30-09-2016, 09:27 AM
1456917150-ggggg.doc.docx (Size: 12.8 KB / Downloads: 4)
A. Security of Underlying Captcha
Computational intractability in recognizing objects in CaRP images is fundamental to CaRP. Existing analyses on Captcha security were mostly case by case or used an approximate process. No theoretic security model has been established yet. Object segmentation is considered as a computationallyexpensive, combinatorially-hard problem [30], which modern text Captcha schemes rely on. According to [30], the complexity of object segmentation, C, is exponentially dependent of the number M of objects contained in a challenge, and polynomially dependent of the size N of the Captcha alphabet: C = αM P(N), where α > 1 is a parameter, and P() is a polynomial function. A Captcha challenge typically contains 6 to 10 characters, whereas a CaRP image typically contains 30 or more characters. The complexity to break a ClickText image is about α30P(N)/(α10P(N)) = α20 times the complexity to break a Captcha challenge generated by its underlying Captcha scheme. Therefore ClickText is much harder to break than its underlying Captcha scheme. Furthermore, characters in a CaRP scheme are arranged twodimensionally, further increasing segmentation difficulty due to one more dimension to segment. As a result, we can reduce distortions in ClickText images for improved usability yet maintain the same security level as the underlying text Captcha. ClickAnimal relies on both object segmentation and multiple-label classification. Its security remains an open question. As a framework of graphical passwords, CaRP does not rely on any specific Captcha scheme. If one Captcha scheme gets broken, a new and more robust Captcha scheme may appear and be used to construct a new CaRP scheme. In the remaining security analysis, we assume that it is intractable for computers to recognize any objects in any challenge image generated by the underlying Captcha of CaRP. More accurately, the Captcha is assumed to be chosen-pixel attack (CPA)-secure defined with the following experiment: an adversary A first learns from an arbitrary number of challenge images by querying a groundtruth oracle O as follows: A selects an arbitrary number of internal object-points and sends to O, which responds with the object that each point lies in. Then A receives a new challenge image and selects an internal object-point to query O again.This time O chooses a random bit b ← {0, 1} to determine what to return: It returns the true object if b = 1; otherwise a false object selected with a certain strategy. A is asked to determine whether the returned object is the true object that the internal object-point lies in or not. A Captcha schemejibnouh