3D PASSWORD
CONTENTS
Ø INTRODUCTION
Ø DEFINITION
Ø WHAT IS
AUTHENTICATION?
Ø AUTHENTICATION MET
HODS
Ø COMPARISON WITH
CURRENT AUTHENTICATION SYSTEMS
Ø BRIEF DESCRIPTION OF
THE SYSTEM
Ø WHAT IS A 3D PASSWORD
Ø SYSTEM IMPLEMENTATION
IN BRIEF
Ø 3D PASSWORD SELECTION
AND INPUTS
Ø 3D VIRTUAL
Ø APPLICATIONS
Ø 3D PASSWORD SPACE
SIZE
Ø ADVANTAGES
Ø FUTURE WORK
Ø REFERENCES
INTRODUCTION
Therefore we present our idea, the 3D passwords which
are more customizable and very interesting way of authentication. Now the passwords
are based on the fact of Human memory. Generally simple passwords are set so as
to quickly recall them. The human memory, in our scheme has to undergo the
facts of Recognition, Recalling, Biometrics or Token based authentication. Once
implemented and you log in to a secure site, the 3D password GUI opens up. This
is an additional textual password which the user can simply put. Once he goes
through the first authentication, a 3D virtual room will open on the screen. In
our case, let's say a virtual garage
The 3D password is a
multi factor authentication scheme. The 3D password presents
a 3D virtual environment containing various virtual objects. The user navigates
through this environment and interacts with the objects. The 3D password is
simply the combination and the sequence of user interactions that occur in the
3D virtual environment. The 3D password can combine recognition, recall, token, and biometrics based
systems into one authentication scheme. This can be done by designing a 3D
virtual environment that contains objects that request information to be
recalled, information to be recognized, tokens to be presented, and biometric
data to be verified.
For example, the user can
enter the virtual environment and type something on a computer that exists in
(x1 , y1 , z1 ) position, then enter a room that has a fingerprint recognition
device that exists in a position (x2 , y2 , z2 ) and provide his/her
fingerprint. Then, the user can go to the virtual garage, open the car door,
and turn on the radio to a specific channel. The combination and the sequence
of the previous actions toward the specific objects construct the user's 3D
password.
Virtual objects can be any
object that we encounter in real life. Any obvious actions and interactions
toward the real life objects can be done in the virtual 3D
environment toward
the virtual objects. Moreover, any user input (such as speaking in a specific
location) in the virtual 3D environment can be considered as a part of the 3D
password.
DEFINITION
Users nowadays are
provided with major password stereotypes such as textual passwords, biometric
scanning, tokens or cards (such as an ATM) etc .Mostly textual passwords follow
an encryption algorithm as mentioned above. Biometric scanning is your
"natural" signature and Cards or Tokens prove your validity. But some
people hate the fact to carry around their cards, some refuse to undergo strong
IR exposure to their retinas(Biometric scanning).Mostly textual passwords,
nowadays, are kept very simple say a word from the dictionary or their pet
names, girlfriends etc. Years back Klein performed such tests and he could
crack 10-15 passwords per day. Now with the technology change, fast processors
and many tools on the Internet this has become a Child's Play.
WHAT
IS AUTHENTICATION?
Authentication is the act of establishing or confirmingsomething as authentic, that is, that claims made
by or about the subject aretrue. This might involve confirming the identity of
a person, tracing the originsof an artifact, ensuring that a product is
what it’s packaging and labeling claimsto be, or assuring that a computer program is a trusted one. For example, when you show proper
identification credentials toa bank teller, you are asking to be authenticated
to act on behalf of the accountholder. If your authentication request is
approved, you become authorized toaccess the accounts of that account holder, but no others.
AUTHENTICATION METHODS
There are two types of techniques for doing
this.The first is comparing the
attributes of the object itself towhat is
known about objects of that origin. For example, an art expert mightlook for
similarities in the style of painting, check the location and form of
asignature, or compare the object to an old photograph. An archaeologist mightuse carbon dating to verify the age of an
artifact, do a chemical analysis of the materials used, or compare the style of
construction or decoration to other artifacts of similar origin. The physics of sound and light, and
comparison with a known physical
environment, can be used to examine the authenticity of audio recordings,
photographs, or videos. The second type relies on documentation or other external
affirmations. This can be accomplished through a written
evidence log, or by testimony from the police detectives and forensics staff
that handled it. Some antiques are accompanied by certificates attesting to
their authenticity. External records have their own problems of forgery
and perjury, and are also vulnerable to being separated from the artifact and lost. Currency and other financial
instruments commonly use the first type of authentication method. Bills, coins, and cheques incorporate hard-to-duplicate physical features, such as fine printing or
engraving, distinctive feel, watermarks,
and holographic imagery, which are easy for receivers’ toverify.Consumer goods
such as pharmaceuticals, perfume; fashion clothing can use either type of
authentication method to prevent counterfeit goods from taking advantage of a popular brand's reputation.
COMPARISON WITH CURRENT AUTHENTICATION SYSTEMS
Suffer from many weaknesses.
Textual passwords arecommonly used. Users tend to choose meaningful words from
dictionaries,which make textual passwords easy to break and vulnerable to dictionary or brute force attacks. Many available
graphical passwords have a password spacethat is less than or equal to the
textual password space. Smart cards or tokenscan be stolen. Many biometric
authentications have been proposed. However,users tend to resist using
biometrics because of their intrusiveness and the effecton their privacy.
Moreover, biometrics cannot be revoked. The 3D password isa multi factor authentication scheme. The design of the 3D virtual environmentand the type of objects selected determine the
3D password key space. User have freedom to select whether the 3D password
will be solely recall,recognition, or token based, or combination of two
schemes or more.
BRIEF DESCRIPTION OF THE SYSTEM
The proposed system is a multi factor authentication
scheme. It can combine all existing authentication schemes into a single
3Dvirtualenvironment. This 3D virtual environment contains several objects or items
with which the user can interact. The user is presented with this 3D virtual
environment where the user navigates and interacts with various objects. The
sequence of actions and interactions toward the objects inside the
3Denvironment constructs the users 3Dpassword.The 3D password can combine most
existing authentication schemes such as textual passwords,
graphical passwords, and various types of biometrics into a 3D virtual environment.
The choice of what authentication schemes will be part of the user’s 3D
password reflects the user's preferences and requirements. A user
who prefers to remember and recall a password might choose textual and
graphical password as part of their 3D password. On the other hand users
who have more difficulty with memory or recall might prefer to choose smart
cards or biometrics as part of their 3D password. Moreover user who
prefers to keep any kind of biometric data private might not interact with
object that requires biometric information. Therefore it is the user's choice and decision to construct the desired and preferred 3D password.
WHAT
IS A3D PASS WORD?
The 3-D password is a multifactor authentication scheme. It can
combine all existing authentication schemes into a single 3-D virtual environment. This 3-D virtual environment
contains several objects or item with which the user can interact. The type of
interaction varies from one item to another. The 3-D password is constructed by observing the actions and
interactions of the user and by
observing the sequences of such actions. It is the user choice to select which
type of authentication techniques will be part of their 3-D password. This is achieved through interacting only with the
objects that acquire information that the user is comfortable in providing and
ignoring the objects that request information that the user prefers not to provide. For example, if an item requests an iris scan and the user is not comfortable in providing such information, the
user simply avoids interacting with that item. Moreover, giving the user the
freedom of choice as to what type of authentication schemes will be part of their 3-D password and given the
large number
of objects
and items in the environment, the number of possible 3-D passwords will increase. Thus, it becomes much more
difficult for the attacker to guess the users 3-D password.
SYSTEM IMPLEMENTATION IN
BRIEF
The 3Dpassword is a multi factor
authentication scheme. The 3Dpassword presents a 3Dvirtual environment
containing various virtual objects. The user navigates through this environment
and interacts with the objects. The 3Dpassword is simply the combination and
the sequence of user interactions that occur in the 3Dvirtual environment.
The 3Dpassword can combine recognition, recall, token, and biometrics
based systems into one authentication scheme. This can be done by designing a
3Dvirtual environment that contains objects that request information to be
recalled, information to be recognized, tokens to be presented, and biometric
data to be verified. For example, the user can enter the virtual environment and
type something on a computer that exists in (x1 , y1 , z1 ) position, then
enter a room that has a fingerprint recognition device that exists in a
position (x2 , y2 ,z2 ) and provide his/her fingerprint. Then, the user can go
to the virtual garage, open the car door, and turn on the radio to a specific
channel. The combination and the sequence of the previous actions toward the
specific objects construct the users 3Dpassword.Virtual objects can be any
object that we encounter in real life. Any obvious actions and interactions toward the real life objects
can become in the virtual3Denvironment
toward the virtual objects. Moreover, any user input (such as speaking in a
specific location) in the virtual 3Denvironmentcan be considered as a part of
the 3Dpassword.
We can have the following objects:
1) A computer with which the user can type;
2) A fingerprint reader that requires the users
fingerprint;
3) A biometric recognition device;
4) A paper or a white board that a user can
write, sign, or draw on;
5) An automated teller machine (ATM) that
requests a token;
6) A light that can be switched on/off;
7) A television or radio where channels can be
selected;
8) A staple that can be punched;
9) A car that can be driven;
10) A book that can be moved from one place to
another;
11) Any graphical password scheme;
12) Any real life object;
13) Any upcoming authentication scheme.
The action toward an object (assume a
fingerprint recognition device)that exists in location (x1 , y1 , z1 ) is
different from the actions toward similar object (another fingerprint recognition
device) that exists in location (x2, y2 , z2 ),where x1 = x2 , y1 = y2 , and z1
= z2 . Therefore, to perform the legitimate 3Dpassword, the user must follow
the same scenario performed by the legitimate user. This means interacting with the same objects
that reside at the exact locations and
perform the exact actions in the proper sequence.
3D PASSWORD SELECTION AND INPUTS
Let us consider a 3Dvirtual environment space
of size G ×G × G. The 3Denvironment space is represented by the coordinates(x, y, z)
[1. . .
G] × [1. . . G] × [1. . . G]. the objects are distributed in the3Dvirtual
environment with unique (x, y, z) coordinates. We assume that the user can
navigate into the 3Dvirtual environment and interact with the objects using any
input device such as a mouse, key board, fingerprint scanner, iris scanner, stylus, card reader, and microphone. We consider the sequence of those actions and interactions using the previous
input devices as the user’s3Dpassword.For example, consider a user who navigates through
the3Dvirtualenvironment that consists of an office and a meeting room. Let us assume that the user is in the virtual office
and the user turns around to the door located in (10, 24, 91) and opens
it. Then, the user closes the door. The user then finds a computer to the left, which exists in the position (4, 34, 18), and
the user
types ³FALCON.´ Then, the user walks to the meeting room and picks up a pen
located at (10, 24, 80) and draws only one dot in a paper located in (1,
18,30), which is the dot (x, y) coordinate relative to the paper space is (330,
130).The user then presses the login button. The initial representation of user
actions in the 3Dvirtual environment can be recorded as follows:· (10, 24, 91)
Action = Open the office door;· (10, 24, 91) Action = Close the office door;·
(4, 34, 18) Action = Typing, ³F´;· (4, 34, 18) Action = Typing, ³A´;· (4, 34,
18) Action = Typing, ³L´;· (4, 34, 18) Action = Typing, ³C´;· (4, 34, 18)
Action = Typing, ³O´;· (4, 34, 18) Action = Typing, ³N´;· (10, 24, 80) Action =
Pick up the pen;· (1, 18, 80) Action = Drawing, point = (330, 130).
In order for a legitimate user to be
authenticated, the user has to follow the same sequence and type of actions and
interactions toward the objects for the user’s original 3-D password.
3 D VIRTUAL
The design of the 3D virtual environments
affects the usability, effectiveness, acceptability
of 3D password. The first step in building a3-Dpassword
system is to design a 3-Denvironment that reflects the administration needs and
the security requirements.
The design of 3D virtual environments should follow these guidelines
.
1) Real life-similarity-
The prospective 3D
virtual environment should reflect what people are used to seeing in real life. Objects used invirtualenvironments should be relatively similar in size to real objects (sized to scale). Possible actions and
interactions toward virtual objects
should reflect real life situations. Object responses should be realistic. The target should have a 3-D virtual environment that users can
interact.
2) Object uniqueness and distinction-
Every virtual object or item in the 3-D virtual environment indifferent from any other virtual object. The
uniqueness comes from the fact that every virtual object has its own attributes
such as position. Thus, the prospectiveinteraction with object 1 is not equal to the interaction with object 2.However, having similar objects such as 20 computers in one place might confuse the user. Therefore, the design of the 3D virtual environmentshould considers that every object should be distinguishable from other objects. Similarly, in designing a 3-Dvirtual
environment, it should be easy for user’s to navigate through and to distinguish between objects. The
distinguishing factor increases the user’s recognition of objects.
Therefore, it improves the system usability.
3) Three Dimensional Virtual Environment Size -
A 3-Dvirtual environment can depict a city or
even the world. On the other hand, it can depict a space as focused as a single room or office. A large 3¬D virtual environment will increase the time required
by the user to perform a 3-Dpassword. Moreover, a large3-Dvirtual
environment can contain large number of virtual objects. Therefore, the
probable 3-Dpassword space broadens. However, a small 3-D virtual
environment usually contains only a few objects, and thus, performing a 3-D
password will take less time.
4) Number of objects and their types-
Part of designing a 3-D virtual environment is
determining the types of objects and how many objects should be placed in the
environment. The types of objects reflect what kind of responses the object
will have. For simplicity, we can consider requesting a textual password
or a fingerprint as an object response type. Selecting the right object
response types and the number of objects affects the probable password space of a 3-D password.
5) System Importance-
The 3D virtual environment should consider
what systems will be protected by a 3D password. The number of objects and the types of objects that have been used in the 3D virtual environment should reflect the importance of the protected system.
APPLICATIONS
The 3D password can have a password space that is very large compared to other authentication schemes, so the 3-D password main application domains are protecting critical
systems and resources.
1. Critical servers-
Many large organizations have critical servers
that are usually protected by a textual password. A 3D password authentication proposes a sound replacement for a textual password.
2. Nuclear and military facilities-
Such facilities should be protected by the
most powerful authentication systems. The
3-D password has a very large probable password space, and since it can contain token-, biometrics-, recognition and knowledge based authentications in a single authentication system, it is a sound choice for high level security locations.
3. Airplanes and jet fighters-
Because of the possible threat of misusing
airplanes and jet fighters for religion-political agendas, usage of such
airplanes should be protected by a powerful authentication system. In addition, 3-D passwords can be used in less critical systems
because the 3D virtual environment can be designed to fit to any system needs. A small virtual environment can be
used in the following systems like
3D PASSWORD SPACE SIZE
To determine the password space, we have to
count all possible3D passwords that have a certain number of actions,
interactions, and inputs towards all objects that exist in the 3D virtual
environments
IG: Password space of the3D password, textual password, Pass faces, and DAS with grid sizes of 5 × 5 and 10 × 10Length
is the number of actions and interactions for a3D password, the number
of characters for textual passwords, the number of selections for Pass faces,
and the number of points that represent the strokes for DASThe length is up to
eight
ADVANTAGES
·
Easiness to memorize
Users can memorize a 3D password as a
³little´story which makes the password easy to remember
·
Flexibility
3d passwords allows multi-factor authentication. Smart cards, biometrics and alpha num password can
embedded in the 3d password technology
·
Strength
` `Scenario in a 3D environment offers as almost unlimited
combination of possibilities. As such system can have specific 3d world, hack are extremely difficult.
·
The 3D password gives users the freedom of selecting what type
of authentication techniques.
·
Secrets those are not easy to write down on paper.
·
The scheme secrets should be difficult to share with others.
·
Provide secrets that can be easily revoked or changed
FUTURE WORK
Textual passwords and
token-based passwords are the most common used authentication schemes. However, many
different schemes have been used in specific fields. Other schemes are under
study yet they have never been applied in the real world. The motivation of
this work is to have a scheme that has a huge password space while also
being a combination of any existing, or upcoming,
authentication schemes into one scheme. A 3D password gives the user the choice
of modeling his 3D password to contain any authentication scheme that
the user prefers. Users do not have to provide their fingerprints if they do not wish to. Users do not have to
carry cards if they do not want to. Users have the choice to model their 3D
password according to their needs and their preferences. A 3D passwordisprobable
password space can be reflected by the design of the three-dimensional virtual
environment, which is designed by the system administrator. The three-dimensional virtual
environment can contain any objects that
the administrator feels that the users are familiar with.For example, football
players can use a three-dimensional virtual environment of a stadium where they
can navigate and interact with objects that they are familiar with. The 3D
password is in its infancy. A study on a large number of people is
required. We are looking at designing different three-dimensional virtual environments that contain objects of
all possible authentication schemes. The main application domains of 3D
Password are critical systems and resources. Critical systems such as military facilities,
critical servers and highly classified
areas can be protected by 3D Password system with large three-dimensional
virtual environment. Moreover, a small three-dimensional virtual environment can be used to protect less critical systems such as
handhelds, ATM's and operating system's logins. Acquiring the knowledge of the
probable distribution of a users3D password might show the practical strength
of a 3D password. Moreover, finding a solution for shoulder surfing attacks on
3D passwords and other authentication schemes is also a field of study
REFERENCES
1. A Novel 3D graphical passwordschema-Fawaz A Alsulaiman andAbdulmotaleb El Saddik
2. Daniel V.Klein. Foiling the Cracker: A Survey
of, and Improvement to Passwords Security
3. Greg E. Blonder, Graphical Password, United
State Patent 5559961
4. Rachna Dhamija, Adrian Perrig, Déjà Vu: A User
Study Using Images for Authentication. 2000, Denver, Colorado, pages 45-58.
No comments:
Post a Comment