Existing graphical systems have clearly showed that image hotspots are more prone to be guessed, which leads to very less secure image or graphical passwords and thereby increase the security breach using dictionary attacks. The study determined if password choosing ability could be affected by making users to choose any random click-points but still managing the usability. The proposed system goal is to compel compliance by making the insecure task (i.e., choosing weak or poor strength passwords) more and more time-consuming and difficult. Thus, path of resistance for being secure became less. So using the predefined CCP as a base system, this system additionally introduced a persuasive feature to make the users to select more secure passwords, and to make it more difficult to select passwords which will avoid all five click points to be hotspots, especially when the person trying to login in created the password and the image was shaded for creating the viewport. The viewport, in actual, is placed randomly instead of particular sequence, so as to avoid the commonly used hotspots, as this kind of information can be widely utilized by the dictionary attackers which can also consequently create new hotspots.
Many security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm, but has been under-explored. In this , we present a new security primitive based on hard AI problems, namely, a novel family of graphicalpassword systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphicalpassword scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphicalpassword systems, such as PassPoints, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security.
CAPTCHA (Consummately Automated Public Turing tests to tell Computers and Humans Apart) is a program that engendersand grades tests that are human solvable, but current computer programs do not have the ability to solve them. The robustness of CAPTCHA is found in its vigor in resisting automatic adversarial attacks, and it has many applications for practical security, including free email accommodations, online polls, and search engine bots, obviating dictionary attacks, worms and spam. CaRP is an accumulation of both a CAPTCHA and a graphicalpassword scheme. CaRP overcome a number of security issues, such as relay attacks, online conjecturing attacks, and, if amalgamated with CAPTCHA and graphicalpassword, shoulder-surfing attacks. CaRP is click-predicated graphical passwords, where order of clicks on an image is utilized to get an incipient password. Unlike other click-predicated graphical passwords, images utilized in CaRP are acclimated to engender CAPTCHA challenges, and for every authenticate endeavor an incipient CaRP image is engendered whether the subsisting utilizer endeavors authenticating or an incipient utilizer. In this paper we conduct a comprehensive survey of subsisting CaRP techniques namely ClickText, ClickAnimal and AnimalGrid. We point out research direction in this area. We additionally endeavor to answer our CaRP as secured as graphical passwords and text predicated passwords. Survey will be subsidiary for information security researchers and practitioners whoare fascinated with finding an alternative to graphical authentication methods.
ABSTRACT: Currently Cyber security is an important issue to tackle. A wide security primitive depend on hard challenges that can be computationally solved only by mathematical algorithms operations. Differents user authentication methods are used for this purpose. There are many drawbacks in alphanumeric passwords that they can be guessed very easily or can be hacked. Currently researchers have proposed different graphical techniques such as CAPTCHA, PCCP, CaRP, PassMatrix, VRK, OTP & LTP etc. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphicalpassword systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a graphicalpassword and a Captcha scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. This section makes a deep survey over the many existing systems and thereby makes a comprehensive evaluation of the existing techniques making us ready to propose a new technique system which eliminate the drawbacks of the previous systems. The paper describes and studies different application oriented graphical systems proposed earlier and tries to find the loopholes to avoid the attacks.
ABSTRACT: Various security primitives uses hard mathematical problems. Use of hard AI problems for security is emerging and exciting new pattern, but has not yet been explored. In our project, we present a new security primitive based on hard AI problems, this system is named as Captcha as graphical passwords (CaRP). CaRP is Captcha as well as graphicalpassword scheme. CaRP symbolize a number of security problems together, such as online guessing attacks, relay attacks, and shoulder-surfing attacks. Generally, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set CaRP also offers well approach to address the well-known image hotspot problem in popular graphicalpassword systems, like PassPoints, that generally leads to choices of weak password.
The documentation of CaRP is very simple but universal.It is a click-based graphicalpassword, and a sequenceofclicks onan imageis used to derive a password.Captcha can communicate on multiple-object classiﬁcation that can be differentiated to a CaRP scheme. In this paper present CaRPs foundon both textCaptcha and image- acceptance Captcha. When we enteredto click the right character sequence on CaRP images, one of the test CaRP apassword is a sequence of characters like a text password.Anexciting new model using hardAI (Artiﬁcial Intelligence) problems for security .An advantage in that they are resistant to recap attacks. Different applications on CaRP are:
login attempt. The notion of CaRP is simple but generic. CaRP can have multiple instantiations. In theory, any Captcha scheme relying on multiple object classification can be converted to a CaRP scheme. We present exemplary CaRPs built on both textCaptcha and image- recognition Captcha. One of them is a text CaRP wherein a password is a sequence of characters like a textpassword, but entered by clicking the right character sequence on CaRP images. CaRP offers protection against online dictionary attacks on passwords, which have been for long time a major security threat for various online services. This threat is widespread and considered as a top cyber security risk. Defense against online dictionary attacks is a more subtle problem than it might appear. CaRP also offers protection against relay attacks, an increas-ing threat to bypass Captchas protection, wherein Captcha challenges are relayed to humans to solve. Koobface was a relay attack to bypass Facebook’s Captcha in creating new accounts. CaRP is robust to shoulder- surfing attacks if combined with dual-view technologies.
ABSTRACT: A lot of security primitives are based on hard mathematical problems. Using hard AI problems for security is evolving as an exciting new paradigm, but has been under-explored. Anew security primitive based on hard AI problems, is a new family of graphicalpassword system based on Captcha technology, which is Captcha as graphical passwords (CaRP). CaRP is togetherly a Captcha and a graphicalpassword system. CaRP addresses a number of security problems altogether, such as online guessing attacks, dependent (relay) attacks and if it is combined with dual-view technologies, also shoulder-surfing attacks. A CaRP password is found only probabilistically by automatic online guessing attacks even though the password is in the search set. CaRP also gives an innovative approach to address the distinguished image hotspot problem in popular graphicalpassword systems, like PassPoints, which often leads to weak password choices. CaRP is not a solution, but it offers practical security and usability and appears well to fit with some practical applications for refining online security.
Textual password is the most common technique used for authentication. The weaknesses of this technique likely produce eves dropping, social engineering, dictionary attack and shouldersurfing are well-known. Unpredicted and long passwords can make the system protected. On the other hand the main problem is the trouble of memorizing those passwords. Studies have uncovered that users have a tendency to choice small and stress-free password to recall. Fatefully, these passwords can be easily predicted or broken. Other techniques uses are graphical passwords and biometrics. On the other hand these methods have their particular drawback. In Biometrics password techniques such as facial recognition, finger prints etc. have been offered but not yet generally adopted. The main disadvantage of this method is that such systems can be valuable and slow. There are numerous graphicalpassword methods that are planned in the past years. On the other hand most methods are suffered from shouldersurfing attack which is becoming relatively a large problem. There are some graphical passwords patterns that are resistant to shoulder- surfing but they have their particular weaknesses like usability problems or takes large time for login or it has tolerance levels The shouldersurfing attack in an attack that can be performed by the adversary to obtain the user’s password by watching over the user’s shoulder as he enters his password. From the time many graphicalpassword methods with different degrees of resistance to shouldersurfing has estimated, e.g.,    , and each has its pros and cons. As expected password schemes are vulnerable to shouldersurfing, Sobrado and Birget  proposed three shouldersurfingresistantgraphicalpassword methods. Maximum users are usingtext-based passwords than graphical passwords, Zhao et al.  proposed S3APS text-basedshouldersurfingresistantgraphicalpassword methods. In S3PAS, the user has to combine his textual password on the login screen to catch the session password but the login procedure of Zhao et al.’s methods is hard and boring. And then, a number of text-basedshouldersurfingresistantgraphicalpassword methods have been proposed, such as . Undesirably, none of present textual basedshouldersurfingresistantgraphicalpassword schemes is both protected and effectual adequate. In this paper, we will suggest a better text-basedshouldersurfingresistantgraphicalpassword structure by with colors and session. The process of the proposed methods is simple and easy to study for users aware with word-based passwords. The user can easily and efficiently to login the system without using any physical keyboard.
There are lot of research on passwordbased on authentication has been done in the literature. Among all of these proposed schemes, from this paper focuses mainly on the graphical-based authentication systems along with a virtual keyboard shuffling. It defines that the keys will be hidden and shuffled after we pressed a password key by using fisher Yates shuffling algorithm. To avoid the shouldersurfing and key logger attack, we introduced the above concepts. We need to choose image. After the image is accepted to split into 7*11 matrixes, we need to specify the cell to set as password. After the cell is selected as password, login indicator will be generated based on cell which is selected. At initial stage we need to create with a username. To avoid key loggers attack while we typing username and other authentication based, keys are shuffled by using above mentioned algorithm.
At present predictable secret word patterns are subjected to eves dropping, dictionary attacks and shouldersurfing, numerous shouldersurfing unchanged graphicalpassword patterns proposed. At the same time, the utmost public techniques used for authentication are textual passwords. A number of graphicalpassword schemes that are planned in past years. A most of user’s used word-based passwords than pure graphical passwords, so we have proposed word- basedgraphicalpassword schemes. Undesirably, none of existing schemes are create hybrid digital graphicalpassword scheme. In this paper, we propose an improved mainly textual-based, numerical basedshouldersurfingresistant and other attacks like social engineering resistant, eves dropping and dictionary attacks resistantgraphicalpassword by using colors. In the predictable scheme, the operator can robustly, simply and efficiently login system and observe the security, usability and resistance to various attack of the designed system.
The PassMatrix prototype is built with Android SDK 2.2.3 since it was the mainstream version of the distribution in 2012. After connecting to the Internet, users can Sign-Up an account, log in a few times in practice mode, and then log in for the experiment with a client’s device in the client side of our prototype, we used XML to build the user interface and used JAVA and Android API to implement functions, including username checking, pass-images listing, image is in grid, pass-squares selection, login indicator delivery, and the horizontal and vertical bars circulation. In the server side of our implementation, we used JAVA web server and MySQL to store and fetch registered accounts to/from the database to handle the password verification. Although in our proposed system we mentioned that users can import their own images, or display image which stored in local storage of sever side. Each image size is not greater than 20 Mb and is grid into 4x4 matrix format. Thus, users have 4x4 squares of pass-image. After a user selects any number of pass-square of image sequence, the password will be stored as a list of coordinates in a database table (i.e., the locations of those selected pass-squares in the 4x4 grid as show in fig.7.
ABSTRACT: Authentication based on passwords is used largely in applications for computer security and privacy. However, humanactions such a choosing wrong passwords and inputted passwords in an not secure way are regarded as” the weakest connection” in theauthentication chain. Rather than arbitrary alphanumeric character, users tend to select a password either short or his name related for easymemorization. With web site applications and mobile phone apps charging up, peoples can get access this typeof application anytime and anywhere with multiple devices. This evolution brings good convenience but also improves the probability of exposing passwords to shoulder surfingattacks. Attackers can observe directly or use external recording devices to collect users’ credentials. To come this problem, weproposed a novel authentication system Pass Matrix, based on graphical passwords to resist shouldersurfing attacks. Many authentications methods are presented, but users are familiar with textual password method. Textual password methods are vulnerable to shouldersurfing andkey loggers. To come this problem many other authentication system like token based authentication, biometric bases authentication systems, graphicalpassword methods have been proposed. In pair based system, the proposed of session password scheme uses Text and colors for generating session password. In the proposed scheme, theuser can easily and efficiently login system.
Abstract: In today's modern world, securing the organization’s data has become a major concern. To provide security, the most widely recognized authentication methods are credentials, OTP, LTP etc. These methods are more prone to Brute Force Attack, ShoulderSurfing Attack, and Dictionary Attack. ShoulderSurfing Attack (SSA) is a data theft approach used to obtain the personal identification numbers or passwords by looking over the user's shoulder or by external recording devices and video capturing devices. Since SSA occurs in a benevolent way, it goes unnoticed most of the times. It is one of the simple and easy methods for hackers to steal one's sensitive information. The hacker has to simply peek in while the user types in the password without any much effort involved. Therefore, this phenomenon is widely unknown to people all over the world. Textual passwords are a ubiquitous part of digital age. Web applications/mobile applications demand a strong password with at least one capital letter and a special letter. People tend to give easy passwords in order to remember them which can be easily shoulder surfed. To overcome this, graphicalpassword techniques are used to provide a more secure password. In the graphical authentication system, the users click on target images from a challenge set for authentication. Various graphical systems have been proposed over the years which are shown to be more secure when compared to other authentication systems. In this paper, a shouldersurfingresistantgraphical authentication system is implemented using honeypot concept.
considered, in applications for PC security and insurance. Regardless, human exercises, for instance, picking unpleasant passwords and contributing passwords in an unverifiable way are seen as "the weakest association" in the affirmation chain. Rather than self-self-assured alphanumeric strings, customers tend to pick passwords either short or noteworthy for straightforward recognition. With web applications and convenient applications loading up, people can get to these applications at whatever point and wherever with various devices. This advancement brings magnificent solace yet also grows the probability of displaying passwords to hold up under surfing attacks. Aggressors can observe clearly or use external narrative contraptions to accumulate customers' accreditations. To vanquish this issue, we proposed a novel confirmation system PassMatrix, in perspective of graphical passwords to contradict hold up under surfing strikes. With a one-time considerable login marker and circulative level and vertical bars covering the entire degree of pass-pictures, PassMatrix offers no knowledge for attackers to comprehend or restrict the watchword even they coordinate various camera-based ambushes. We in like manner executed a PassMatrix demonstrate on Android and finished bona fide customer examinations to evaluate its memorability and usability. From the exploratory result, the proposed system achieves better security from bear surfing attacks while taking care of convenience.
ABSTRACT: The most common method is textual passwords that were used for authentication. Unfortunately, these passwords can be easily guessed or cracked. The next best techniques are graphical passwords. Since, there are many graphicalpassword schemes that are proposed in the last decade, But most of them suffer from shouldersurfing which is also a big problem. Also, there are few graphical passwords schemes that have been proposed which are resistant to various attacks. In this paper two new authentication schemes are proposed with steganography algorithm for any transaction . Any authentication process gets very secure when two or three techniques used together for a system. For every login process, user input different passwords. We proposed two different shouldersurfing resistance graphicalpassword authentication scheme methods one is AS3PAS and second is hybrid textual scheme using color code also Advanced LSB which removes the drawback of simple LSB that it supports all image format.
system is more prone to shouldersurfing than graphicalpassword system. As drawing is being entered on the screen, an attacker needs to see the login process just once for getting the password and recall is not always a difficult task depending on memory prompts or cues. Passwords based on recognition-based techniques are remembered over a longer period of time. The system discussed in this paper provides more resistant to shouldersurfing and efficient than Jansen et. al algorithm  which is based on the correct sequence of clicks on the thumbnail images. The proposed system introduces a key, which would be difficult for an attacker to notice along with the correct click. The system discussed here is less confusing than the system used by Sobrado and Brdget for avoiding shouldersurfing as it contains thousands of pass-objects on the screen, out of which user had to select some objects which is being selected during the registration phase . Therefore, introduction of key stroke along with click provide better protection against shoulder-surfing as compared with other algorithms. The formal specification regarding the working of the proposed system has been shown in Algorithm 1. The algorithm considers that the user has to click on 5 images (image1, image2, image3, image4 and image7) out of n images. Moreover, the user also enters an additional textual key along with the click on image1.
In 2002 Sobrado and Birget developed a new graphicalpassword scheme called Triangle algorithm as mentioned in  that is aimed to deal with shouldersurfing problem. At registration phase user is asked to choose a certain number of pass objects from 1000 proposed objects. Later, to authenticate, the system displays a variety of objects on the screen and the user is asked to click inside the area that the previously selected objects form. The action repeats for several times but every time the icons on the screen will shuffle and appear in different place. Major disadvantage of this scheme refers to a very crowded display, so the user cannot distinguish the objects on the screen. Also the average registration and login time is much longer than in the traditional text-based approach. On the other hand, using fewer objects may lead to a smaller password space.
Shoulder- surfing problem is an attack in which the intruder can observe the passwords, PINs or other protected information by observing the owner or victim through his/her shoulder or other spying devices such as binoculars and video camera while the password is being used on the computer or at the terminal for authentication . The main aim of the intruder for this attack is to use the observed credentials for illicit transactions in order to impersonate the real owner (the victim) afterwards. The root cause of this drawback is due the fact that users enter their secrets directly to some poorly designed user interface in a way that is easy for intruder to gain knowledge of the secret via observation. To surmount this problem during authentication, a number of shoulder-surfingresistant techniques were proposed as helpful solutions to protect the user’s secret from being observed for illicit usage. To protect recall-basedgraphicalpassword systems such Draw-A-Secret and Background Draw-A-Secret DAS from shouldersurfing, three techniques which include decoy Strokes defense, disappearing Strokes, and line Snaking were proposed . These techniques are used during a login procedure as a means of distracting shoulder surfer away from capturing the correct password drawn by the user for security reason. Decoy Strokes defense technique allows user to draw many passwords of which only one is authentic user’s password. In disappearing stroke defense, the user stroke is being removed from the screen after it has been drawn. The idea behind is to make it difficult for attacker to store the image to memory. While line Snaking technique is based on the disappearing stroke solution but was intended to leave the vital
Abstract- Since conventional password schemes are vulnerable to shouldersurfing, many shouldersurfingresistantgraphicalpassword schemes have been proposed. However, as most users are more familiar with textual passwords than pure graphical passwords, text-basedgraphicalpassword schemes have been proposed. Unfortunately, both the text-basedpassword schemes and graphicalpassword schemes are not secure and efficient enough and not adopted. Textual passwords are the most common method used for authentication. But textual passwords are vulnerable to eves dropping, dictionary attacks, social engineering and shouldersurfing. Graphical passwords are introduced as alternative techniques to textual passwords. Most of the graphical schemes are vulnerable to shouldersurfing. To address this problem, text can be combined with colors to generate secure passwords for authentication. The user passwords can be used only once and every time a new password is generated. In this paper, the user propose an improved text-basedshouldersurfingresistantgraphicalpassword scheme by using color PIN entry mechanism which are resistant to shouldersurfing. In the proposed scheme, the user can easily and efficiently log in into the system. This proposed work gives more security over the password from shouldersurfing and accidental log in.