Kanishka_3D Passwords
Upcoming SlideShare
Loading in...5
×
 

Kanishka_3D Passwords

on

  • 2,582 views

A novel 3D password based authentication scheme and its evaluation

A novel 3D password based authentication scheme and its evaluation

Statistics

Views

Total Views
2,582
Views on SlideShare
2,582
Embed Views
0

Actions

Likes
4
Downloads
493
Comments
6

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

15 of 6 Post a comment

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Having knowledge about the most probable textualpasswords is the key behind dictionary attacks. Anyauthentication scheme is affected by the knowledgedistribution of the user’s secretsKnowledge about the user’s selection of three-dimensionalpasswords is not available, up to now, to the attacker.Moreover, having different kinds of authentication schemesin one virtual environment causes the task to be more difficultfor the attacker. However, in order to acquire suchknowledge, the attacker must have knowledge about everysingle authentication scheme and what are the most probablepasswords using this specific authentication scheme. Thisknowledge, for example, should cover the user’s mostprobable selection of textual passwords, different kinds ofgraphical passwords, and knowledge about the user’sbiometrical data. Moreover, knowledge about the design of athree-dimensional virtual environment is required in order forthe attacker to launch a customized attack.

Kanishka_3D Passwords Kanishka_3D Passwords Presentation Transcript

  • Kanishka Khandelwal Final Year,Dept of Computer Science and engineering, Jadavpur University
  •  Authentication Existing Systems Proposed 3D password system 3D Virtual environment Expected Functionalities The Idea System Implementation Objects Required Security Analysis Applications Conclusion Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  •  Who you are to whom you claimed to be? Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012 View slide
  •  What you know (knowledge based). What you have (token based). What you are (biometrics). What you recognize (recognition based). Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012 View slide
  •  Textual passwords Graphical passwords Biometrics Token based Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  •  Most common authentication technique used in Computer world Two conflicting requirements: passwords should be easy to remember and hard to guess Kept very simple say a word from the dictionary or their pet names , girlfriends etc Klien cracked 25% of the passwords using a very small sized but well formed dictionary. Drawback- Guessable! Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  •  Biometrics consists of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits Drawbacks- Intrusiveness to privacy Biometrics cannot be revoked Resistance to exposure of retinas to IR rays Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  •  Users can recall and recognize pictures more than words. Password space is less than or equal to textual password space. Vulnerable to Shoulder attack Process of selecting a set of pictures from the picture database can be tedious and time consuming for the user Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  •  Vulnerable to loss or theft or duplication User has to carry the token whenever access required Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  •  The 3-D password is a multifactor authentication scheme. The 3D password combines all existing authentication schemes into one three- dimensional virtual environment. Users have the freedom to select whether the 3D password will be solely recall, biometrics, recognition, or token based, or a combination of two schemes or more Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  • The following requirements are satisfied Secrets are easy to remember and very difficult for intruders to guess Secrets are not easy to write down on paper and difficult to share with others Secrets can be easily revoked or changed. Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  •  The three-dimensional virtual environment consists of many items or objects. Each item has different responses to actions The user actions, interactions and inputs towards the objects or towards the three- dimensional virtual environment creates the user’s 3D password. Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  •  The user can decide his own authentication schemes. The 3D environment can change according to users request. It would be difficult to crack using regular techniques. Can be used in critical areas such as Nuclear Reactors, Missile Guiding Systems etc. Added with biometrics and card verification, the scheme becomes almost unbreakable. Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  •  large number of possible passwords because of the high number of possible actions and interactions towards every object and towards the three dimensional virtual environment. The authentication can be improved since the unauthorized persons will not interact with the same object as a legitimate user would. We can also include a timer. Higher the security higher the timer. Say after 20 seconds a weak password will be thrown out. Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  •  The user navigates through a three dimensional virtual environment The combination and the sequence of the user’s actions and interactions towards the objects in the three dimensional virtual environment constructs the user’s 3D password. Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  •  For example, the user can enter the virtual environment and type something on a computer that exists in (x1 , y1 , z1 ) position, then enter a room that has a fingerprint recognition device that exists in a position (x2 , y2 , z2 ) and provide his/her fingerprint. Then, the user can go to the virtual garage, open the car door, and turn on the radio to a specific channel. The combination and the sequence of the previous actions toward the specific objects construct the user’s 3D password Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  •  A computer with which the user can type. A fingerprint reader that requires the user’s fingerprint. A light bulb A biometric recognition device. A television or radio where channels can be selected. A car that can be driven. Any graphical password scheme. Any real life object. Any upcoming authentication scheme. Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  •  The action towards an object (assume a fingerprint recognition device) that exists in location (x1, y1 , z1 ) is different from the actions toward a similar object (another fingerprint recognition device) that exists in location (x2 , y2 , z2 ). Therefore, to perform the legitimate 3D password, the user must follow the same scenario performed by the legitimate user. This means interacting with the same objects that reside at the exact locations and perform the exact actions in the proper sequence Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  •  Let us consider a 3D virtual environment space of size G ×G × G. The 3D environment space is represented by the coordinates (x, y, z) ∈ [1, . . . , G] ×[1, . . . , G] ×[1, . . . , G ]. consider a user who navigates through the 3D virtual environment that consists of an office and a meeting room . Let us assume that the user is in the virtual office and the user turns around to the door located in (10, 24, 91) and opens it . Then, the user closes the door. The user then finds a computer to the left, which exists in the position (4, 34, 19), and the user types “FALCON.” The initial representation of user actions in the 3Dvirtual environment can be recorded as follows Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  •  (10, 24, 91) Action = Open the car door. (10, 24, 91) Action = Close the car door. (4, 34, 19) Action = Typing, “F”. (4, 34, 18) Action = Typing, “A”. (4, 34, 17) Action = Typing, “L”. (4, 34, 16) Action = Typing, “C”. (4, 34, 15) Action = Typing, “O”. (4, 34, 14) Action = Typing, “N”. Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  • Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  • The Size of the 3D Password Space-We noticed that by increasing the number of objects in the three-dimensional virtual environment, the 3D password space increases exponentially. Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  • Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  •  3D Password Distribution Knowledge - Knowledge about the user’s selection of three-dimensional passwords is not available - knowledge about the design of a three- dimensional virtual environment is required by the attacker - the attacker must have knowledge about every single authentication scheme Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  • The 3D password can have a password space that is very large compared to other authentication schemes, so the 3D password’s main application domains are protecting critical systems and resources Critical server Nuclear and military facilities . Airplanes and jet fighters Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  • In addition, 3D passwords can be used in less critical systems A small virtual environment can be used in the following systems like ATM Personal Digital Assistance Desktop Computers & laptop logins Web Authentication Security Analysis Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  • A virtual art gallery that consist of 36 pictures and 6 computerswhere users can navigate and interact with virtual objects byeither typing or drawing.http://www.youtube.com/watch?v=4bvMo1NiyX0 Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  • Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  • Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  •  1.The user can decide his own authentication schemes. If hes comfortable with Recall and Recognition methods then he can choose the 3d authentication just used above. 2.The authentication can be improved since the un authorized persons will not interact with the same object as a legitimate user would. We can also include a timer .Higher the security higher the time. 3.The 3D environment can change according to users request. 4.It would be difficult to crack using regular techniques .Since all the algorithms follow steps to authenticate ,the scheme has no fixed number of steps .Hence to calculate all those possibilities and decipher them is not easy. 5.Can be used in critical areas such as Nuclear Reactors, Missile Guiding Systems etc. 6.Added with biometrics and card verification ,the scheme becomes almost unbreakable. Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  •  A Novel 3D Graphical Password Schema - Fawaz A Alsulaiman and Abdulmotaleb El Saddik http://www.authorstream.com/Presentation/ kkarthikeyan08-895930-3d-password/ http://www.technospot.net/blogs/what-is- 3d-password-scheme-3/ Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012
  • Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U. 5/10/2012