently NanjingUniversityof
workingonmobileInternetapplications.
Science
and
Technology and the
M.S. degree from
Shanghai Jiao Tong
University, both in
automation, in 2005
and
2008,
respectively. He is a
Research Software
Development
Engineer with the
Innovation
Engineering Group,
Microsoft Research
Asia.Heiscurrently
working on image
processing and
computer vision
relatedprojects.