This document describes 3D passwords as a multifactor authentication method that combines knowledge-based, token-based, and biometric authentication in a virtual 3D environment. A 3D password records a user's interactions with virtual objects in the environment, such as opening a door or typing on a computer, creating a unique sequence. Implementation requires programming languages like C++ and OpenGL to create the 3D virtual world. Attacks are difficult due to the complexity of reproducing all factors, but 3D passwords provide very high security and flexibility compared to traditional passwords.

1. PRESENTED BY :
MANISHA SAINI

2. 1. Password
2. Passphrase
3. Authentication
4. Drawbacks of Human Authentication Techniques
5. 3D password
6. Virtual Environment
7. Virtual Objects
8. System Implementation
9. Mathematical Concept Related to 3D password
10. Example
11. State Diagram
12. Working of 3D password
13. Programming languages
14. Attacks and Counter Measures
15. Advantages
16. Disadvantages
17. Applications
18. References

3. • A password is a word or string of characters
used for the authentication to prove identity.
• Password is basically an encryption
algorithms.
• It is 8-15 character or slightly more than that.
• Passwords are the first line of defense against
cyber criminals.

4.  It is the advanced version of password.
 It is a combination of words or simply
collection of password in a proper sequence.
 Length of passphrase is from 30-50 words or
more than that also.
 More secure than an ordinary password.

5.  Authentication is a process of validating who
are you to whom you are claimed to be.
 Human authentication techniques are :
1. Knowledge based (What you know)
2. Token based (What you have)
3. Biometrics (What you are)

6. (a) Pin
(b) Password
(c) Patterns
(a) Keys
(b) Passport
(c) Smart card
(d) ID proofs
(a) Face recognition
(b) Fingerprints
(c) Iris
(d) DNA
(e) Voice
(f) Hand geometry

7. (a) Easy to remember -> Easy to break
Hard to guess -> Hard to remember
(b) Vulnerable to attacks like dictionary attacks, brute force attacks etc.
(a) Duplicate keys, smart cards, ID proofs are easily available.
(a) Instructiveness to privacy.
(b) Resistance to exposure of retinas to IR rays.
(c) Hackers implement exact copy of your biometrics.

8.  The 3D password is a multifactor authentication
scheme that combine KNOWLEDGE BASED + TOKEN
BASED + BIOMETRICS in one authentication system.
 It presents a virtual environment containing various
virtual objects.
 It is simply the combination and sequence of user
interactions that occur in the 3D environment.
 The user walks through the environment and
interacts with the objects.
 More customizable and very interesting way of
authentication.

9. • A virtual environment is a computer-based simulated
environment.
• The 3D virtual environment consists of many items and
objects.
• It is created inside a 2D screen and is a real time scenario .
• Each item has different responses to action.
• The user actions, interactions and inputs towards the objects
or toward the 3D virtual environment creates the user’s 3D
password.
• Communication between users can range from text, graphical
icons, visual gesture, sound, and rarely, forms using touch,
voice command, and balance senses.

10. • 3D virtual environment affects the usability,
effectiveness and acceptability of a 3D
password system.
• 3D environment reflects the administration
needs and security requirements.

13. Virtual objects can be any objects we encounter in real life such as:
 A computer on which user can type.
 An ATM machine that requires a token (ATM card).
 A fingerprint reader that requires user fingerprints.
 A paper or white board on which user can write.
 A light that can be switched on/off.
 A television.
 A radio.
 A car that can be driven.
 A graphical password scheme.

14.  The action towards an object that exists in
location (x1,y1,z1) is different from action towards
an another object at (x2,y2,z2).
 To perform the legitimate 3D password the user
must follow the same scenario performed by the
legitimate user.
 This means interacting with the same objects
that reside at exact location and perform the exact
actions in the proper sequence.

15. 1. Time Complexity :
Let us assume that A is the virtual 3D environment plotting and B is
algorithmic processing. Then,
Time complexity = Am + Bn
where ‘m’ is time required to communicate with system, and ‘n’ is time
required to process each algorithm in 3D environment.

16. 2. Space Complexity:
• System include 3D virtual environment, so that each point in this
environment will having 3 co-ordinate values.
• Any point from 3D virtual environment is represented in the form
of (X, Y, Z). X, Y & Z are the coordinate values stored for particular
point.
• Space complexity = n3
3. Class Of Problem:
Three types of classes provided are:
(a) P class: A decision problem is in P if there is a known
polynomial-time algorithm to get that answer.
(b) NP-hard class: Decision problem is in NP if there is a known
polynomial-time algorithm for a non-deterministic machine to
get the answer.
(c) NP complete class: NP-complete if you can prove that (1) it‘s
in NP, and (2) show that it‘s poly-time reducible to a problem
already known to be NP-complete.

17. • Let us consider a 3D virtual environment space
of size G x G x G. The 3D environment space is
represented by the coordinates (x,y,z) ϵ [1,…,G] x
[1,…,G] x [1,…,G].
• The objects are distributed in the 3D virtual
environment with unique (x,y,z) coordinates. We
assume that the user can navigate into the 3D
virtual environment and interact with the
objects using any input device such as a mouse,
keyboard, fingerprint scanner, iris scanner, card
readers, microphones, stylus, etc.

18. • Let us consider a user who navigates through the 3D virtual
environment that consists of an office and a meeting room.
Let us assume that the user is in the virtual office and the
user turns around the door located in (1,2,3) and opens it.
Then, the user closes the door. The user then finds a
computer to the left, which exists in the position (4,5,6),
and the user types “ABC”. The initial representation of user
actions in the 3D virtual environment can be recorded as
follows:
(1,2,3) action = open the office door
(1,2,3) action = close the office door
(4,5,6) action = typing “A”
(4,5,6) action = typing “B”
(4,5,6) action = typing “C”

19. Typical
Textual
Password
Enter User Name
Performing
Graphical Password
Moving Inside
Virtual 3D
Environment
Performing
Biometrics
Changing
Item Status
Verifying
Typing a letter or a number Clicks
Access not
granted
Login
password
Access
granted
Specific
key
password
Click on a
graphical
password
item
Specific key pressed
Biometric item
is checked
Move object,
Turn ON/OFF

21.  C++
 Java and Java3D
 .NET languages such as C# or Visual Basics
 Parrot virtual machine
 OpenGL library :
(i) uses both graphics and CAD programs.
(ii) supported on Windows, Macintosh, UNIX workstations,
PCs, X-Box, Linux, etc.
 GLUT :
(i) library for using C++ and OpenGL
 Direct 3D :
(i) supported only on Microsoft windows platforms and X-
box.

22. 1. Brute Force Attack: A brute force attack is a trial-and-error
method used to obtain information such as a user password or
personal identification number (PIN). The attack is difficult
because:
(i) Required time to login: Time required to login may vary from
20 seconds to 2 minutes. So, is time consuming.
(ii) Cost of attack: Cost of creating 3D virtual environment is very
high.
2. Well Studied Attack:
(i) Attacker has to study whole password scheme.
(ii) Attacker has to try combination of different attacks on
scheme.
(iii) As 3D password scheme is multi-factor & multi-password
authentication scheme, attacker fail to studied whole scheme.
This attacks also not much effective against 3D password
scheme.

23. 3. Shoulder Suffering Attack:
(i) An attacker uses a camera to record the password.
(ii) 3D password contains biometric identifications, so
are difficult to break.
4. Timing Attack:
(i) The attacker observes how long it takes a
legitimate user to perform a correct sign-in using 3D
password.
(ii) Helps in determining length of password.
(iii) Effective if the 3D virtual environment is
designed correctly.

24. 5. Key logger:
(i) Attacker install as software called key logger on
system where authentication scheme is used.
(ii) Software stores text entered through
keyboard and those text are stored in text file.
(iii) More effective and useful for only textual
password. Fails in case of 3D password because it
includes biometrics which are hard to crack.

25. 1. Provides high security.
2. Flexible, as it provides multifactor authentication ,i.e., token
based, knowledge based, biometrics.
3. Provides infinite number of password possibilities.
4. Can be memorized in form of short stories.
5. Implementation of system is easy.
6. Ease to change password anytime.
7. Helps to keep lot of personal details.
8. Due to the use of multiple schemes in one scheme password
space is increased to great extent.

26. 1. Difficult for blind people to use this
technology.
2. A lot of program coding is required.
3. Very expensive.
4. Time and memory requirement is large.

27. 1. Critical servers.
2. Nuclear reactors and military facilities.
3. Airplanes, jet fighters and missile guiding.
4. Networking.
5. A small virtual environment can be used in following
areas:
(i) ATM.
(ii) Desktop computers and laptop logins.
(iii) Web authentication.
(iv) Security analysis.

28.  The authentication can be improved with 3D
password, because the unauthorized person
may not interact with same object at a
particular location as the legitimate user.
 It is difficult to crack because it has no fixed
number of steps and a particular procedure.
 Added with biometrics and token verification
this scheme becomes almost unbreakable.

29.  www.ifet.ac.in
3Dvas.com
 www.ijesit.com
 www.sri.com
https://www.youtube.com/watch?v=Tw1
mXjMshJE