The document discusses different types of authentication techniques such as text passwords, biometric scanning, tokens, and cards. It then introduces 3D passwords as a multifactor authentication method that combines recognition, recall, tokens, and biometrics. A 3D password involves a user navigating a virtual environment and interacting with virtual objects in a certain sequence. This provides stronger security than other methods. The document outlines guidelines for designing 3D environments and discusses applications and attacks on 3D passwords. It concludes that 3D passwords could improve authentication but require further development based on user testing.
2. Users nowadays are provided with major password
stereotypes such as :-
TEXT PASSWORD :- mostly text passwords follow an encryption algorithm.
BIOMETRIC SCANNING :- is your “natural” signature.
TOKENS & CARDS :- prove your validity.
TEXT PASSWORD
BIOMETRIC SCANNING
TOKENS & CARDS
3. Human Authentication
techniques
Knowledge Based
What you KNOW
Textual Password
Graphical Password
Token Based-What
you HAVE
ATM cards
Keys
ID Cards
Biometrics - What you
ARE
Fingerprints, Palmprints
Hand geometry
Face, Iris, Voice, Retina
recognition
Human Authentication Techniques - Classification
4. CURRENT AUTHENTICATION SYSTEM SUFFER FROM MANY WEEKNESSES:-
many available graphical password have password space that is less than or
equal to textual password space, which is also easy to break.
smart cards or tokens can be stolen.
users tend to resist biometrics of their effects on privacy. Moreover
biometric can’t be revoked
5.
6. •A 3D password is a multifactor
authentication scheme that
combine
RECOGNITION
+RECALL
+TOKENS
+BIOMETRICS
in one authentication system.
7. Brief description of system:-
The 3D password presents a virtual environment containing various
virtual objects.
The user walks through the environment and interacts with the objects.
It is the combination and sequence of user interactions that occur in the
3D environment.
The user is presented with this 3d virtual environment where the user
navigates and interacts with various objects.
The sequence of actions and interactions towards the objects inside the
3d environment constructs the user’s 3d password.
8. • For example, the user can enter the virtual environment
and type something on a computer that exists in (x1 , y1 ,
z1 ) position
• then enter a room that has a fingerprint recognition
device that exists in a position (x2 , y2 , z2 ) and provide
his/her fingerprint.
• Then, the user can go to the virtual garage, open the car
door, and turn on the radio to a specific channel.
• The combination and the sequence of the previous
actions toward the specific objects construct the user’s
3D password.
9. Virtual objects
Virtual objects can be any object we encounter in
real life:
A computer on which the user can type in
A fingerprint reader that requires users
fingerprint
A paper or white board on which user can type
An Automated teller(ATM) machine that requires
a token
A light that can be switched on/off
A television or radio
A car that can be driven
A graphical password scheme
10. • 3-D virtual environment affects the usability,
effectiveness, and acceptability of a 3-D
password system.
• 3-D environment reflects the administration
needs and the security requirements.
3D Virtual Environment
3D Virtual Environment
11. The design of 3D virtual environments should follow
these guidelines:
Design guidelines
12. Advantages
Provides security.
3D password can’t take by any
other person.
3D graphical password has no
limit.
Password can change easily.
Implementation of the system is
easy.
Password can remember easily.
Password helps to keep lot of
personal details.
13. Application
s
The 3D password’s main application domains are protecting
critical systems and resources.
• Critical Servers
• Nuclear Reactors & military Facilities
• Airplanes and missile Guiding
• In addition, 3D passwords can be used in less critical systems
• A small virtual environment can be used in the following systems like
– ATM
– Personal Digital Assistance
– Desktop computers & laptops
– Web authentication etc.
15. Attacks on 3-D password
• Brute Force Attack: The attacker has to try all possible 3-D passwords. This
kind of attack is very difficult for the following reasons:
– Time required to login
– Cost of attacks
• Well-Studied Attack: The attacker tries to find the highest probable
distribution of 3-D passwords. However, to launch such an attack, the
attacker has to acquire knowledge of the most probable 3-D password
distributions.
• Shoulder Surfing Attack: An attacker uses a camera to record the user’s 3-
D password or tries to watch the legitimate user while the 3-D password is
being performed. This attack is the most successful type of attack against
3-D passwords and some other graphical passwords.
• Timing Attack: In this attack, the attacker observes how long it takes the
legitimate user to perform a correct sign-in using the 3-D password. This
observation gives the attacker an indication of the legitimate user’s 3-D
password length.
16. The authentication can be improved with 3d
password , because the unauthorized person may not
interact with same object at a particular location as the
legitimate user.
It is difficult to crack ,because it has no fixed number
of steps and a particular procedure.
Added with biometrics and token verification this
schema becomes almost unbreakable.
The 3-D password is still in its early stages. Designing various kinds of 3-D virtual
environments, deciding on password spaces, and interpreting user feedback and
experiences from such environments will result in enhancing and improving the
user experience of the 3-D password