3D PASSWORDFOR MORE SECUREAUTHENTICATION

Presented By:Pallavi Shelke &Vidhya Chougule

EXISTING SYSTEMCurrent authentication systems suffer from many

weakness

Textual password are commonly used

Many available graphical passwords have a password space that is less than or equal to the textual password space

Smart cards or tokens can be stolen

Moreover, biometrics cannot be revoked. The 3Dpassword is a multifactor authentication scheme

Three Basic Identification Methods of password

    Possession (Something I have)  Biometrics

(Something I am)  Knowledge

(Something I know)

Passphrase

It’s nothing but the enhance version of password.

Usually it is a combination of words or simply collection of password in proper sequence is Passphrase.

It contains any well known thought also. Length of Passphrase is about 30-50

character or more than that also. But it has also some limitations because 30-

50 character is creates ambiguity to remember if there is no any proper sequence.

Biometrics

  Refer to a broad range of technologies Automate the identification or

verification of an individual Based on human characteristics or

body organs Physiological: Face, fingerprint, iris Behavioral: Hand-written signature,

voice 

View of retinal scan

Eyes

Face

Fingerrin-tingp

Voice

DrawbacksTextual Password:From an research 25% of the password out of 15,000

users can guessed correctly by using brute force dictionary

Graphical Password:Graphical passwords can be easily recorded as these

schemas take a longtimeOne main drawback of applying biometric is its

intrusiveness upon a users personnel characteristicsThey require special scanning device to authenticate

the user which is not acceptable for remote and internet users

3D PASSWORD SCHEME

The 3D Password scheme is a new authentication scheme that combine

RECOGNITION

+ RECALL+TOKENS

+BIOMETRIC

(In one authentication system)

The 3D password presents a virtual environment containing various virtual objects

The user walks through the environment and interact with the objects

The 3D password is simply the combination and sequence of user interaction that occur in the 3D environment

BRIEF DESCRIPTION OF SYSTEM The 3D password can combine most existing

authentication such as textual password, graphical password, and various types of biometrics in to a 3D virtual environment

SYSTEM IMPLEMENTATION For example, the user can enter the virtual

environment and type something on a computer that exists in (x1, y1, z1) position, then enter a room that has a fingerprint recognition device that exists in a position (x2, y2, z2) and provide his/her fingerprint.

then, the user can go to the virtual garage, open the car door, and turn on the radio to a specific channel. The combination and the sequence of the previous actions toward the specific objects construct the user’s 3D password

FOR EXAMPLE:

Virtual Enviornment (Chess)

3D Password selection Virtual objects can be any object we encounter in real

life:A computer on which the user can typeA fingerprint reader that requires users fingerprintA paper or white board on which user can typeA Automated teller (ATM) machine that requires a

token A light that can be switched on/offA television or radioA car that can be drivenA graphical password scheme

3D PASSWORD APPLICATIONThe 3D password can have a password space

that is very large compared to other authentication schemes, so the 3D password’s main application domains are protecting critical systems and resources.

1)Critical server

2) Nuclear and military facilities

3) Airplanes and jet fighters

In addition, 3D passwords can be used in less critical systems

A small virtual environment can be used in the following systems like

1) ATM

2) Personal Digital Assistance

3) Desktop Computers & laptop logins

4) Web Authentication

5) Security Analysis

STATE DAIGRAM

SECURITY ANALYSIS

3D Password space size

3D password distribution knowledge

ATTACKS AND COUNTERMEASURES

1)Brute Force Attack

2) Well-Studied Attack

3) Shoulder Surfing Attack

4) Timing Attack

CONCLUSION : -

1.The user can decide his own authentication schemes. If he's comfortable with Recall and Recognition methods then he can choose the 3d authentication just used above.

2.The authentication can be improved since the unauthorized persons will not interact with the same object as a legitimate user would. We can also include a timer .Higher the security higher the time.

3.The 3D environment can change according to users request. 4.It would be difficult to crack using regular techniques .Since all the

algorithms follow steps to authenticate ,our project has no fixed number of steps .Hence to calculate all those possibilities and decipher them is not easy.

5.Can be used in critical areas such as Nuclear Reactors, Missile Guiding Systems etc.

6.Added with biometrics and card verification ,the scheme becomes almost unbreakable.

?