3d authentication system provides a password that is easy for the user to remember but difficult for intruders to break

1. Submitted by:
Richa Agarwal 10103472
Disha Agrawal 10103486
Submitted to:
Dr. Saurabh Kr. Raina
Ms. Hema N.
Ms. Aditi Sharma

2. There are many authentication techniques available, such as textual
passwords, graphical passwords, etc. but each of this individually has some
limitations & drawbacks.
3D password is a multi-password & multi-factor authentication
system as it uses various authentication techniques such as textual passwords,
graphical passwords, token-based passwords etc
Most important part of 3d password scheme is inclusion of 3d virtual
environment which consists of real time objects with which the user
interacts and the sequence of these interactions becomes the 3d password
of the user.
This scheme is hard to break & easy to use.

4.  Drawback of the existing authentication schemes is its two conflicting
requirements:
the selection of passwords that are easy to remember.
Difficult for intruders to guess.
The proposed 3-d password solves this issue
 To be authenticated, we present a 3-d virtual environment where the user
navigates and interacts with various objects. The sequence of actions and
interactions toward the objects inside the 3-D environment constructs
the user’s 3-D password.
 The recognition and recall based scheme helps user remember a
password which is impossible for others to guess.
 The new scheme provides secrets that are not easy to write down on
paper. Moreover, the scheme secrets are difficult to share with others.

5. A new encryption algorithm has been developed to implement this
authentication scheme
 The click points of user as well as the actions performed in the 3d
environment, both will be stored in such a way that the password becomes
resistant to spyware attacks.
The design of the 3-D virtual environment and the type of objects selected
would determine the 3-D password key space.
Therefore, the key space would vary greatly depending on the 3d virtual scene
and number of actions performed.
This variable key space with different kind of objects will make it extremely
difficult to launch any kind of cryptographic attacks against it.
The encryption algorithm will thus make the password impossible to break
and at the same time easy to remember

6. A large scale 3d virtual environment combining textual graphical and token
based scheme can be used for protecting high security demanding domains like:
Critical Servers
Nuclear and military facilities
Airplanes and jetfighters
A small 3-D virtual environment can be used in many systems, including the
following:
I. ATMs
II. Personal digital Assistants
III. Desktop computers and laptop logins
IV. Web authentication
V. Mobile applications privacy lock

7. 1)A system of authentication that is not either recall based or recognition based only.
Instead, the system is a combination of recall, recognition, biometrics, and token-
based authentication schemes.
2) The method of claim 1 wherein password is stored, a new algorithm is used which
has the ability to store not just the click points but also the interactions of user with
objects in the 3d virtual environment.
3) The method of claim 1 wherein encryption is performed to store the password, a
new algorithm is used which has variable key space. Due to use of multiple schemes
into one scheme, password space is increased to a great extend. This makes it very
difficult to launch cryptographic attacks against this scheme. This authentication
scheme guarantees greater security over currently available schemes.

8. 4) The system of encryption of claim 3 wherein more security is guaranteed than
any other existing authentication scheme. It is resistant to various cryptographic
attacks like:
• Key logger : In this attack attacker installs a software called key logger on
system where authentication scheme is used. This software stores text entered
through keyboard & that text is stored in a text file. In this way this attack is more
effective & useful for only textual password, but as 3D password is multi
password authentication scheme, so this kind of attacks are not much effective in
this case.
• Brute force attacks : In this kind of attacks, the attacker has to try ‘n’
number of possibilities of 3D Password. These attacks consider two major factors.
First is the required time to login; in 3d password time required for successful login
varies & is depend on number of actions & interactions as well as the size of 3d
virtual environment. Second factor is the cost required to attack; 3d password
scheme requires 3D virtual environment & cost of creating such a environment is
very high. Therefore this attack is also not effective.
• Well-studied attacks : In this attack intruder has to study the whole
password scheme. After exhaustive study about the scheme, attacker tries
combinations of different attacks on scheme. As 3d password scheme is multi-
factor & multi-password authentication scheme, the time and cost of this kind of
attack will be exponentially high.

9. 5) The system of claim 1 that would provide secrets that are easy to remember and
very difficult for intruders to guess.
6) The system of claim 1 that would provide secrets that are not easy to write down
on paper. Moreover, the scheme secrets would be difficult to share with others.
7) The system of claim 1 wherein users will have the freedom of selection. Users
ought to have the freedom to select whether the 3d- password would be purely
recognition, recall, biometric or token based or a combination of two schemes or
more. This freedom of selection is necessary because users are different and they
have different requirements. Some users do not like to carry cards. Some users do
not like to provide biometrical data, and some users have poor memories.
Therefore, to ensure high user acceptability, the user’s freedom of selection is
important.
8) The method of claim 1 wherein the authentication scheme is compatible with all
kinds of devices, may it be tablet, mobile, PC or laptop.
9) The method of claim 1 wherein the authentication scheme will be cross platform
that is compatible with various operating systems like Windows, Linux, Android
etc. It is platform independent.

10. Patents:
[1] Graphical event-based password system , application no: US20040250138
[2] Password entry using 3D image with spatial alignment, application no: EP2466518A9
Publications:
[3] S. Man, D. Hong, and M. Mathews, "A shoulder surfing Resistant graphical password scheme," in
Proceedings of International conference on security and management. Las Vegas, NV, 2003.
[4] L. Sobrado and J.-C. Birget, "Graphical passwords," The Rutgers Scholar, an Electronic Bulletin
for
Undergraduate Research, vol. 4, 2002.
[5] I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A.D. Rubin, “The design and analysis of
graphical passwords”,
in Proc. 8th USENIX Security Symp, Washington DC, Aug.1999, pp.1-14.
[6] D. Weinshall and S. Kirkpatrick, "Passwords You’ll Never Forget, but Can’t Recall," in
Proceedings of Conference
on Human Factors in Computing Systems (CHI)