3-D Password Scheme

For more secure authentication

Authentication

Authentication is a process of validating
who are you to whom you claimed to be
Human authentication techniques are as
follows:
1. Knowledge Base (What you know)
2. Token Based(what you have)
3. Biometrics(what you are)
4. Recognition Based(What you recognise)

Common Authentication
Techniques used in computer
world
1. Textual Passwords(Recall Based)-:Recall
what you have created before.

2. Graphical Passwords:
(Recall Based+Recognition Based)

Biometric schemes
(fingerprints,voice recognition etc)
Drawbacks
Textual Password:
Textual Passwords should be easy to
remember at the same time hard to guess
Full password space for 8 characters
consisting of both numbers and characters is
2 X 10
From an research 25% of the passwords out
of 15,000 users can guessed correctly by
using brute force dictionary
Drawbacks
Graphical Password
Graphical passwords can be easily
recorded as these schemes take a long
time.
One main drawback of applying biometric
is its intrusiveness upon a users personnel
characteristics.
They require special scanning device to
authenticate the user which is not
acceptable for remote and internet users.
3D PASSWORD SCHEME
The 3D Password scheme is a new
authentication scheme that combine
RECOGNITION
+ RECALL
+TOKENS
+BIOMETRIC
In one authentication system


The 3D password presents a virtual
environment containing various virtual
objects.

The user walks through the environment
and interacts with the objects

The 3d Password is simply the
combination and sequence of user
interactions that occur in the 3D
environment
3D Password selection
Virtual objects can be any object we
encounter in real life:
A computer on which the user can type
A fingerprint reader that requires users fingerprint
A paper or white board on which user can type
A Automated teller(ATM) machine that requires a token
A light that can be switched on/off
A television or radio
A car that can be driven
A graphical password scheme











For EXAMPLE:
Let us assume the user enters a virtual
office then performs the following action:
(10,24,91) Action=Open office door
(10,24,91) Action=Close office door
(4,34,18) Action=Tpeine,C
(4,34,18) Action=Typing,O
(4,34,18)Action=Typing,N
(10,24,80)Action=Pick up the pen
(1,18,80)Action=Draw point=(330,130)
3D Passwords Differentiators
Flexibility:3D Passwords allows Multifactor
authentication biometric , textual passwords
can be embedded in 3D password technology.
Strength: This scenario provides almost
unlimited passwords possibility.
Ease to Memorize: can be remembered in the
form of short story.
Respect of Privacy: Organizers can select
authentication schemes that respect users
privacy.
3D Password Application Areas
Critical Servers
Nuclear and military Facilities
Airplanes and JetFighters
ATMs,Desktop and Laptop Logins, Web
Authentication
Attacks and Countermeasures
Brute Force Attack: The attack is very difficult
because
1. Time required to login may vary form 20s to 2 min
therefore it is very time consuming.
2. Cost of Attack: A 3D Virtual environment may contain
biometric object ,the attacker has to forge all
biometric information.
Well Studied Attack: Attacker tries to get
the most probable distribution of 3D Password.
This is difficult because attacker has to perform
customized attack fo different virtual
environment .
Shoulder Surfing Attacks: Attacker uses
camera to record the users 3D passwords.This
attack is more succesful


Timing Attack: The Attacker observes how
long it takes the legitimate user to perform
correct log in using 3D Password.which gives an
indication of 3-D Passwords length.This attack
cannot be succesful since it gives the attacker
mere hints.
QUERIES ??...