Date post: | 22-May-2015 |
Category: |
Technology |
Upload: | shwetaag |
View: | 48,195 times |
Download: | 2 times |
3-D Password Scheme
For more secure authentication
Authentication
Authentication is a process of validating who are you to whom you claimed to be
Human authentication techniques are as follows:
1. Knowledge Base (What you know)2. Token Based(what you have)
3. Biometrics(what you are)
4. Recognition Based(What you recognise)
Common Authentication Techniques used in computer world1. Textual Passwords(Recall Based)-:Recall
what you have created before.
2. Graphical Passwords: (Recall Based+Recognition Based)
Biometric schemes (fingerprints,voice recognition etc)
Drawbacks
Textual Password:◦ Textual Passwords should be easy to
remember at the same time hard to guess◦ Full password space for 8 characters
consisting of both numbers and characters is 2 X 10¹⁴
◦ From an research 25% of the passwords out of 15,000 users can guessed correctly by using brute force dictionary
Drawbacks
Graphical Password◦ Graphical passwords can be easily
recorded as these schemes take a long time.
◦ One main drawback of applying biometric is its intrusiveness upon a users personnel characteristics.
◦ They require special scanning device to authenticate the user which is not acceptable for remote and internet users.
3D PASSWORD SCHEME
The 3D Password scheme is a new authentication scheme that combine
RECOGNITION + RECALL +TOKENS +BIOMETRICIn one authentication system
The 3D password presents a virtual environment containing various virtual objects.
The user walks through the environment and interacts with the objects
The 3d Password is simply the combination and sequence of user interactions that occur in the 3D environment
3D Password selectionVirtual objects can be any object we
encounter in real life:A computer on which the user can typeA fingerprint reader that requires users fingerprintA paper or white board on which user can typeA Automated teller(ATM) machine that requires a tokenA light that can be switched on/offA television or radioA car that can be drivenA graphical password scheme
For EXAMPLE: Let us assume the user enters a virtual
office then performs the following action: (10,24,91) Action=Open office door (10,24,91) Action=Close office door (4,34,18) Action=Tpeine,”C” (4,34,18) Action=Typing,”O” (4,34,18)Action=Typing,”N” (10,24,80)Action=Pick up the pen (1,18,80)Action=Draw point=(330,130)
3D Passwords Differentiators Flexibility:3D Passwords allows Multifactor
authentication biometric , textual passwords can be embedded in 3D password technology.
Strength: This scenario provides almost unlimited passwords possibility.
Ease to Memorize: can be remembered in the form of short story.
Respect of Privacy: Organizers can select authentication schemes that respect users privacy.
3D Password Application AreasCritical ServersNuclear and military FacilitiesAirplanes and JetFightersATMs,Desktop and Laptop Logins, Web
Authentication
Attacks and CountermeasuresBrute Force Attack: The attack is very difficult
because1. Time required to login may vary form 20s to 2 min
therefore it is very time consuming.2. Cost of Attack: A 3D Virtual environment may contain
biometric object ,the attacker has to forge all biometric information.
Well Studied Attack: Attacker tries to get the most probable distribution of 3D Password. This is difficult because attacker has to perform customized attack fo different virtual environment .
Shoulder Surfing Attacks: Attacker uses camera to record the users 3D passwords.This attack is more succesful
Timing Attack: The Attacker observes how long it takes the legitimate user to perform correct log in using 3D Password.which gives an indication of 3-D Passwords length.This attack cannot be succesful since it gives the attacker mere hints.
QUERIES ??...