3d password
DESCRIPTION
3D password-For more secure authenticationTRANSCRIPT
By:Jaya Sinha (115415)Oindrila Gupta (115416)
CONTENTS
Introduction
Three Factors of Authentication
Existing Authentication Techniques
Drawbacks of Existing Authentication Schemes
3D Password Scheme
3D Password Selection
Designing of a 3D Virtual Environment
Advantages of 3D Passwords
Applications of 3D Passwords
Attacks and CounterMeasures
Conclusion
INTRODUCTION
➢Authentication is any protocol or process that permits one entity to establish the identity of another entity.
✔In other words, authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be.
Three Factors of Authentication
1. Knowledge Based: Something you know like PASSWORD, PIN
2. Token Based: Something you possess like KEYS, PASSPORT, SMART CARD
3. Biometrics: Something you are like FINGERPRINT, FACE, IRIS
Existing Authentication Techniques
➔Textual Password: Recall Based
➔Graphical Password: Recall Based + Recognition Based (Biometrics)
Drawbacks of Existing Authentication Schemes
Drawbacks of Textual Passwords
●Textual Passwords should be easy to remember, but at the same time, difficult to guess●Full password space for 8 characters, consisting of both numbers and characters, is 2*(10^14)●A research showed that 25% of the passwords out of 15,000 users could be guessed correctly using brute force dictionary
Drawbacks of Graphical Passwords
●Graphical Passwords can be easily recorded as these schemes take a long time●The main drawback of using biometric is its intrusiveness upon a user's personal characteristics which are liable to change under certain situations. For example, a bruised finger will lead to an inconsistency in fingerprint pattern●They require special scanning device to authenticate the user which is not acceptable for remote and internet users
3D PASSWORD to the rescue...3D PASSWORD to the rescue...
3D PASSWORD SCHEME
➢The 3D Password scheme is a new authentication scheme that combines RECOGNITION + RECALL + TOKENS + BIOMETRICin one authentication system
➢The 3D password presents a virtual environment containing various virtual objects➢The user walks through the environment and interacts with the objects
➢The 3D Password is simply the combination and sequence of user interactions that occur in the 3D environment
➢The 3D password can combine the existing authentication schemes such as textual passwords, graphical passwords, and various types of biometrics into a 3D virtual environment. The design of the 3D virtual environment and the type of objects selected determine the 3D password key space.
3D PASSWORD SELECTIONVirtual objects can be any object that we encounter in real life:✔a computer on which the user can type
✔a fingerprint reader that requires the user’s fingerprint
✔a biometrical recognition device
✔a paper or white board that a user can write, sign, or draw on
✔an automated teller machine (ATM) that requires a token
✔a light that can be switched on/off
✔a television or radio where channels can be selected
✔a stapler that can be punched
✔a car that can be driven
✔a book that can be moved from one place to another
✔any graphical password scheme
✔any reallife object
✔any upcoming authentication scheme
3D VIRTUAL ENVIRONMENT3D VIRTUAL ENVIRONMENT
Designing of a 3D Virtual EnvironmentDesigning a wellstudied 3D virtual environment affects the usability, effectiveness, and acceptability of a 3D password system. Therefore, the first step in building a 3D password system is to design a 3D environment that reflects the administration needs and the security requirements. The design of 3D virtual environments should follow the following guidelines:●Reallife similarity: The prospective 3D virtual environment should reflect what people are used to seeing in real life.
●Object uniqueness and distinction: The design of the 3D virtual environment should consider that every object should be distinguishable from other objects.
●Threedimensional virtual environment size: The size of a 3D environment should be carefully studied as it can depict a space as focused as a single room (or office) or as vast as a city (or even the world).
●Number of objects (items) and their types: Part of designing a 3D virtual environment is determining the types of objects and how many objects should be placed in the environment. The types of objects reflect what kind of responses the object will have.
●System importance: The 3D virtual environment should consider what systems will be protected by a 3D password.
ADVANTAGES OF 3D PASSWORDS
✔Flexibility: 3D Passwords allow Multifactor Authentication✔Strength: This scenario provides almost unlimited possibilities of passwords✔Easy to memorize: Can be remembered in the form of a short story✔Respect of Privacy: Organizers can select authentication schemes that respect the privacy of the users
APPLICATIONS OF 3D PASSWORDS
➢Critical servers: Many large organizations have critical servers that require very high security but are usually protected by a textual password. A 3D password authentication proposes a sound replacement for a textual password. Moreover, entrances to such locations are usually protected by access cards and sometimes PIN numbers. Therefore, a 3D password can be used to protect the entrance to such locations as well as protect the usage of such servers.
➢Airplanes and jetfighters: Because of the possible threat of misusing airplanes and jetfighters for religious/political agendas, usage of such airplanes should be protected by a powerful authentication system.
➢Nuclear and military facilities: Such facilities should be protected by the most powerful authentication systems. The 3D password has a very large probable password space, and since it can contain token, biometrics, recognition, and knowledge based authentications in a single authentication system, it is a sound choice for high level security locations.
A small 3D virtual environment can be used in many systems, including the following:
1) ATMs
2) personal digital assistants
3) desktop computers and laptop logins
4) web authentication
ATTACKS AND COUNTERMEASURES➢Brute Force Attack: This attack is very difficult because: 1. It is very time consuming 2. Attack is highly expensive➢Well Studied Attack: This attack is difficult because the attacker has to perform customized attack for different virtual environments.➢Shoulder Surfing Attack: This attack is comparatively more successful because the attacker uses camera to record the 3D Passwords of the users.
CONCLUSION
✔3D Password improves authentication.✔It is difficult to crack as there are no fixed number of steps or particular procedure.✔Added with biometrics and token verification, this schema becomes almost unbreakable.
BIBLIOGRAPHY
http://en.wikipedia.org/wiki/3D_Secure
http://www.slideshare.net
http://www.giac.org/cissppapers/2.pdf
http://share.pdfonline.com/01906f50bd334cc688daf10648bb5d68/3d seminar report.htm