Beruflich Dokumente
Kultur Dokumente
com
A Seminar report on
3D Password
Submitted in partial fulfillment of the requirement for the award of degree of Computer Science
SUBMITTED
TO:
SUBMITTED www!"tud#mafia!com
B :
www!"tud#mafia!com
Preface
www.studymafia.com
I ha$e made thi" report file on the topic3D Password% I ha$e tried m# be"t to elucidate all the rele$ant detail to the topic to be included in the report! &hile in the beginning I ha$e tried to gi$e a general $iew about thi" topic! M# effort" and wholehearted co'corporation of each and e$er#one ha" ended on a "ucce""ful note! I e(pre"" m# "incere gratitude to ))))!!who a""i"ting me throughout the preparation of thi" topic! I than* him for pro$iding me the reinforcement% confidence and mo"t importantl# the trac* for the topic whene$er I needed it!
INTRODUCTION
www.studymafia.com
+ormall# the authentication "cheme the u"er undergoe" i" particularl# $er# lenient or $er# "trict! Throughout the #ear" authentication ha" been a $er# intere"ting approach! &ith all the mean" of technolog# de$eloping% it can be $er# ea"# for ,other", to fabricate or to "teal identit# or to hac* "omeone-" pa""word! Therefore man# algorithm" ha$e come up each with an intere"ting approach toward calculation of a "ecret *e#! The algorithm" are "uch ba"ed to pic* a random number in the range of ./01 and therefore the po""ibilitie" of the "ane number coming i" rare! U"er" nowada#" are pro$ided with ma2or pa""word "tereot#pe" "uch a" te(tual pa""word"% biometric "canning% to*en" or card" 3"uch a" an 4TM5 etc !Mo"tl# te(tual pa""word" follow an encr#ption algorithm a" mentioned abo$e! Biometric "canning i" #our 6natural6 "ignature and Card" or To*en" pro$e #our $alidit#! But "ome people hate the fact to carr# around their card"% "ome refu"e to undergo "trong I7 e(po"ure to their retina"3Biometric "canning5!Mo"tl# te(tual pa""word"% nowada#"% are *ept $er# "imple "a# a word from the dictionar# or their pet name"% girlfriend" etc! ear" bac* 8lein performed "uch te"t" and he could crac* ./'.9 pa""word" per da#! +ow with the technolog# change% fa"t proce""or" and man# tool" on the Internet thi" ha" become a Child," :la#!
Therefore we pre"ent our idea% the ;D pa""word" which are more cu"tomi<able and $er# intere"ting wa# of authentication! +ow the pa""word" are ba"ed on the fact of =uman memor#! >enerall# "imple pa""word" are "et "o a" to quic*l# recall them! The human memor#% in our "cheme ha" to undergo the fact" of 7ecognition% 7ecalling% Biometric" or To*en ba"ed authentication! Once implemented and #ou log in to a "ecure "ite% the ;D pa""word >UI open" up! Thi" i" an additional te(tual pa""word which the u"er can "impl# put! Once he goe" through the fir"t authentication% a ;D $irtual room will open on the "creen! In our ca"e% let-" "a# a $irtual garage! +ow in a da# to da# garage one will find all "ort" of tool"% equipment"% etc!each of them ha$ing unique propertie"! The u"er will then interact with the"e propertie" accordingl#! Each ob2ect in the ;D "pace% can be mo$ed around in an 3(%#%<5 plane! That-" the mo$ing attribute of each ob2ect! Thi" propert# i" common to all the ob2ect" in the "pace! Suppo"e a u"er log" in and enter" the garage! =e "ee" and pic*" a "crew'dri$er 3initial po"ition in (#< coordinate" 39% 9% 955 and mo$e" it 9 place" to hi" right 3in ? plane i!e! 3./% 9% 95!That can be identified a" an
www.studymafia.com
authentication! Onl# the true u"er under"tand" and recogni<e" the ob2ect which he ha" to choo"e among man#! Thi" i" the 7ecall and 7ecognition part of human memor# coming into pla#! Intere"tingl#% a pa""word can be "et a" approaching a radio and "etting it" frequenc# to number onl# the u"er *now"! Securit# can be enhanced b# the fact of including Card" and Biometric "canner a" input! There can be le$el" of authentication a u"er can undergo!
EXISTING SYSTEM
Current authentication "#"tem" "uffer from man# wea*ne""e"! Te(tual pa""word" are commonl# u"ed! U"er" tend to choo"e meaningful word" from dictionarie"% which ma*e te(tual pa""word" ea"# to brea* and $ulnerable to dictionar# or brute force attac*"! Man# a$ailable graphical pa""word" ha$e a pa""word "pace that i" le"" than or equal to the te(tual pa""word
www.studymafia.com
"pace! Smart card" or to*en" can be "tolen! Man# biometric authentication" ha$e been propo"ed! =owe$er% u"er" tend to re"i"t u"ing biometric" becau"e of their intru"i$ene"" and the effect on their pri$ac#! Moreo$er% biometric" cannot be re$o*ed! The ;Dpa""word i" a multi factor authentication "cheme! The de"ign of the ;D $irtual en$ironment and the t#pe of ob2ect" "elected determine the ;D pa""word *e# "pace! U"er ha$e freedom to "elect whether the ;D pa""word will be "olel# recall% recognition% or to*en ba"ed% or combination of two "cheme" or more!
PROPOSED SYSTEM
The propo"ed "#"tem i" a multi factor authentication "cheme that combine" the benefit" of $ariou" authentication "cheme"! U"er" ha$e the freedom to "elect whether the ;D pa""word will be "olel# recall% biometric"% recognition% or to*en ba"ed% or a combination of two "cheme" or more! Thi" freedom of "election i" nece""ar# becau"e u"er" are different and the# ha$e different
www.studymafia.com
requirement"! Therefore% to en"ure high u"er acceptabilit#% the u"er-" freedom of "election i" important!
The following requirement" are "ati"fied in the propo"ed "cheme .! The new "cheme pro$ide "ecret" that are ea"# to remember and $er# difficult for intruder" to gue""! @! The new "cheme pro$ide" "ecret" that are not ea"# to write down on paper! Moreo$er% the "cheme "ecret" "hould be difficult to "hare with other"! ;! The new "cheme pro$ide" "ecret" that can be ea"il# re$o*ed or changed!
www.studymafia.com
a" te(tual pa""word"% graphical pa""word"% and $ariou" t#pe" of biometric" into a ;D $irtual en$ironment! The choice of what authentication "cheme" will be part of the u"er," ;D pa""word reflect" the u"er," preference" and requirement"! 4 u"er who prefer" to remember and recall a pa""word might choo"e te(tual and graphical pa""word a" part of their ;D pa""word! On the other hand u"er" who ha$e more difficult# with memor# or recall might prefer to choo"e "mart card" or biometric" a" part of their ;D pa""word! Moreo$er u"er who prefer" to *eep an# *ind of biometric data pri$ate might not interact with ob2ect that require" biometric information! Therefore it i" the u"er," choice and deci"ion to con"truct the de"ired and preferred ;D pa""word!
SYSTEM IMPLIMENTATION
The ;D pa""word i" a multi factor authentication "cheme! The ;D pa""word pre"ent" a ;D $irtual en$ironment containing $ariou" $irtual ob2ect"! The u"er na$igate" through thi" en$ironment and interact" with the ob2ect"! The ;D pa""word i" "impl# the combination and the "equence of u"er interaction" that occur in the ;D $irtual en$ironment! The ;D pa""word can combine recognition% recall% to*en% and biometric" ba"ed "#"tem" into one authentication "cheme! Thi" can be done b# de"igning a ;D $irtual en$ironment that contain" ob2ect" that reque"t
www.studymafia.com
information to be recalled% information to be recogni<ed% to*en" to be pre"ented% and biometric data to be $erified!
Aor e(ample% the u"er can enter the $irtual en$ironment and t#pe "omething on a computer that e(i"t" in 3(. % #. % <. 5 po"ition% then enter a room that ha" a fingerprint recognition de$ice that e(i"t" in a po"ition 3(@ % #@ % <@ 5 and pro$ide hi"Bher fingerprint! Then% the u"er can go to the $irtual garage% open the car door% and turn on the radio to a "pecific channel! The combination and the "equence of the pre$iou" action" toward the "pecific ob2ect" con"truct the u"er-" ;D pa""word!
Cirtual ob2ect" can be an# ob2ect that we encounter in real life! 4n# ob$iou" action" and interaction" toward the real life ob2ect" can be done in the $irtual ;D en$ironment toward the $irtual ob2ect"! Moreo$er% an# u"er input 3"uch a" "pea*ing in a "pecific location5 in the $irtual ;D en$ironment can be con"idered a" a part of the ;D pa""word!
&e can ha$e the following ob2ect": .5 4 computer with which the u"er can t#peD @5 4 fingerprint reader that require" the u"er-" fingerprintD ;5 4 biometric recognition de$iceD E5 4 paper or a white board that a u"er can write% "ign% or draw onD 95 4n automated teller machine 34TM5 that reque"t" a to*enD 15 4 light that can be "witched onBoffD F5 4 tele$i"ion or radio where channel" can be "electedD G5 4 "taple that can be punchedD H5 4 car that can be dri$enD ./5 4 boo* that can be mo$ed from one place to anotherD ..5 4n# graphical pa""word "chemeD
www.studymafia.com
.@5 4n# real life ob2ectD .;5 4n# upcoming authentication "cheme!
The action toward an ob2ect 3a""ume a fingerprint recognition de$ice5 that e(i"t" in location 3(.% #. % <. 5 i" different from the action" toward a "imilar ob2ect 3another fingerprint recognition de$ice5 that e(i"t" in location 3(@ % #@ % <@ 5% where (. I (@ % #. I #@ % and <. I <@ ! Therefore% to perform the legitimate ;D pa""word% the u"er mu"t follow the "ame "cenario performed b# the legitimate u"er! Thi" mean" interacting with the "ame ob2ect" that re"ide at the e(act location" and perform the e(act action" in the proper "equence!
Aor e(ample% con"ider a u"er who na$igate" through the ;D $irtual en$ironment that con"i"t" of an office and a meeting room! Jet u" a""ume that the u"er i" in the $irtual office and the u"er turn" around to the door located in 3./% @E% H.5 and open" it! Then% the u"er clo"e" the door! The u"er then find" a computer to the left% which e(i"t" in the po"ition 3E% ;E% .G5% and the u"er t#pe" NA4JCO+!O Then% the u"er wal*" to the meeting room and pic*" up a pen located at 3./% @E% G/5 and draw" onl# one dot in a paper located in 3.% .G% ;/5% which i" the dot 3(% #5 coordinate relati$e to the paper "pace i" 3;;/% .;/5! The u"er then pre""e" the login button! The initial repre"entation of u"er action" in the ;D$irtual en$ironment can be recorded a" follow":
www.studymafia.com
3./% @E% H.5 4ction I Open the office doorD 3./% @E% H.5 4ction I Clo"e the office doorD 3E% ;E% .G5 4ction I T#ping% NAOD 3E% ;E% .G5 4ction I T#ping% N4OD 3E% ;E% .G5 4ction I T#ping% NJOD 3E% ;E% .G5 4ction I T#ping% NCOD 3E% ;E% .G5 4ction I T#ping% NOOD 3E% ;E% .G5 4ction I T#ping% N+OD
The de"ign of the ; D $irtual en$ironment" affect" the u"abilit#% effecti$ene""% acceptabilit# of ;D pa""word! The fir"t "tep in building a ;D pa""word "#"tem i" to de"ign a ;D en$ironment that reflect" the admini"tration need" and the "ecurit# requirement"! The de"ign of ;D $irtual en$ironment" "hould follow the"e guideline"!
.5 7eal Jife Similarit# The pro"pecti$e ;D $irtual en$ironment "hould reflect what people are u"ed to "eeing in real life! Ob2ect" u"ed in $irtual en$ironment" "hould be relati$el# "imilar in "i<e to real ob2ect" 3"i<ed to "cale5! :o""ible action" and interaction" toward $irtual ob2ect" "hould reflect real life "ituation"! Ob2ect re"pon"e" "hould be reali"tic! The target "hould ha$e a ;D $irtual en$ironment that u"er" can interact @5 Ob2ect uniquene"" and di"tinction e$er# $irtual ob2ect or item in the ;D $irtual en$ironment i" different from an# other $irtual ob2ect! The uniquene"" come" from the fact that e$er# $irtual ob2ect ha" it" own attribute" "uch a" po"ition! Thu"% the pro"pecti$e interaction with ob2ect . i" not equal to the interaction with ob2ect @! =ow e$er% ha$ing "imilar ob2ect" "uch a" @/ computer" in one place might confu"e the u"er! Therefore% the de"ign of the ;D $irtual en$ironment "hould con"ider that e$er# ob2ect "hould be
www.studymafia.com
di"tingui"hable from other ob2ect"! Similarl#% in de"igning a ;D $irtual en$ironment% it "hould be ea"# for u"er" to na$igate through and to di"tingui"h between ob2ect"! The di"tingui"hing factor increa"e" the u"er-" recognition of ob2ect"! Therefore% it impro$e" the "#"tem u"abilit#! ;5 Three Dimen"ional Cirtual En$ironment Si<e 4 ;D $irtual en$ironment can depict a cit# or e$en the world! On the other hand% it can depict a "pace a" focu"ed a" a "ingle room or office! 4 large ;D $irtual en$ironment will increa"e the time required b# the u"er to perform a ;D pa""word! Moreo$er% a large ;D $irtual en$ironment can contain a large number of $irtual ob2ect"! Therefore% the probable ;D pa""word "pace broaden"! =owe$er% a "mall ;D $irtual en$ironment u"uall# contain" onl# a few ob2ect"% and thu"% performing a ;D pa""word will ta*e le"" time! E5 +umber of ob2ect" and their t#pe" :art of de"igning a ;D $irtual en$ironment i" determining the t#pe" of ob2ect" and how man# ob2ect" "hould be placed in the en$ironment! The t#pe" of ob2ect" reflect what *ind of re"pon"e" the ob2ect will ha$e! Aor "implicit#% we can con"ider reque"ting a te(tual pa""word or a fingerprint a" an ob2ect re"pon"e t#pe! Selecting the right ob2ect re"pon"e t#pe" and the number of ob2ect" affect" the probable pa""word "pace of a ;D pa""word! 95 S#"tem Importance The ;D $irtual en$ironment "hould con"ider what "#"tem" will be protected b# a ;D pa""word The number of ob2ect" and the t#pe" of ob2ect" that =a$e been u"ed in the ;D $irtual en$ironment "hould reflect the importance of the protected "#"tem!
www.studymafia.com
3D PASSWORD APPLICATION
The ;D pa""word can ha$e a pa""word "pace that i" $er# large compared to other authentication "cheme"% "o the ;D pa""word-" main application domain" are protecting critical "#"tem" and re"ource"!
.! Critical "er$er man# large organi<ation" ha$e critical "er$er" that are u"uall# protected b# a te(tual pa""word! 4 ;D pa""word authentication propo"e" a "ound replacement for a te(tual pa""word! @! +uclear and militar# facilitie" "uch facilitie" "hould be protected b# the mo"t :owerful authentication "#"tem"! The ;D pa""word ha" a $er# large probable pa""word "pace% and "ince it can contain to*en% biometric"% recognition and *nowledge ba"ed
www.studymafia.com
4uthentication" in a "ingle authentication "#"tem% it i" a "ound choice for high le$el "ecurit# location"! ;! 4irplane" and 2et fighter" Becau"e of the po""ible threat of mi"u"ing airplane" and 2et fighter" for religion% political agenda"% u"age of "uch airplane" "hould be protected b# a powerful authentication "#"tem!
In addition% ;D pa""word" can be u"ed in le"" critical "#"tem" becau"e the ;D $irtual en$ironment can be de"igned to fit to an# "#"tem need"! 4 "mall $irtual en$ironment can be u"ed in the following "#"tem" li*e .5 4TM @5 :er"onal Digital 4""i"tance ;5 De"*top Computer" P laptop login" E5 &eb 4uthentication 95 Securit# 4nal#"i"
To anal#<e and "tud# how "ecure a "#"tem i"% we ha$e to con"ider% Q =ow hard it i" for the attac*er to brea* "uch a "#"tem R 4 po""ible mea"urement i" ba"ed on the information content of a important to ha$e a "cheme that ha" a $er# large pa""word "pace! It i"
increa"e" the wor* required b# the attac*er to brea* the authentication "#"tem! R Aind a "cheme that ha" no pre$iou" or e(i"ting *nowledge of the mo"t probable u"er pa""word "election!
U"er" tend to u"e meaningful word" for te(tual pa""word"! Therefore finding the"e different word" from dictionar# i" a relati$el# "imple ta"* which #ield" a high "ucce"" rate for brea*ing te(tual pa""word"! :a"" face" u"er" tend to choo"e face" that reflect their own ta"te on facial attracti$ene""% race% and gender! E$er# u"er ha" different requirement" and preference" when "electing the appropriate ;D :a""word! Thi" fact will increa"e the effort required to find a pattern of u"er-" highl# "elected ;D pa""word! In addition% "ince the ;D pa""word combine" "e$eral authentication "cheme" into a "ingle authentication en$ironment% the attac*er ha" to "tud# e$er# "ingle authentication "cheme and ha" to di"co$er what the mo"t probable "elected "ecret" are! Since e$er# ;D pa""word "#"tem can be de"igned according to the protected "#"tem requirement"% the attac*er ha" to "eparatel# "tud# e$er# ;D pa""word "#"tem! Therefore% more effort i" required to build the *nowledge of mo"t probable ;D pa""word"!
Atta$(! an# Co'ntermea!'re! To reali<e and under"tand how far an authentication "cheme i" "ecure% we ha$e to con"ider all po""ible attac* method"! &e ha$e to "tud# whether the authentication "cheme propo"ed i" immune again"t "uch attac*" or not! Moreo$er% if the propo"ed authentication "cheme i" not immune% we then ha$e to find the countermea"ure" that pre$ent "uch attac*"! In thi" "ection% we tr# to co$er mo"t po""ible attac*" and whether the attac* i" $alid or not! Moreo$er% we tr# to propo"e countermea"ure" for "uch attac*"!
www.studymafia.com
+,Br'te For$e Atta$(: The attac*er ha" to tr# all po""ible ;D pa""word"! Thi" *ind of attac* i" $er# difficult for the following rea"on"! a! Time required to login The total time needed for a legitimate u"er to login ma# $ar# depending on the number of interaction" and action"% the "i<e of the ;D $irtual en$ironment% and the t#pe of action" and interaction"! Therefore% a brute force attac* on a ;D pa""word i" $er# difficult and time con"uming b! Co"t of attac*" the ;D $irtual en$ironment contain" biometric recognition ob2ect" and to*en ba"ed ob2ect"! The attac*er ha" to forge all po""ible biometric information and forge all the required to*en"! The co"t of forging "uch information i" $er# high% therefore crac*ing the ;D pa""word i" more challenging! The high number of po""ible ;D pa""word "pace" lea$e" the attac*er with almo"t no chance of brea*ing the ;D pa""word! -,We)).St'#ie# Atta$( : The attac*er trie" to find the highe"t probable di"tribution of ;D pa""word"! In order to launch "uch an attac*% the attac*er ha" to acquire *nowledge of the mo"t probable ;D pa""word di"tribution"! Thi" i" $er# difficult becau"e the attac*er ha" to "tud# all the e(i"ting authentication "cheme" that are u"ed in the ;D en$ironment! It require" a "tud# of the u"er-" "election of ob2ect" for the ;D pa""word! Moreo$er% a well "tudied attac* i" $er# hard to accompli"h "ince the attac*er ha" to perform a cu"tomi<ed attac* for e$er# different ;D $irtual en$ironment de"ign! Thi" en$ironment ha" a number of ob2ect" and t#pe" of ob2ect re"pon"e" that differ from an# other ;D $irtual en$ironment! Therefore% a carefull# cu"tomi<ed "tud# i" required to initiali<e an effecti$e attac*! 3,S/o')#er S'r0in* Atta$( :4n attac*er u"e" a camera to record the u"er-" ;D pa""word or trie" to watch the legitimate u"er while the ;D pa""word i" being performed! Thi" attac* i" the mo"t "ucce""ful t#pe of attac* again"t ;D pa""word" and "ome other graphical pa""word"! =owe$er% the u"er-" ;D pa""word ma# contain biometric data or te(tual pa""word" that cannot be "een from behind! Therefore% we a""ume that the ;D pa""word "hould be performed in a "ecure place where a "houlder "urfing attac* cannot be performed!
www.studymafia.com
1,Timin* Atta$(: In thi" attac*% the attac*er ob"er$e" how long it ta*e" the legitimate u"er to perform a correct "ign in u"ing the ;D pa""word! Thi" ob"er$ation gi$e" the attac*er an indication of the legitimate u"er-" ;D pa""word length! =owe$er% thi" *ind of attac* alone cannot be $er# "ucce""ful "ince it gi$e" the attac*er mere hint"! Therefore% it would probabl# be launched a" part of a well "tudied or brute force attac*! Timing attac*" can be $er# effecti$e if the ;D $irtual en$ironment i" poorl# de"igned!
CONCLUSION
www.studymafia.com
The ;D pa""word i" a multi factor authentication "cheme that combine" the $ariou" authentication "cheme" into a "ingle ;D $irtual en$ironment! The $irtual en$ironment can contain an# e(i"ting authentication "cheme or e$en an# upcoming authentication "cheme or e$en an# upcoming authentication "cheme" b# adding it a" a re"pon"e to action" performed on an ob2ect! Therefore the re"ulting pa""word "pace become" $er# large compared to an# e(i"ting authentication "cheme"! The de"ign of the ;D $irtual en$ironment the "election of ob2ect" in"ide the en$ironment and the ob2ect," t#pe reflect the re"ulted pa""word "pace! It i" the ta"* of the "#"tem admini"trator to de"ign the en$ironment and to "elect the appropriate ob2ect that reflect" the protected "#"tem requirement"! De"igning a "imple and ea"# to u"e ;D $irtual en$ironment i" a factor that lead" to a higher u"er acceptabilit# of a ;D pa""word "#"tem! The choice of what authentication "cheme will be part of u"er," ;D pa""word reflect" the u"er," preference" and requirement"!
www.studymafia.com
REFERENCES
L.M ?! Suo% ! Shu% and >! S! Owen% N>raphical pa""word": 4 "ur$e#%O in :roc! @."t 4nnu!
L@M D! C! 8lein% NAoiling the crac*er: 4 "ur$e# of% and impro$ement to pa""word" "ecurit#%O in :roc! USE+I? Securit# &or*"hop% .HH/% pp! 9T.E!
L;M +BC new"% 4TM Araud: Ban*ing on Criminal" Owning 4TM"% Dec! ..% @//;!
LEM T! 8itten% 8eeping an E#e on the 4TM! 3@//9% Uul! ..5! LOnlineM! 4$ailable: 4TMMar*et:lace!com
L9M BBC new"% Ca"h Machine Araud up% Sa# Ban*"% +o$! E% @//1!
L1M >! E! Blonder% N>raphical pa""word%O U!S! :atent 9 99H H1.% Sep! @E% .HH1!
LFM 7! Dhami2a and 4! :errig% NDV2W Cu: 4 u"er "tud# u"ing image" for authentication%O in :roc! Hth USI+E? Securit# S#mp!% Den$er% CO% 4ug! @///% pp! E9T9G!