Be it purchasing goods, boarding an airplane, crossing a border, or performing a financial transaction, reliable authorization and authentication have become necessary for many daily interactions. Essentially, these activities rely upon ensuring the identities and authenticity of the people involved. Traditionally, authentication is based upon possession-based and knowledge-based identification. What you have Examples: User IDs, Accounts, Cards, Badges, Keys Shortcomings: Can be shared May be duplicated May be lost or stolen What you know Examples: Password, PIN Shortcomings: Many passwords are easily guessed Can be shared Can be forgotten Today, daily interactions are becoming increasingly automated, interfacing people with computers. Until recently, the primary authentication components of human computer interaction consisted of passwords and personal identification numbers. However, new authentication technologies are emerging that are capable of providing higher degrees of certainty for identifying an individual. One of these technologies is biometrics. Biometrics Examples: Fingerprint, voiceprint, face, iris Not possible to share Repudiation unlikely Difficult to forge Cannot be lost or stolen Source: Bolle, R.M. et al. (2004) Guide to Biometrics , New York: Springer-Verlag: 1-5
Biometrics refers to a broad range of technologies, systems, and applications that automate the identification or verification of an individual based on his or her physiological or behavioral characteristics. Source: Bolle, R.M. et al. (2004) Guide to Biometrics , New York: Springer-Verlag: 1-5 Physiological biometrics are based on direct measurements of a part of the human body at a point in time. The most common physiological biometrics involve fingerprints, face, hand geometry, and iris. Less common physiological biometrics involve DNA, ear shape, odor, retina, skin reflectance and thermogram. Source: Bolle, R.M. et al. (2004) Guide to Biometrics , New York: Springer-Verlag: 1-5 Behavioural biometrics are based on measurements and data derived from the method by which a person carries out an action over an extended period of time. The most common behavioural biometrics involve hand-written signature and voice. Less common behavioural biometrics involve gait, keystroke pattern, and lip motion. Source: Bolle, R.M. et al. (2004) Guide to Biometrics , New York: Springer-Verlag: 1-5 According to Turk and Pentland, in their seminal paper, “Eigenfaces for Recognition”, which was published in 1991, “In the language of information theory, we want to extract the relevant information in a face image, encode it as efficiently as possible, and compare one face encoding with a database of models encoded similarly.” Many rationales for deploying biometrics center on improved certainty in determining an individual’s identity and perceived cost savings from the reduced risk of financial losses for the individual or institution deploying the biometric. Source: Nanavati, S. et al. (2002) Biometrics: Identity Verification in a Networked World , New York: John Wiley & Sons, Inc: 1-5
Three Basic Identification Methods of password Possession(“something I have”)•Keys Knowledge•Passport (“something I know”)•Smart Card •Password •PIN Biometrics(“something I am”) •Face •Fingerprint •Iris
Password• It is basically an encryption algorithms.• Usually it is 8-15 character or slightly more than that.• Mostly textual passwords nowadays, are kept very simple say a word from the dictionary or their pet names, friends etc.
• Ten years back Klein performed such tests and he could crack 10-15 passwords per day. Now with the technology change, fast processors and many tools on the Internet this has become a Childs Play.
passphrase• It’s nothing but the enhance version of password.• Usually it is a combination of words or simply collection of password in proper sequence is passphrase.• It contains any well known thought also.
• Length of passphrase is about 30-50 character or more than that also.• But it has also some limitations because 30-50 character is creates ambiguity to remember if there is no any proper sequence.
Biometrics• Refer to a broad range of technologies• Automate the identification or verification of an individual• Based on human characteristics or body organs – Physiological: Face, fingerprint, iris – Behavioral: Hand-written signature, voice Characteristics Templates 011001010010101… 011010100100110… 001100010010010...
• But biometrics has also some drawbacks.• Suppose you select your fingerprint as a biometrics..• But what to do when you have crack or wound in your finger.• In this situation you might be in trouble.• And now a days some hackers even implement exact copy of your biometrics also….
• After seeing all the different security scheme now it is time to do something advance in this security system.• Here, the 3d password come into the picture.
3-D password• The 3D passwords which are more customisable, and very interesting way of authentication.• The 3-D password is a multifactor authentication scheme. To be authenticated, we present a 3-D virtual environment where the user navigates and interacts with various objects. The sequence of actions and interactions toward the objects inside the 3-D environment constructs the user’s 3-D password.
• The 3-D password can combine most existing authentication schemes such as textual passwords, graphical passwords, and various types of biometrics into a 3-D virtual environment. The design of the 3-D virtual environment and the type of objects selected determine the 3-D password key space.
• This is achieved through interacting only with the objects that acquire information that the user is comfortable in providing and ignoring the objects that request information that the user prefers not to provide. For example, if an item requests an iris scan and the user is not comfortable in providing such information, the user simply avoids interacting with that item.
Moreover, giving the user the freedom ofchoice as to what type of authenticationschemes will be part of their 3-D passwordand given the large number of objects anditems in the environment, the number ofpossible 3-D passwords will increase.Thus, it becomes much more difficult forthe attacker to guess the user’s 3-Dpassword.
• For example, the user can enter the virtual environment and type something on a computer that exists in (x1, y1, z1)position, then enter a room that has a fingerprint recognition device that exists in a position (x2, y2, z2) and provide his/her fingerprint. Then, the user can go to the virtual garage, open the car door, and turn on the radio to a specific channel. The combination and the sequence of the previous actions toward the specific objects construct the user’s 3-D password.
• Virtual objects can be any object that we encounter in real life. Any obvious actions and interactions toward the real-life objects can be done in the virtual 3-D environment toward the virtual objects. Moreover, any user input (such as speaking in a specific location) in the virtual 3-D environment can be considered as a part of the 3-D password. We can have the following objects:
• 1) a computer with which the user can type; 2) a fingerprint reader that requires the user’s fingerprint; 3) a biometrical recognition device; 4) a paper or a white board that a user can write, sign, or draw on; 5) an automated teller machine (ATM) that requests a token;
6) a light that can be switched on/off;7) a television or radio where channels can be selected;8) a staple that can be punched;9) a car that can be driven;10) a book that can be moved from one place to another;11) any graphical password scheme;12) any real-life object;13) any upcoming authentication scheme.
Snapshot of a proof-of-concept virtual art gallery, which contains 36 pictures and six computers.
• Designing a well-studied 3-D virtual environment affects the usability, effectiveness, and acceptability of a 3-D password system. Therefore, the first step in building a 3-D password system is to design a 3-D environment that reflects the administration needs and the security requirements. The design of 3-D virtual environments should follow these guidelines.
• 1) Real-life similarity: The prospective 3-D virtual environment should reflect what people are used to seeing inreal life. Objects used in virtual environments should be relatively similar in size to real objects (sized to scale).
• Possible actions and interactions toward virtual objects should reflect real-life situations. Object responses should be realistic. The target should have a 3-D virtual environment that users can interact with, by using common sense.
• 2) Object uniqueness and distinction: Every virtual object or item in the 3-D virtual environment is different from any other virtual object.• The uniqueness comes from the fact that every virtual object has its own attributes such as position. Thus, the prospective interaction with object 1 is not equal to the interaction with object 2. However, having similar objects such as 20 computers in one place might confuse the user. Therefore, the design of the 3-D virtual environment should consider that every object should be distinguishable from other objects.
A simple real-life example is home numbering.Assume that there are 20 or more homes thatlook like each other and the homes are notnumbered. It would be difficult to distinguishwhich house was visited a month ago.Similarly,in designing a 3-D virtual environment, it shouldbe easy for users to navigate through and todistinguish between objects. The distinguishingfactor increases the user’s recognition ofobjects. Therefore, it improves the systemusability.
• 3) Three-dimensional virtual environment size:• A 3-D virtual environment can depict a city or even the world. On the other hand, it can depict a space as focused as a single room or office. The size of a 3-D environment should be carefully studied. A large 3-D virtual environment
will increase the time required by the userto perform a 3-D password.Moreover, a large 3-D virtual environmentcan contain a large number of virtualobjects.Therefore, the probable 3-D passwordspace broadens.However, a small 3-D virtual environmentusually contains only a few objects, andthus, performing a 3-D password will takeless time.
• 4) Number of objects (items) and their types: Part of designing a 3-D virtual environment is determining the types of objects and how many objects should be placed in the environment. The types of objects reflect what kind of responses the object will have. For simplicity, we can consider requesting a textual password or a fingerprint as an object response type. Selecting the right object response types and the number of objects affects the probable password space of a 3-D password.
• 5) System importance: The 3-D virtual environment should consider what systems will be protected by a 3-D password. The number of objects and the types of objects that have been used in the 3-D virtual environment should reflect the importance of the protected system.
• Possible critical applications include the following. 1) Critical servers: Many large organizations have critical servers that are usually protected by a textual password. A 3-D password authentication proposes a sound replacement for a textual password. Moreover, entrances to such locations are usually protected by access cards and sometimes PIN numbers.
Therefore, a 3-D password can be used toprotect the entrance to such locations andprotect the usage of such servers.
• 2) Nuclear and military facilities: Such facilities should be protected by the most powerful authentication systems. The 3-D password has a very large probable password space, and since it can contain token-, biometrics-,recognition-, and knowledge- based authentications in a single authentication system, it is a sound choice for high level security locations.
• 3) Airplanes and jetfighters: Because of the possible threat of misusing airplanes and jetfighters for religious-political agendas, usage of such airplanes should be protected by a powerful authentication system.
• The 3-D password is recommended for these systems.• In addition, 3-D passwords can be used in less critical systems because the 3-D virtual environment can be designed to fit any system’s needs.
A small 3-D virtual environment can beused in many systems, including thefollowing:1) ATMs;2) personal digital assistants;3) desktop computers and laptop logins;4) web authentication.