Professional Documents
Culture Documents
International Journal of Advanced Trends in Computer Science and Engineering, Vol. 3 , No.1, Pages : 142– 148 (2014)
Special Issue of ICETETS 2014 - Held on 24-25 February, 2014 in Malla Reddy Institute of Engineering and Technology, Secunderabad– 14, AP, India
3D Password Authentication
S.Nikitha1, Mr.L.Naresh Babu2 ,V.S.Pratyusha3
1,3
UNDER GRADUATE STUDENTS, DEPT OF C.S.E ,MALLA REDDY INSTITUTE OF ENGINEERING AND
TECHNOLOGY, INDIA, singireddy.nikitha95@gmail.com, santoshi_pratyusha@yahoo.co.in
2
ASSISTANT PROFESSOR, DEPT OF C.S.E MALLA REDDY INSTITUTE OF ENGINEERING AND TECHNOLOGY,
INDIA, lellanaresh523@gmail.com
142
International Conference on Emerging Trends in Engineering Technology and Science (ICETETS 2014)
criminal courts often require establishing the chain of custody biometric information. Therefore it is the user's choice and
of evidence presented. This can be accomplished through a decision to construct the desired and preferred 3D password.
written evidence log, or by testimony from the police 5. INNOVATIVE COMPONENT
detectives and forensics staff that handled it. Some antiques
The proposed system is a multi factor authentication scheme
are accompanied by certificates attesting to their authenticity.
that combines the benefits of various authentication schemes.
External records have their own problems of forgery and
Users have the freedom to select whether the 3D password
perjury, and are also vulnerable to being separated from the
will be solely recall, recognition, or token based, or
artifact and lost.
combination of two schemes or more. This freedom of
Currency and other financial instruments
selection is necessary because users are different and they
commonly use the first type of authentication method. Bills,
have different requirements. Therefore, to ensure high user
coins, and cheques incorporate hard-to-duplicate physical
acceptability, the user’s freedom of selection is important.
features, such as fine printing or engraving, distinctive feel,
watermarks, and holographic imagery, which are easy for
The following requirements are satisfied in the proposed
receivers to verify.
scheme
Consumer goods such as pharmaceuticals, perfume,
1. The new scheme provide secrets that are easy to remember
fashion clothing can use either type of authentication method
and very difficult for intruders to guess.
to prevent counterfeit goods from taking advantage of a
2. The new scheme provides secrets that are not easy to write
popular brand's reputation (damaging the brand owner's sales
down on paper. Moreover, the scheme secrets should be
and reputation). A trademark is a legally protected marking
difficult to share with others.
or other identifying feature which aids consumers in the
3. The new scheme provides secrets that can be easily
identification of genuine brand-name goods.
revoked or changed.
143
International Conference on Emerging Trends in Engineering Technology and Science (ICETETS 2014)
7. STATE DIAGRAM
8. SYSTEM IMPLEMENTATION
The 3Dpassword is a multi factor authentication
scheme. The 3Dpassword presents a 3Dvirtual environment Snapshot of an experimental 3-D virtual
containing various virtual objects. The user navigates through environment
this environment and interacts with the objects. The
144
International Conference on Emerging Trends in Engineering Technology and Science (ICETETS 2014)
145
International Conference on Emerging Trends in Engineering Technology and Science (ICETETS 2014)
ADVANTAGES
Easiness to memorize: Users can memorize a 3D password
as a “little” story which makes the password easy to
remember
Flexibility: 3d passwords allows multi-factor
authentication. Smart cards, biometrics and alpha
num password can embedded in the 3d password
technology
Strength: A scenario in a 3D environment offers as
almost unlimited combination of possibilities. As
To determine the password space, we have to count
such system can have specific 3d world, hack are
all possible 3D passwords that have a certain number of extremely difficult.
actions, interactions, and inputs towards all objects that exist
The 3D password gives users the freedom of
in the 3D virtual environments.
selecting what type of authentication techniques.
Secrets those are not easy to write down on paper.
The scheme secrets should be difficult to share with
others.
Provide secrets that can be easily revoked or
changed.
146
International Conference on Emerging Trends in Engineering Technology and Science (ICETETS 2014)
1) Brute Force Attack The attacker has to try all In this attack, the attacker observes how
possible 3D passwords. This kind of attack is very difficult long it takes the legitimate user to perform a correct sign-
for the following reasons. in using the 3D password. This observation gives the
attacker an indication of the legitimate user’s 3D
Time required to login The total time needed for a
password length. However, this kind of attack alone cannot
legitimate user to login may vary depending on the number
be very successful since it gives the attacker mere hints.
of interactions and actions, the size of the 3D virtual
Therefore, it would probably be launched as part of a well
environment, and the type of actions and interactions.
studied or brute force attack. Timing attacks can be very
Therefore, a brute force attack on a 3D password is very
effective if the 3D virtual environment is poorly designed.
difficult and time consuming.
Cost of attacks –The 3D virtual environment contains
biometric recognition objects and token based objects. The 13. CONCLUSION
attacker has to forge all possible biometric information and There are many authentication schemes in the current state.
forge all the required tokens. The cost of forging such Some of them are based on user’s physical and behavioral
information is very high; therefore cracking the 3D password properties, and some other authentication schemes are based
is more challenging. The high number of possible 3D on user’s knowledge such as textual and graphical passwords.
password spaces leaves the attacker with almost no chance of Moreover, there are some other important authentication
breaking the 3D password. schemes that are based on what you have, such as smart
2)Well Studied Attack cards. Among the various authentication schemes, textual
The attacker tries to find the highest probable password and token-based schemes, or the combination of
distribution of 3D passwords. In order to launch such both, are commonly applied.
an attack, the attacker has to acquire knowledge of the The 3-D password is a multifactor authentication scheme that
most probable 3D password distributions. This is very combines these various authentication schemes into a
difficult because the attacker has to study all the existing single3-D virtual environment. The virtual environment can
authentication schemes that are used in the 3D environment. contain any existing authentication scheme or even any
It requires a study of the user’s selection of objects for the 3D upcoming authentication schemes by adding it as a response
password. Moreover, a well studied attack is very hard to actions performed on an object. Therefore, the resulted
to accomplish since the attacker has to perform a password space becomes very large compared to any existing
customized attack for every different 3D virtual authentication schemes.
environment design. This environment has a number of The design of the 3-D virtual environment, the
objects and types of object responses that differ from any selections of objects inside the environment, and the object’s
other 3D virtual environment. Therefore, a carefully type reflect the resulted password space. It is the task of the
customized study is required to initialize an effective attack system administrator to design the environment and to select
3) Shoulder Surfing Attack An attacker uses a camera the appropriate object that reflects the protected system
to record the user’s 3D password or tries to watch the requirements. Additionally, designing a simple and easy to
legitimate user while the 3D password is being performed. use 3-D virtual environment is a factor that leads to a higher
This attack is the most successful type of attack against 3D user acceptability of a 3-D password system.
passwords and some other graphical passwords. However, The choice of what authentication schemes will be
the user’s 3D password may contain biometric data or part of the user’s 3-D password reflects the user’s preferences
textual passwords that cannot be seen from behind. and requirements. A user who prefers to remember and recall
Therefore, we assume that the 3D password should be a password might choose textual and graphical passwords
performed in a secure place where a shoulder surfing attack apart of their 3-D password. On the other hand, user’s who
cannot be performed. have more difficulty with memory or recall might prefer to
choose smart cards or biometrics as part of their 3-D
147
International Conference on Emerging Trends in Engineering Technology and Science (ICETETS 2014)
148