kanishka_3d passwords
DESCRIPTION
A novel 3D password based authentication scheme and its evaluationTRANSCRIPT
3D PASSWORDKanishka Khandelwal
Final Year,Dept of Computer Science and engineering,
Jadavpur University
04/12/2023
Authentication Existing Systems Proposed 3D password system 3D Virtual environment Expected Functionalities The Idea System Implementation Objects Required Security Analysis Applications Conclusion
Contents
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
Who you are to whom you claimed to be?
Authentication
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
What you know (knowledge based). What you have (token based). What you are (biometrics). What you recognize (recognition based).
General authentication techniques
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
Textual passwords Graphical passwords Biometrics Token based
Existing Systems
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
Most common authentication technique used in Computer world
Two conflicting requirements: passwords should be easy to remember and hard to guess
Kept very simple say a word from the dictionary or their pet names , girlfriends etc
Klien cracked 25% of the passwords using a very small sized but well formed dictionary.
Drawback- Guessable!
Textual Passwords
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
Biometrics consists of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits
Drawbacks- Intrusiveness to privacy Biometrics cannot be revoked Resistance to exposure of retinas to IR rays
Biometrics
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
Users can recall and recognize pictures more than words.
Password space is less than or equal to textual password space.
Vulnerable to Shoulder attack Process of selecting a set of pictures from
the picture database can be tedious and time consuming for the user
Graphical passwords
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
Vulnerable to loss or theft or duplication User has to carry the token whenever
access required
Token based
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
The 3-D password is a multifactor authentication scheme.
The 3D password combines all existing authentication schemes into one three-dimensional virtual environment.
Users have the freedom to select whether the 3D password will be solely recall, biometrics, recognition, or token based, or a combination of two schemes or more
3D Password
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
The following requirements are satisfied Secrets are easy to remember and very
difficult for intruders to guess Secrets are not easy to write down on paper
and difficult to share with others Secrets can be easily revoked or changed.
3D Password Contd…
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
The three-dimensional virtual environment consists of many items or objects.
Each item has different responses to actions The user actions, interactions and inputs
towards the objects or towards the three-dimensional virtual environment creates the user’s 3D password.
3D Virtual Environment
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
The user can decide his own authentication schemes.
The 3D environment can change according to users request.
It would be difficult to crack using regular techniques.
Can be used in critical areas such as Nuclear Reactors, Missile Guiding Systems etc.
Added with biometrics and card verification, the scheme becomes almost unbreakable.
Expected Functionalities
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
large number of possible passwords because of the high number of possible actions and interactions towards every object and towards the three dimensional virtual environment.
The authentication can be improved since the unauthorized persons will not interact with the same object as a legitimate user would. We can also include a timer. Higher the security higher the timer. Say after 20 seconds a weak password will be thrown out.
Expected Functionalities Contd..
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
The user navigates through a three dimensional virtual environment
The combination and the sequence of the user’s actions and interactions towards the objects in the three dimensional virtual environment constructs the user’s 3D password.
The Idea
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
For example, the user can enter the virtual environment and type something on a computer that exists in (x1 , y1 , z1 ) position, then enter a room that has a fingerprint recognition device that exists in a position (x2 , y2 , z2 ) and provide his/her fingerprint. Then, the user can go to the virtual garage, open the car door, and turn on the radio to a specific channel. The combination and the sequence of the previous actions toward the specific objects construct the user’s 3D password
System Implementation
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
A computer with which the user can type. A fingerprint reader that requires the user’s
fingerprint. A light bulb A biometric recognition device. A television or radio where channels can be
selected. A car that can be driven. Any graphical password scheme. Any real life object. Any upcoming authentication scheme.
Objects Required
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
The action towards an object (assume a fingerprint recognition device) that exists in location (x1, y1 , z1 ) is different from the actions toward a similar object (another fingerprint recognition device) that exists in location (x2 , y2 , z2 ). Therefore, to perform the legitimate 3D password, the user must follow the same scenario performed by the legitimate user. This means interacting with the same objects that reside at the exact locations and perform the exact actions in the proper sequence
Principle
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
Let us consider a 3D virtual environment space of size G ×G × G. The 3D environment space is represented by the coordinates (x, y, z) ∈ [1, . . . , G] ×[1, . . . , G] ×[1, . . . , G ]. consider a user who navigates through the 3D virtual environment that consists of an office and a meeting room . Let us assume that the user is in the virtual office and the user turns around to the door located in (10, 24, 91) and opens it . Then, the user closes the door. The user then finds a computer to the left, which exists in the position (4, 34, 19), and the user types “FALCON.” The initial representation of user actions in the 3Dvirtual environment can be recorded as follows
3D PASSWORD SELECTION AND INPUT
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
(10, 24, 91) Action = Open the car door. (10, 24, 91) Action = Close the car door. (4, 34, 19) Action = Typing, “F”. (4, 34, 18) Action = Typing, “A”. (4, 34, 17) Action = Typing, “L”. (4, 34, 16) Action = Typing, “C”. (4, 34, 15) Action = Typing, “O”. (4, 34, 14) Action = Typing, “N”.
The Password
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
State Diagram
04/12/2023
The Size of the 3D Password Space -We noticed that by increasing the number of
objects in the three-dimensional virtual environment, the 3D password space increases exponentially.
Security analysis
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
A Comparision
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
3D Password Distribution Knowledge - Knowledge about the user’s selection of
three-dimensional passwords is not available
- knowledge about the design of a three-dimensional virtual environment is required by the attacker
- the attacker must have knowledge about every single authentication scheme
Security Analysis contd…
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
The 3D password can have a password space that is very large compared to other authentication schemes, so the 3D password’s main application domains are protecting critical systems and resources
Critical server Nuclear and military facilities . Airplanes and jet fighters
Applications
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
In addition, 3D passwords can be used in less critical systems
A small virtual environment can be used in the following systems like
ATM Personal Digital Assistance Desktop Computers & laptop logins Web Authentication Security Analysis
Other applications
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
Snapshot of a virtual proof-of-concept art gallery
A virtual art gallery that consist of 36 pictures and 6 computerswhere users can navigate and interact with virtual objects by either typing or drawing. http://www.youtube.com/watch?v=4bvMo1NiyX0
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
1.The user can decide his own authentication schemes. If he's comfortable with Recall and Recognition methods then he can choose the 3d authentication just used above.
2.The authentication can be improved since the un authorized persons will not interact with the same object as a legitimate user would. We can also include a timer .Higher the security higher the time.
3.The 3D environment can change according to users request. 4.It would be difficult to crack using regular techniques .Since all the
algorithms follow steps to authenticate ,the scheme has no fixed number of steps .Hence to calculate all those possibilities and decipher them is not easy.
5.Can be used in critical areas such as Nuclear Reactors, Missile Guiding Systems etc.
6.Added with biometrics and card verification ,the scheme becomes almost unbreakable.
Conclusion
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023
A Novel 3D Graphical Password Schema - Fawaz A Alsulaiman and Abdulmotaleb El Saddik
http://www.authorstream.com/Presentation/kkarthikeyan08-895930-3d-password/
http://www.technospot.net/blogs/what-is-3d-password-scheme-3/
References
Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
04/12/2023Kanishka Khandelwal,Dept of Comp Sc. and Engg,J.U.
Thank you for your attention