SlideShare a Scribd company logo

Authentication Techniques and 3D Passwords

K
Karishma Khan

SEMINAR REPORT ON 3D PASSWORD BY S.KARISHMA

Engineering
1 of 19
Download to read offline
1 1. INTRODUCTION 1.1 AUTHENTICATION Authentication is a process of validating who are you to whom you claimed to be or a process of identifying an individual, usu33ally based on a username and password. To protect any system authentication must be provided, so that only authorized persons can have right to use or handle that system & data related to that system securely. There are many authentication algorithms are available some are effective & secure but having some drawback. Previously there are many authentication techniques were introduced such as graphical password, text password, Biometric authentication, etc. Generally there are three types of authentication techniques are available such as: Fig. 1.1 Classification of existing authentication systems Human Authentication Techniques Knowledge based - What you KNOW Textual Password Graphical Password Token based - What you HAVE ATM cards Keys ID keys Biometrics - What you ARE Finger prints, palm prints Hand geometry Iris, face, voice recognition
2 1.2 DRAWBACKS IN EXISTING AUTHENTICATION SYSTEMS 1.2.1 TEXTUAL PASSWORDS Recall-based techniques require the user to repeat or reproduce a secret that the user created before. Recognition based techniques require the user to identify and recognize the secret, or part of it, that the user selected before. One of the most common recall-based authentication schemes used in the computer world is textual passwords. One major drawback of the textual password is its two conflicting requirements: the selection of passwords that are easy to remember and, at the same time, are hard to guess. 1.2.2 GRAPHICAL PASSWORDS Graphical passwords are based on the idea that users can recall and recognize pictures better than words. However, some of the graphical password schemes require a long time to be performed. Moreover, most of the graphical passwords can be easily observed or recorded while the legitimate user is performing the graphical password; thus, it is vulnerable to shoulder surfing attacks. Currently, most graphical passwords are still in their research phase and require more enhancements and usability studies to deploy them in the market. 1.2.3 BIOMETRICS Many biometric schemes have been proposed; fingerprints, palmprints, hand geometry, face recognition, voice recognition, iris recognition, and retina recognition are all different biometric schemes. Each biometric recognition scheme has its advantages and disadvantages based on several factors such as consistency, uniqueness, and acceptability. One of the main drawbacks of applying biometrics is its intrusiveness upon a user’s personal characteristic. Moreover, retina biometrical recognition schemes require the user to willingly subject their eyes to a low-intensity infrared light. In addition, most biometric systems require a special scanning device to authenticate users, which is not applicable for remote and Internet users.
3 2. WHAT IS 3D PASSWORD The 3D password is a multifactor authentication scheme. It can combine all existing authentication schemes into a single 3D virtual environment. This 3D virtual environment contains several objects or items with which the user can interact. The type of interaction varies from one item to another. The 3D password is constructed by observing the actions and interactions of the user and by observing the sequences of such actions. It is the user’s choice to select which type of authentication techniques will be part of their 3D password. In 3D password, the user has to first authenticate with simple textual password (i.e. user need to provide user name and password). Once authentication successful then user moves in 3D virtual environment, then user automatically enter into an art gallery, where he/she has to select multiple point in that gallery or he can do some action in that environment like switching button on/off or perform action associated with any object like opening door, etc. The sequence in which user has clicked that sequence of points are stored in text file in the encrypted form. In this way the password is set for that particular user. Next time when user wants to access his account then he has to select all the objects which he has selected at the time of creating password with proper sequence. This sequence is then compared with coordinates which are stored in file. If authentication successful thereafter access is given to authorized user. This is achieved through interacting only with the objects that acquire information that the user is comfortable in providing and ignoring the objects that request information that the user prefers not to provide. Moreover, giving the user the freedom of choice as to what type of authentication schemes will be part of their 3D password and given the large number of objects and items in the environment, the number of possible 3D passwords will increase. Thus, it becomes much more difficult for the attacker to guess the user’s 3D password. The following necessities are satisfied in proposed scheme: 1. The new scheme provide secrets that are easy to remember and very difficult for intruders to guess. 2. The new scheme should be difficult to share with others. 3. The new scheme provides secrets that can be easily revoked or changed.
4 3. SYSTEM IMPLEMENTATION The system implementation can be done by designing a 3D virtual environment that contains objects that request information to be recalled, information to be recognized, tokens to be presented, and biometric data to be verified. For example, the user can enter the virtual environment and type something on a computer that exists in (x1, y1, z1) position, then enter a room that has a fingerprint recognition device that exists in a position (x2, y2, z2) and provide his/her fingerprint. Then, the user can go to the virtual garage, open the car door, and turn on the radio to a specific channel. The combination and the sequence of the previous actions toward the specific objects construct the user’s 3D password. Virtual objects can be any object that we encounter in real life. Any obvious actions and interactions toward the real life objects can be done in the virtual 3D environment toward the virtual objects. Moreover, any user input (such as speaking in a specific location) in the virtual 3D environment can be considered as a part of the 3D password. We can have the following objects: 1. A computer with which the user can type. 2. A fingerprint reader that requires the user’s fingerprint. 3. An ATM machine that requires a smart card and PIN. 4. A light that can be switched on/off. 5. A car that can be driven. Fig. 3.1 3D password selection and inputs
5 4. HOW THE TECHNOLOGY WORKS 4.1 WORKING OF 3D PASSWORD Consider a three dimensional virtual environment space that is of the size G×G×G. Each point in the three dimensional environment space represented by the coordinates (x, y, z) ∈ [1..G] × [1..G] × [1..G]. The objects are distributed in the three-dimensional virtual environment. Every object has its own (x, y, z) coordinates. Assume the user can navigate and walk through the three-dimensional virtual environment and can see the objects and interact with the objects. The input device for interactions with objects can be a mouse, a keyboard, stylus, a card reader, a microphone…etc. For example, consider a user who navigates through the 3D virtual environment that consists of a ground and a classroom. Let us assume that the user is in the virtual ground and the user turns around to the door located in (9, 16, 80) and opens it. The user types "ANGEL" into a computer that exists in the position of (10, 5, 25). The user then walks over and turns off the light located in (15, 6, 20), and then the user closes the door. The user then presses the login button. The initial representation of user actions in the 3D virtual environment can be recorded as follows: (9, 16, 80) Action = Open the office door; (10, 5, 25) Action = Typing, “A”; (10, 5, 25) Action = Typing, “N”; (10, 5, 25) Action = Typing, “G”; (10, 5, 25) Action = Typing, “E”; (10, 5, 25) Action = Typing, “L”; (15, 6, 20) Action = Turning the Light Off; (9, 16, 80) Action = Close the office door; 4.2 3D VIRTUAL ENVIRONMENT DESIGN GUIDELINES The design of the 3 D virtual environments affects the usability, effectiveness, acceptability of 3D password. The first step in building a 3D password system is to design a 3D environment that reflects the administration needs and the security requirements. The design of 3D virtual environments should follow these guidelines.
6 4.2.1 REAL LIFE SIMILARITY The prospective 3D virtual environment should reflect what people are used to seeing in real life. Objects used in virtual environments should be relatively similar in size to real objects (sized to scale). Possible actions and interactions toward virtual objects should reflect real life situations. Object responses should be realistic. The target should have a 3D virtual environment that users can interact. 4.2.2 OBJECT UNIQUENESS AND DISTINCTION Every virtual object or item in the 3D virtual environment is different from any other virtual object. The uniqueness comes from the fact that every virtual object has its own attributes such as position. Thus, the prospective interaction with object 1 is not equal to the interaction with object 2. However, having similar objects such as 20 computers in one place might confuse the user. Therefore, the design of the 3D virtual environment should consider that every object should be distinguishable from other objects. Similarly, in designing a 3D virtual environment, it should be easy for users to navigate through and to distinguish between objects. The distinguishing factor increases the user’s recognition of objects. Therefore, it improves the system usability. 4.2.3 THREE DIMENSIONAL VIRTUAL ENVIRONMENT SIZE A 3D virtual environment can depict a city or even the world. On the other hand, it can depict a space as focused as a single room or office. A large 3D virtual environment will increase the time required by the user to perform a 3D password. Moreover, a large 3D virtual environment can contain a large number of virtual objects. Therefore, the probable 3D password space broadens. However, a small 3D virtual environment usually contains only a few objects, and thus, performing a 3D password will take less time. 4.2.4 NUMBER OF OBJECTS AND THEIR TYPES Part of designing a 3D virtual environment is determining the types of objects and how many objects should be placed in the environment. The types of objects reflect what kind of responses the object will have. For simplicity, we can consider requesting a textual password or a fingerprint as an object response type. Selecting the right object response types and the number of objects affects the probable password space of a 3D password.
7 4.2.5 SYSTEM IMPORTANCE The 3D virtual environment should consider what systems will be protected by a 3D password. The number of objects and the types of objects that have been used in the 3D virtual environment should reflect the importance of the protected system. Fig. 4.1 State diagram of 3D password application
8 5. SECURITY ANALYSIS To analyse and study how secure a system is, we have to consider how hard it is for the attacker to break such a system. A possible measurement is based on the information content of a password space, which is defined as “the entropy of the probability distribution over that space given by the relative frequencies of the passwords that users actually choose.” As a result, it is important to have a scheme that has a very large possible password space as one factor for increasing the work required by the attacker to break the authentication system. Another factor is to find a scheme that has no previous or existing knowledge of the most probable user password selection, which can also resist the attack on such an authentication scheme. Fig. 5.1 Password space of the 3D password, textual password, passfaces, and DAS 5.1 3D PASSWORD SPACE SIZE One important factor to determine how difficult it is to launch an attack on an authentication system is the size of the password space. To determine the 3D password space, we have to count all possible 3D passwords that have a certain number of actions, interactions, and inputs toward all objects that exist in the 3D virtual environment. We assume that the length of the 3D password is Lmax, and the probability of the 3D password of size greater than Lmax is zero.
9 To measure the 3D password space, we will calculate Π (Lmax, G) on a 3D virtual environment that has the space (G x G x G) for a 3D password of a length (number of actions, interactions, and inputs) of Lmax or less. In the following expression (1), AC represents the possible actions towards 3D virtual environment whereas Π represents total numbers of possible 3D passwords of length Lmax or less: In the following expression (2), Omax is the number of objects in the 3D virtual environment: Where xi = xj, yi = yj, and zi = zj, only if i = j. The design of the 3D environment will determine the value of Omax. The variable m represents all possible actions and interactions toward all existing objects Oi. However, g(AC) counts the total number of actions and inputs toward the 3D virtual environment, whereas m, as we mentioned before, counts the actions and interactions toward the objects. An example of g(AC) can be a user movement pattern, which can be considered as a part of the user’s 3D password. The function is the number of possible actions and interactions toward the object Oi based on the object type Ti. Object types can be textual password objects, DAS objects, or any authentication scheme. The function f is determined from the object type. It counts the possible actions and interactions that the object can accept. If we assume that an object “Keyboard” is in location (x0, y0, z0) of type = textual password, f will count the possible characters and numbers that can be typed, which is around 93 possibilities. As we mentioned before, an object type is one of the important factors that affects the overall password space.
10 Therefore, higher outcomes of function f mean larger 3D password space size. Fig 5.2 Number of possible actions/interactions of a 3D password within a 3D environment The above figure shows the points where the 3D password exceeds two important textual password points. Point “a” shows that by having only two actions and interactions as a 3D password, the 3D password exceeds the number of textual passwords used by Klein [2] to break 25% of textual passwords of eight characters. Point “b” represents the full textual password space of eight characters or less. It shows that by performing only four interactions, actions, and inputs as a 3D password, the 3D password space exceeds the full textual passwords of eight characters or less. From the previous equations, we observe that the number of objects and the type of actions and interactions determines the probable password space. Therefore, the design of the 3D virtual environment is a very critical part of the 3D password system. Figs. 4 and 5 illustrate the resulting password space of the proposed 3D password compared to textual password, Passfaces, and DAS of a grid of 5 x 5 and 10 x 10, respectively. Notice the difference between a 3D passwords built on a simple 3D virtual environment compared to the other authentication schemes.
11 5.2 3D PASSWORD DISTRIBUTION KNOWLEDGE Users tend to use meaningful words for textual passwords. Therefore finding these different words from dictionary is a relatively simple task which yields a high success rate for breaking textual passwords. Passfaces users tend to choose faces that reflect their own taste on facial attractiveness, race, and gender. Every user has different requirements and preferences when selecting the appropriate 3D Password. This will increase the effort to find a pattern of user’s highly selected 3D password. In addition, since the 3D password combines several authentication schemes into a single authentication environment, the attacker has to study every single authentication scheme and has to discover what the most probable selected secrets are. Since every 3D password system can be designed according to the protected system requirements, the attacker has to separately study every 3D password system. Therefore, more effort is required to build the knowledge of most probable 3D passwords. Studying the user’s behavior of password selection and knowing the most probable textual passwords are the key behind dictionary attacks. Klein used such knowledge to collect a small set of 3 x 106 words that have a high probability of usage among users. The question is how has such information (highly probable passwords) been found and why. Users tend to choose words that have meaning as places, names, famous people’s names, sports terms, and biological terminologies. Therefore, finding these different words from the dictionary is a relatively simple task. Using such knowledge yields a high success rate for breaking textual passwords. Any authentication scheme is affected by the knowledge distribution of the user’s secrets Passfaces. Users tend to choose faces that reflect their own taste on facial attractiveness, race, and gender. Moreover, 10% of male passwords have been guessed in only two guesses. Another study about user selection of DAS concluded that for their secret passwords, users tend to draw things that have Meaning, which simplifies the attacker’s task. Currently, knowledge about user behaviors on selecting their 3D password does not exist. Every user has different requirements and preferences when selecting the appropriate 3D password. This fact will increase the effort required to find a pattern of user’s highly selected 3D password. In addition, since the 3D password combines several authentication schemes into a single authentication environment, the attacker has to study every single authentication scheme and has to discover what the most probable selected secrets are.
12 For textual password, the highly probable selected textual password might be determined by the use of dictionaries. Since every 3D password system can be designed according to the protected system requirements, the attacker has to separately study every 3D password system. This is because objects that exist in one 3D password system might not exist on other 3D password systems. Therefore, more effort is required to build the knowledge of most probable 3D passwords. 5.3 ATTACKS AND COUNTERMEASURES To realize and understand how far an authentication scheme is secure, we have to consider all possible attack methods. We have to study whether the authentication scheme proposed is immune against such attacks or not. Moreover, if the proposed authentication scheme is not immune, we then have to find the countermeasures that prevent such attacks. In this section, we try to cover most possible attacks and whether the attack is valid or not. Moreover, we try to propose countermeasures for such attacks. 5.3.1 BRUTE FORCE ATTACK The attacker has to try all possible 3D passwords. This kind of attack is very difficult for the following reasons: 1. Time required to login needed for a legitimate user to login may vary depending on the number of interactions and actions, the size of the 3D virtual environment, and the type of actions and interactions. Therefore, a brute force attack on a 3D password is very difficult and time consuming. 2. The 3D virtual environment contains biometric recognition objects and token based objects. The attacker has to forge all possible biometric information and forge all the required tokens. The cost of forging such information is very high, therefore cracking the 3D password is more challenging. 5.3.2 WELL – STUDIED ATTACK The attacker tries to find the highest probable distribution of 3D passwords. In order to launch such an attack, the attacker has to acquire knowledge of the most probable 3D password distributions. This is very difficult because the attacker has to study all the existing authentication schemes that are used in the 3D environment. This environment has a number of objects and types of object responses that differ from any other 3D virtual environment. Therefore, a carefully customized study is required to initialize an effective attack.
13 5.3.3 SHOULDER SURFING ATTACK An attacker uses a camera to record the user’s 3D password or tries to watch the legitimate user while the 3D password is being performed. This attack is the most successful type of attack against 3D passwords and some other graphical passwords. However, the user’s 3D password may contain biometric data or textual passwords that cannot be seen from behind. Therefore, we assume that the 3D password should be performed in a secure place where a shoulder surfing attack cannot be performed. 5.3.4 TIMING ATTACK In this attack, the attacker observes how long it takes the legitimate user to perform a correct sign in using the 3D password. This observation gives the attacker an indication of the legitimate user’s 3D password length. However, this kind of attack alone cannot be very successful since it gives the attacker mere hints. Therefore, it would probably be launched as part of a well studied or brute force attack. 5.4 MATHEMATICAL CONCEPTS 5.4.1 TIME COMPLEXITY For calculating the time complexity of 3D password scheme let‘s assume A be the virtual 3D environment plotting and B is algorithmic processing. From this data available we have come to time complexity of system. Time Complexity = A m + B n Where m is time required to communicate with system and n is time required to process each algorithm in 3D environment. 5.4.2 SPACE COMPLEXITY This system include 3D virtual environment, so that each point in this environment will having 3 co-ordinate values. Any point from 3D virtual environment is represented in the form of (X, Y, Z) where X, Y & Z are the coordinate values stored for particular point. We are storing three co-ordinate values of each point such as (x1, y1, z1). Therefore the space complexity is n3.
14 6. EXPERIMENTAL RESULTS We have built an experimental 3D virtual environment that contains several objects of two types. The first type of response is textual password. The second type of response is requesting graphical passwords. Almost 30 users volunteered to experiment with the environment. We asked the users to create their 3D password and to sign in using 3D password several times over several days. In our experiment, we have used Java Open GL to build the 3D virtual environment and we have used a 1.80-GHz Pentium M Centrino machine with 512-MB random access memory and ATI Mobility Radeon 9600 video card. The design of the experimental 3D virtual environment represents an art gallery that the user can walk through and is depicted below. Table 6.1 Resulting number of possible 3D passwords of total length Lmax
15 We conducted a user study on 3D passwords using the experimental 3D virtual environments. The study reviewed the usage of textual passwords and other authentication schemes. The study covered almost 30 users. The users varied in age, sex, and education level. Even though it is a small set of users, the study produced some distinct results. We observed the following regarding textual passwords, 3D passwords, and other authentication schemes. 1. Most users who use textual passwords of 9–12 character lengths or who use random characters as a password have only one to three unique passwords. 2. More than 50% of user’s textual passwords are eight characters or less. 3. Almost 25% of users use meaningful words as their textual passwords. 4. Almost 75% of users use meaningful words or partially meaningful words as their textual passwords. In contrast, only 25% of users use random characters and letters as textual passwords. 5. Over 40% of users have only one to three unique textual passwords, and over 90% of users have eight unique textual passwords or less. 6. Over 90% of users do not change their textual passwords unless they are required to by the system. 7. Over 95% of users under study have never used any graphical password scheme as a means of authentication. 8. Most users feel that 3D passwords have a high acceptability. 9. Most users believe that there is no threat to personal privacy by using a 3D password as an authentication scheme.
16 7. APPLICATIONS The 3D password can have a password space that is very large compared to other authentication schemes, so the 3D password’s main application domains are protecting critical systems and resources. Possible critical applications include the following. 1. Critical server: Many large organizations have critical servers that are usually protected by a textual password. A 3D password authentication proposes a sound replacement for a textual password. 2. Nuclear and military facilities: Such facilities should be protected by the most powerful authentication systems. The 3D password has a very large probable password space, and since it can contain token, biometrics, recognition and knowledge based authentications in a single authentication system, it is a sound choice for high level security locations. 3. Airplanes and jet fighters: Because of the possible threat of misusing airplanes and jet fighters for religion, political agendas, usage of such airplanes should be protected by a powerful authentication system. In addition, 3D passwords can be used in less critical systems because the 3D virtual environment can be designed to fit to any system needs. 4. A small virtual environment can be used in the following systems like: a) ATM b) Personal Digital Assistance c) Desktop Computers and Laptop Logins d) Web Authentication e) Security Analysis
17 8. ADVANTAGE AND DISADVANTAGE 8.1 ADVANTAGE 1. It provides user options to choose the type of authentication of his/her own choice.  There are number of options available for users to choose sequence of own choice.  In 3D password user can build a sequence which is easier for him to remember. 2. It eliminates a brute force attack.  All data and critical information like passwords are stored in encrypted manner so it’s difficult for brute force attack to crack it.  In 3D password combination of recognition and recall base are using so it is difficult. 3. Provides high level security to the system which contains more important data.  Its provide hide securities to data using multi factors and multiple technique to protect data. 4. Secure against a software like key logger.  Software like key logger installed in a system it’s difficult to secure your data these types software’s are stored all text which are pass through the keyboard. In 3D password graphical password is also use for authentication. 8.2 DISADVANTAGE 1. Shoulder attack. Attackers observe the user from back shoulder than easily break their authentication. 2. More time and memory. To use 3D password its require more time and memory chunk because 3D password need more space to store in database. 3. It’s expensive. 3D Password is more expensive compare to other authentication technique. 4. Complexity. 3D password is more complexity in coding.
18 9. CONCLUSION AND FUTURE SCOPE The choice of what authentication schemes will be part of the user’s 3D password reflects the user’s preferences and requirements. A user who prefers to remember and recall a password might choose textual and graphical passwords as part of their 3D password. On the other hand, users who have more difficulty with memory or recall might prefer to choose smart cards or biometrics as part of their 3D password. Moreover, users who prefer to keep any kind of biometrical data private might not interact with objects that require biometric information. Therefore, it is the user’s choice and decision to construct the desired and preferred 3D password. The 3D password is still in its early stages. Designing various kinds of 3D virtual environments, deciding on password spaces, and interpreting user feedback and experiences from such environments will result in enhancing and improving the user experience of the 3D password. Gathering attackers from different background and attack made by them and how to overcome them is main future work. Shoulder surfing attacks are still possible so how to overcome that is a field of research and development. Inclusion of biometrics leads to in-creasing cost and hardware in scheme, to reduce this is still field of research. So that 3D password can be used in many application areas as discussed earlier and also many more area other than those. Thus this paper tells about our study about 3D password, still it is in early stage. Future work is needed in 3D password scheme to develop this scheme up to more secure level. Implementing 3D password for mobile handset is the another important future work.
19 REFERENCE 1. http://www.seminartopics.in/computer%20seminar%20topics/3D-password.php 2. https://www.slideshare.net/manisha0902/3d-password-ppt-43870131 3. https://www.youtube.com/watch?v=7sP7TawXAUg 4. http://research.ijcaonline.org/icacact/number1/icacact1002.pdf 5. http://www.ijesit.com/Volume%202/Issue%202/IJESIT201302_16.pdf 6. http://research.ijcaonline.org/volume120/number7/pxc3904024.pdf

Recommended

3D-Password: A More Secure Authentication
3D-Password: A More Secure Authentication3D-Password: A More Secure Authentication
3D-Password: A More Secure AuthenticationMahesh Gadhwal
 
3D Password and its importance
3D Password and its importance3D Password and its importance
3D Password and its importanceshubhangi singh
 
3D PASSWORD
3D PASSWORD3D PASSWORD
3D PASSWORDJYoTHiSH o.s
 
3D PASSWORD
3D PASSWORD3D PASSWORD
3D PASSWORDAkhi Balakrishnan
 
3D Password PPT
3D Password PPT3D Password PPT
3D Password PPTSeminar Links
 
3d password ppt
3d password ppt3d password ppt
3d password pptmanisha0902
 
3D PASSWORD SEMINAR
3D PASSWORD SEMINAR3D PASSWORD SEMINAR
3D PASSWORD SEMINARKarishma Khan
 
3d password ppt
3d password ppt3d password ppt
3d password pptGowsalyasri
 

Recommended

3D-Password: A More Secure Authentication
3D-Password: A More Secure Authentication3D-Password: A More Secure Authentication
3D-Password: A More Secure AuthenticationMahesh Gadhwal
 
3D Password and its importance
3D Password and its importance3D Password and its importance
3D Password and its importanceshubhangi singh
 
3D PASSWORD
3D PASSWORD3D PASSWORD
3D PASSWORDJYoTHiSH o.s
 
3D PASSWORD
3D PASSWORD3D PASSWORD
3D PASSWORDAkhi Balakrishnan
 
3D Password PPT
3D Password PPT3D Password PPT
3D Password PPTSeminar Links
 
3d password ppt
3d password ppt3d password ppt
3d password pptmanisha0902
 
3D PASSWORD SEMINAR
3D PASSWORD SEMINAR3D PASSWORD SEMINAR
3D PASSWORD SEMINARKarishma Khan
 
3d password ppt
3d password ppt3d password ppt
3d password pptGowsalyasri
 
3D-Password
3D-Password 3D-Password
3D-Password Devyani Vaidya
 
3D Password
3D Password3D Password
3D PasswordZishan Mohsin
 
3D PASSWORD
3D PASSWORD3D PASSWORD
3D PASSWORDramyasaikondapi
 
3d password 23 mar 14
3d password 23 mar 143d password 23 mar 14
3d password 23 mar 14Saddam Ahmed
 
3D Password Presentation
3D Password Presentation3D Password Presentation
3D Password PresentationSambit Mishra
 
3D Password
3D Password3D Password
3D PasswordShubham Rungta
 
3d passwords
3d passwords3d passwords
3d passwordsshwetaag
 
3D Password
3D Password3D Password
3D PasswordAnkit Nagar
 
Computer science seminar topics
Computer science seminar topicsComputer science seminar topics
Computer science seminar topics123seminarsonly
 
3d password - Report
3d password - Report 3d password - Report
3d password - Report Sunanda Bansal
 
3D Password
3D Password3D Password
3D PasswordDevyani Vaidya
 
SRAVYA
SRAVYASRAVYA
SRAVYApvpsit
 
3d password
3d password3d password
3d passwordshivi123456
 
3d password by suresh
3d password by suresh3d password by suresh
3d password by sureshsuresh5c2
 
3 d password
3 d password3 d password
3 d passwordyogendra mahate
 
3D password
3D password3D password
3D passwordanuradha srivastava
 
Jini technology ppt
Jini technology pptJini technology ppt
Jini technology pptOECLIB Odisha Electronics Control Library
 
Java Ring
Java RingJava Ring
Java RingAbhishek Abhi
 
3 d password
3 d password3 d password
3 d passwordASHOK KUMAR PALAKI
 
bluejacking.ppt
bluejacking.pptbluejacking.ppt
bluejacking.pptAeman Khan
 
3dpassword.doc
3dpassword.doc3dpassword.doc
3dpassword.docAjay Kumar
 
3d
3d3d
3dDivyaprathapraju Divyaprathapraju
 

More Related Content

What's hot

3d password 23 mar 14
3d password 23 mar 143d password 23 mar 14
3d password 23 mar 14Saddam Ahmed
 
3D Password Presentation
3D Password Presentation3D Password Presentation
3D Password PresentationSambit Mishra
 
3d passwords
3d passwords3d passwords
3d passwordsshwetaag
 
Computer science seminar topics
Computer science seminar topicsComputer science seminar topics
Computer science seminar topics123seminarsonly
 
SRAVYA
SRAVYASRAVYA
SRAVYApvpsit
 
3d password by suresh
3d password by suresh3d password by suresh
3d password by sureshsuresh5c2
 
bluejacking.ppt
bluejacking.pptbluejacking.ppt
bluejacking.pptAeman Khan
 

What's hot (20)

3D-Password
3D-Password 3D-Password
3D-Password
 
3D Password
3D Password3D Password
3D Password
 
3D PASSWORD
3D PASSWORD3D PASSWORD
3D PASSWORD
 
3d password 23 mar 14
3d password 23 mar 143d password 23 mar 14
3d password 23 mar 14
 
3D Password Presentation
3D Password Presentation3D Password Presentation
3D Password Presentation
 
3D Password
3D Password3D Password
3D Password
 
3d passwords
3d passwords3d passwords
3d passwords
 
3D Password
3D Password3D Password
3D Password
 
Computer science seminar topics
Computer science seminar topicsComputer science seminar topics
Computer science seminar topics
 
3d password - Report
3d password - Report 3d password - Report
3d password - Report
 
3D Password
3D Password3D Password
3D Password
 
SRAVYA
SRAVYASRAVYA
SRAVYA
 
3d password
3d password3d password
3d password
 
3d password by suresh
3d password by suresh3d password by suresh
3d password by suresh
 
3 d password
3 d password3 d password
3 d password
 
3D password
3D password3D password
3D password
 
Jini technology ppt
Jini technology pptJini technology ppt
Jini technology ppt
 
Java Ring
Java RingJava Ring
Java Ring
 
3 d password
3 d password3 d password
3 d password
 
bluejacking.ppt
bluejacking.pptbluejacking.ppt
bluejacking.ppt
 

Similar to Authentication Techniques and 3D Passwords

3dpassword.doc
3dpassword.doc3dpassword.doc
3dpassword.docAjay Kumar
 
3D Password by Kuldeep Dhakad
3D Password by Kuldeep Dhakad3D Password by Kuldeep Dhakad
3D Password by Kuldeep Dhakadkuldeepdhakad
 
3d pass words
3d pass words3d pass words
3d pass wordsmkanth
 
A Novel Revolutionary highly secured Object authentication schema
A Novel Revolutionary highly secured Object authentication schemaA Novel Revolutionary highly secured Object authentication schema
A Novel Revolutionary highly secured Object authentication schemaIOSR Journals
 
3dpassword by janapriya
3dpassword by janapriya3dpassword by janapriya
3dpassword by janapriyajanapriyanaidu
 
3d pswdbysuresh-120112091037-phpapp02
3d pswdbysuresh-120112091037-phpapp023d pswdbysuresh-120112091037-phpapp02
3d pswdbysuresh-120112091037-phpapp02bujjiflute
 
3D Password M Sc BHU Sem 1
3D Password M Sc BHU Sem 13D Password M Sc BHU Sem 1
3D Password M Sc BHU Sem 1Swagato Dey
 
3d authentication system
3d authentication system3d authentication system
3d authentication systemRicha Agarwal
 
Ppt on 3d password (2)
Ppt on 3d password (2)Ppt on 3d password (2)
Ppt on 3d password (2)ASIM MIRZA
 
New era of authentication
New era of authenticationNew era of authentication
New era of authenticationsunil kumar
 

Similar to Authentication Techniques and 3D Passwords (20)

3dpassword.doc
3dpassword.doc3dpassword.doc
3dpassword.doc
 
3d
3d3d
3d
 
3D Password by Kuldeep Dhakad
3D Password by Kuldeep Dhakad3D Password by Kuldeep Dhakad
3D Password by Kuldeep Dhakad
 
3d pass words
3d pass words3d pass words
3d pass words
 
3dpassword
3dpassword3dpassword
3dpassword
 
A Novel Revolutionary highly secured Object authentication schema
A Novel Revolutionary highly secured Object authentication schemaA Novel Revolutionary highly secured Object authentication schema
A Novel Revolutionary highly secured Object authentication schema
 
Vivek
VivekVivek
Vivek
 
C0361419
C0361419C0361419
C0361419
 
Deepak 3 dpassword (2)
Deepak 3 dpassword (2)Deepak 3 dpassword (2)
Deepak 3 dpassword (2)
 
3dpassword by janapriya
3dpassword by janapriya3dpassword by janapriya
3dpassword by janapriya
 
Graphical authintication
Graphical authinticationGraphical authintication
Graphical authintication
 
3D Passwrd
3D Passwrd3D Passwrd
3D Passwrd
 
3d passwords
3d passwords 3d passwords
3d passwords
 
3d pswdbysuresh-120112091037-phpapp02
3d pswdbysuresh-120112091037-phpapp023d pswdbysuresh-120112091037-phpapp02
3d pswdbysuresh-120112091037-phpapp02
 
3d authentication
3d authentication3d authentication
3d authentication
 
3D Password M Sc BHU Sem 1
3D Password M Sc BHU Sem 13D Password M Sc BHU Sem 1
3D Password M Sc BHU Sem 1
 
3D - password
3D - password3D - password
3D - password
 
3d authentication system
3d authentication system3d authentication system
3d authentication system
 
Ppt on 3d password (2)
Ppt on 3d password (2)Ppt on 3d password (2)
Ppt on 3d password (2)
 
New era of authentication
New era of authenticationNew era of authentication
New era of authentication
 

Recently uploaded

CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfme23b1001
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Satyam Kumar
 
Effects of rheological properties on mixing
Effects of rheological properties on mixingEffects of rheological properties on mixing
Effects of rheological properties on mixingviprabot1
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...Chandu841456
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 
DATA ANALYTICS PPT definition usage example
DATA ANALYTICS PPT definition usage exampleDATA ANALYTICS PPT definition usage example
DATA ANALYTICS PPT definition usage examplePragyanshuParadkar1
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEroselinkalist12
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHC Sai Kiran
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girlsssuser7cb4ff
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 

Recently uploaded (20)

CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdf
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .
 
Effects of rheological properties on mixing
Effects of rheological properties on mixingEffects of rheological properties on mixing
Effects of rheological properties on mixing
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 
DATA ANALYTICS PPT definition usage example
DATA ANALYTICS PPT definition usage exampleDATA ANALYTICS PPT definition usage example
DATA ANALYTICS PPT definition usage example
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECH
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
 
POWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examplesPOWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examples
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 

Authentication Techniques and 3D Passwords

  • 1. 1 1. INTRODUCTION 1.1 AUTHENTICATION Authentication is a process of validating who are you to whom you claimed to be or a process of identifying an individual, usu33ally based on a username and password. To protect any system authentication must be provided, so that only authorized persons can have right to use or handle that system & data related to that system securely. There are many authentication algorithms are available some are effective & secure but having some drawback. Previously there are many authentication techniques were introduced such as graphical password, text password, Biometric authentication, etc. Generally there are three types of authentication techniques are available such as: Fig. 1.1 Classification of existing authentication systems Human Authentication Techniques Knowledge based - What you KNOW Textual Password Graphical Password Token based - What you HAVE ATM cards Keys ID keys Biometrics - What you ARE Finger prints, palm prints Hand geometry Iris, face, voice recognition
  • 2. 2 1.2 DRAWBACKS IN EXISTING AUTHENTICATION SYSTEMS 1.2.1 TEXTUAL PASSWORDS Recall-based techniques require the user to repeat or reproduce a secret that the user created before. Recognition based techniques require the user to identify and recognize the secret, or part of it, that the user selected before. One of the most common recall-based authentication schemes used in the computer world is textual passwords. One major drawback of the textual password is its two conflicting requirements: the selection of passwords that are easy to remember and, at the same time, are hard to guess. 1.2.2 GRAPHICAL PASSWORDS Graphical passwords are based on the idea that users can recall and recognize pictures better than words. However, some of the graphical password schemes require a long time to be performed. Moreover, most of the graphical passwords can be easily observed or recorded while the legitimate user is performing the graphical password; thus, it is vulnerable to shoulder surfing attacks. Currently, most graphical passwords are still in their research phase and require more enhancements and usability studies to deploy them in the market. 1.2.3 BIOMETRICS Many biometric schemes have been proposed; fingerprints, palmprints, hand geometry, face recognition, voice recognition, iris recognition, and retina recognition are all different biometric schemes. Each biometric recognition scheme has its advantages and disadvantages based on several factors such as consistency, uniqueness, and acceptability. One of the main drawbacks of applying biometrics is its intrusiveness upon a user’s personal characteristic. Moreover, retina biometrical recognition schemes require the user to willingly subject their eyes to a low-intensity infrared light. In addition, most biometric systems require a special scanning device to authenticate users, which is not applicable for remote and Internet users.
  • 3. 3 2. WHAT IS 3D PASSWORD The 3D password is a multifactor authentication scheme. It can combine all existing authentication schemes into a single 3D virtual environment. This 3D virtual environment contains several objects or items with which the user can interact. The type of interaction varies from one item to another. The 3D password is constructed by observing the actions and interactions of the user and by observing the sequences of such actions. It is the user’s choice to select which type of authentication techniques will be part of their 3D password. In 3D password, the user has to first authenticate with simple textual password (i.e. user need to provide user name and password). Once authentication successful then user moves in 3D virtual environment, then user automatically enter into an art gallery, where he/she has to select multiple point in that gallery or he can do some action in that environment like switching button on/off or perform action associated with any object like opening door, etc. The sequence in which user has clicked that sequence of points are stored in text file in the encrypted form. In this way the password is set for that particular user. Next time when user wants to access his account then he has to select all the objects which he has selected at the time of creating password with proper sequence. This sequence is then compared with coordinates which are stored in file. If authentication successful thereafter access is given to authorized user. This is achieved through interacting only with the objects that acquire information that the user is comfortable in providing and ignoring the objects that request information that the user prefers not to provide. Moreover, giving the user the freedom of choice as to what type of authentication schemes will be part of their 3D password and given the large number of objects and items in the environment, the number of possible 3D passwords will increase. Thus, it becomes much more difficult for the attacker to guess the user’s 3D password. The following necessities are satisfied in proposed scheme: 1. The new scheme provide secrets that are easy to remember and very difficult for intruders to guess. 2. The new scheme should be difficult to share with others. 3. The new scheme provides secrets that can be easily revoked or changed.
  • 4. 4 3. SYSTEM IMPLEMENTATION The system implementation can be done by designing a 3D virtual environment that contains objects that request information to be recalled, information to be recognized, tokens to be presented, and biometric data to be verified. For example, the user can enter the virtual environment and type something on a computer that exists in (x1, y1, z1) position, then enter a room that has a fingerprint recognition device that exists in a position (x2, y2, z2) and provide his/her fingerprint. Then, the user can go to the virtual garage, open the car door, and turn on the radio to a specific channel. The combination and the sequence of the previous actions toward the specific objects construct the user’s 3D password. Virtual objects can be any object that we encounter in real life. Any obvious actions and interactions toward the real life objects can be done in the virtual 3D environment toward the virtual objects. Moreover, any user input (such as speaking in a specific location) in the virtual 3D environment can be considered as a part of the 3D password. We can have the following objects: 1. A computer with which the user can type. 2. A fingerprint reader that requires the user’s fingerprint. 3. An ATM machine that requires a smart card and PIN. 4. A light that can be switched on/off. 5. A car that can be driven. Fig. 3.1 3D password selection and inputs
  • 5. 5 4. HOW THE TECHNOLOGY WORKS 4.1 WORKING OF 3D PASSWORD Consider a three dimensional virtual environment space that is of the size G×G×G. Each point in the three dimensional environment space represented by the coordinates (x, y, z) ∈ [1..G] × [1..G] × [1..G]. The objects are distributed in the three-dimensional virtual environment. Every object has its own (x, y, z) coordinates. Assume the user can navigate and walk through the three-dimensional virtual environment and can see the objects and interact with the objects. The input device for interactions with objects can be a mouse, a keyboard, stylus, a card reader, a microphone…etc. For example, consider a user who navigates through the 3D virtual environment that consists of a ground and a classroom. Let us assume that the user is in the virtual ground and the user turns around to the door located in (9, 16, 80) and opens it. The user types "ANGEL" into a computer that exists in the position of (10, 5, 25). The user then walks over and turns off the light located in (15, 6, 20), and then the user closes the door. The user then presses the login button. The initial representation of user actions in the 3D virtual environment can be recorded as follows: (9, 16, 80) Action = Open the office door; (10, 5, 25) Action = Typing, “A”; (10, 5, 25) Action = Typing, “N”; (10, 5, 25) Action = Typing, “G”; (10, 5, 25) Action = Typing, “E”; (10, 5, 25) Action = Typing, “L”; (15, 6, 20) Action = Turning the Light Off; (9, 16, 80) Action = Close the office door; 4.2 3D VIRTUAL ENVIRONMENT DESIGN GUIDELINES The design of the 3 D virtual environments affects the usability, effectiveness, acceptability of 3D password. The first step in building a 3D password system is to design a 3D environment that reflects the administration needs and the security requirements. The design of 3D virtual environments should follow these guidelines.
  • 6. 6 4.2.1 REAL LIFE SIMILARITY The prospective 3D virtual environment should reflect what people are used to seeing in real life. Objects used in virtual environments should be relatively similar in size to real objects (sized to scale). Possible actions and interactions toward virtual objects should reflect real life situations. Object responses should be realistic. The target should have a 3D virtual environment that users can interact. 4.2.2 OBJECT UNIQUENESS AND DISTINCTION Every virtual object or item in the 3D virtual environment is different from any other virtual object. The uniqueness comes from the fact that every virtual object has its own attributes such as position. Thus, the prospective interaction with object 1 is not equal to the interaction with object 2. However, having similar objects such as 20 computers in one place might confuse the user. Therefore, the design of the 3D virtual environment should consider that every object should be distinguishable from other objects. Similarly, in designing a 3D virtual environment, it should be easy for users to navigate through and to distinguish between objects. The distinguishing factor increases the user’s recognition of objects. Therefore, it improves the system usability. 4.2.3 THREE DIMENSIONAL VIRTUAL ENVIRONMENT SIZE A 3D virtual environment can depict a city or even the world. On the other hand, it can depict a space as focused as a single room or office. A large 3D virtual environment will increase the time required by the user to perform a 3D password. Moreover, a large 3D virtual environment can contain a large number of virtual objects. Therefore, the probable 3D password space broadens. However, a small 3D virtual environment usually contains only a few objects, and thus, performing a 3D password will take less time. 4.2.4 NUMBER OF OBJECTS AND THEIR TYPES Part of designing a 3D virtual environment is determining the types of objects and how many objects should be placed in the environment. The types of objects reflect what kind of responses the object will have. For simplicity, we can consider requesting a textual password or a fingerprint as an object response type. Selecting the right object response types and the number of objects affects the probable password space of a 3D password.
  • 7. 7 4.2.5 SYSTEM IMPORTANCE The 3D virtual environment should consider what systems will be protected by a 3D password. The number of objects and the types of objects that have been used in the 3D virtual environment should reflect the importance of the protected system. Fig. 4.1 State diagram of 3D password application
  • 8. 8 5. SECURITY ANALYSIS To analyse and study how secure a system is, we have to consider how hard it is for the attacker to break such a system. A possible measurement is based on the information content of a password space, which is defined as “the entropy of the probability distribution over that space given by the relative frequencies of the passwords that users actually choose.” As a result, it is important to have a scheme that has a very large possible password space as one factor for increasing the work required by the attacker to break the authentication system. Another factor is to find a scheme that has no previous or existing knowledge of the most probable user password selection, which can also resist the attack on such an authentication scheme. Fig. 5.1 Password space of the 3D password, textual password, passfaces, and DAS 5.1 3D PASSWORD SPACE SIZE One important factor to determine how difficult it is to launch an attack on an authentication system is the size of the password space. To determine the 3D password space, we have to count all possible 3D passwords that have a certain number of actions, interactions, and inputs toward all objects that exist in the 3D virtual environment. We assume that the length of the 3D password is Lmax, and the probability of the 3D password of size greater than Lmax is zero.
  • 9. 9 To measure the 3D password space, we will calculate Π (Lmax, G) on a 3D virtual environment that has the space (G x G x G) for a 3D password of a length (number of actions, interactions, and inputs) of Lmax or less. In the following expression (1), AC represents the possible actions towards 3D virtual environment whereas Π represents total numbers of possible 3D passwords of length Lmax or less: In the following expression (2), Omax is the number of objects in the 3D virtual environment: Where xi = xj, yi = yj, and zi = zj, only if i = j. The design of the 3D environment will determine the value of Omax. The variable m represents all possible actions and interactions toward all existing objects Oi. However, g(AC) counts the total number of actions and inputs toward the 3D virtual environment, whereas m, as we mentioned before, counts the actions and interactions toward the objects. An example of g(AC) can be a user movement pattern, which can be considered as a part of the user’s 3D password. The function is the number of possible actions and interactions toward the object Oi based on the object type Ti. Object types can be textual password objects, DAS objects, or any authentication scheme. The function f is determined from the object type. It counts the possible actions and interactions that the object can accept. If we assume that an object “Keyboard” is in location (x0, y0, z0) of type = textual password, f will count the possible characters and numbers that can be typed, which is around 93 possibilities. As we mentioned before, an object type is one of the important factors that affects the overall password space.
  • 10. 10 Therefore, higher outcomes of function f mean larger 3D password space size. Fig 5.2 Number of possible actions/interactions of a 3D password within a 3D environment The above figure shows the points where the 3D password exceeds two important textual password points. Point “a” shows that by having only two actions and interactions as a 3D password, the 3D password exceeds the number of textual passwords used by Klein [2] to break 25% of textual passwords of eight characters. Point “b” represents the full textual password space of eight characters or less. It shows that by performing only four interactions, actions, and inputs as a 3D password, the 3D password space exceeds the full textual passwords of eight characters or less. From the previous equations, we observe that the number of objects and the type of actions and interactions determines the probable password space. Therefore, the design of the 3D virtual environment is a very critical part of the 3D password system. Figs. 4 and 5 illustrate the resulting password space of the proposed 3D password compared to textual password, Passfaces, and DAS of a grid of 5 x 5 and 10 x 10, respectively. Notice the difference between a 3D passwords built on a simple 3D virtual environment compared to the other authentication schemes.
  • 11. 11 5.2 3D PASSWORD DISTRIBUTION KNOWLEDGE Users tend to use meaningful words for textual passwords. Therefore finding these different words from dictionary is a relatively simple task which yields a high success rate for breaking textual passwords. Passfaces users tend to choose faces that reflect their own taste on facial attractiveness, race, and gender. Every user has different requirements and preferences when selecting the appropriate 3D Password. This will increase the effort to find a pattern of user’s highly selected 3D password. In addition, since the 3D password combines several authentication schemes into a single authentication environment, the attacker has to study every single authentication scheme and has to discover what the most probable selected secrets are. Since every 3D password system can be designed according to the protected system requirements, the attacker has to separately study every 3D password system. Therefore, more effort is required to build the knowledge of most probable 3D passwords. Studying the user’s behavior of password selection and knowing the most probable textual passwords are the key behind dictionary attacks. Klein used such knowledge to collect a small set of 3 x 106 words that have a high probability of usage among users. The question is how has such information (highly probable passwords) been found and why. Users tend to choose words that have meaning as places, names, famous people’s names, sports terms, and biological terminologies. Therefore, finding these different words from the dictionary is a relatively simple task. Using such knowledge yields a high success rate for breaking textual passwords. Any authentication scheme is affected by the knowledge distribution of the user’s secrets Passfaces. Users tend to choose faces that reflect their own taste on facial attractiveness, race, and gender. Moreover, 10% of male passwords have been guessed in only two guesses. Another study about user selection of DAS concluded that for their secret passwords, users tend to draw things that have Meaning, which simplifies the attacker’s task. Currently, knowledge about user behaviors on selecting their 3D password does not exist. Every user has different requirements and preferences when selecting the appropriate 3D password. This fact will increase the effort required to find a pattern of user’s highly selected 3D password. In addition, since the 3D password combines several authentication schemes into a single authentication environment, the attacker has to study every single authentication scheme and has to discover what the most probable selected secrets are.
  • 12. 12 For textual password, the highly probable selected textual password might be determined by the use of dictionaries. Since every 3D password system can be designed according to the protected system requirements, the attacker has to separately study every 3D password system. This is because objects that exist in one 3D password system might not exist on other 3D password systems. Therefore, more effort is required to build the knowledge of most probable 3D passwords. 5.3 ATTACKS AND COUNTERMEASURES To realize and understand how far an authentication scheme is secure, we have to consider all possible attack methods. We have to study whether the authentication scheme proposed is immune against such attacks or not. Moreover, if the proposed authentication scheme is not immune, we then have to find the countermeasures that prevent such attacks. In this section, we try to cover most possible attacks and whether the attack is valid or not. Moreover, we try to propose countermeasures for such attacks. 5.3.1 BRUTE FORCE ATTACK The attacker has to try all possible 3D passwords. This kind of attack is very difficult for the following reasons: 1. Time required to login needed for a legitimate user to login may vary depending on the number of interactions and actions, the size of the 3D virtual environment, and the type of actions and interactions. Therefore, a brute force attack on a 3D password is very difficult and time consuming. 2. The 3D virtual environment contains biometric recognition objects and token based objects. The attacker has to forge all possible biometric information and forge all the required tokens. The cost of forging such information is very high, therefore cracking the 3D password is more challenging. 5.3.2 WELL – STUDIED ATTACK The attacker tries to find the highest probable distribution of 3D passwords. In order to launch such an attack, the attacker has to acquire knowledge of the most probable 3D password distributions. This is very difficult because the attacker has to study all the existing authentication schemes that are used in the 3D environment. This environment has a number of objects and types of object responses that differ from any other 3D virtual environment. Therefore, a carefully customized study is required to initialize an effective attack.
  • 13. 13 5.3.3 SHOULDER SURFING ATTACK An attacker uses a camera to record the user’s 3D password or tries to watch the legitimate user while the 3D password is being performed. This attack is the most successful type of attack against 3D passwords and some other graphical passwords. However, the user’s 3D password may contain biometric data or textual passwords that cannot be seen from behind. Therefore, we assume that the 3D password should be performed in a secure place where a shoulder surfing attack cannot be performed. 5.3.4 TIMING ATTACK In this attack, the attacker observes how long it takes the legitimate user to perform a correct sign in using the 3D password. This observation gives the attacker an indication of the legitimate user’s 3D password length. However, this kind of attack alone cannot be very successful since it gives the attacker mere hints. Therefore, it would probably be launched as part of a well studied or brute force attack. 5.4 MATHEMATICAL CONCEPTS 5.4.1 TIME COMPLEXITY For calculating the time complexity of 3D password scheme let‘s assume A be the virtual 3D environment plotting and B is algorithmic processing. From this data available we have come to time complexity of system. Time Complexity = A m + B n Where m is time required to communicate with system and n is time required to process each algorithm in 3D environment. 5.4.2 SPACE COMPLEXITY This system include 3D virtual environment, so that each point in this environment will having 3 co-ordinate values. Any point from 3D virtual environment is represented in the form of (X, Y, Z) where X, Y & Z are the coordinate values stored for particular point. We are storing three co-ordinate values of each point such as (x1, y1, z1). Therefore the space complexity is n3.
  • 14. 14 6. EXPERIMENTAL RESULTS We have built an experimental 3D virtual environment that contains several objects of two types. The first type of response is textual password. The second type of response is requesting graphical passwords. Almost 30 users volunteered to experiment with the environment. We asked the users to create their 3D password and to sign in using 3D password several times over several days. In our experiment, we have used Java Open GL to build the 3D virtual environment and we have used a 1.80-GHz Pentium M Centrino machine with 512-MB random access memory and ATI Mobility Radeon 9600 video card. The design of the experimental 3D virtual environment represents an art gallery that the user can walk through and is depicted below. Table 6.1 Resulting number of possible 3D passwords of total length Lmax
  • 15. 15 We conducted a user study on 3D passwords using the experimental 3D virtual environments. The study reviewed the usage of textual passwords and other authentication schemes. The study covered almost 30 users. The users varied in age, sex, and education level. Even though it is a small set of users, the study produced some distinct results. We observed the following regarding textual passwords, 3D passwords, and other authentication schemes. 1. Most users who use textual passwords of 9–12 character lengths or who use random characters as a password have only one to three unique passwords. 2. More than 50% of user’s textual passwords are eight characters or less. 3. Almost 25% of users use meaningful words as their textual passwords. 4. Almost 75% of users use meaningful words or partially meaningful words as their textual passwords. In contrast, only 25% of users use random characters and letters as textual passwords. 5. Over 40% of users have only one to three unique textual passwords, and over 90% of users have eight unique textual passwords or less. 6. Over 90% of users do not change their textual passwords unless they are required to by the system. 7. Over 95% of users under study have never used any graphical password scheme as a means of authentication. 8. Most users feel that 3D passwords have a high acceptability. 9. Most users believe that there is no threat to personal privacy by using a 3D password as an authentication scheme.
  • 16. 16 7. APPLICATIONS The 3D password can have a password space that is very large compared to other authentication schemes, so the 3D password’s main application domains are protecting critical systems and resources. Possible critical applications include the following. 1. Critical server: Many large organizations have critical servers that are usually protected by a textual password. A 3D password authentication proposes a sound replacement for a textual password. 2. Nuclear and military facilities: Such facilities should be protected by the most powerful authentication systems. The 3D password has a very large probable password space, and since it can contain token, biometrics, recognition and knowledge based authentications in a single authentication system, it is a sound choice for high level security locations. 3. Airplanes and jet fighters: Because of the possible threat of misusing airplanes and jet fighters for religion, political agendas, usage of such airplanes should be protected by a powerful authentication system. In addition, 3D passwords can be used in less critical systems because the 3D virtual environment can be designed to fit to any system needs. 4. A small virtual environment can be used in the following systems like: a) ATM b) Personal Digital Assistance c) Desktop Computers and Laptop Logins d) Web Authentication e) Security Analysis
  • 17. 17 8. ADVANTAGE AND DISADVANTAGE 8.1 ADVANTAGE 1. It provides user options to choose the type of authentication of his/her own choice.  There are number of options available for users to choose sequence of own choice.  In 3D password user can build a sequence which is easier for him to remember. 2. It eliminates a brute force attack.  All data and critical information like passwords are stored in encrypted manner so it’s difficult for brute force attack to crack it.  In 3D password combination of recognition and recall base are using so it is difficult. 3. Provides high level security to the system which contains more important data.  Its provide hide securities to data using multi factors and multiple technique to protect data. 4. Secure against a software like key logger.  Software like key logger installed in a system it’s difficult to secure your data these types software’s are stored all text which are pass through the keyboard. In 3D password graphical password is also use for authentication. 8.2 DISADVANTAGE 1. Shoulder attack. Attackers observe the user from back shoulder than easily break their authentication. 2. More time and memory. To use 3D password its require more time and memory chunk because 3D password need more space to store in database. 3. It’s expensive. 3D Password is more expensive compare to other authentication technique. 4. Complexity. 3D password is more complexity in coding.
  • 18. 18 9. CONCLUSION AND FUTURE SCOPE The choice of what authentication schemes will be part of the user’s 3D password reflects the user’s preferences and requirements. A user who prefers to remember and recall a password might choose textual and graphical passwords as part of their 3D password. On the other hand, users who have more difficulty with memory or recall might prefer to choose smart cards or biometrics as part of their 3D password. Moreover, users who prefer to keep any kind of biometrical data private might not interact with objects that require biometric information. Therefore, it is the user’s choice and decision to construct the desired and preferred 3D password. The 3D password is still in its early stages. Designing various kinds of 3D virtual environments, deciding on password spaces, and interpreting user feedback and experiences from such environments will result in enhancing and improving the user experience of the 3D password. Gathering attackers from different background and attack made by them and how to overcome them is main future work. Shoulder surfing attacks are still possible so how to overcome that is a field of research and development. Inclusion of biometrics leads to in-creasing cost and hardware in scheme, to reduce this is still field of research. So that 3D password can be used in many application areas as discussed earlier and also many more area other than those. Thus this paper tells about our study about 3D password, still it is in early stage. Future work is needed in 3D password scheme to develop this scheme up to more secure level. Implementing 3D password for mobile handset is the another important future work.
  • 19. 19 REFERENCE 1. http://www.seminartopics.in/computer%20seminar%20topics/3D-password.php 2. https://www.slideshare.net/manisha0902/3d-password-ppt-43870131 3. https://www.youtube.com/watch?v=7sP7TawXAUg 4. http://research.ijcaonline.org/icacact/number1/icacact1002.pdf 5. http://www.ijesit.com/Volume%202/Issue%202/IJESIT201302_16.pdf 6. http://research.ijcaonline.org/volume120/number7/pxc3904024.pdf