3d password ppt

PRESENTED BY :MANISHA SAINI

1. Password

2. Passphrase

3. Authentication

4. Drawbacks of Human Authentication Techniques

5. 3D password

6. Virtual Environment

7. Virtual Objects

8. System Implementation

9. Mathematical Concept Related to 3D password

10. Example

11. State Diagram

12. Working of 3D password

13. Programming languages

14. Attacks and Counter Measures

15. Advantages

16. Disadvantages

17. Applications

18. References

• A password is a word or string of characters used for the authentication to prove identity.

• Password is basically an encryption algorithms.

• It is 8-15 character or slightly more than that.

• Passwords are the first line of defense against cyber criminals.

It is the advanced version of password.

It is a combination of words or simply collection of password in a proper sequence.

Length of passphrase is from 30-50 words or more than that also.

More secure than an ordinary password.

Authentication is a process of validating who are you to whom you are claimed to be.

Human authentication techniques are :

1. Knowledge based (What you know)

2. Token based (What you have)

3. Biometrics (What you are)

(a) Pin(b) Password(c) Patterns

(a) Keys(b) Passport(c) Smart card(d) ID proofs

(a) Face recognition(b) Fingerprints(c) Iris(d) DNA(e) Voice(f) Hand geometry

(a) Easy to remember -> Easy to breakHard to guess -> Hard to remember

(b) Vulnerable to attacks like dictionary attacks, brute force attacks etc.

(a) Duplicate keys, smart cards, ID proofs are easily available.

(a) Instructiveness to privacy.(b) Resistance to exposure of retinas to IR rays.(c) Hackers implement exact copy of your biometrics.

The 3D password is a multifactor authentication scheme that combine KNOWLEDGE BASED + TOKEN BASED + BIOMETRICS in one authentication system.

It presents a virtual environment containing various virtual objects.

It is simply the combination and sequence of user interactions that occur in the 3D environment.

The user walks through the environment and interacts with the objects.

More customizable and very interesting way of authentication.

• A virtual environment is a computer-based simulated environment.

• The 3D virtual environment consists of many items and objects.

• It is created inside a 2D screen and is a real time scenario .

• Each item has different responses to action.

• The user actions, interactions and inputs towards the objects or toward the 3D virtual environment creates the user’s 3D password.

• Communication between users can range from text, graphical icons, visual gesture, sound, and rarely, forms using touch, voice command, and balance senses.

• 3D virtual environment affects the usability, effectiveness and acceptability of a 3D password system.

• 3D environment reflects the administration needs and security requirements.

Virtual objects can be any objects we encounter in real life such as:

A computer on which user can type.

An ATM machine that requires a token (ATM card).

A fingerprint reader that requires user fingerprints.

A paper or white board on which user can write.

A light that can be switched on/off.

A television.

A radio.

A car that can be driven.

A graphical password scheme.

The action towards an object that exists in location (x1,y1,z1) is different from action towards an another object at (x2,y2,z2).

To perform the legitimate 3D password the user must follow the same scenario performed by the legitimate user.

This means interacting with the same objects that reside at exact location and perform the exact actions in the proper sequence.

1. Time Complexity :Let us assume that A is the virtual 3D environment plotting and B is algorithmic processing. Then,

Time complexity = Am + Bn

where ‘m’ is time required to communicate with system, and ‘n’ is time required to process each algorithm in 3D environment.

2. Space Complexity:• System include 3D virtual environment, so that each point in this

environment will having 3 co-ordinate values.

• Any point from 3D virtual environment is represented in the form of (X, Y, Z). X, Y & Z are the coordinate values stored for particular point.

• Space complexity = n3

3. Class Of Problem:Three types of classes provided are:

(a) P class: A decision problem is in P if there is a known polynomial-time algorithm to get that answer.

(b) NP-hard class: Decision problem is in NP if there is a known polynomial-time algorithm for a non-deterministic machine to get the answer.

(c) NP complete class: NP-complete if you can prove that (1) it‘s in NP, and (2) show that it‘s poly-time reducible to a problem already known to be NP-complete.

• Let us consider a 3D virtual environment space of size G x G x G. The 3D environment space is represented by the coordinates (x,y,z) ϵ [1,…,G] x [1,…,G] x [1,…,G].

• The objects are distributed in the 3D virtual environment with unique (x,y,z) coordinates. We assume that the user can navigate into the 3D virtual environment and interact with the objects using any input device such as a mouse, keyboard, fingerprint scanner, iris scanner, card readers, microphones, stylus, etc.

• Let us consider a user who navigates through the 3D virtual environment that consists of an office and a meeting room. Let us assume that the user is in the virtual office and the user turns around the door located in (1,2,3) and opens it. Then, the user closes the door. The user then finds a computer to the left, which exists in the position (4,5,6), and the user types “ABC”. The initial representation of user actions in the 3D virtual environment can be recorded as follows:

(1,2,3) action = open the office door

(1,2,3) action = close the office door

(4,5,6) action = typing “A”

(4,5,6) action = typing “B”

(4,5,6) action = typing “C”

Typical Textual

Password

Enter User Name

Performing Graphical Password

Moving Inside Virtual 3D

Environment

Performing Biometrics

Changing Item Status

Verifying

Typing a letter or a number Clicks

Access not granted

Login password

Access granted

Specific key

password

Click on a graphical password

item

Specific key pressed

Biometric item is checked

Move object,Turn ON/OFF

C++

Java and Java3D

.NET languages such as C# or Visual Basics

Parrot virtual machine

OpenGL library :

(i) uses both graphics and CAD programs.

(ii) supported on Windows, Macintosh, UNIX workstations, PCs, X-Box, Linux, etc.

GLUT :

(i) library for using C++ and OpenGL

Direct 3D :

(i) supported only on Microsoft windows platforms and X-box.

1. Brute Force Attack: A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). The attack is difficult because:

(i) Required time to login: Time required to login may vary from 20 seconds to 2 minutes. So, is time consuming.

(ii) Cost of attack: Cost of creating 3D virtual environment is very high.

2. Well Studied Attack:

(i) Attacker has to study whole password scheme.

(ii) Attacker has to try combination of different attacks on scheme.

(iii) As 3D password scheme is multi-factor & multi-password authentication scheme, attacker fail to studied whole scheme. This attacks also not much effective against 3D password scheme.

3. Shoulder Suffering Attack:

(i) An attacker uses a camera to record the password.

(ii) 3D password contains biometric identifications, so are difficult to break.

4. Timing Attack:

(i) The attacker observes how long it takes a legitimate user to perform a correct sign-in using 3D password.

(ii) Helps in determining length of password.

(iii) Effective if the 3D virtual environment is designed correctly.

5. Key logger:

(i) Attacker install as software called key logger on system where authentication scheme is used.

(ii) Software stores text entered through keyboard and those text are stored in text file.

(iii) More effective and useful for only textual password. Fails in case of 3D password because it includes biometrics which are hard to crack.

1. Provides high security.

2. Flexible, as it provides multifactor authentication ,i.e., token based, knowledge based, biometrics.

3. Provides infinite number of password possibilities.

4. Can be memorized in form of short stories.

5. Implementation of system is easy.

6. Ease to change password anytime.

7. Helps to keep lot of personal details.

8. Due to the use of multiple schemes in one scheme password space is increased to great extent.

1. Difficult for blind people to use this technology.

2. A lot of program coding is required.

3. Very expensive.

4. Time and memory requirement is large.

1. Critical servers.

2. Nuclear reactors and military facilities.

3. Airplanes, jet fighters and missile guiding.

4. Networking.

5. A small virtual environment can be used in following areas:

(i) ATM.

(ii) Desktop computers and laptop logins.

(iii) Web authentication.

(iv) Security analysis.

The authentication can be improved with 3D password, because the unauthorized person may not interact with same object at a particular location as the legitimate user.

It is difficult to crack because it has no fixed number of steps and a particular procedure.

Added with biometrics and token verification this scheme becomes almost unbreakable.

www.ifet.ac.in

3Dvas.com

www.ijesit.com

www.sri.com

https://www.youtube.com/watch?v=Tw1mXjMshJE