Upload
krishna-gade
View
504
Download
9
Embed Size (px)
Citation preview
Software Requirements Specification
for
3D PASSWORDSPrepared by:
M.S.BALA SUBRAMANYAM (08BQ1A0508)
G.KRISHNA KANTH (08BQ1A0520)
B.CHAITANYA DAS (08BQ1A0507)
VASIREDDY VENKATADRI
INSTITUTE OF TECHNOLOGY
DATE:
Table of Contents
1. Introduction...............................................................................................................11.1 Purpose..............................................................................................................................11.2 Project Scope.....................................................................................................................11.3 References.........................................................................................................................2
2. Overall Description...................................................................................................32.1 Product Perspective...........................................................................................................32.2 Product Features...............................................................................................................52.3 User Classes and Characteristics......................................................................................52.4 Operating Environment......................................................................................................62.5 Design and Implementation Constraints............................................................................52.6 assumptionsand Dependencies…………….…………………………………..
…………..32.7 Functional Requirements Specification……………………………………………………...…5
2.7.1 user Use Case………………………………………………………………………………...………...5
Use case: initialize…………………………………………………………………………………………….5Use case:
register…………………………………………………………………………….2.7.2 server Use Case………………………………………………………………………………………....................
Use case: authentication…………………………………………………………………………….3. External Interface Requirements.............................................................................5
3.1 User Interfaces...................................................................................................................53.2 Hardware Interfaces...........................................................................................................53.3 Software Interfaces............................................................................................................53.4 Communications Interfaces...............................................................................................5
4. Other Nonfunctional Requirements........................................................................64.1 Performance Requirements...............................................................................................64.2 Safety Requirements.........................................................................................................64.3 Security Requirements.......................................................................................................64.4 Software Quality Attributes................................................................................................6
6. Other Requirements.................................................................................................7Glossary..........................................................................................................................7
1.0. Introduction
1.1. Purpose
The purpose of this document is to present a detailed description of the 3D
PASSWORDS AUTHENTICATION SYSTEM. It will explain the purpose and features of
the system, the interfaces of the system, what the system will do, the constraints under
which it must operate and how the system will react to external stimuli. This document is
intended for both the stakeholders and the developers of the system .
1.2. Scope of Project
The 3D passwords is a more customizable and very interesting way of
authentication.Now the passwords are based on the fact of Human memory. Generally
simple passwords are set so as to quickly recall them. The human memory, in our
scheme has to undergo the facts of Recognition, Recalling. Once implemented and you
log in to a secure site, the 3D password GUI opens up. This is an additional textual
password which the user can simply put. Once he goes through the first authentication,
a 3D virtual room will open on the screen. In our case, let’s say a virtual garage.Now in
a day to day garage one will find all sorts of tools, equipments, etc.each of them having
unique properties. The user will then interact with these properties accordingly. Each
object in the 3D space, can be moved around in an (x,y,z) plane. That’s the moving
attribute of each object. This property is common to all the objects in the space.
Suppose a user logs in and enters the garage. He sees and picks a screw-driver (initial
position in xyz coordinates (5, 5, 5)) and moves it 5 places to his right (in XY plane i.e.
(10, 5, 5).That can be identified as an authentication. Only the true user understands
and recognizes the object which he has to choose among many. This is the Recall and
Recognition part of human memory coming into play.Interestingly,a password can be
set as approaching a radio and setting its frequency to number only the user
knows.Security can be enhanced by the fact of including Cards and Biometric scanner
as input. There can be levels of authentication a user can undergo.
1.3. References
1. IEEE.Std 830-1998 IEEE Recommended Practice for Software Requirements
Specifications.IEEE Computer Society, 1998.
2. http://paperpresentation-seminars.blogspot.in/2011/07/3d-passwords.html
3.http://realusers.com
2.0. Overall Description
2.1Product Perspective:
Normally the authentication scheme the user undergoes is particularly very lenient or
very strict. Throughout the years authentication has been a very interesting approach.
With all the means of technology developing, it can be very easy for 'others' to fabricate
or to steal identity or to hack someone’s password. Therefore many algorithms have
come up each with an interesting approach toward calculation of a secret key. The
algorithms are such based to pick a random number in the range of 10^6 and therefore
the possibilities of the same number coming is rare
Users nowadays are provided with major password stereotypes such as textual
passwords, biometric scanning, tokens or cards (such as an ATM) etc.Mostly textual
passwords follow an encryption algorithm as mentioned above.Biometric scanning is
your "natural" signature and Cards or Tokens prove your validity. But some people hate
the fact to carry around their cards, some refuse to undergo strong IR exposure to their
retinas(Biometric scanning).Mostly textual passwords, nowadays, are kept very simple
say a word from the dictionary or their pet names,girlfriends etc. Years back Klein
performed such tests and he could crack 10-15 passwords per day. Now with the
technology change, fast processors and many tools on the Internet this has become a
Child's Play.
Therefore we present our idea, the 3D passwords which are more customizable and
very interesting way of authentication.Now the passwords are based on the fact of
Human memory. Generally simple passwords are set so as to quickly recall them. The
human memory, in our scheme has to undergo the facts of Recognition, Recalling,
Biometrics or Token based authentication.
2.2Product FeaturesThe proposed system is a multifactor authentication scheme thatcombines the
benefits of various authentication schemes. Users have the freedom toselect whether
the 3Dpassword will be solely recall, biometrics,recognitionortokenbasedor a
combination of two schemes or more. This freedom of selection isnecessary because
users are different and they have different requirements. Therefore,to ensure high user
acceptability, the user’s freedom of selection is important.The following requirements
are satisfied in the proposed scheme.
1. The new scheme provide secrets that are easy to remember and very difficultfor intruders to guess.
2. The new scheme provides secrets that are not easy to write down on paper. Moreover, the scheme secrets should be difficult to share with others.
3. The new scheme provides secrets that can be easily revoked or changed.
2.3User Classes and Characteristics
The 3D password can have a password space that is very large compared to
other authentication schemes, so the 3D password’s main application domains are
protecting critical systems and resources.
1. Critical server many large organizations have critical servers that are usually protected by a textual password. A 3D password authentication proposes a sound replacement for a textual password.
2. Nuclear and military facilities such facilities should be protected by the most powerful authentication systems. The 3D password has a very large probable
password space, and since it can contain token biometrics, recognition and knowledge based authentications in a single authentication system, it is a sound choice for high level security locations.
3. Airplanes and jet fighters Because of the possible threat of misusing airplanesand jet fighters for religion, political agendas, usage of such airplanes should be protected by a powerful authentication system.
In addition, 3D passwords can be used in less critical systems because the 3D virtual environment can be designed to fit to any system needs. A small virtual environment can be used in the following systems like
1. ATM2. Personal Digital Assistance3. Desktop Computers & laptop logins4. Web Authentication5. Security Analysis
2.4Operating environment:
The product will be operating in windows environment. Also it will be compatible with any web browser. The only requirement to use this system would be the internet connection.We also need to create a 3d environment,where the user can interact with different objects. Similar to other web applications, the platform required for this is similar to that of a normal web application.
2.5 Design and Implementation Constraints:
The designofthe 3D virtual environments affects the usability, effectiveness,acceptability
of 3D password.The first step in building a 3D password system is to design a 3D
environment that reflects the administration needs and the security requirements. The
design of 3D virtual environments should follow these guidelines.
1) Real Life Similarity Theprospective 3D virtual environment should reflect what
people are used to seeing in real life. Objects used in virtual environments
should be relatively similar in size to real objects (sized to scale). Possible
actions and interactions toward virtual objects should reflect reallife situations.
Object responses should be realistic. The target should have a 3D virtual
environment that users can interact
2) Object uniqueness and distinction every virtual object or item in the 3D virtual
environment is different from any other virtual object. The uniqueness comes
from the fact that every virtual object has its own attributes such as position.
Thus, the prospective interaction with object 1 is not equal to the interaction with
object 2. How ever, having similar objects such as 20 computers in one place
might confuse the user. Therefore, the design of the 3D virtual environment
should consider that every object should be distinguishable from other objects.
Similarly, in designing a 3D virtual environment, it should be easy for users to
navigate through and to distinguish between objects. The distinguishing factor
increases the user’s recognition of objects. Therefore, it improves the system
usability.
3) Three Dimensional Virtual Environment Size A 3D virtual environment can
depict a city or even the world. On the other hand, it can depict a space as
focused as a single room or office. A large 3D virtual environment will increase
the time required by the user to perform a 3D password. Moreover, a large 3D
virtual environment can contain a large number of virtual objects. Therefore, the
probable 3D password space broadens. However, a small 3D virtual
environment usually contains only a few objects, and thus, performing a 3D
password will take less time.
4) Number of objects and their types Part of designing a 3D virtual environment is
determining the types of objects and how many objects should be placed in the
environment. The types of objects reflect what kind of responses the object will
have. For simplicity, we can consider requesting a textual password or a
fingerprint as an object response type. Selecting the right object response types
and the number of objects affects the probable password space of a 3D
password.
5) System Importance The 3D virtual environment should consider what systems
will be protected by a 3D password The number of objects and thetypes of
objects that Have been used in the 3D virtual environment should reflect the
importance of the protected system.
2.6 Assumptions and Dependencies:
Full working of 3D PASSWORDS is dependent on the availability of Internet connection, flash player.
Assumptions:
In general it has been assumed that the user has complete knowledge of the system
that means user is not a naïve user. Any data entered by him/her will be valid. To make
the software as user friendly as possible but at the same time keeping in minds user
requirements.
Server OS should be Windows NT/2000/XP.
Client PC should be Windows 9X/NT/WorkStation or Windows 2000
with latest service pack.
Dependencies:
The product uses adobe flash player for proper working of 3d passwords.
3.0 system features:
3.1 Database – Storage
3.1.1 Description and Priority
Proposed Database is intended to store, retrieve, update, and
manipulate information related to particular organization which
include user names and passwords.
3.2 Functional Requirements specification:
This section gives the list of Functional and nonfunctionalrequirements
which are applicable to the 3d passwords. Functional requirements are
nothing but the services provided by the system to its end users.
There are two modules in this phase. They are
1. Registration module
2. Authentication module
3.2.1 Use case:
Registration Diagram:
Description: The user provides the textual passwords then enters into the 3d virtual environment then he changes the states of the desired objects. The interactions of the user with these objects in the 3d environment are stored by the server as users 3d password.
3.2.2 Use case: Authentication Diagram:
Description: The user provides the textual passwords then enters into the 3d virtual environment then he changes the states of the desired objects. The interactions of the user with these objects in the 3d environment are verified with the interactions stored by the server as the users 3d password.
4. UML DIAGRAMS
4.1 Sequence diagram for Authentication:
4.2 State chart diagram
5. External Interface Requirements
5.1User Interfaces3D Passwords provides the security required for any organization or application. Therefore it forms the link between the user and the application and the user can interact with the objects in the 3d environment through the browser enabled with a flash player plug-in.
5.2. Hardware InterfacesServer Side:
Operating System: Windows xp, Processor: Pentium 3.0 GHz or higher RAM: 256 Mb or more Hard Drive: 10 GB or more
Client side: Operating System: Windows xp, Processor: Pentium III or 2.0 GHz or higher. RAM: 256 Mb or more
5.3 Software Interfaces
Database: SQL Server. Application: python scripts and java applet,web browser Web Server: apache is a powerfulWeb server that provides a highly reliable,
manageable, and scalableWeb application infrastructure Web browser: with flash player plug in
5.4. Communication Interfaces
The Customer must connect to the Internet to access the Website: Dialup Modem of 52 kbps Broadband Internet Dialup or Broadband Connection with a Internet Provider.
6. Other Nonfunctional Requirements
6.1: Performance Requirements:The purpose of the implementation is to make implementing the 3d passwords is to provide a more secure way of authentication.This is achieved by using the 3d environment with a combination.
6.2: Safety RequirementsThe database may get crashed at any certain time due to virus or operating system failure. Therefore, it is required to take the database backup.
6.3: Security RequirementsPrevention of obtaining password hashes or plaintext passwords from sniffing the network. The 3d password scheme should be able to avoid brute force attack and shoulder surfing attacks.
6.4Hardware ConstraintsThe system requires a database in order to store persistent data. The database should have backup capabilities. The system should have a minimum graphics support.
6.5: Software ConstraintsThe development of the system will be constrained by the availability of required software such as web servers, database and development tools. The 3d environment has to be designed with the animating tools.