K.L.

N COLLEGE OF ENGINEERING
3D PASSWORDS
PAPER PRESENTED BY
R.BALAJI
S.BALAJI
DEPARTMENT OF IT
K.L.N.C.E
1

TABLE OF CONTENTS
1. INTRODUCTION
2. EXISTING SYSTEM
3. PROPOSED SYSTEM
4. BRIEF DESCRIPTION OF SYSTEM
5. SYSTEM IMPLIMENTATION
6. 3D PASSWORD SELECTION AND INPUT
7. 3D IRTUAL ENIRONMENT DESIGN GUIDELINES
!. 3D PASSWORD APPLICATION
". STATE DIAGRAM OF A 3D PASSWORD APPLICATION
1#. CONCLUSION
11. REFERENCES
2

ABSTRACT
Normally the authentication scheme
the user undergoes is particularly very lenient
or very strict. Throughout the years
authentication has been a very interesting
approach. With all the means of technology
developing, it can be very easy for 'others' to
fabricate or to steal identity or to hack
someones passord. Therefore many
algorithms have come up each ith an
interesting approach toard calculation of a
secret key. The algorithms are such based to
pick a random number in the range of 1!"#
and therefore the possibilities of the sane
number coming is rare.
$sers noadays are provided ith
ma%or passord stereotypes such as te&tual
passords, biometric scanning, tokens or
cards 'such as an (T)* etc .)ostly te&tual
passords follo an encryption algorithm as
mentioned above. +iometric scanning is your
,natural, signature and -ards or Tokens prove
your validity. +ut some people hate the fact to
carry around their cards, some refuse to
undergo strong ./ e&posure to their
retinas'+iometric scanning*.)ostly te&tual
passords, noadays, are kept very simple
say a ord from the dictionary or their pet
names, girlfriends etc. 0ears back 1lein
performed such tests and he could crack 1!2
13 passords per day. No ith the
technology change, fast processors and many
tools on the .nternet this has become a -hild's
4lay.
INTRODUCTION
Therefore e present our idea, the 56
passords hich are more customi7able and
very interesting ay of authentication. No
the passords are based on the fact of 8uman
memory. 9enerally simple passords are set
so as to :uickly recall them. The human
memory, in our scheme has to undergo the
facts of /ecognition, /ecalling, +iometrics or
Token based authentication. ;nce
implemented and you log in to a secure site,
the 56 passord 9$. opens up. This is an
additional te&tual passord hich the user
can simply put. ;nce he goes through the first
authentication, a 56 virtual room ill open
on the screen. .n our case, lets say a virtual
garage. No in a day to day garage one ill
find all sorts of tools, e:uipments, etc.each of
them having uni:ue properties. The user ill
then interact ith these properties
accordingly. <ach ob%ect in the 56 space, can
be moved around in an '&,y,7* plane. Thats
the moving attribute of each ob%ect. This
property is common to all the ob%ects in the
space. =uppose a user logs in and enters the
garage. 8e sees and picks a scre2driver
'initial position in &y7 coordinates '3, 3, 3**
and moves it 3 places to his right 'in >0
plane i.e. '1!, 3, 3*.That can be identified as
an authentication. ;nly the true user
5

understands and recogni7es the ob%ect hich
he has to choose among many. This is the
/ecall and /ecognition part of human
memory coming into play. .nterestingly, a
passord can be set as approaching a radio
and setting its fre:uency to number only the
user knos. =ecurity can be enhanced by the
fact of including -ards and +iometric scanner
as input. There can be levels of authentication
a user can undergo.
EXISTING SYSTEM
-urrent authentication systems suffer
from many eaknesses. Te&tual passords
are commonly used. $sers tend to choose
meaningful ords from dictionaries, hich
make te&tual passords easy to break and
vulnerable to dictionary or brute force
attacks. )any available graphical passords
have a passord space that is less than or
e:ual to the te&tual passord space. =mart
cards or tokens can be stolen. )any biometric
authentications have been proposed.
8oever, users tend to resist using biometrics
because of their intrusiveness and the effect
on their privacy. )oreover, biometrics cannot
be revoked. The 56passord is a multi factor
authentication scheme. The design of the 56
virtual environment and the type of ob%ects
selected determine the 56 passord key
space. $ser have freedom to select hether
the 56 passord ill be solely recall,
recognition, or token based, or combination
of to schemes or more.
PROPOSED SYSTEM
The proposed system is a multi factor
authentication scheme that combines the
benefits of various authentication schemes.
$sers have the freedom to select hether the
56 passord ill be solely recall, biometrics,
recognition, or token based, or a combination
of to schemes or more. This freedom of
selection is necessary because users are
different and they have different
re:uirements. Therefore, to ensure high user
acceptability, the users freedom of selection
is important.
The folloing re:uirements are
satisfied in the proposed scheme
1. The ne scheme provide secrets that are
easy to remember and very difficult for
intruders to guess.
2. The ne scheme provides secrets that are
not easy to rite don on paper. )oreover,
the scheme secrets should be difficult to share
ith others.
5. The ne scheme provides secrets that can
be easily revoked or changed.
BRIEF DESCRIPTION OF
SYSTEM
The proposed system is a multi factor
authentication scheme. .t can combine all
e&isting authentication schemes into a single
56 virtual environment .This 56 virtual
environment contains several ob%ects or items
ith hich the user can interact. The user is
presented ith this 56 virtual environment
?

here the user navigates and interacts ith
various ob%ects. The se:uence of actions and
interactions toard the ob%ects inside the 56
environment constructs the users 56
passord. The 56 passord can combine
most e&isting authentication schemes such as
te&tual passords, graphical passords, and
various types of biometrics into a 56 virtual
environment. The choice of hat
authentication schemes ill be part of the
user's 56 passord reflects the user's
preferences and re:uirements. ( user ho
prefers to remember and recall a passord
might choose te&tual and graphical passord
as part of their 56 passord. ;n the other
hand users ho have more difficulty ith
memory or recall might prefer to choose
smart cards or biometrics as part of their 56
passord. )oreover user ho prefers to keep
any kind of biometric data private might not
interact ith ob%ect that re:uires biometric
information. Therefore it is the user's choice
and decision to construct the desired and
preferred 56 passord.
SYSTEM IMPLIMENTATION
The 56 passord is a multi factor
authentication scheme. The 56 passord
presents a 56 virtual environment containing
various virtual ob%ects. The user navigates
through this environment and interacts ith
the ob%ects. The 56 passord is simply the
combination and the se:uence of user
interactions that occur in the 56 virtual
environment. The 56 passord can combine
recognition, recall, token, and biometrics
based systems into one authentication
scheme. This can be done by designing a 56
virtual environment that contains ob%ects that
re:uest information to be recalled,
information to be recogni7ed, tokens to be
presented, and biometric data to be verified.
@or e&ample, the user can enter the
virtual environment and type something on a
computer that e&ists in '&1 , y1 , 71 * position,
then enter a room that has a fingerprint
recognition device that e&ists in a position '&2
, y2 , 72 * and provide hisAher fingerprint.
Then, the user can go to the virtual garage,
open the car door, and turn on the radio to a
specific channel. The combination and the
se:uence of the previous actions toard the
specific ob%ects construct the users 56
passord.
Birtual ob%ects can be any ob%ect that
e encounter in real life. (ny obvious actions
and interactions toard the real life ob%ects
can be done in the virtual 56 environment
toard the virtual ob%ects. )oreover, any user
input 'such as speaking in a specific location*
in the virtual 56 environment can be
considered as a part of the 56 passord.
We can have the folloing ob%ectsC
1* ( computer ith hich the user can
typeD
2* ( fingerprint reader that re:uires
the users fingerprintD
3

5* ( biometric recognition deviceD
?* ( paper or a hite board that a user
can rite, sign, or dra onD
3* (n automated teller machine
'(T)* that re:uests a tokenD
#* ( light that can be sitched onAoffD
E* ( television or radio here
channels can be selectedD
F* ( staple that can be punchedD
G* ( car that can be drivenD
1!* ( book that can be moved from
one place to anotherD
11* (ny graphical passord schemeD
12* (ny real life ob%ectD
15* (ny upcoming authentication
scheme.
The action toard an ob%ect 'assume a
fingerprint recognition device* that e&ists in
location '&1, y1 , 71 * is different from the
actions toard a similar ob%ect 'another
fingerprint recognition device* that e&ists in
location '&2 , y2 , 72 *, here &1 H &2 , y1 H
y2 , and 71 H 72 . Therefore, to perform the
legitimate 56 passord, the user must follo
the same scenario performed by the legitimate
user. This means interacting ith the same
ob%ects that reside at the e&act locations and
perform the e&act actions in the proper
se:uence.
3D PASSWORD SELECTION AND
INPUT
Iet us consider a 56 virtual
environment space of si7e 9 J9 J 9. The 56
environment space is represented by the
coordinates '&, y, 7* K1, . . . , 9L JK1, . . . ,
9L JK1, . . . , 9L. The ob%ects are distributed in
the 56 virtual environment ith uni:ue '&, y,
7* coordinates. We assume that the user can
navigate into the 56 virtual environment and
interact ith the ob%ects using any input
device such as a mouse, key board,
fingerprint scanner, iris scanner, stylus, card
reader, and microphone. We consider the
se:uence of those actions and interactions
using the previous input devices as the users
56 passord.
@or e&ample, consider a user ho
navigates through the 56 virtual environment
that consists of an office and a meeting room.
Iet us assume that the user is in the virtual
office and the user turns around to the door
located in '1!, 2?, G1* and opens it. Then, the
user closes the door. The user then finds a
computer to the left, hich e&ists in the
position '?, 5?, 1F*, and the user types
M@(I-;N.N Then, the user alks to the
meeting room and picks up a pen located at
'1!, 2?, F!* and dras only one dot in a paper
located in '1, 1F, 5!*, hich is the dot '&, y*
coordinate relative to the paper space is '55!,
15!*. The user then presses the login button.
The initial representation of user actions in
#

the 56virtual environment can be recorded as
follosC
'1!, 2?, G1* (ction H ;pen the office doorD
'1!, 2?, G1* (ction H -lose the office doorD
'?, 5?, 1F* (ction H Typing, M@ND
'?, 5?, 1F* (ction H Typing, M(ND
'?, 5?, 1F* (ction H Typing, MIND
'?, 5?, 1F* (ction H Typing, M-ND
'?, 5?, 1F* (ction H Typing, M;ND
'?, 5?, 1F* (ction H Typing, MNND
3D IRTUAL ENIRONMENT
DESIGN GUIDELINES
The design of the 5 6 virtual
environments affects the usability,
effectiveness, acceptability of 56 passord.
The first step in building a 56 passord
system is to design a 56 environment that
reflects the administration needs and the
security re:uirements. The design of 56
virtual environments should follo these
guidelines.
1* /eal Iife =imilarity The prospective
56 virtual environment should reflect
hat people are used to seeing in real
life. ;b%ects used in virtual
environments should be relatively
similar in si7e to real ob%ects 'si7ed to
scale*. 4ossible actions and
interactions toard virtual ob%ects
should reflect real life situations.
;b%ect responses should be realistic.
The target should have a 56 virtual
environment that users can interact
2* ;b%ect uni:ueness and distinction
every virtual ob%ect or item in the 56
virtual environment is different from
any other virtual ob%ect. The
uni:ueness comes from the fact that
every virtual ob%ect has its on
attributes such as position. Thus, the
prospective interaction ith ob%ect 1
is not e:ual to the interaction ith
ob%ect 2. 8o ever, having similar
ob%ects such as 2! computers in one
place might confuse the user.
Therefore, the design of the 56 virtual
environment should consider that
every ob%ect should be distinguishable
from other ob%ects. =imilarly, in
designing a 56 virtual environment, it
should be easy for users to navigate
through and to distinguish beteen
ob%ects. The distinguishing factor
increases the users recognition of
ob%ects. Therefore, it improves the
system usability.
5* Three 6imensional Birtual
<nvironment =i7e ( 56 virtual
environment can depict a city or
even the orld. ;n the other hand, it
can depict a space as focused as a
single room or office. ( large 56
virtual environment ill increase the
time re:uired by the user to perform
a 56 passord. )oreover, a large 56
virtual environment can contain a
large number of virtual ob%ects.
E

Therefore, the probable 56 passord
space broadens. 8oever, a small 56
virtual environment usually contains
only a fe ob%ects, and thus,
performing a 56 passord ill take
less time.
?* Number of ob%ects and their types
4art of designing a 56 virtual
environment is determining the
types of ob%ects and ho many ob%ects
should be placed in the environment.
The types of ob%ects reflect hat kind
of responses the ob%ect ill have. @or
simplicity, e can consider re:uesting
a te&tual passord or a fingerprint as
an ob%ect response type. =electing the
right ob%ect response types and the
number of ob%ects affects the probable
passord space of a 56 passord.
3* =ystem .mportance The 56 virtual
environment should consider hat
systems ill be protected by a 56
passord The number of ob%ects and
the types of ob%ects that 8ave been
used in the 56 virtual environment
should reflect the importance of the
protected system.
3D PASSWORD APPLICATION
The 56 passord can have a
passord space that is very large compared to
other authentication schemes, so the 56
passords main application domains are
protecting critical systems and resources.
1. -ritical server many large
organi7ations have critical servers that
are usually protected by a te&tual
passord. ( 56 passord
authentication proposes a sound
replacement for a te&tual passord.
2. Nuclear and military facilities such
facilities should be protected by the
most 4oerful authentication systems.
The 56 passord has a very large
probable passord space, and since it
can contain token, biometrics,
recognition and knoledge based
(uthentications in a single
authentication system, it is a sound
choice for high level security
locations.
5. (irplanes and %et fighters +ecause
of the possible threat of misusing airplanes
and %et fighters for religion, political agendas,
usage of such airplanes should be protected
by a poerful authentication system. .n
addition, 56 passords can be used in less
critical systems because the 56 virtual
environment can be designed to fit to any
system needs. ( small virtual environment
can be used in the folloing systems like
1* (T)
2* 4ersonal 6igital (ssistance
5* 6esktop -omputers O laptop logins
?* Web (uthentication
3* =ecurity (nalysis
To analy7e and study ho secure a system is,
e have to consider,
F

P 8o hard it is for the attacker to break such
a system
Q ( possible measurement is based on
the information content of a
passord space. .t is important to
have a scheme that has a very large
possible passord space hich
increases the ork re:uired by the
attacker to break the authentication
system.
Q @ind a scheme that has no previous
or e&isting knoledge of the most
probable user passord selection.R
STATE DIAGRAM OF A 3D
PASSWORD APPLICATION
SECURITY ANALYSIS
3D P$%%&'() %*$+, %-.,
To determine the passord space, e
have to count all possible 56 passords that
have a certain number of actions, interactions,
and inputs toards all ob%ects that e&ist in the
56 virtual environments.
3D *$%%&'() )-%/(-01/-'2 32'&4,)5,
$sers tend to use meaningful ords
for te&tual passords. Therefore finding these
different ords from dictionary is a relatively
simple task hich yields a high success rate
for breaking te&tual passords. 4ass faces
users tend to choose faces that reflect their
on taste on facial attractiveness, race, and
gender.
<very user has different re:uirements
and preferences hen selecting the
appropriate 56
4assord. This fact ill increase the effort
re:uired to find a pattern of users highly
selected 56 passord. .n addition, since the
56 passord combines several authentication
schemes into a single authentication
environment, the attacker has to study every
single authentication scheme and has to
discover hat the most probable selected
secrets are. =ince every 56 passord system
can be designed according to the protected
system re:uirements, the attacker has to
separately study every 56 passord system.
Therefore, more effort is re:uired to build the
knoledge of most probable 56 passords.
A//$+3% $2) C'12/,(6,$%1(,%
To reali7e and understand ho far an
authentication scheme is secure, e have to
G

consider all possible attack methods. We have
to study hether the authentication scheme
proposed is immune against such attacks or
not. )oreover, if the proposed authentication
scheme is not immune, e then have to find
the countermeasures that prevent such
attacks. .n this section, e try to cover most
possible attacks and hether the attack is
valid or not. )oreover, e try to propose
countermeasures for such attacks.
17 B(1/, F'(+, A//$+3C The attacker has to
try all possible 56 passords. This kind of
attack is very difficult for the folloing
reasons.
a. Time re:uired to login The total time
needed for a legitimate user to login
may vary depending on the number of
interactions and actions, the si7e of the
56 virtual environment, and the type of
actions and interactions. Therefore, a
brute force attack on a 56 passord is
very difficult and time consuming
b. -ost of attacks the 56 virtual
environment contains biometric
recognition ob%ects and token based
ob%ects. The attacker has to forge all
possible biometric information and
forge all the re:uired tokens. The cost of
forging such information is very high,
therefore cracking the 56 passord is
more challenging. The high number of
possible 56 passord spaces leaves the
attacker ith almost no chance of
breaking the 56 passord.
27 W,448S/1)-,) A//$+3 C The attacker tries to
find the highest probable distribution of 56
passords. .n order to launch such an attack,
the attacker has to ac:uire knoledge of the
most probable 56 passord distributions.
This is very difficult because the attacker has
to study all the e&isting authentication
schemes that are used in the 56 environment.
.t re:uires a study of the users selection of
ob%ects for the 56 passord. )oreover, a
ell studied attack is very hard to accomplish
since the attacker has to perform a
customi7ed attack for every different 56
virtual environment design. This environment
has a number of ob%ects and types of ob%ect
responses that differ from any other 56
virtual environment. Therefore, a carefully
customi7ed study is re:uired to initiali7e an
effective attack.
37 S9'14),( S1(:-25 A//$+3 C(n attacker
uses a camera to record the users 56
passord or tries to atch the legitimate user
hile the 56 passord is being performed.
This attack is the most successful type of
attack against 56 passords and some other
graphical passords. 8oever, the users 56
passord may contain biometric data or
te&tual passords that cannot be seen from
behind. Therefore, e assume that the 56
passord should be performed in a secure
place here a shoulder surfing attack cannot
be performed.
47 T-6-25 A//$+3C .n this attack, the attacker
observes ho long it takes the legitimate user
to perform a correct sign in using the 56
1!

passord. This observation gives the attacker
an indication of the legitimate users 56
passord length. 8oever, this kind of attack
alone cannot be very successful since it gives
the attacker mere hints. Therefore, it ould
probably be launched as part of a ell studied
or brute force attack. Timing attacks can be
very effective if the 56 virtual environment is
poorly designed.
CONCLUSION
The 56 passord is a multi factor
authentication scheme that combines the
various authentication schemes into a single
56 virtual environment. The virtual
environment can contain any e&isting
authentication scheme or even any upcoming
authentication scheme or even any upcoming
authentication schemes by adding it as a
response to actions performed on an ob%ect.
Therefore the resulting passord space
becomes very large compared to any e&isting
authentication schemes. The design of the 56
virtual environment the selection of ob%ects
inside the environment and the ob%ect's type
reflect the resulted passord space. .t is the
task of the system administrator to design the
environment and to select the appropriate
ob%ect that reflects the protected system
re:uirements. 6esigning a simple and easy to
use 56 virtual environment is a factor that
leads to a higher user acceptability of a 56
passord system. The choice of hat
authentication scheme ill be part of user's
56 passord reflects the user's preferences
and re:uirements.
REFERENCES
K1L >. =uo, 0. Shu, and 9. =. ;en,
M9raphical passordsC ( survey,N in 4roc.
21st (nnu. -omput. =ecurity (ppl. -onf.,
6ec. 3TG, 2!!3, pp. ?#5T?E2.
K2L 6. B. 1lein, M@oiling the crackerC ( survey
of, and improvement to passords security,N
in 4roc. $=<N.> =ecurity Workshop, 1GG!,
pp. 3T1?.
K5L N+- nes, (T) @raudC +anking on
0our )oney, 6ateline 8idden -ameras =ho
-riminals ;ning (T)s, 6ec. 11, 2!!5.
K?L T. 1itten, 1eeping an <ye on the (T).
'2!!3, Uul. 11*. K;nlineL. (vailableC
(T))arket4lace.com
K3L ++- nes, -ash )achine @raud up, =ay
+anks, Nov. ?, 2!!#.
K#L 9. <. +londer, M9raphical passord,N
$.=. 4atent 3 33G G#1, =ep. 2?, 1GG#.
KEL /. 6hami%a and (. 4errig, M6V%W BuC (
user study using images for authentication,N
in 4roc. Gth $=.N<> =ecurity =ymp.,
6enver, -;, (ug. 2!!!, pp. ?3T3F.
11