Abstract

Currentauthenticationsystemssufferfrommanyweaknesses.Textualpasswords

arecommonlyused;however,usersdonotfollow theirrequirements.Userstendto

choosemeaningfulwordsfromdictionaries,whichmaketextualpasswordseasyto

breakandvulnerabletodictionaryorbruteforceattacks.Manyavailablegraphical

passwordshaveapasswordspacethatislessthanorequaltothetextualpassword

space.Smartcardsortokenscanbestolen.Manybiometricauthenticationshave

beenproposed;however,userstendtoresistusingbiometricsbecauseoftheir

intrusivenessandtheeffectontheirprivacy.Moreover, biometricscannotbe

revoked.Inthispaper,wepresentandevaluateourcontribution,i.e.,the3-D

password.The3-Dpasswordisamultifactorauthenticationscheme.Tobe

authenticated,wepresenta3-Dvirtualenvironmentwheretheusernavigatesand

interactswithvariousobjects.Thesequenceofactionsandinteractionstowardthe

objectsinsidethe3-Denvironmentconstructstheusers3-Dpassword.The3-D

passwordcancombinemostexistingauthenticationschemessuchastextual

passwords,graphicalpasswords,andvarioustypesofbiometricsintoa3-Dvirtual

environment.Thedesignofthe3-Dvirtualenvironmentandthetypeofobjects

selecteddetermine the 3-Dpasswordkeyspace.

 Acknowledgement

AsIwritethisacknowledgement,Imustclarifythatthisisnotjustaformalacknowledgement
butalsoasincerenoteofthanksandregardfrommyside.Ifeeladeepsenseofgratitudeand affectionfor
thosewhowereassociatedwith thisseminar. Withouttheirco-operationand guidancethis
seminarcould not havebeenconducted properly.

Iamalsoindebtedto myfriendsandfamilyfortheirconstantsupportandtheirpricelessreviews which

helped meto takethis seminarto its currentlevel.

<Your Name>
 TABLEOFCONTENTS

Abstract i

1. 3Dpasswords 1

1.1.Introduction 1

1.1.RelatedWorks 4

1.2.Scheme 6

1.2.1. Overview 6

1.2.2. SelectionandInputs 8
1.2.3. 3-DvirtualEnvironmentDesignGuidelines 9
1.2.4. Applications 12
1.3.SecurityAnalysis 13
1.3.1. PasswordSpace Size 14
1.3.2. PasswordDistributionKnowledge 16
1.3.3. AttacksandCountermeasures 17
1.4.Experimentalresults 20
1.4.1. ExperimentalVirtual3Denvironment 20
1.4.2. User Study 21

2. Literature Review 22

3. ConclusionandFuture work 23

References 25
 INTRODUCTION
Thedramaticincreaseofcomputerusagehasgivenrisetomanysecurityconcerns.Onemajor
securityconcernisauthentication,whichistheprocessofvalidatingwhoyouaretowhomyou claimed to
be.Ingeneral, human authenticationtechniques can be classified as:

TextualPasswo
KnowledgeBased-
WhatyouKNOW
rd Graphical

Password

ATMcards

HumanAuthenti TokenBased- Keys

cation WhatyouHA
techniques VE

IDcards

Fingerprin
ts,Palmpri
nts
Biometrics-
WhatyouA
Handgeometry
RE

Face,Iris,Voic
e,Retinarecog
nition

Figure 1 Human Authentication Techniques-Classification

Textual
passwords

Recall-basedtechniquesrequiretheusertorepeatorreproduceasecretthattheusercreatedbefore.
Recognitionbasedtechniquesrequiretheusertoidentifyandrecognizethesecret,orpartofit,that
theuserselectedbefore.Oneofthemostcommonrecall-basedauthenticationschemesusedinthe
computerworldistextualpasswords.Onemajordrawbackofthetextualpasswordisitstwo
conflictingrequirements:theselectionofpasswordsthatareeasytorememberand,atthesametime, arehard
toguess.
 [2]
Klein collectedthepasswordsofnearly15000accountsthathadalphanumericalpasswords,and
hereachedthefollowingobservation:25%ofthepasswordswereguessedbyusingasmallyetwell-
6
formeddictionaryof3X10 words.Furthermore,21%ofthepasswordswereguessedinthefirst weekand
[2]
368passwordswereguessed within thefirst 15 min. Klein stated that bylooking at these
resultsinasystemwithabout50accounts,thefirstaccountcanbeguessedin2minand515
[2]
accountscanbeguessedinthefirstday.Klein showedthateventhoughthefulltextualpassword
14
spaceforeight-characterpasswordsconsistingoflettersandnumbersisalmost2X10 possible
passwords,itiseasytocrack25%ofthepasswordsbyusingonlyasmallsubsetofthefullpassword
space.ItisimportanttonotethatKleinsexperimentwasin1990whentheprocessingcapabilities, memory,
networking, and otherresources wereverylimited compared to todays technology.

Graphical
passwords

Variousgraphicalpasswordschemeshavebeenproposed.Graphicalpasswordsarebasedontheidea
thatuserscanrecallandrecognizepicturesbetterthanwords.However,someofthegraphical
passwordschemesrequirealongtimetobeperformed.Moreover,mostofthegraphicalpasswords
canbeeasilyobservedorrecordedwhilethelegitimateuserisperformingthegraphicalpassword;
thus,itisvulnerabletoshouldersurfingattacks.Currently,mostgraphicalpasswordsarestillintheir research
phase and requiremoreenhancements and usabilitystudies to deploythem in themarket.

Biometric
s

Manybiometricschemeshavebeenproposed;fingerprints,palmprints,handgeometry,face
recognition,voicerecognition,irisrecognition,andretinarecognitionarealldifferentbiometric
schemes.Eachbiometricrecognitionschemehasitsadvantagesanddisadvantagesbasedonseveral
factorssuchasconsistency,uniqueness,andacceptability.Oneofthemaindrawbacksofapplying
biometricsisitsintrusivenessuponauserspersonalcharacteristic.Moreover,retinabiometrical
recognitionschemesrequiretheusertowillinglysubjecttheireyestoalow-intensityinfraredlight.
Inaddition,mostbiometricsystemsrequireaspecialscanningdevicetoauthenticateusers,whichis not
applicable forremoteandInternet users.
3D
Passwords

The3-Dpasswordisamultifactorauthenticationscheme.Itcancombineallexistingauthentication
schemesintoasingle3-Dvirtualenvironment.This3-Dvirtualenvironmentcontainsseveralobjects
oritemswithwhichtheusercaninteract.Thetypeofinteractionvariesfromoneitemtoanother. The3-
Dpasswordisconstructedbyobservingtheactionsandinteractionsoftheuserandby
observingthesequencesofsuch actions.

Itistheuserschoicetoselectwhichtypeofauthenticationtechniqueswillbepartoftheir3-D
password.Thisisachievedthroughinteractingonlywiththeobjectsthatacquireinformationthatthe useris
comfortablein providingand ignoringtheobjectsthat request information that theuserprefers
nottoprovide.Forexample,ifanitemrequestsanirisscanandtheuserisnotcomfortablein
providingsuchinformation,theusersimplyavoidsinteractingwiththatitem.Moreover,givingthe
userthefreedomofchoiceastowhattypeofauthenticationschemeswillbepartoftheir3-D
passwordandgiventhe largenumberof objects and items in theenvironment, thenumber of possible 3-
Dpasswordswillincrease.Thus,itbecomesmuchmoredifficultfortheattackertoguessthe users 3-D
password.
 RELATEDWORKS
[6][8] [10][12] [6]
Manygraphicalpasswordschemeshavebeenproposed , .Blonder introducedthefirst
graphicalpasswordschema.Blondersideaofgraphicalpasswordsisthatbyhavingapredetermined
image,theusercanselectortouchregionsoftheimagecausingthesequenceandthelocationofthe
[6]
touchestoconstructtheusersgraphicalpassword.AfterBlonder ,thenotionofgraphical passwords
wasdeveloped. Many graphical password schemes have been proposed.

DjVu

Recogniti Passfaces
on
Based

Graphic StoryScheme
al
passwor
ds Passpoint
Recall
Based
DrawaSecr

et
(DAS)

Figure 2 Graphical Passwords-Classification

[7]
DhamijaandPerrig proposedDjVu,whichisaRecognition-basedgraphicalpasswordsystem
thatauthenticatesUsersbychoosingportfoliosamongdecoyportfolios.Theseportfoliosareart
randomizedportfolios.Eachimageisderivedfroman8-Bseed.Therefore,anauthenticationserver
doesnotneedtostorethewholeimage;itsimplyneedstostorethe8-Bseed.Anotherrecognition-
basedgraphicalpasswordisPassfaces.Passfacessimplyworksbyhaving theuserselecta
subgroupofkfacesfromagroupofnfaces.

F
orauthentication,thesystemshowsmfacesandoneof
thefacesbelongstothesubgroupk.Theuserhastodotheselectionmanytimestocompletethe
[9]
authenticationprocess.AnotherschemeistheStoryscheme ,whichrequirestheselectionof pictures
ofobjects (people, cars, foods, airplanes,sightseeing, etc.)to form astoryline. Davis etal.
c
oncludedthattheuserschoicesinPassfacesandintheStoryschemeresultinapasswordspacethat

is far less than the theoretical entropy. Therefore,it leads to an insecureauthentication scheme.
 [6]
ThegraphicalpasswordschemaofBlonder isconsideredtoberecallbasedsincetheusermust
[10][12]
rememberselectionlocations.Moreover,PassPoint isarecall-basedgraphicalpassword schema,
whereabackground pictureis presented and the user is freeto select anypoint on the picture
astheuserspassword(usersPassPoint).DrawaSecret(DAS),whichisarecall-basedgraphical
[13]
passwordschemaandintroducedbyJermynetal. ,issimplyagridinwhichtheusercreatesa drawing.
Theusers drawings, whichconsist of strokes, areconsidered to bethe users password.The
sizeandthecomplexityofthegridaffecttheprobablepasswordspace.Largergridsizesincreasethe
fullpasswordspace.However,thereare limitationsingridcomplexityduetohumanerror.It
becomesveryhardtorecallwhere thedrawingstartedandendedandwherethemiddlepointswere if
wehaveverylargegrid sizes.

Oneimportant typeofauthenticationis basedonwhoyouareor,inotherwords, biometrics.

Biometricrecognitionsystemshavebeenexhaustivelystudiedasawayofauthentication.
Fingerprints,palmprints,facerecognition,voicerecognition,andirisandretinarecognitionareall different
methodologiesofbiometric recognition systems.

Humanpropertiesarevulnerabletochangefromtimetotimeduetoseveralreasonssuchas aging,
scarring,facemakeup, changeof hairstyle,and sickness (changeofvoice).

Peopletendtoresistbiometricsfordifferentreasons.Somepeoplethinkthatkeepingacopy
oftheusersfingerprintsisnotacceptableandisathreattotheusersprivacy.Inaddition, some
usersresist theidea ofalow-intensityinfrared lightoranyother kindof light directedat theireyes,
suchas in retina recognitionsystems.

Biometricscannotberevoked,whichleadstoadilemmaincasetheusersdatahavebeen
forged.Unlikeotherauthenticationschemeswheretheusercanalterhis/hertextualpassword
incaseofastolenpasswordorreplacehis/hertokenifithasbeenstolenorforged,ausers biometrics
cannot be revoked.
 SCHEME
Inthissection,wepresentamultifactorauthenticationschemethatcombinesthebenefitsofvarious
authentication schemes. We attempted to satisfythe followingrequirements.

1. ThenewschemeshouldnotbeeitherrecallbasedorRecognitionbasedonly.Instead,the
schemeshouldbeacombinationofrecall-,recognition-,biometrics-,andToken-based
authentication schemes.

2. Usersoughttohavethefreedomtoselectwhetherthe3-Dpasswordwillbesolelyrecall-,
biometrics-,recognition-,ortoken-based,oracombinationoftwoschemesormore.This
freedomofselectionisnecessarybecauseusersaredifferentandtheyhavedifferent
requirements.Someusersdonotliketocarrycards.Someusersdonotliketoprovide
biometricaldata,andsomeusershavepoormemories.Therefore,toensurehighuser acceptability,
the users freedom of selection is important.

3. Thenewschemeshouldprovidesecretsthatareeasytorememberandverydifficultfor intruders to
guess.

4. Thenewschemeshouldprovidesecretsthatarenoteasytowritedownonpaper.Moreover, the
scheme secrets should bedifficult to share with others.

5. Thenew scheme shouldprovide secretsthat can be easilyrevoked or changed.

Basedontheaforementionedrequirements,weproposeourcontribution,i.e.,the3-Dpassword
authentication scheme.

3.D Password
Overview

The3-Dpasswordisamultifactorauthenticationscheme.The3-Dpasswordpresentsa3-Dvirtual
environmentcontainingvariousvirtualobjects.Theusernavigatesthroughthisenvironmentand
interactswiththeobjects.The3-Dpasswordissimplythecombinationandthesequenceofuser
interactionsthatoccurinthe3-Dvirtualenvironment.The3-Dpasswordcancombinerecognition-,
recall-,token-,andbiometrics-basedsystemsintooneauthenticationscheme.Thiscanbedoneby
designinga3-Dvirtualenvironmentthatcontainsobjectsthatrequestinformationtoberecalled, information
to be recognized, tokens to be presented, and biometrical data to be verified. For
example,theusercanenterthevirtualenvironmentandtypesomethingonacomputerthatexistsin
(x1,y1,z1)position,thenenteraroomthathasafingerprintrecognitiondevicethatexistsina
position(x2,y2,z2)andprovidehis/herfingerprint.Then,theusercangotothevirtualgarage,open
thecardoor,andturnontheradiotoaspecificchannel.Thecombinationandthesequenceofthe previous
actions toward thespecific objects construct theusers 3-D password.

Virtualobjectscanbeanyobjectthatweencounterinreallife.Anyobviousactionsandinteractions
towardthereal-lifeobjectscanbedoneinthevirtual3-Denvironmenttowardthevirtualobjects.
Moreover,anyuserinput(suchasspeakinginaspecificlocation)inthevirtual3-Denvironmentcan be
considered as a part ofthe 3-D password. We can havethefollowingobjects:

1. A computer with which theusercan type;

2. A fingerprint reader thatrequires the users fingerprint;

3. A biometrical recognition device;

4. A paper or awhite boardthat ausercan write, sign, or Draw on;

5. An automated teller machine (ATM)that requestsatoken;

6. A light that can beswitched on/off;

7. A television or radiowherechannels can beselected;

8. A staple that can bepunched;

9. A car thatcan bedriven;

10. A book that can bemoved from one placeto another;

11. Anygraphical passwordscheme;

12. Anyreal-lifeobject;

13. Anyupcoming authentication scheme.

Theactiontowardanobject(assumeafingerprintrecognitiondevice)thatexistsinlocation(x1,y1,
z1)isdifferentfromtheactionstowardasimilarobject(anotherfingerprintrecognitiondevice)that
existsinlocation(x2,y2,z2),wherex1!=x2,y1!=y2,andz1!=z2.Therefore,toperformthe legitimate3-
Dpassword,theusermustfollowthesamescenarioperformedbythelegitimateuser.
Thismeansinteractingwiththesameobjectsthatresideattheexactlocationsandperformtheexact actions in
the proper sequence.

3.D Password Selection and

Inputs

Letusconsidera3-DvirtualenvironmentspaceofsizeGxGxG.The3-Denvironmentspaceis
representedbythecoordinates(x,y,z)[1,...,G]x[1,...,G]x[1,...,G].Theobjectsare distributedinthe3-
Dvirtualenvironmentwithunique(x,y,z)coordinates.Weassumethattheuser cannavigateintothe3-
Dvirtualenvironmentandinteractwiththeobjectsusinganyinputdevice
suchasamouse,keyboard,fingerprintscanner,irisscanner,stylus,cardreader,andmicrophone.We
considerthesequenceofthoseactionsandinteractionsusingthepreviousinputdevicesastheusers 3-
Dpassword.Forexample,considerauserwhonavigatesthroughthe3-Dvirtualenvironmentthat
consistsofanofficeandameetingroom.Letusassumethattheuserisinthevirtualofficeandthe
userturnsaroundtothedoorlocatedin(10,24,91)andopensit.Then,theuserclosesthedoor.The
userthenfindsacomputertotheleft,whichexistsintheposition(4,34,18),Andtheusertypes
FALCON.Then,theuserwalkstothemeetingroomandpicksupapenlocatedat(10,24,80)and
drawsonlyonedotinapaperlocatedin(1,18,30),whichisthedot(x,y)coordinaterelativetothe
paperspaceis(330,130).Theuserthenpressestheloginbutton.Theinitialrepresentationofuser actions in
the 3-D virtualenvironment can be recorded as follows:

(10, 24, 91)Action =Open the officedoor;

(10, 24, 91)Action =Closethe officedoor;

(4, 34, 18)Action =Typing,F;

(4, 34, 18)Action =Typing, A;

(4, 34, 18)Action =Typing, L;

(4, 34, 18)Action =Typing, C;

(4, 34, 18)Action =Typing, O;

 (4, 34, 18)Action =Typing, N;

(10, 24, 80)Action =Pick up the pen;

(1, 18, 80)Action =Drawing, point = (330, 130).

(a) (b)

Figure 3(a)Snapshotof a proof-of-concept 3-D virtual environment, wherethe user is typing a textual
password on a virtual computer as apart of theusers 3-D password. (b)Snapshot of a proof- of-
concept virtual art gallery, which contains 36 pictures and six computers

Tosimplifytheideaofhowa3-Dpasswordworks,Fig.4showsastatediagramofapossible3-D password
authentication system.

3-DVirtual Environment DesignGuidelines

Designingawell-studied3-Dvirtualenvironmentaffects theusability,effectiveness, and

acceptabilityofa3-D password system. Therefore, the first step in buildinga3-Dpasswordsystemis
todesigna3-Denvironmentthatreflectstheadministrationneedsandthesecurityrequirements.The design
of 3-D virtual environments should follow theseguidelines.
 Figure4 Statediagram of a possible 3-D password application

1. Real-lifesimilarity:Theprospective3-Dvirtualenvironmentshouldreflectwhatpeopleare
usedtoseeinginreallife.Objectsusedinvirtualenvironmentsshouldberelativelysimilarin
sizetorealobjects(sizedtoscale).Possibleactionsandinteractionstowardvirtualobjects
shouldreflectreal-lifesituations.Objectresponsesshouldberealistic.Thetargetshouldhave a 3-D
virtual environmentthat users can interact with, byusing common sense.
2. Objectuniquenessanddistinction:Everyvirtual objectoriteminthe3-Dvirtualenvironment
isdifferentfromanyothervirtualobject.Theuniquenesscomesfromthefactthatevery
virtualobjecthasitsownattributessuchasposition.Thus,theprospectiveinteractionwith
object1isnotequaltotheinteractionwithobject2.However,havingsimilarobjectssuchas
20computersinoneplacemightconfusetheuser.Therefore,thedesignofthe3-Dvirtual environment
should considerthat everyobjectshould be distinguishablefrom other objects. A simplereal-
lifeexampleishomenumbering.Assumethatthereare20ormorehomesthat
looklikeeachotherandthehomesarenotnumbered.Itwouldbedifficulttodistinguish
whichhousewasvisitedamonthago.Similarly,indesigninga3-Dvirtualenvironment,it
shouldbeeasyforuserstonavigatethroughandtodistinguishbetweenobjects.The
distinguishingfactorincreasestheusersrecognitionofobjects.Therefore,itimprovesthe system
usability.

3. Three-dimensionalvirtualenvironmentsize:A3-Dvirtualenvironmentcandepictacityor
eventheworld.Ontheotherhand,itcandepictaspaceasfocusedasasingleroomoroffice.
Thesizeofa3-Denvironmentshouldbecarefullystudied.Alarge3-Dvirtualenvironment
willincreasethetimerequiredbytheusertoperforma3-Dpassword.Moreover,alarge3-D virtual
environment cancontain alargenumber of virtual objects. Therefore,the probable 3-D
passwordspacebroadens.However,asmall3-Dvirtualenvironmentusuallycontainsonlya
fewobjects,and thus, performinga3-D passwordwill takeless time.

4. Numberofobjects(items)andtheirtypes:Partofdesigninga3-Dvirtualenvironmentis
determiningthetypesofobjectsandhowmanyobjectsshouldbeplacedintheenvironment.
Thetypesofobjectsreflectwhatkindofresponsestheobjectwillhave.Forsimplicity,we
canconsiderrequestingatextualpasswordorafingerprintasanobjectresponsetype.
Selectingtherightobjectresponsetypesandthenumberofobjectsaffectstheprobable password
spaceofa3-Dpassword.

5. Systemimportance:The3-Dvirtualenvironmentshouldconsiderwhat systemswillbe
protectedbya3-Dpassword.Thenumberofobjectsandthetypesofobjectsthathavebeen usedin
the3-D virtual environment should reflectthe importanceof theprotected system.
3.D Password Applications

Becausea3-Dpasswordcanhaveapasswordspacethatisverylargecomparedtoother
authenticationschemes,the3-Dpasswordsmainapplicationdomainsareprotectingcriticalsystems and
resources. Possible criticalapplications include the following.

1. Criticalservers:Manylargeorganizationshavecriticalserversthatareusuallyprotectedbya
textualpassword.A3-Dpasswordauthenticationproposesasoundreplacementforatextual
password.Moreover,entrancestosuchlocationsareusuallyprotectedbyaccesscardsand
sometimesPINnumbers.Therefore,a3-Dpasswordcanbeusedtoprotecttheentranceto
suchlocations and protect theusageof such servers.

2. Nuclearandmilitaryfacilities:Suchfacilitiesshouldbeprotectedbythemostpowerful
authenticationsystems.The3-Dpasswordhasaverylargeprobablepasswordspace,and
sinceitcancontaintoken-,biometrics-,recognition-,andknowledge-basedauthenticationsin
asingleauthentication system, it isasound choiceforhigh level securitylocations.

3. Airplanesandjetfighters:Becauseofthepossiblethreatofmisusingairplanesandjetfighters
forreligion-politicalagendas,usageofsuchairplanesshouldbeprotectedbyapowerful
authentication system. The3-D password is recommended forthesesystems.

Inaddition,3-Dpasswordscanbeusedinlesscriticalsystemsbecausethe3-Dvirtualenvironment
canbedesignedtofitanysystemsneeds.Asmall3-Dvirtualenvironmentcanbeusedinmany systems,
includingthe following:

1. ATMs;

2. Personal digital assistants;

3. Desktop computers and laptop logins;

4. Web authentication.
 SECURITYANALYSIS
Toanalyseandstudyhowsecureasystemis,wehavetoconsiderhowharditisfortheattackerto
breaksuchasystem.Apossiblemeasurementisbasedontheinformationcontentofapassword
[13]
space,whichisdefinedin astheentropyoftheprobabilitydistributionoverthatspacegivenby
therelativefrequenciesofthepasswordsthatusersactuallychoose.Wehaveseenthattextual
passwordspacemayberelativelylarge;however,anattackermightonlyneedasmallsubsetofthe
[2]
fullpasswordspaceasKlein observedtosuccessfullybreaksuchanauthenticationsystem.Asa
result,itisimportanttohaveaschemethathasaverylargepossiblepasswordspaceasonefactor for
increasingtheworkrequiredbytheattackertobreaktheauthenticationsystem.Anotherfactoristo
findaschemethathasnopreviousorexistingknowledgeofthe mostprobableuserpassword selection, which
can alsoresistthe attack on suchan authentication scheme.

Figure5-Passwordspaceofthe3-Dpassword,textualpassword,Passfaces,andDASwithgrid
sizesof55and1010.Lengthisthenumberofactionsandinteractionsfora3-Dpassword,the
numberofcharactersfortextualpasswords,thenumberofselectionsforPassfaces,andthenumber
ofpointsthatrepresentthestrokesforDAS.Thelengthisuptoeight(characters/actions, interactions,
inputs/selections)..
3-DPassword SpaceSize

Oneimportantfactortodeterminehowdifficultitistolaunchanattackonanauthenticationsystem is
thesizeof thepassword space.To determinethe3-D password space, wehaveto countall possible 3-
Dpasswordsthathaveacertainnumberofactions,interactions,andinputstowardallobjectsthat existinthe3-
Dvirtualenvironment.Weassumethatthelengthofthe3-DpasswordisLmax,andthe probabilityof the3-D
password of sizegreater thanLmaxis zero.

Tomeasurethe3-Dpasswordspace,wewillcalculate(Lmax,G)ona3-Dvirtualenvironmentthat
hasthespace(GxGxG)fora3-Dpasswordofalength(numberofactions,interactions,and inputs) of
Lmaxorless.

Inthefollowingexpression,ACrepresentsthepossibleactionstowardthe3-Dvirtualenvironment, whereas
represents thetotal numbers ofpossible 3-D passwords oflengthLmaxorless:

In thefollowing expression (2),Omaxis thenumber ofobjects in the 3-D virtual environment:

Wherexi=xj,yi=yj,andzi=zj,onlyifi=j.Thedesignofthe3-Denvironmentwilldeterminethe
valueofOmax.Thevariablemrepresentsallpossibleactionsandinteractionstowardallexisting
objectsOi.However,g(AC)countsthetotalnumberofactionsandinputstowardthe3-Dvirtual
environment,whereasm,aswementionedbefore,countstheactionsandinteractionstowardthe
objects.Anexampleofg(AC)canbeausermovementpattern,whichcanbeconsideredasapartof the users 3-
D password.

ThefunctionisthenumberofpossibleactionsandinteractionstowardtheobjectOibasedonthe
objecttypeTi.Objecttypescanbetextualpasswordobjects,DASobjects,oranyauthentication scheme.
Thefunctionfisdeterminedfromtheobjecttype.Itcountsthepossibleactionsandinteractionsthat
theobjectcanaccept.IfweassumethatanobjectKeyboardisinlocation(x0,y0,z0)oftype=
textualpassword,fwillcountthepossiblecharactersandnumbersthatcanbetyped,whichisaround
93possibilities.Aswementionedbefore,anobjecttypeisoneoftheimportantfactorsthataffects
theoverallpasswordspace.Therefore,higheroutcomesoffunctionfmeanlarger 3-Dpasswordspace size.

Figure6 -Password spaceof the3-D password, textual password, Passfaces, and DAS with grid sizes
of 5 5 and 10 10. Length is the number of actions and interactionsfor a 3-D password, the
number of characters fortextual passwords, thenumber of selections for Passfaces, and thenumber
of points that represent thestrokes for DAS. Thelength is up to eight (characters/actions,
interactions, inputs/selections).
 Figure 7-observing thenumber of possible actions/interactions of a 3-D password within a 3-D
environment specified in Section V-A compared tothe two critical points oftextual passwords. Point
[2] 6
a is thebit size of Klein (3 10 )dictionaryof eight-character textualpasswords. Point b
represents thefull password spaceof eight-character textual passwords.

Fig.7showsthepointswherethe3-Dpasswordexceedstwoimportanttextualpasswordpoints.
Pointashowsthatbyhavingonlytwoactionsandinteractionsasa3-Dpassword,the3-D
[2]
passwordexceedsthenumber oftextualpasswordsusedbyKlein tobreak25%oftextual
passwordsofeightcharacters.Pointbrepresentsthefulltextualpasswordspaceofeightcharacters
orless.Itshowsthat byperformingonlyfourinteractions,actions,andinputsasa3-Dpassword,the 3-D
password spaceexceeds the full textual passwords of eight characters or less.

Fromthepreviousequations,weobservethatthenumberofobjectsandthetypeofactionsand
interactionsdeterminestheprobablepasswordspace.Therefore,thedesignofthe3-Dvirtual
environmentisaverycriticalpartofthe3-Dpasswordsystem.Figs.4and5illustratetheresulting
passwordspaceoftheproposed3-Dpasswordcomparedtotextualpassword,Passfaces,andDASof
agridof5x5and10x10,respectively.Noticethedifferencebetweena3-Dpasswordsbuiltona simple 3-D
virtual environment compared to theother authenticationschemes.

3-DPassword Distribution Knowledge

Studyingtheusersbehaviorofpasswordselectionandknowingthemostprobabletextualpasswords
[2] 6
arethekeybehinddictionaryattacks.Klein usedsuchknowledgetocollectasmallsetof3x10
wordsthathaveahighprobabilityofusageamongusers.Thequestionishowhassuchinformation
(highlyprobablepasswords)beenfoundandwhy.Userstendtochoosewordsthathavemeaning,
suchasplaces, names, famouspeoplesnames,sportsterms,andbiologicalterminologies.Therefore,
findingthesedifferentwordsfromthedictionaryisarelativelysimpletask.Usingsuchknowledge
yieldsahighsuccessrateforbreakingtextualpasswords.Anyauthenticationschemeisaffectedby
[9] [8]
theknowledgedistributionoftheuserssecrets.AccordingtoDavisetal. ,Passfaces userstend
tochoosefacesthatreflecttheirowntasteonfacialattractiveness,race,andgender.Moreover,10%
[14]
ofmalepasswordshavebeenguessedinonlytwoguesses.Anotherstudy aboutuserselectionof
[13]
DAS concludedthatfortheirsecretpasswords,userstendtodrawthingsthathaveMeaning,
which simplifies the attackers
task.

Currently,knowledgeaboutuserbehaviorsonselectingtheir3-Dpassworddoesnotexist.Every
userhasdifferentrequirementsandpreferenceswhenselectingtheappropriate3-Dpassword.This
factwillincreasetheeffortrequiredtofindapatternofusershighlyselected3-Dpassword.In
addition,sincethe3-Dpasswordcombinesseveralauthenticationschemesintoasingle
authenticationenvironment,theattackerhastostudyeverysingleauthenticationschemeandhasto
discoverwhatthemostprobableselectedsecretsare.Fortextualpassword,thehighlyprobable
selectedtextualpasswordmightbedeterminedbytheuseofdictionaries.However,therearemany
authentication schemeswith undiscovered probable password space.

Sinceevery3-Dpasswordsystemcanbedesignedaccordingtotheprotectedsystemrequirements,
theattackerhastoseparatelystudyevery3-Dpasswordsystem.Thisisbecauseobjectsthatexistin one3-
Dpasswordsystemmightnotexistonother3-Dpasswordsystems.Therefore,moreeffortis required to build
theknowledgeof most probable 3-D passwords.

Attacks and
Countermeasures

Torealizeandunderstandhowfaranauthenticationschemeissecure,wehavetoconsiderall
possibleattackmethods.Wehavetostudywhethertheauthenticationschemeproposedisimmune
againstsuchattacksornot.Moreover,iftheproposedauthenticationschemeisnotimmune,wethen
havetofindthecountermeasuresthatpreventsuchattacks.Inthissection,wetrytocovermost
possibleattacksandwhethertheattackisvalidornot.Moreover,wetrytoproposecountermeasures forsuch
attacks.
1. BruteForceAttack:Theattackerhastotryallpossible3-Dpasswords.Thiskindofattackis
verydifficult forthe followingreasons.

a. Timerequiredtologin:Thetotaltimeneededforalegitimateusertologinmayvary
from20sto2minormore,dependingonthenumberofinteractionsandactions,the sizeofthe3-
Dvirtualenvironment,andthetypeofactionsandinteractionsdoneby theuserasa3-
Dpassword.Therefore,abruteforceattackona3-Dpasswordisvery difficult and time
consuming.

b. Costofattacks: Ina3-Dvirtualenvironmentthatcontainsbiometricrecognition
objectsandtoken-basedobjects,theattackerhastoforgeallpossiblebiometric
informationandforgealltherequiredtokens.Thecostofforgingsuchinformationis
veryhigh;therefore,crackingthe3-Dpasswordismorechallenging.Moreover,the
highnumberofpossible3-Dpasswordspaces(asshowninTableI)leaves theattackerwith
almost no chanceof breakingthe3-D password.

2.Well-StudiedAttack:Theattackertriestofindthehighestprobabledistributionof3-D
passwords.However,tolaunchsuchanattack,theattackerhastoacquireknowledgeofthe
mostprobable3-Dpassworddistributions.Acquiringsuchknowledgeisverydifficult
becausetheattackerhas tostudyalltheexisting authenticationschemesthatare usedinthe3-
Denvironment.Moreover,acquiringsuchknowledgemayrequireforgingallexisting
biometricaldataandmayrequireforgingtoken-baseddata.Inaddition,itrequiresastudyof
theusersselectionofobjects,oracombinationofobjects,thattheuserwilluseasa3-D
password.Moreover,a well-studiedattackisveryhardtoaccomplishsince theattackerhasto
performacustomizedattackfor everydifferent3-Dvirtualenvironmentdesign.Everysystem
canbeprotectedbya3-Dpasswordthatisbasedonaunique3-Dvirtualenvironment.This
environmenthasanumberofobjectsandtypesofobjectresponsesthatdifferfromanyother 3-
Dvirtualenvironment.Therefore,acarefullycustomizedstudyisrequiredtoinitializean effective
attack.

3. Shoulder SurfingAttack:Anattackerusesacamera torecordtheusers3-Dpassword ortries

towatchthelegitimateuserwhilethe3-Dpasswordisbeingperformed.Thisattackisthe
mostsuccessfultypeofattackagainst3-Dpasswordsandsomeothergraphicalpasswords.
 However,theusers3-Dpasswordmaycontainbiometricaldataortextualpasswordsthat
cannotbeseenfrombehind.Theattackermayberequiredtotakeadditionalmeasuresto
breakthelegitimateusers 3-Dpassword.Therefore,we assumethatthe3-Dpasswordshould
beperformed in a secureplacewhere ashoulder surfing attackcannot beperformed.

4. TimingAttack:Inthisattack,theattackerobserveshowlongittakesthelegitimateuserto
performacorrectsign-inusingthe3-Dpassword.Thisobservationgivestheattackeran
indicationofthelegitimateusers3-Dpasswordlength.However,thiskindofattackalone
cannotbeverysuccessfulsinceitgivestheattackermerehints.Therefore,itwouldprobably
belaunchedaspartofawell-studiedorbruteforceattack.Timingattackscanbevery effectiveif the3-
D virtual environment is poorlydesigned.
 EXPERIMENTAL RESULTS
Wehavebuiltanexperimental3-Dvirtualenvironmentthatcontainsseveralobjectsoftwotypes. The
firsttypeof responseisthetextualpassword.The secondtypeofresponseis requestinggraphical
passwords.Almost30usersvolunteeredtoexperimentwiththeenvironment.Weasked the
userstocreatetheir3-Dpasswordandtosign-inusingtheir3-Dpasswordseveraltimesoverseveral days.

Experimental Virtual 3-D Environment

Inourexperiment,wehaveusedJavaOpenGLtobuildthe3-Dvirtualenvironmentandwehave useda1.80-
GHzPentiumMCentrinomachinewith512-MBrandomaccessmemoryandATI MobilityRadeon 9600
video card.

Thedesignoftheexperimental3-Dvirtualenvironmentrepresentsanartgallerythattheusercan walk
through and isdepicted in Fig.3.

Table 1-Resulting number of possible 3-d passwords of total lengthLmax

UserStudy

Weconductedauserstudyon3-Dpasswordsusingtheexperimental3-Dvirtualenvironments.The
studyreviewedtheusageoftextualpasswordsandotherauthenticationschemes.Thestudycovered
almost30users.Theusersvariedinage,sex,andeducationlevel.Eventhoughitisasmallsetof
[13]
users,thestudyproducedsomedistinctresults .Weobservedthefollowingregardingtextual passwords,
3-D passwords, andotherauthentication schemes.

1. Mostuserswhousetextualpasswordsof912characterlengthsorwhouserandom charactersas a
passwordhave onlyoneto threeunique passwords.

2. Morethan 50%of userstextual passwords are eightcharacters or less.

3. Almost 25% ofusers usemeaningful words as theirtextual passwords.

4. Almost75%ofusersusemeaningfulwordsorpartiallymeaningfulwordsastheirtextual
passwords.Incontrast,only25%ofusersuserandomcharactersandlettersastextual passwords.

5. Over40%ofusershaveonlyonetothreeuniquetextualpasswords,andover90%ofusers have eight

uniquetextual passwords or less.

6. Over90%ofusersdonotchangetheirtextualpasswordsunlesstheyarerequiredtobythe system.

7. Over 95%of users understudyhaveneverused anygraphical passwordscheme asameans of

authentication.

8. Most users feel that 3-Dpasswords haveahighacceptability.

9. Mostusersbelievethatthereisnothreattopersonalprivacybyusinga3-Dpasswordasan
authentication scheme.
 LITERATURE REVIEW

http://www.ieeexplore.ieee.org:AnIEEEpaperpublishedin2008wasthebasicinformation
source.

http://www.youtube.com:Meticulousdetailsaboutthe3Dpasswordsand3Dvirtual environment
werethe result of various videos availableon YouTube.

http://www.3dvas.com:VASisanetworkof3DvirtualGalleriesfordisplayingartonthe
internet.Anyartistinterestedinmountinganexhibitioncandosoinasimple,userfriendly
way.Allyouhavetodoisopenanaccount(forfree),chooseanappropriate3Dgalleryand
uploadyourartworks.Onceyou'vedonethat,anyonecanvisityourexhibition.Everyvisitor
isrepresented bya3Dcharacter,allowingeveryonetoseeandbeseeninthe3dgalleryspace in real-
time.
 CONCLUSIONANDFUTURE WORK
Therearemanyauthenticationschemesinthecurrentstate.Someofthemarebasedonusers physical
andbehavioralproperties,andsomeotherauthenticationschemesarebasedon users
knowledgesuchastextualandgraphicalpasswords.Moreover,therearesomeotherimportant
authenticationschemesthatarebasedonwhatyouhave,suchassmartcards.Amongthevarious
authenticationschemes,textualpasswordandtoken-basedschemes,orthecombinationofboth,are
commonlyapplied.However,asmentionedbefore,bothauthenticationschemesarevulnerableto
certainattacks.Moreover,therearemanyauthenticationschemesthatarecurrentlyunderstudyand
theymayrequire additional time and effort to beapplicablefor commercial use.

The3-Dpasswordisamultifactorauthenticationschemethatcombinesthesevariousauthentication
schemesintoasingle3-Dvirtualenvironment.Thevirtualenvironmentcancontainanyexisting
authenticationschemeorevenanyupcomingauthenticationschemesbyaddingitasaresponseto
actionsperformedonanobject.Therefore,theresultedpasswordspacebecomesverylargecompared to
anyexistingauthenticationschemes.

Thedesignofthe3-Dvirtualenvironment,theselectionsofobjectsinsidetheenvironment,andthe
objectstypereflecttheresultedpasswordspace.Itisthetaskofthesystemadministratortodesign
theenvironmentandtoselecttheappropriateobjectthatreflectstheprotectedsystemrequirements.
Additionally,designingasimpleandeasytouse3-Dvirtualenvironmentisafactorthatleadstoa higher user
acceptabilityofa3-D password system.

Thechoiceofwhatauthenticationschemeswillbepartoftheusers3-Dpasswordreflectstheusers
preferencesandrequirements.Auserwhopreferstorememberandrecallapasswordmightchoose
textualandgraphicalpasswordsaspartoftheir3-Dpassword.Ontheotherhand,userswhohave
moredifficultywithmemoryorrecallmightprefertochoosesmartcardsorbiometricsaspartof their3-
Dpassword.Moreover,userswhoprefertokeepanykindofbiometricaldataprivatemight
notinteractwithobjectsthatrequirebiometricinformation.Therefore,itistheuserschoiceand decision
toconstruct thedesired and preferred 3-D password.

The3-Dpasswordisstillinitsearlystages.Designingvariouskindsof3-Dvirtualenvironments, decidingon
passwordspaces,andinterpreting userfeedbackandexperiencesfrom such
environmentswillresultinenhancingandimprovingtheuserexperienceofthe3-Dpassword.
Moreover,gatheringattackersfromdifferentbackgroundstobreakthesystemisoneofthefuture
worksthatwillleadtosystemimprovementandprovethecomplexityofbreakinga3-Dpassword.
Moreover,itwilldemonstratehowtheattackers willacquire theknowledgeofthemostprobable 3-D
passwords to launch theirattacks.

Shouldersurfingattacksarestillpossibleandeffectiveagainst3-Dpasswords.Therefore,aproper solution is
a field of research.
 REFERENCES

[1] X.Suo,Y.Zhu,andG.S.Owen,Graphicalpasswords:Asurvey,inProc.21stAnnu.
Comput. SecurityAppl. Conf., Dec. 59, 2005, pp. 463472.
[2]D.V.Klein,Foilingthecracker:Asurveyof,andimprovementtopasswordssecurity,in
Proc.USENIXSecurityWorkshop,1990,pp.514.Authorizedlicenseduselimitedto:IEEE
Xplore.downloadedonMarch5,2009at02:38fromIEEEXplore.Restrictionsapply.1938
IEEETRANSACTIONSONINSTRUMENTATIONANDMEASUREMENT,VOL.57,NO. 9,
SEPTEMBER 2008
[3]NBCnews,ATMFraud:BankingonYourMoney,DatelineHiddenCamerasShowCriminals Owning
ATMs, Dec. 11,2003.
[4] T. Kitten, Keeping an Eye on the ATM. (2005, Jul. 11). [Online] Available:
ATMMarketPlace.com
[5] BBC news,Cash MachineFraud up, SayBanks,Nov. 4, 2006.
[6] G. E.Blonder, Graphical password,U.S. Patent5 559 961, Sep. 24, 1996.
[7] R.DhamijaandA.Perrig,DjVu:Auserstudyusingimagesforauthentication,inProc.
9th USINEX SecuritySymp., Denver, CO, Aug. 2000, pp. 4558.
[8]RealUserCorporation,TheScienceBehindPassfaces.(2005,Oct.).[Online].Available:
http://www.realusers.com
[9] D.Davis,F.Monrose,andM.K.Reiter,Onuserchoiceingraphicalpasswordschemes,in
Proc. 13th USENIX SecuritySymp., San Diego, CA, Aug. 2004, pp. 114.
[10]S.Wiedenbeck,J.Waters,J.-C.Birget,A.Brodskiy,andN.Memon,Authenticationusing
graphicalpasswords:Effectsoftoleranceandimagechoice,inProc.Symp.UsablePrivacy Security,
Pittsburgh, PA,Jul. 2005, pp. 112.
[11]S.Wiedenbeck,J.Waters,J.-C.Birget,A.Brodskiy,andN.Memon,Authenticationusing
graphicalpasswords:Basicresults,inProc.Human-Comput.InteractionInt.,LasVegas,NV, Jul.
2527, 2005.
[12]S.Wiedenbeck,J.Waters,J.-C.Birget,A.Brodskiy,andN.Memon,PassPoints:Designand
longitudinalevaluationofagraphicalpasswordsystem,Int.J.Human-Comput.Stud.(Special Issue
onHCI Research in Privacy and Security), vol. 63, no. 1/2, pp. 102127, Jul.
 2005.Jermyn,A.Mayer,F.Monrose,M.K.Reiter,andA.D.Rubin,Thedesignandanalysis
ofgraphicalpasswords,inProc.8thUSENIXSecuritySymp.,WashingtonDC,Aug.1999,pp. 114.
[13]J.ThorpeandP.C.vanOorschot,Graphicaldictionariesandthememorablespaceof
graphicalpasswords,inProc.USENIXSecurity,SanDiego,CA,Aug.913,2004,p.10.
AdamsandM.A.Sasse,Usersarenottheenemy:Whyuserscompromisecomputersecurity
mechanismsandhowtotakeremedialmeasures,Commun.ACM,vol.42,no.12,pp.4046, Dec.
1999.
[14]F.A.AlsulaimanandA.ElSaddik,Anovel3Dgraphicalpasswordschema,inProc.IEEE Int. Conf.
Virtual Environ., Human-Comput. Interfaces, Meas. Syst., Jul. 2006, pp. 125128.