3D PASSWORD FOR SECURE AUTHENTICATION

CONTENTS

Introduction Authentication Schemes Functionalities Required 3D Password selection and Input Virtual Environment Design Guidelines Applications Security Analysis Attacks and Countermeasures Conclusion References

INTRODUCTION

Commonly used authentication schemes are textual passwords, graphical passwords and biometrics.

3D password is a multifactor authentication scheme.

To be authenticated ,we require a 3D virtual environment.

Combines recognition-,recall-,token-,and biometrics-based systems.

Users choice to select the type of authentication technique.

AUTHENTICATION SCHEMES

KNOWLEDGE BASED
Recall based Recognition based

TOKEN BASED eg : smart card

BIOMETRIC BASED

Fingerprint ,palm prints ,hand geometry ,face recognition

Intrusiveness upon a users personal characteristics.

GRAPHICAL PASSWORDS

Recognition based

Recall based

FUNCTIONALITIES REQUIRED

New scheme should combine the existing authentication schemes

Freedom to select the type of authentication technique.

Should provide secrets that are easy to remember ,difficult to guess.

3D PASSWORD SELECTION AND INPUT

3D environment space represented by the co-ordinates [1,..G] [1,..G] [1,.G].

User navigate into the 3D virtual environment using any input device.

The sequence of actions and interactions forms the users 3D password.

Representation of user actions in the 3D virtual environment

(10,24,91) Action=Open the office door; (10,24,91) Action=Close the office door; (4,34,18) Action= Typing,F; (4,34,18) Action= Typing,A; (4,34,18) Action= Typing,L; (4,34,18) Action= Typing,C; (4,34,18) Action= Typing,O; (4,34,18) Action= Typing,N; (10,24,80) Action= Pick up the pen; (1,18,80) Action= Drawing, point=(330,130).

Virtual Computer where user typing a textual password as a part of users 3D Password

Snapshot of a proof-of-concept virtual art gallery

State diagram of a 3D Password application

3D VIRTUAL ENVIRONMENT DESIGN GUIDELINES

Real-life similarity Object uniqueness and distinction Three-dimensional virtual environment

System importance

APPLICATIONS

Critical servers. Nuclear and military facilities. Airplanes and jetfighters. ATMs, PDAs, desktop computers and laptops.

SECURITY ANALYSIS

3D Password Space Size.

3D Password Distribution Knowledge.

ATTACKS AND COUNTERMEASURES

Brute Force Attack

Well-Studied Attack
Shoulder Surfing Attack Timing Attack

CONCLUSION

Commonly used authentication schemes are vulnerable to attacks. 3D Password is a multifactor authentication scheme. Design of 3D virtual environment, selection of objects inside the environment, and the object type reflects the resulted password space. Users choice and decision to construct the desired and preferred 3D password

REFERENCES

[1]F. A. Alsulaiman and A. El Saddik, A novel 3D graphical password schema, IEEE Journal Virtual Environment, HumanComputer Interfaces, July 2008,pp.125-128. [2]X.Suo, Y. Zhu , and G. S. Owen, Graphical passwords: A survey, Proc.21st Annual Computer Security Applications Conference, Dec. 5-9,2005,pp.463-472.
[3]The science behind passfaces,http://www.realusers.com

[4] R. Dhamija and A. Perrig, Deja vu: A user study using images for authentication,Proc. 9th USINEX Security Symp.,Aug.2004,pp.45-58.
[5]I.Jermyn,A.Mayer,F.Monrose,M.K.Reiter,and A.D.Rubin, The design and analysis of 3D passwords, Special Issue on HCI Research in Privacy and Security,vol. 63,July 2005,pp.102127.