The document proposes a 3D password authentication scheme. It discusses drawbacks of existing authentication methods like textual and graphical passwords. The 3D password scheme combines recognition, recall, tokens, and biometrics in a 3D virtual environment. Users interact with virtual objects in the environment to create a password. This provides a large password space and flexibility. The document outlines guidelines for designing the 3D environment and applications like critical servers, airplanes, and nuclear facilities that could benefit from the strong authentication of 3D passwords.

1. By:
Jaya Sinha (115415)
Oindrila Gupta (115416)

2. CONTENTS
Introduction
Three Factors of Authentication
Existing Authentication Techniques
Drawbacks of Existing Authentication Schemes
3D Password Scheme
3D Password Selection
Designing of a 3D Virtual Environment
Advantages of 3D Passwords
Applications of 3D Passwords
Attacks and Counter­Measures
Conclusion

3. INTRODUCTION
Authentication is any protocol or
process that permits one entity to
establish the identity of another
entity.
➢
In other words, authentication is
the process of determining whether
someone or something is, in fact, who
or what it is declared to be.
✔

4. Three Factors of Authentication
1. Knowledge Based: Something you
know like PASSWORD, PIN
2. Token Based: Something you possess
like KEYS, PASSPORT, SMART
CARD
3. Biometrics: Something you are like
FINGERPRINT, FACE, IRIS

5. Existing Authentication Techniques
➔
Textual Password: Recall
Based
➔
Graphical Password:
Recall Based + Recognition
Based (Biometrics)

6. Drawbacks of Existing
Authentication Schemes

7. Drawbacks of Textual Passwords
Textual Passwords should be easy to
remember, but at the same time, difficult to
guess
●
Full password space for 8 characters,
consisting of both numbers and characters,
is 2*(10^14)
●
A research showed that 25% of the
passwords out of 15,000 users could be
guessed correctly using brute force
dictionary
●

8. Drawbacks of Graphical Passwords
Graphical Passwords can be easily recorded as
these schemes take a long time
●
The main drawback of using biometric is its
intrusiveness upon a user's personal
characteristics which are liable to change under
certain situations. For example, a bruised finger
will lead to an inconsistency in fingerprint
pattern
●
They require special scanning device to
authenticate the user which is not acceptable
for remote and internet users
●

9. 3D PASSWORD to the rescue...

10. 3D PASSWORD SCHEME
The 3D Password scheme is a new
authentication scheme that
combines
RECOGNITION
+ RECALL
+ TOKENS
+ BIOMETRIC
in one authentication system
➢

11. The 3D password presents a virtual
environment containing various virtual
objects
➢
The user walks through the
environment and interacts with
the objects
➢
The 3D Password is simply the
combination and sequence of
user interactions that occur in the
3D environment
➢

12. The 3D password can combine the existing authentication
schemes such as textual passwords, graphical passwords,
and various types of biometrics into a 3D virtual
environment. The design of the 3D virtual environment
and the type of objects selected determine the 3D
password key space.
➢

13. 3D PASSWORD SELECTION
Virtual objects can be any object
that we encounter in real life:
a computer on which the user can type
✔
a fingerprint reader that requires the
user’s fingerprint
✔
a biometrical recognition device
✔
a paper or white board that a user can
write, sign, or draw on
✔
an automated teller machine (ATM)
that requires a token
✔

14. ✔
a light that can be switched on/off
a television or radio where channels
can be selected
✔
✔
a stapler that can be punched
✔
a car that can be driven
a book that can be moved from one
place to another
✔
✔
any graphical password scheme
✔
any real­life object
✔
any upcoming authentication scheme

15. 3D VIRTUAL ENVIRONMENT

16. Designing of a 3D Virtual Environment
Designing a well­studied 3­D virtual
environment affects the usability, effectiveness,
and acceptability of a 3­D password system.
Therefore, the first step in building a 3­D
password system is to design a 3­D environment
that reflects the administration needs and the
security requirements. The design of 3­D virtual
environments should follow the following
guidelines:
●
Real­life similarity: The prospective 3­D
virtual environment should reflect what
people are used to seeing in real life.

17. ●
Object uniqueness and distinction: The
design of the 3­D virtual environment
should consider that every object should be
distinguishable from other objects.
Three­dimensional virtual
environment size: The size of a 3­D
●
environment should be carefully studied as
it can depict a space as focused as a single
room (or office) or as vast as a city (or even
the world).

18. Number of objects (items) and their
types: Part of designing a 3­D virtual
●
environment is determining the types of
objects and how many objects should be
placed in the environment. The types of
objects reflect what kind of responses the
object will have.
●
System importance: The 3­D virtual
environment should consider what systems
will be protected by a 3­D password.

19. ADVANTAGES OF 3D PASSWORDS
✔
Flexibility: 3D Passwords allow
Multifactor Authentication
✔
Strength: This scenario provides
almost unlimited possibilities of
passwords
✔
Easy to memorize: Can be
remembered in the form of a short story
✔
Respect of Privacy: Organizers can
select authentication schemes that
respect the privacy of the users

20. APPLICATIONS OF 3D
PASSWORDS
Critical servers: Many large
➢
organizations have critical servers that
require very high security but are usually
protected by a textual password. A 3­D
password authentication proposes a
sound replacement for a textual
password. Moreover, entrances to such
locations are usually protected by access
cards and sometimes PIN numbers.
Therefore, a 3­D password can be used to
protect the entrance to such locations as well
as protect the usage of such servers.

21. Airplanes and jetfighters: Because of
➢
the possible threat of misusing airplanes
and jetfighters for religious/political
agendas, usage of such airplanes should be
protected by a powerful authentication
system.
Nuclear and military facilities: Such
➢
facilities should be protected by the most
powerful authentication systems. The 3­D
password has a very large probable
password space, and since it can contain
token, biometrics, recognition, and
knowledge based authentications in a
single authentication system, it is a sound
choice for high level security locations.

22. A small 3­D virtual
environment can be used in
many systems, including the
following:
1) ATMs
2) personal digital assistants
3) desktop computers and
laptop logins
4) web authentication

23. ATTACKS AND COUNTER­MEASURES
Brute Force Attack: This attack is
➢
very difficult because:
1. It is very time consuming
2. Attack is highly expensive
Well Studied Attack: This attack is
➢
difficult because the attacker has to
perform customized attack for different
virtual environments.
Shoulder Surfing Attack: This
➢
attack is comparatively more successful
because the attacker uses camera to
record the 3D Passwords of the users.

24. CONCLUSION
3D Password improves
authentication.
✔
It is difficult to crack as there are
no fixed number of steps or
particular procedure.
✔
Added with biometrics and
token verification, this schema
becomes almost unbreakable.
✔

25. BIBLIOGRAPHY
http://en.wikipedia.org/wiki/3­D_Secure
http://www.slideshare.net
http://www.giac.org/cissp­papers/2.pdf
http://share.pdfonline.com/01906f50bd334cc688daf1
0648bb5d68/3d seminar report.htm