SLGP Header

Graphical Password Authentication Using for Multistage Image Recognition Captcha

IJCSEC Front Page

Many security primitives are based on hard mathematical problems. One the problem use of passwords is a major point of vulnerability in computer security, as passwords are often easy to guess by automated programs running dictionary attacks. Passwords remain the most widely used authentication method despite their well-known security weaknesses. CAPTCHA authentication is clearly a practical problem. In a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology is call Captcha as graphical passwords. CaRP is both a Captcha and a graphical password scheme the authentication scheme that preserves the advantages of conventional password authentication. The proposed scheme is easy to implement and overcomes some of the difficulties of previously suggested methods of improving the security of user authentication schemes CaRP also offers protection against relay attacks, an increasing threat to bypass Captchas protection. An artificial image which contains some vital information, able to observe by Human but not by computer as automated task, is known as CAPTCHA image. The captcha will be used to prevent the task automation in performing repeated re try task in authentication process. The proposed scheme CAPTCHA also provides better protection against denial of service attacks against user accounts
General Terms:Security, Human factors, Design, Experimentation
Key Terms: Graphical password, password, hotspots, CaRP, Captcha, dictionary attack, password guessing attack, security Primitive.
Passwords are the most common method of authenticating users, and will most likely continue to be widely used for the foreseeable future, due to their convenience and practicality for service providers and end users. Although more secure authentication schemes have been suggested in the past, using smartcards or public key cryptography, none of them has been in widespread use in the consumer market. The well-known problem in computer security that human chosen Passwords are inherently insecure since a large fraction of the users chooses passwords that come from a small domain. Security is to create cryptographic primitives based on hard mathematical problems that are computationally intractable. A small password domain enables adversaries to attempt to login to accounts by trying all possible passwords, until they find the correct one. This attack is known as a dictionary attack.
Successful dictionary attacks have been recently reported against eBay user accounts, where attackers broke into accounts of sellers with good reputations in order to conduct fraudulent auctions. In addition to workstation and web log-in applications, graphical passwords have also been applied to many devices. CAPTCHA secure to protect the online email and password using for images. The present exemplary CaRPs built on both texts Captcha and image recognition Captcha. One of them is a text CaRP where in a password is a sequence of characters like a text password, but entered by clicking the right character sequence on CaRP images. CaRP offers protection against online dictionary attacks on passwords, which have been for long time a major security threat for various online services. Graphical password scheme may exceed that of text based schemes and thus presumably offer better resistance to dictionary attacks.


  1. Adams.C et al., (2008), ‘Pass-Go: A proposal to improve the usability of graphical passwords’ Int. J. Netw. Security, vol. 7, no. 2, pp. 273–292.
  2. Aickelin.U et al.,(2010),‘Against spyware using CAPTCHA in graphical password scheme’ in Proc. IEEE Int. Conf. Adv. Inf. Netw. Appl., Jun, pp. 1–9.
  3. Biddle .R et al.,(2008), ‘Influencing users towards better passwords: Persuasive cued click-points’ in Proc.Brit. HCI Group Annu. Conf. vol. 1., pp. 121–130.
  4. Dai.R et al.,(2009), ‘A new graphical password scheme against spyware by using CAPTCHA’ in Proc. Symp. Usable Privacy Security, 2009, pp. 760–767
  5. Dirik A. E et al., (2007), ‘Modeling user choice in the pass points graphical password scheme’ in Proc.Symp.Usable Privacy Security, pp.20–28.
  6. Dunphy.P et al.,(2007), ‘Do background images improve Draw a Secret graphical passwords’ in Proc. ACM CCS, pp. 1–12.
  7. Golle.P et al.,(2008), ‘Machine learning attacks against the Asirra CAPTCHA’ in Proc. ACM CCS, pp. 535– 542.
  8. Kirda.E et al.,(2007), ‘Secure input for web applications Cued Click Point Technique for Graphical Password Authentication’ in Proc. ACSAC, pp. 375–384.
  9. Motoyama.M et al.,(2010), ‘Re: CAPTCHAs —Understanding CAPTCHA solving services in an Economic Context’ in Proc. USENIX Security,pp.23-28
  10. Moy.M et al.,(2004), ‘Distortion estimation techniques in solving visualCAPTCHAs’ in Proc.Soc.Conf.Comput.Vis. Pattern Recognit., Jul, pp