Software Requirements Specification

for

3D PASSWORDSPrepared by:

M.S.BALA SUBRAMANYAM (08BQ1A0508)

G.KRISHNA KANTH (08BQ1A0520)

B.CHAITANYA DAS (08BQ1A0507)

VASIREDDY VENKATADRI

INSTITUTE OF TECHNOLOGY

DATE:

Table of Contents

1. Introduction...............................................................................................................11.1 Purpose..............................................................................................................................11.2 Project Scope.....................................................................................................................11.3 References.........................................................................................................................2

2. Overall Description...................................................................................................32.1 Product Perspective...........................................................................................................32.2 Product Features...............................................................................................................52.3 User Classes and Characteristics......................................................................................52.4 Operating Environment......................................................................................................62.5 Design and Implementation Constraints............................................................................52.6 assumptionsand Dependencies…………….…………………………………..

…………..32.7 Functional Requirements Specification……………………………………………………...…5

2.7.1 user Use Case………………………………………………………………………………...………...5

Use case: initialize…………………………………………………………………………………………….5Use case:

register…………………………………………………………………………….2.7.2 server Use Case………………………………………………………………………………………....................

Use case: authentication…………………………………………………………………………….3. External Interface Requirements.............................................................................5

3.1 User Interfaces...................................................................................................................53.2 Hardware Interfaces...........................................................................................................53.3 Software Interfaces............................................................................................................53.4 Communications Interfaces...............................................................................................5

4. Other Nonfunctional Requirements........................................................................64.1 Performance Requirements...............................................................................................64.2 Safety Requirements.........................................................................................................64.3 Security Requirements.......................................................................................................64.4 Software Quality Attributes................................................................................................6

6. Other Requirements.................................................................................................7Glossary..........................................................................................................................7

1.0. Introduction

1.1. Purpose

The purpose of this document is to present a detailed description of the 3D

PASSWORDS AUTHENTICATION SYSTEM. It will explain the purpose and features of

the system, the interfaces of the system, what the system will do, the constraints under

which it must operate and how the system will react to external stimuli. This document is

intended for both the stakeholders and the developers of the system .

1.2. Scope of Project

The 3D passwords is a more customizable and very interesting way of

authentication.Now the passwords are based on the fact of Human memory. Generally

simple passwords are set so as to quickly recall them. The human memory, in our

scheme has to undergo the facts of Recognition, Recalling. Once implemented and you

log in to a secure site, the 3D password GUI opens up. This is an additional textual

password which the user can simply put. Once he goes through the first authentication,

a 3D virtual room will open on the screen. In our case, let’s say a virtual garage.Now in

a day to day garage one will find all sorts of tools, equipments, etc.each of them having

unique properties. The user will then interact with these properties accordingly. Each

object in the 3D space, can be moved around in an (x,y,z) plane. That’s the moving

attribute of each object. This property is common to all the objects in the space.

Suppose a user logs in and enters the garage. He sees and picks a screw-driver (initial

position in xyz coordinates (5, 5, 5)) and moves it 5 places to his right (in XY plane i.e.

(10, 5, 5).That can be identified as an authentication. Only the true user understands

and recognizes the object which he has to choose among many. This is the Recall and

Recognition part of human memory coming into play.Interestingly,a password can be

set as approaching a radio and setting its frequency to number only the user

knows.Security can be enhanced by the fact of including Cards and Biometric scanner

as input. There can be levels of authentication a user can undergo.

1.3. References

1. IEEE.Std 830-1998 IEEE Recommended Practice for Software Requirements

Specifications.IEEE Computer Society, 1998.

2. http://paperpresentation-seminars.blogspot.in/2011/07/3d-passwords.html

3.http://realusers.com

2.0. Overall Description

2.1Product Perspective:

Normally the authentication scheme the user undergoes is particularly very lenient or

very strict. Throughout the years authentication has been a very interesting approach.

With all the means of technology developing, it can be very easy for 'others' to fabricate

or to steal identity or to hack someone’s password. Therefore many algorithms have

come up each with an interesting approach toward calculation of a secret key. The

algorithms are such based to pick a random number in the range of 10^6 and therefore

the possibilities of the same number coming is rare

Users nowadays are provided with major password stereotypes such as textual

passwords, biometric scanning, tokens or cards (such as an ATM) etc.Mostly textual

passwords follow an encryption algorithm as mentioned above.Biometric scanning is

your "natural" signature and Cards or Tokens prove your validity. But some people hate

the fact to carry around their cards, some refuse to undergo strong IR exposure to their

retinas(Biometric scanning).Mostly textual passwords, nowadays, are kept very simple

say a word from the dictionary or their pet names,girlfriends etc. Years back Klein

performed such tests and he could crack 10-15 passwords per day. Now with the

technology change, fast processors and many tools on the Internet this has become a

Child's Play.

Therefore we present our idea, the 3D passwords which are more customizable and

very interesting way of authentication.Now the passwords are based on the fact of

Human memory. Generally simple passwords are set so as to quickly recall them. The

human memory, in our scheme has to undergo the facts of Recognition, Recalling,

Biometrics or Token based authentication.

2.2Product FeaturesThe proposed system is a multifactor authentication scheme thatcombines the

benefits of various authentication schemes. Users have the freedom toselect whether

the 3Dpassword will be solely recall, biometrics,recognitionortokenbasedor a

combination of two schemes or more. This freedom of selection isnecessary because

users are different and they have different requirements. Therefore,to ensure high user

acceptability, the user’s freedom of selection is important.The following requirements

are satisfied in the proposed scheme.

1. The new scheme provide secrets that are easy to remember and very difficultfor intruders to guess.

2. The new scheme provides secrets that are not easy to write down on paper. Moreover, the scheme secrets should be difficult to share with others.

3. The new scheme provides secrets that can be easily revoked or changed.

2.3User Classes and Characteristics

The 3D password can have a password space that is very large compared to

other authentication schemes, so the 3D password’s main application domains are

protecting critical systems and resources.

1. Critical server many large organizations have critical servers that are usually protected by a textual password. A 3D password authentication proposes a sound replacement for a textual password.

2. Nuclear and military facilities such facilities should be protected by the most powerful authentication systems. The 3D password has a very large probable

password space, and since it can contain token biometrics, recognition and knowledge based authentications in a single authentication system, it is a sound choice for high level security locations.

3. Airplanes and jet fighters Because of the possible threat of misusing airplanesand jet fighters for religion, political agendas, usage of such airplanes should be protected by a powerful authentication system.

In addition, 3D passwords can be used in less critical systems because the 3D virtual environment can be designed to fit to any system needs. A small virtual environment can be used in the following systems like

1. ATM2. Personal Digital Assistance3. Desktop Computers & laptop logins4. Web Authentication5. Security Analysis

2.4Operating environment:

The product will be operating in windows environment. Also it will be compatible with any web browser. The only requirement to use this system would be the internet connection.We also need to create a 3d environment,where the user can interact with different objects. Similar to other web applications, the platform required for this is similar to that of a normal web application.

2.5 Design and Implementation Constraints:

The designofthe 3D virtual environments affects the usability, effectiveness,acceptability

of 3D password.The first step in building a 3D password system is to design a 3D

environment that reflects the administration needs and the security requirements. The

design of 3D virtual environments should follow these guidelines.

1) Real Life Similarity Theprospective 3D virtual environment should reflect what

people are used to seeing in real life. Objects used in virtual environments

should be relatively similar in size to real objects (sized to scale). Possible

actions and interactions toward virtual objects should reflect reallife situations.

Object responses should be realistic. The target should have a 3D virtual

environment that users can interact

2) Object uniqueness and distinction every virtual object or item in the 3D virtual

environment is different from any other virtual object. The uniqueness comes

from the fact that every virtual object has its own attributes such as position.

Thus, the prospective interaction with object 1 is not equal to the interaction with

object 2. How ever, having similar objects such as 20 computers in one place

might confuse the user. Therefore, the design of the 3D virtual environment

should consider that every object should be distinguishable from other objects.

Similarly, in designing a 3D virtual environment, it should be easy for users to

navigate through and to distinguish between objects. The distinguishing factor

increases the user’s recognition of objects. Therefore, it improves the system

usability.

3) Three Dimensional Virtual Environment Size A 3D virtual environment can

depict a city or even the world. On the other hand, it can depict a space as

focused as a single room or office. A large 3D virtual environment will increase

the time required by the user to perform a 3D password. Moreover, a large 3D

virtual environment can contain a large number of virtual objects. Therefore, the

probable 3D password space broadens. However, a small 3D virtual

environment usually contains only a few objects, and thus, performing a 3D

password will take less time.

4) Number of objects and their types Part of designing a 3D virtual environment is

determining the types of objects and how many objects should be placed in the

environment. The types of objects reflect what kind of responses the object will

have. For simplicity, we can consider requesting a textual password or a

fingerprint as an object response type. Selecting the right object response types

and the number of objects affects the probable password space of a 3D

password.

5) System Importance The 3D virtual environment should consider what systems

will be protected by a 3D password The number of objects and thetypes of

objects that Have been used in the 3D virtual environment should reflect the

importance of the protected system.

2.6 Assumptions and Dependencies:

Full working of 3D PASSWORDS is dependent on the availability of Internet connection, flash player.

Assumptions:

In general it has been assumed that the user has complete knowledge of the system

that means user is not a naïve user. Any data entered by him/her will be valid. To make

the software as user friendly as possible but at the same time keeping in minds user

requirements.

Server OS should be Windows NT/2000/XP.

Client PC should be Windows 9X/NT/WorkStation or Windows 2000

with latest service pack.

Dependencies:

The product uses adobe flash player for proper working of 3d passwords.

3.0 system features:

3.1 Database – Storage

3.1.1 Description and Priority

Proposed Database is intended to store, retrieve, update, and

manipulate information related to particular organization which

include user names and passwords.

3.2 Functional Requirements specification:

This section gives the list of Functional and nonfunctionalrequirements

which are applicable to the 3d passwords. Functional requirements are

nothing but the services provided by the system to its end users.

There are two modules in this phase. They are

1. Registration module

2. Authentication module

3.2.1 Use case:

Registration Diagram:

Description: The user provides the textual passwords then enters into the 3d virtual environment then he changes the states of the desired objects. The interactions of the user with these objects in the 3d environment are stored by the server as users 3d password.

3.2.2 Use case: Authentication Diagram:

Description: The user provides the textual passwords then enters into the 3d virtual environment then he changes the states of the desired objects. The interactions of the user with these objects in the 3d environment are verified with the interactions stored by the server as the users 3d password.

4. UML DIAGRAMS

4.1 Sequence diagram for Authentication:

4.2 State chart diagram

5. External Interface Requirements

5.1User Interfaces3D Passwords provides the security required for any organization or application. Therefore it forms the link between the user and the application and the user can interact with the objects in the 3d environment through the browser enabled with a flash player plug-in.

5.2. Hardware InterfacesServer Side:

Operating System: Windows xp, Processor: Pentium 3.0 GHz or higher RAM: 256 Mb or more Hard Drive: 10 GB or more

Client side: Operating System: Windows xp, Processor: Pentium III or 2.0 GHz or higher. RAM: 256 Mb or more

5.3 Software Interfaces

Database: SQL Server. Application: python scripts and java applet,web browser Web Server: apache is a powerfulWeb server that provides a highly reliable,

manageable, and scalableWeb application infrastructure Web browser: with flash player plug in

5.4. Communication Interfaces

The Customer must connect to the Internet to access the Website: Dialup Modem of 52 kbps Broadband Internet Dialup or Broadband Connection with a Internet Provider.

6. Other Nonfunctional Requirements

6.1: Performance Requirements:The purpose of the implementation is to make implementing the 3d passwords is to provide a more secure way of authentication.This is achieved by using the 3d environment with a combination.

6.2: Safety RequirementsThe database may get crashed at any certain time due to virus or operating system failure. Therefore, it is required to take the database backup.

6.3: Security RequirementsPrevention of obtaining password hashes or plaintext passwords from sniffing the network. The 3d password scheme should be able to avoid brute force attack and shoulder surfing attacks.

6.4Hardware ConstraintsThe system requires a database in order to store persistent data. The database should have backup capabilities. The system should have a minimum graphics support.

6.5: Software ConstraintsThe development of the system will be constrained by the availability of required software such as web servers, database and development tools. The 3d environment has to be designed with the animating tools.