JYOTHISH.O.S

201224

INTRODUCTION

• The 3D passwords3D passwords are more customizable, and very interesting way of authentication.

• A 3D password is a multifactor authentication scheme that combine

RECOGNITIONRECOGNITION ++RECALLRECALL ++TOKENSTOKENS ++BIOMETRICSBIOMETRICS in one authentication system.

•The 3D password presents a virtual environmentvirtual environment containing various virtual objects.

•The user walks through the environment and interacts with the objects.

•It is the combination and sequence of user interactions that occur in the 3D environment.

•It becomes much more difficult for the attacker to guess the user’s 3-D password

Virtual objects can be any object we encounter in

real life:

A computer on which the user can type in.

A fingerprint reader that requires users fingerprint.

A paper or white board on which user can type.

An Automated teller(ATM) machine that requires a token.

A light that can be switched on/off.

A television or radio where channels can be selected.

A car that can be driven.

A graphical password scheme.

A biometric recognition device.

A staple that can be punched.

A book that can be moved from one place to another.

Any real life object.

Any upcoming authentication scheme

AUTHENTICATION SCHEMES

KNOWLEDGE BASED Recall basedRecognition based

TOKEN BASED

e.g : smart card

• BIOMETRIC BASED

– Fingerprint ,palm prints ,hand geometry ,face recognition

– Intrusiveness upon a user’s personal characteristics.

• GRAPHICAL PASSWORDS

– Recognition based

– Recall based

FUNCTIONALITIES REQUIRED

• New scheme should combine the existing authentication schemes

• User can Freedom to select the type of authentication technique.

• 3d password Should provide secrets that are easy to remember, difficult to guess.

3D PASSWORD SELECTION AND INPUT

• 3D environment space represented by the co-ordinates

• User navigate into the 3D virtual environment using any input device.

• The sequence of actions and interactions forms the users 3D password.

• For EXAMPLE:

Let us assume the user enters a virtual office then performs the following action:

(10,24,91) Action=Open office door (10,24,91) Action=Close office door (4,34,18) Action=Tpeine,”C” (4,34,18) Action=Typing,”O” (4,34,18)Action=Typing,”N” (10,24,80)Action=Pick up the pen (1,18,80)Action=Draw point=(330,130)

3D Virtual Environment3D Virtual Environment• 3-D virtual environment affects the usability,

effectiveness, and acceptability of a 3-D password system.

• 3-D environment reflects the administration needs and the security requirements.

3D VIRTUAL ENVIRONMENT DESIGN GUIDELINES

• Real-life similarity

• Object uniqueness and distinction

• Three-dimensional virtual environment

• System importance

APPLICATIONS

The 3D password’s main application domains are protecting critical systems and resources.

Critical Servers Nuclear Reactors & military Facilities Airplanes and missile Guiding

A small virtual environment can be used in the following systems like-

Atm

Personal digital assistance

Desktop computers & laptops

Web authentication etc.

Attacks and Countermeasures

• Brute Force Attack: The attack is very difficult because

1. Time required to login may vary form 20s

to 2 min therefore it is very time consuming.

2. Cost of Attack: A 3D Virtual environment may

contain biometric object ,the attacker has to forge

all biometric information.

• Well Studied Attack: Attacker tries to get the most probable distribution of 3D Password. This is difficult because attacker has to perform customized attack fo different virtual environment .

• Shoulder Surfing Attacks: Attacker uses camera to record the users 3D passwords.This attack is more succesful

CONCLUSION

• Commonly used authentication schemes are vulnerable to attacks.

• 3D Password is a multifactor authentication scheme.

• Design of 3D virtual environment, selection of objects inside the environment, and the object type reflects the resulted password space.

• User’s choice and decision to construct the desired and preferred 3D password

Thank You!