3d authentication system
TRANSCRIPT
Submitted by:Richa Agarwal 10103472Disha Agrawal 10103486
Submitted to:Dr. Saurabh Kr. RainaMs. Hema N.Ms. Aditi Sharma
There are many authentication techniques available, such as textual passwords, graphical passwords, etc. but each of this individually has some limitations & drawbacks.
3D password is a multi-password & multi-factor authentication system as it uses various authentication techniques such as textual passwords, graphical passwords, token-based passwords etc
Most important part of 3d password scheme is inclusion of 3d virtual environment which consists of real time objects with which the user interacts and the sequence of these interactions becomes the 3d password of the user.
This scheme is hard to break & easy to use.
Drawback of the existing authentication schemes is its two conflicting requirements:
the selection of passwords that are easy to remember.Difficult for intruders to guess.
The proposed 3-d password solves this issue To be authenticated, we present a 3-d virtual environment where the user
navigates and interacts with various objects. The sequence of actions and interactions toward the objects inside the 3-D environment constructs the user’s 3-D password.
The recognition and recall based scheme helps user remember a password which is impossible for others to guess.
The new scheme provides secrets that are not easy to write down on paper. Moreover, the scheme secrets are difficult to share with others.
A new encryption algorithm has been developed to implement this authentication scheme
The click points of user as well as the actions performed in the 3d environment, both will be stored in such a way that the password becomes resistant to spyware attacks.
The design of the 3-D virtual environment and the type of objects selected would determine the 3-D password key space.
Therefore, the key space would vary greatly depending on the 3d virtual scene and number of actions performed.
This variable key space with different kind of objects will make it extremely difficult to launch any kind of cryptographic attacks against it.
The encryption algorithm will thus make the password impossible to break and at the same time easy to remember
A large scale 3d virtual environment combining textual graphical and token based scheme can be used for protecting high security demanding domains like:
Critical ServersNuclear and military facilitiesAirplanes and jetfighters
A small 3-D virtual environment can be used in many systems, including the following:
I. ATMs II. Personal digital Assistants III. Desktop computers and laptop logins IV. Web authentication V. Mobile applications privacy lock
1)A system of authentication that is not either recall based or recognition based only. Instead, the system is a combination of recall, recognition, biometrics, and token-based authentication schemes.
2) The method of claim 1 wherein password is stored, a new algorithm is used which has the ability to store not just the click points but also the interactions of user with objects in the 3d virtual environment.
3) The method of claim 1 wherein encryption is performed to store the password, a new algorithm is used which has variable key space. Due to use of multiple schemes into one scheme, password space is increased to a great extend. This makes it very difficult to launch cryptographic attacks against this scheme. This authentication scheme guarantees greater security over currently available schemes.
4) The system of encryption of claim 3 wherein more security is guaranteed than any other existing authentication scheme. It is resistant to various cryptographic attacks like:
• Key logger : In this attack attacker installs a software called key logger on system where authentication scheme is used. This software stores text entered through keyboard & that text is stored in a text file. In this way this attack is more effective & useful for only textual password, but as 3D password is multi password authentication scheme, so this kind of attacks are not much effective in this case.
• Brute force attacks : In this kind of attacks, the attacker has to try ‘n’ number of possibilities of 3D Password. These attacks consider two major factors. First is the required time to login; in 3d password time required for successful login varies & is depend on number of actions & interactions as well as the size of 3d virtual environment. Second factor is the cost required to attack; 3d password scheme requires 3D virtual environment & cost of creating such a environment is very high. Therefore this attack is also not effective.
• Well-studied attacks : In this attack intruder has to study the whole password scheme. After exhaustive study about the scheme, attacker tries combinations of different attacks on scheme. As 3d password scheme is multi-factor & multi-password authentication scheme, the time and cost of this kind of attack will be exponentially high.
5) The system of claim 1 that would provide secrets that are easy to remember and very difficult for intruders to guess.
6) The system of claim 1 that would provide secrets that are not easy to write down on paper. Moreover, the scheme secrets would be difficult to share with others.
7) The system of claim 1 wherein users will have the freedom of selection. Users ought to have the freedom to select whether the 3d- password would be purely recognition, recall, biometric or token based or a combination of two schemes or more. This freedom of selection is necessary because users are different and they have different requirements. Some users do not like to carry cards. Some users do not like to provide biometrical data, and some users have poor memories. Therefore, to ensure high user acceptability, the user’s freedom of selection is important.
8) The method of claim 1 wherein the authentication scheme is compatible with all kinds of devices, may it be tablet, mobile, PC or laptop.
9) The method of claim 1 wherein the authentication scheme will be cross platform that is compatible with various operating systems like Windows, Linux, Android etc. It is platform independent.
Patents:
[1] Graphical event-based password system , application no: US20040250138
[2] Password entry using 3D image with spatial alignment, application no: EP2466518A9
Publications:
[3] S. Man, D. Hong, and M. Mathews, "A shoulder surfing Resistant graphical password scheme," in Proceedings of International conference on security and management. Las Vegas, NV, 2003.
[4] L. Sobrado and J.-C. Birget, "Graphical passwords," The Rutgers Scholar, an Electronic Bulletin for Undergraduate Research, vol. 4, 2002.
[5] I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A.D. Rubin, “The design and analysis of graphical passwords”, in Proc. 8th USENIX Security Symp, Washington DC, Aug.1999, pp.1-14.
[6] D. Weinshall and S. Kirkpatrick, "Passwords You’ll Never Forget, but Can’t Recall," in Proceedings of Conference on Human Factors in Computing Systems (CHI)