2. 1. Password
2. Passphrase
3. Authentication
4. Drawbacks of Human Authentication Techniques
5. 3D password
6. Virtual Objects
7. System Implementation
8. Mathematical Concept Related to 3D password
9. State Diagram
10. Working of 3D password
11. Programming languages
12. Attacks and Counter Measures
13. Advantages
14. Disadvantages
15. Applications
16. References
3. • A password is a word or string of characters
used for the authentication to prove identity.
• Password is basically an encryption
algorithms.
• It is 8-15 character or slightly more than that.
• Passwords are the first line of defense against
cyber criminals.
4. It is the advanced version of password.
It is a combination of words or simply
collection of password in a proper sequence.
Length of passphrase is from 30-50 words or
more than that also.
More secure than an ordinary password.
5. Authentication is a process of validating who
are you to whom you are claimed to be.
Human authentication techniques are :
1. Knowledge based (What you know)
2. Token based (What you have)
3. Biometrics (What you are)
6. (a) Pin
(b) Password
(c) Patterns
(a) Keys
(b) Passport
(c) Smart card
(d) ID proofs
(a) Face recognition
(b) Fingerprints
(c) Iris
(d) DNA
(e) Voice
(f) Hand geometry
7. (a) Easy to remember -> Easy to break
Hard to guess -> Hard to remember
(b) Vulnerable to attacks like dictionary attacks, brute force attacks etc.
(a) Duplicate keys, smart cards, ID proofs are easily available.
(a) Instructiveness to privacy.
(b) Resistance to exposure of retinas to IR rays.
(c) Hackers implement exact copy of your biometrics.
8. The 3D password is a multifactor authentication
scheme that combine KNOWLEDGE BASED + TOKEN
BASED + BIOMETRICS in one authentication system.
It presents a virtual environment containing various
virtual objects.
It is simply the combination and sequence of user
interactions that occur in the 3D environment.
The user walks through the environment and
interacts with the objects.
More customizable and very interesting way of
authentication.
9.
10. • 3D virtual environment affects the usability,
effectiveness and acceptability of a 3D
password system.
• 3D environment reflects the administration
needs and security requirements.
11. Virtual objects can be any objects we encounter in real life such as:
A computer on which user can type.
An ATM machine that requires a token (ATM card).
A fingerprint reader that requires user fingerprints.
A paper or white board on which user can write.
A light that can be switched on/off.
A television.
A radio.
A car that can be driven.
A graphical password scheme.
12. The action towards an object that exists in
location (x1,y1,z1) is different from action towards
an another object at (x2,y2,z2).
To perform the legitimate 3D password the user
must follow the same scenario performed by the
legitimate user.
This means interacting with the same objects
that reside at exact location and perform the exact
actions in the proper sequence.
13. • Let us consider a user who navigates through the 3D virtual
environment that consists of an office and a meeting room.
Let us assume that the user is in the virtual office and the
user turns around the door located in (1,2,3) and opens it.
Then, the user closes the door. The user then finds a
computer to the left, which exists in the position (4,5,6),
and the user types “ABC”. The initial representation of user
actions in the 3D virtual environment can be recorded as
follows:
(1,2,3) action = open the office door
(1,2,3) action = close the office door
(4,5,6) action = typing “A”
(4,5,6) action = typing “B”
(4,5,6) action = typing “C”
14. Typical
Textual
Password
Enter User Name
Performing
Graphical Password
Moving Inside
Virtual 3D
Environment
Performing
Biometrics
Changing
Item Status
Verifying
Typing a letter or a number Clicks
Access not
granted
Login
password
Access
granted
Specific
key
password
Click on a
graphical
password
item
Specific key pressed
Biometric item
is checked
Move object,
Turn ON/OFF
15.
16. C++
Java and Java3D
.NET languages such as C# or Visual Basics
Parrot virtual machine
OpenGL library :
(i) uses both graphics and CAD programs.
(ii) supported on Windows, Macintosh, UNIX workstations,
PCs, X-Box, Linux, etc.
GLUT :
(i) library for using C++ and OpenGL
Direct 3D :
(i) supported only on Microsoft windows platforms and X-
box.
17. 1. Brute Force Attack: A brute force attack is a trial-and-error
method used to obtain information such as a user password or
personal identification number (PIN). The attack is difficult
because:
(i) Required time to login: Time required to login may vary from
20 seconds to 2 minutes. So, is time consuming.
(ii) Cost of attack: Cost of creating 3D virtual environment is very
high.
2. Well Studied Attack:
(i) Attacker has to study whole password scheme.
(ii) Attacker has to try combination of different attacks on
scheme.
(iii) As 3D password scheme is multi-factor & multi-password
authentication scheme, attacker fail to studied whole scheme.
This attacks also not much effective against 3D password
scheme.
18. 3. Shoulder Suffering Attack:
(i) An attacker uses a camera to record the password.
(ii) 3D password contains biometric identifications, so
are difficult to break.
4. Timing Attack:
(i) The attacker observes how long it takes a
legitimate user to perform a correct sign-in using 3D
password.
(ii) Helps in determining length of password.
(iii) Effective if the 3D virtual environment is
designed correctly.
19. 5. Key logger:
(i) Attacker install as software called key logger on
system where authentication scheme is used.
(ii) Software stores text entered through
keyboard and those text are stored in text file.
(iii) More effective and useful for only textual
password. Fails in case of 3D password because it
includes biometrics which are hard to crack.
20. 1. Provides high security.
2. Flexible, as it provides multifactor authentication ,i.e., token
based, knowledge based, biometrics.
3. Provides infinite number of password possibilities.
4. Can be memorized in form of short stories.
5. Implementation of system is easy.
6. Ease to change password anytime.
7. Helps to keep lot of personal details.
8. Due to the use of multiple schemes in one scheme password
space is increased to great extent.
21. 1. Difficult for blind people to use this
technology.
2. A lot of program coding is required.
3. Very expensive.
4. Time and memory requirement is large.
22. 1. Critical servers.
2. Nuclear reactors and military facilities.
3. Airplanes, jet fighters and missile guiding.
4. Networking.
5. A small virtual environment can be used in following
areas:
(i) ATM.
(ii) Desktop computers and laptop logins.
(iii) Web authentication.
(iv) Security analysis.
23. The authentication can be improved with 3D
password, because the unauthorized person
may not interact with same object at a
particular location as the legitimate user.
It is difficult to crack because it has no fixed
number of steps and a particular procedure.
Added with biometrics and token verification
this scheme becomes almost unbreakable.