07-02-2013, 04:29 PM
Three Dimensional Password for More Secure Authentication
1Three Dimensional Password .pdf (Size: 240.93 KB / Downloads: 73)
Goal
The goal is to design a multi factor authentication scheme that
combines the the various authentication scheme into a single 3D virtual environment
which results in a larger password space. The design of 3D virtual environment, the
selection of object inside the environment, and the object type reflect the resulted
password space. User have freedom to select whether the 3D
password will be solely
recall, recognition, or token based, or combination of two schemes or more.
Brief Description of the System
The proposed system is a multi factor authentication scheme. It can
combine all existing authentication schemes into a single 3D
virtual environment.
This 3D
virtual environment contains several objects or items with which the user
can interact. The user is presented with this 3D
virtual environment where the user
navigates and interacts with various objects. The sequence of actions and interactions
toward the objects inside the 3D
environment constructs the user’s 3D
password.
The 3D
password can combine most existing authentication schemes such as textual
passwords, graphical passwords, and various types of biometrics into a 3D
virtual
environment.
The choice of what authentication schemes will be part of the user's 3D
password reflects the user's preferences and requirements. A user who prefers to
remember and recall a password might choose textual and graphical password as part
of their 3D password. On the other hand users who have more difficulty with memory
or recall might prefer to choose smart cards or biometrics as part of their 3D
password. Moreover user who prefer to keep any kind of biometric data private might
not interact with object that require biometric information. Therefore it is the user's
choice and decision to construct the desired and preferred 3D password.
Innovative Component
The proposed system is a multi factor authentication scheme that
combines the benefits of various authentication schemes. Users have the freedom to
select whether the 3D
password will be solely recall,
biometrics,
recognition,
or
tokenbased,
or a combination of two schemes or more. This freedom of selection is
necessary because users are different and they have different requirements. Therefore,
to ensure high user acceptability, the user’s freedom of selection is important.
Comparison with Stateoftheart
Current authentication systems suffer from many weaknesses. Textual
passwords are commonly used. Users tend to choose meaningful words from
dictionaries, which make textual passwords easy to break and vulnerable to dictionary
or brute force attacks. Many available graphical passwords have a password space
that is less than or equal to the textual password space. Smart cards or tokens can be
stolen. Many biometric authentications have been proposed. However, users tend to
resist using biometrics because of their intrusiveness and the effect on their privacy.
Moreover, biometrics cannot be revoked. The 3D
password is a multi factor
authentication scheme. The design of the 3D
virtual environment and the type of
objects selected determine the 3D
password key space. User have freedom to select
whether the 3D
password will be solely recall, recognition, or token based, or
combination of two schemes or more.
System Implementation in Brief
The 3D
password is a multi factor authentication scheme. The 3D
password presents a 3D
virtual environment containing various virtual objects. The
user navigates through this environment and interacts with the objects. The 3D
password is simply the combination and the sequence of user interactions that occur in
the 3D
virtual environment. The 3D
password can combine recognition,
recall,
token,
and biometricsbased
systems into one authentication scheme. This can be
done by designing a 3D
virtual environment that contains objects that request
information to be recalled, information to be recognized, tokens to be presented, and
biometric data to be verified.
For example, the user can enter the virtual environment and type
something on a computer that exists in (x1 , y1 , z1 ) position, then enter a room that
has a fingerprint recognition device that exists in a position (x2 , y2 , z2 ) and provide
his/her fingerprint. Then, the user can go to the virtual garage, open the car door, and
turn on the radio to a specific channel. The combination and the sequence of the
previous actions toward the specific objects construct the user’s 3D
password.
3D password distribution knowledge
User's tend to use meaningful words for textual passwords. Therefore
finding these different words from dictionary is a relatively simple task which yields a
high success rate for breaking textual passwords.
Pass faces users tend to choose faces that reflect their own taste on
facial attractiveness, race, and gender.
Every user has different requirements and preferences when selecting
the appropriate 3D
password. This fact will increase the effort required to find a
pattern of user’s highly selected 3D
password. In addition, since the 3D
password
combines several authentication schemes into a single authentication environment, the
attacker has to study every single authentication scheme and has to discover what the
most probable selected secrets are. Since every 3D
password system can be designed
according to the protected system requirements, the attacker has to separately study
every 3D
password system. Therefore, more effort is required to build the knowledge
of most probable 3D
passwords.