15-09-2014, 11:17 AM
SECURED AUTHENTICATION: 3D PASSWORD
3D PASSWORD.docx (Size: 302.36 KB / Downloads: 31)
ABSTRACT
Authentication is a process of validating who are you to whom you claimed to be or a process of identifying an individual,
usually based on a username and password. We have many authentication schemes but they have some drawbacks. So 3D password is introduced. The 3-D password is a multifactor authentication scheme. It can combine all existing authentication schemes into a single 3-D virtual environment. This 3-D virtual environment contains several objects or items with which the user can interact. The type of interaction varies from one item to another. The 3-D password is constructed by observing the actions and interactions of the user and by observing the sequences of such actions. In other words, The 3D Password scheme is a new authentication scheme that combine RECOGNITION + RECALL+TOKENS+BIOMETRIC in one authentication system. 3D passwords are flexible and they provide unlimited passwords possibility. They are easy to Memorize and can be remembered in the form of short story. 3D passwords have many application areas such as Critical Servers, Nuclear and military Facilities, Airplanes and Jet Fighters, ATMs, Desktop and Laptop Logins, Web Authentication etc. In this research paper we have compared 3D password authentication system with existing system and discussed about implementation and working of 3D password system. Let us consider a 3D virtual environment space of size G ×G × G. The 3D environment space is represented by the coordinates (x, y,
z) ∈ [1, . . . , G] ×[1, . . . , G] ×[1, . . . , G]. The objects are distributed in the 3D virtual environment with unique (x, y, z)
coordinates. We assume that the user can navigate into the 3D virtual environment and interact with the objects using any input
device such as a mouse, key board, fingerprint scanner, iris scanner, stylus, card reader, and microphone. We consider the sequence of those actions and interactions using the previous input devices as the user’s 3D password. We have also provided security analysis against various attacks such as Brute Force Attack, Well-Studied Attack, Shoulder Surfing Attack, Timing attack etc.
INTRODUCTION
The authentication system which we are using is mainly very
light or very strict. Since many years it has become an interesting approach. With the development in means of technology, it has become very easy for 'others' to hack someone’s password. Therefore many algorithms have come up each with an interesting approach toward calculation of a secret key. The algorithms are such based to pick a random number in the range of 10^6 and therefore the possibilities of the sane number coming is rare. We are provided with many password types such as textual passwords, biometric scanning, tokens or cards (such as an ATM) etc. But there are many weaknesses in current authentication systems.
When a person uses textual passwords, he likely chooses meaningful words from dictionary or their nick names, girlfriends etc which can be cracked easily. And if a password is hard to guess then it is hard to remember also. Users face difficulty in remembering a long and random appearing password and because of that they create small, simple, and insecure passwords that are easy to attack. Graphical passwords can also be used. Their strength comes from the fact that users can recall and recognize pictures more than words. Token based systems can also be used as way of authentication in banking systems and for entrance in laboratories. But smart cards or tokens are susceptible to loss or theft.
Biometric scanning is your "natural" signature and Cards or Tokens prove your validity. Many years back Klein
Graphical Password
Graphical passwords came as users can recall and recognize pictures more
then words. But most graphical passwords are susceptible for shoulder surfing attacks, where an attacker can observe or record the valid user graphical password by camera. The main weakness while applying biometric is its intrusiveness upon a users personnel characteristics. They require special scanning device to verify the user which is not acceptable for remote and internet users. Smart cards can be lost or stolen and the user has to carry the token whenever access required.
PROJECTED SYSTEM
The projected system is a multi factor authentication scheme
which combines the advantages of other authentication schemes. Users can choose whether the 3D password will be only recall, biometrics, recognition, or token based, or a combination of two schemes or more. This choice of selection is necessary because users are different and they have different requirements. So, for surety of high user
3D PASSWORD SCHEME?
The 3D Password scheme is a new authentication scheme
that combine RECOGNITION + RECALL+TOKENS+BIOMETRIC in one authentication system. The 3-D password is a multifactor authentication scheme. It can combine all existing authentication schemes into a single 3-D virtual environment. This 3-D virtual environment contains several objects or items with which the user can interact. The type of interaction varies from one item to another. The 3-D password is constructed by observing the actions and interactions of the user and by observing the sequences of such actions. It is the user’s choice to select which type of authentication techniques will be part of their 3-D password.
SYSTEM IMPLIMENTATION
The 3D password is a multi factor authentication scheme.
The 3D password presents a 3D virtual environment containing various virtual objects. The user navigates through this environment and interacts with the objects. The
3D password is simply the combination and the sequence of user interactions that occur in the 3D virtual environment. The 3D password can combine recognition, recall, token, and biometrics based systems into one authentication scheme. This can be done by designing a 3D virtual environment that contains objects that request information to
be recalled, information to be recognized, tokens to be
presented, and biometric data to be verified.
For example, the user can enter the virtual environment and type something on a computer that exists in (x1 , y1 , z1 ) position, then enter a room that has a fingerprint recognition device that exists in a position (x2 , y2 , z2 ) and provide his/her fingerprint. Then, the user can go to the virtual garage, open the car door, and turn on the radio to a specific channel. The combination and the sequence of the previous actions toward the specific objects construct the user’s 3D password.
[b]WORKING
Consider a three dimensional virtual environment space that
is of the size G×G×G. Each point in the three dimensional
environment space represented by the coordinates (x, y, z) ∈
[1..G] × [1..G] ×[1..G]. The objects are distributed in the three-dimensional virtual environment. Every object has its own (x,y,z) coordinates. Assume the user can navigate and walk through the three-dimensional virtual environment and can see the objects and interact with the objects. The input device for interactions with objects can be a mouse, a keyboard, stylus, a card reader, a microphone…etc.
For example, consider a user who navigates through the
3D virtual environment that consists of a ground and a classroom. Let us assume that the user is in the virtual ground and the user turns around to the door located in (9,
16, 80) and opens it. Then, the user closes the door. The user types "ANGEL" into a computer that exists in the position of (10, 5, 25). The user then walks over and turns off the light located in (15, 6, 20), and then goes to a white board located in (55, 3, 30) and draws just one dot in the (x,y) coordinate of the white board at the specific point of (420,170). The user then presses the login button. The initial representation of user actions in the 3Dvirtual environment can be recorded as follows:
(9, 16, 80) Action = Open the office door; (9, 16, 80) Action = Close the office door; (10, 5, 25) Action = Typing, “A”;
(10, 5, 25) Action = Typing, “N”; (10, 5, 25) Action = Typing, “G”; (10, 5, 25) Action = Typing, “E”; (10, 5, 25) Action = Typing, “L”;
(15, 6, 20) Action = Turning the Light Off;
(55, 3, 30) Action = drawing , point = (420,170);
SECURITY ANALYSIS
Brute Force Attack
The attack is very difficult because
1. Time required to login may vary form 20s to 2 min therefore it is very time consuming.
2. Cost of Attack: A 3D Virtual environment may contain biometric object, the attacker has to forge all biometric information.
Well-Studied Attack
The attacker tries to find the highest probable distribution of
3D passwords. In order to launch such an attack, the attacker has to acquire knowledge of the most probable 3D password distributions. This is very difficult because the attacker has to study all the existing authentication schemes that are used in the 3D environment. It requires a study of the user’s
selection of objects for the 3D password. Moreover, a well
studied attack is very hard to accomplish since the attacker has to perform a customized attack for every different 3D virtual environment design. This environment has a number of objects and types of object responses that differ from any other 3D virtual environment. Therefore, a carefully customized study is required to initialize an effective attack.
Shoulder Surfing Attack
An attacker uses a camera to record the user’s 3D password
or tries to watch the legitimate user while the 3D password is being performed. This attack is the most successful type of attack against 3D passwords and some other graphical passwords. However, the user’s 3D password may contain biometric data or textual passwords that cannot be seen from behind. Therefore, we assume that the 3D password should be performed in a secure place where a shoulder surfing attack cannot be performed.
Timing Attack
The Attacker observes how long it takes the legitimate user
to perform correct log in using 3D Password which gives an indication of 3-D Passwords length. This attack cannot be succesful since it gives the attacker mere hints.
CONCLUSION AND FUTURE WORK
In the existing system, Textual passwords and token-based
passwords are the most common used authentication schemes. Many other schemes are also there like graphical
password, biometric authentication scheme etc which are used in different fields. The main goal of this paper is to have a scheme which has a huge password space and which is a combination of any existing, or upcoming, authentication schemes into one scheme.While using 3D password, users have the freedom to select whether the 3D password will be solely recall, biometrics, recognition, or token based, or a combination of two schemes or more. Users do not have to provide their fingerprints if they do not wish to. Users do not have to carry cards if they do not want to. They have the choice to construct their 3D password according to their needs and their preferences. A 3D password’s probable password space can be reflected by the design of the three-dimensional virtual environment, which is designed by the system administrator. The three- dimensional virtual environment can contain any objects that the administrator feels that the users are familiar with. For example, Cricket players can use a three dimensional virtual environment of a stadium where they can navigate and interact with objects that they are familiar with.
The 3D password is just introduced means it is in its childhood. A study on a large number of people is required. We are looking at designing different three-dimensional virtual environments that contain objects of all possible authentication schemes.
The main application domains of 3D Password are critical systems and resources. Critical systems such as military facilities, critical servers and highly classified areas can be protected by 3D Password system with large three dimensional virtual environment. Moreover, Airplanes and jet fighters, ATM's and operating system's logins can also make use of 3D passwords to provide more secured authentication Finding a solution for shoulder surfing attacks on 3D passwords and other authentication schemes is a field of study.