Secured Authentication 3d Password

Published Date: 02 Nov 2017

ABSTRACT

Authentication can be referred to as process that performs security check which if succeeds gives the access to the system otherwise no access is given. Authentication is usually based on username and password. We are introducing 3d password as current schemes have many of the flaws. A virtual 3D password provides means to the user or programmer to combine all permutations and combinations of existing authentication schemes into a 3-D virtual environment.3-D virtual environment is a form of computer-based simulated environment where user can interact with different entities .3d password scheme is very flexible and gives users to create infinite number of passwords possible .3D password is relatively easy to remember and difficult to hack.

In the 3 D virtual environment, there will be 3D objects which can basically be used for interaction in the 3D environment. The sequence of interactions with the 3D objects will basically form the password .this phenomenon is termed as passcation.In the 3D password scenario based authentication systems the password space will consist of design of the 3D environment and the types of 3D passwords selected. This paper proposes the effective use of above stated technology, its potential, applications

KEYWORDS: Authentication, Biometrics, 3D password, passaction.

1. INTRODUCTION

In the approaching times, the need of high security authentication systems is increasing exponentially. We require significantly effective and efficient systems to meet our needs of safety and security. For the same, the authentication has become a serious field of research.

.With the misuse of advancing technologies, hackers, crackers, spammers and scammers are a great threat to security. Henceforth, many algorithms are being designed to provide the secret key for authentication. We have techniques like textual passwords, alphanumeric passwords, biometrics, token, pin number, cards and graphical passwords.

In case of textual/alphanumeric passwords, if one chooses easy to remember password key then it is obviously easy to hack. In case of choosing a difficult/hard key it will be very difficult to remember.

Biometrics basically refers to authentication of a system using the biological feature of the user. It could be finger print, retina scan, hand geometry, face recognition etc. it can be a very sound way of authentication .but it has certain significant limitations ,such as the remote login of the distant user through biometric ,"natural" test is difficult to implement. Moreover the technologies for providing very sound and feasible biometric systems for authentication are yet to come.

The token ,pin or smart card are quiet feasible to use these days, like in banks, offices, laboratories, etc. but they are associated with the risk of theft or loss.

The graphical password scheme was another technique developed as it was relatively easier to remember the pictures as compared to the textual/alphanumeric difficult keys.

It solved the issues of existing authentication techniques to an extent. But this technique has to fight between constraints like limited password space and complexity. Graphical password scheme are vulnerable too. What if a hacker or third party observes and records the legal user’s password?

Therefore we needed a relatively strong, effective, efficient, robust, new and easy to memorize technique to secure our systems. With this we introduce 3D password technology.

AUTHENTICATION

Authentication can be defined a s a process of identification and verification of a particular person’s claimed identity by a very usual method of username and password. This is carried out by following means:

User based

Token based, i.e., what you have

Knowledge based, i.e., what you know

Biometric based, i.e., what you are biologically

Recognition Based, i.e., what you can recognize

Computer based

Textual/alphanumeric Passwords – pure recalling of what you might have created before

Graphical Passwords- what you can recognize while recalling.

Biometric based password-face recognition, fingerprints, voice recognition etc

Textual Password: such passwords should be easy to recollect but difficult to be guessed by attackers. But it cannot be simultaneously be both, for meaningful easy to remember passwords will fall prey to dictionary attack and hard to guess passwords will be not comfortably remembered by the legitimate user himself.

To quote an example, entire password space for (say) 8 alphanumeric characters is 2 *1014.As an outcome of a research 25% of the password keys out of 15,000 ;can be correctly guessed by using brute force dictionary.

Graphical Password

Graphical password schemes is better than the textual passwords as its easier to remember a picture than text.

But most of the graphical passwords are vulnerable for the shoulder surfing attacks, wherein an attacker might observe and record the legal user’s graphical password by any possible means.

The main bottleneck while using a biometric authentication scheme is its intrusiveness upon the user’s personal/physical characteristics. This scheme requires special device for scanning the user’s characteristic which is not implementable in case of remote user login environment.

Pin codes, Smart cards or token based schemes might get lost or stolen and the user also has the boundation to carry along the token or smart cards whenever access to a corresponding system is required.

PROPOSED-3D PASSWORD BASED SYSTEM

The proposed 3D password based system is a multi factor authentication system. This system utilizes all the positive aspects of the existing authentication systems. Users are provided the flexibility to choose between application of 3D password by being just recall based, recognition based, and token based, biometric based. It can also combine two or more of the above schemes as a 3D password. Therefore it ensures higher acceptability by the user with such a system he can mould in his way of convenience.

This scheme consists of:

Keys and secrets very easy to be remembered by the users but too difficult to be attacked by intruders.

These keys and secrets are not easy to presented or formulated in written.

Such keys and secrets are not easily sharable or leak able.

These keys and secrets can be easily transformed according to user or revoked as and when required.

VIRTUAL 3D PASSWORD

The 3D Password scheme uses a combination of RECOGNITION +RECALL+BIOMETRIC+TOKEN in a 3D virtual environment based authentication system. The 3-D password can be thought of a multiple parameter based authentication scheme. It may combine two or more pre-existing authentication schemes to form a single 3-D virtual space. The 3-D virtual space or environment should contain several 3D objects with which the user can have sequence of interactions. The type of interaction sequence stored as a password scheme depends on the user according to his need.

The 3D password is therefore nothing else but the sequence of interactions with the virtual objects that is 1)pre created 2) pre stored 3) verified by the user. This kind of interaction in a 3D environment projected on a 2D environment is termed a passaction.

This system is basically designed for higher levels of security yet easiness and convenience for the user.

Therefore this system constitutes interaction with only those objects that perform acquisition of information from the user that he is comfortable to provide. It ignores interaction with the rest of the objects that might demand the information which the user might not want to provide to the system. For example, if a 3D object requests a scanning of a biometric based authentication system but the user doesn’t want to perform this scan for himself, the user is then free to not to interact with the system.

C:\Users\Rachna\Desktop\research\2013-02-08 02.34.45.pngDiagrammatic representation:

3D VIRTUAL ENVIRONMENT

The effectiveness of the design of 3D virtual environment will increase with the number of the 3D objects contained in the 3D environment. As more number of objects more is the probability of the number of 3D passwords. And more number of 3D passwords implies greater difficulty for the attackers to crack the system by any of the techniques available.

The 3D virtual environment space created on 2 D systems is in correspondence with the real world space. Therefore interaction with this 3D environment is just like how one interacts with the real world objects in routine on day to day basis.

Another important thing which should be kept in mind while designing this environment is that the objects contained in this environment should be unique from every other object present in the virtual space. Every 3D object needs to have its own position, attributes, size, and shape and type such that the interaction with first object will always be differently recognized from the interaction of the user with the second object. Interactions and 3D objects need to be distinguishable enough so as to not let the user into any kind of ambiguity. As the prime motive of this new authentication scheme is easy to remember and difficult to be attacked or guessed.

Analogy can be if you a car showroom have 20 same models of a car, each should be sold out to the user with a unique differentiable number on the number plate otherwise how difficult it would be to trace your own car out of similar models of the same car.

SYSTEM IMPLIMENTATION

The 3D password is a multi factor or multi level authentication design. The 3D password presents a 3D virtual reality outlook containing various virtual entities. The user navigates through this atmosphere and interacts with the entities. The3D password is simply the permutation, combination and the sequence of user interactions that occur in the 3D virtual atmosphere. The 3D password can add recognition, recall, token, and biometrics based systems into one authentication design. This can be done by designing a 3D virtual atmosphere that contains entities that request information to be recalled, information to be recognized, tokens to be presented, and biometric data to be verified. For example, the user can enter the virtual atmosphere and type something on a computer that exists in (x1 , y1 , z1 ) position, then enter a room that has a fingerprint recognition device that exists in a position (x2 , y2 , z2 ) and provide his/her fingerprint. Then, the user can go to the virtual garage, open the car door, and turn on the radio to a specific channel. The combination and the sequence of the previous actions toward the specific entities construct the user’s 3D password. Virtual entities can be any entity that we encounter in real life. Any obvious actions and interactions toward the real life entities can be done in the virtual 3D atmosphere toward the virtual entities. Moreover, any user input (such as speaking in a specific location) in the virtual 3D atmosphere can be considered as a part of the 3D password.

We can have the following entities:

1. A computer with which the user can input.

2. A fingerprint reader that requires the user’s fingerprint.

3. A biometric recognition device.

4. A paper or a white board that a user can write, sign, or draw on.

5. An ATM machine that requires a smart card and PIN.

6. A light that can be switched on/off.

7. A television or radio where channels can be selected.

8. A staple that can be punched.

9. A car that can be driven.

10. A chair that can be moved from one place to another.

11. Any graphical password design

WORKING

Consider a three dimensional virtual atmosphere space that is of the size G×G×G. Each point in the three dimensional atmosphere space represented by the coordinates.

(x,y,z)∈[1..G] × [1..G] ×[1..G].

The entities are distributed in the three-dimensional virtual atmosphere. Every entity has its own (x,y,z) coordinates. Assume the user can navigate and walk through the three-dimensional virtual atmosphere and can see the entities and interact with the entities. The input device for interactions with entities can be a mouse, a keyboard, stylus, a card reader, a microphone…etc.

For example, consider a user who navigates through the 3D virtual atmosphere that consists of a temple area. Let us assume that the user is in the virtual area and the user turns around to the bell located in (9,16, 80) and rings it. Then, the user touch deity feet. The user types "KRISHNA" into a computer that exists in the position of (10, 5, 25). The user then walks over and turns off the light located in (15, 6, 20), and then goes to a white board located in (55, 3, 30) and draws just one dot in the (x,y) coordinate of the white board at the specific point of (420,170). The user then presses the login button. The initial representation of user actions in the 3Dvirtual atmosphere can be recorded as follows:

(9, 16, 80) Action = Ring the bell;

(9, 16, 80) Action = touch deity feet;

(10, 5, 25) Action = Typing, "K";

(10, 5, 25) Action = Typing, "R";

(10, 5, 25) Action = Typing, "I";

(10, 5, 25) Action = Typing, "S";

(10, 5, 25) Action = Typing, "H";

(10, 5, 25) Action = Typing, "N";

(10, 5, 25) Action = Typing, "A";

(15, 6, 20) Action = Turning the Light Off;

(55, 3, 30) Action = drawing,point = (420,170);

3D PASSWORD DIFFERENTIATORS

ï‚· Flexibility: In 3D password technology ,. 3D passwords provides multifactor authentication such as biometric and textual passwords can be embedded in it.

ï‚· Strength: It provides almost unlimited password possibility.

ï‚· Easy to Remember : it can be remembered easily as a short story.

ï‚· Privacy: organizers have option. Organizers can choose authentication designs that respect users privacy.

3D PASSWORD APPLICATION AREAS

1. Critical Servers: As many organizations are using critical servers which are protected by a textual password. 3D password authentication design proposes sound replacement for these textual passwords.

2. Banking: Almost all the Indian banks have started 3D password service for the security of buyer who is willing to buy or pay online.

How to Create 3Dpassword for my master card?

Failure of online payment , for creation of 3Dpassword, firstly, we have to go bank's website and then, click 3D secure service and then write your card number, CVV, pin no., and write your password and rewrite it and then click ok or submit. After this we will get the thankyou message.Banks like PNB and SBI have also started 3D secure services for verified by Visa.Verified by Visa is a new service that will let you use a personal password with your State Bank of India.Visa card, giving you added assurance that only you can use your State Bank of India Visa card to make purchases over the Internet.

3. Nuclear and military Facilities: 3D password has a very large password space and since it combines RECOGNITION + RECALL+TOKENS+BIOMETRIC in one authentication system, it can be used for providing security to nuclear and military facilities.

4. Airplanes and JetFighters: airplanes and jetfighters are very important asset for any nation. Since airplanes and jetplanes can be misused for religion and political agendas, they should be protected by a powerful authentication design.

5. ATMs, Desktop and Laptop Logins, WebAuthentication.

SECURITY ANALYSIS Brute Force Attack

The attack is very difficult because

1. Time required to login may vary from 20s to 2 min therefore it is very time taken.

2. Cost of Attack: A 3D Virtual atmosphere may contain biometric entity, the attacker has to copy all biometric information.

Well-Studied Attack

The attacker tries to find the highest probable distribution of 3D passwords. In order to launch such an attack, the attacker has to acquire knowledge of the most probable 3D password distributions. This is very difficult because the attacker has to study all the existing authentication designs that are used in the 3D atmosphere. It requires a study of the user’s selection of entities for the 3D password. Moreover, a well

studied attack is very hard to accomplish since the attacker has to perform a customized attack for every different 3D virtual atmosphere design. This atmosphere has a number of entities and types of entity responses that differ from any other 3D virtual atmosphere. Therefore, a carefully customized study is required to initialize an effective attack.//Careful study of all level with integration between several design implementation of authentication require huge time and study lots of database or repositories of password . Practically impossible for a programmer or hacker.

Shoulder Surfing Attack

An attacker uses a camera to record the user’s 3D password

or tries to watch the valid user while the 3D password is being performed. This attack is the most successful type of attack against 3D passwords and some other graphical passwords. However, the user’s 3D password may contain biometric data or textual passwords that cannot be seen from behind. Therefore, we assume that the 3D password should be performed in a secure place where a shoulder surfing attack cannot be performed.

//Most successful where camera is installed but most failed incase integrated with biometric tools and techniques so only valid user can login.

Timing Attack

The Attacker observes how long it takes the valid user to perform correct login using 3D Password which gives an indication of 3-D Passwords length. This attack cannot be pass since it gives the attacker only hints.

CONCLUSION AND FUTURE WORK

In the existing system, Textual passwords and token-based passwords are the most common user authentication designs. Many other designs are also there like graphical password, biometric authentication design etc which are used in different fields. The main goal of this paper is to have a design which has a huge password space and which is combination of any existing, or upcoming, authentication designs into one design. While using 3D password, users have the freedom to select whether the 3D password will be solely recall, biometrics, recognition, or token based, or a combination of two designs or more. Users do not have to provide their fingerprints if they do not wish to. Users do not have to carry cards if they do not want to. They have the choice to construct their 3D password according to their needs and their preferences. A 3D password’s probable password space can be reflected by the design of the three-dimensional virtual atmosphere, which is designed by the system administrator. The three- dimensional virtual atmosphere can contain any entities that the administrator feels that the users are familiar with. For example, Cricket players can use a three dimensional virtual atmosphere of a stadium where they can navigate and interact with entities that they are familiar with.

The 3D password is just introduced means it is in its childhood. A study on a large number of people is required. We are looking at designing different three-dimensional virtual atmospheres that contain entities of all possible authentication designs.

The main application domains of 3D Password are critical systems and resources. Critical systems such as military facilities, critical servers and highly classified areas can be protected by 3D Password system with large three dimensional virtual atmosphere. Moreover, Airplanes and jet fighters, ATM's and operating system's logins can also make use of 3D passwords to provide more secured authentication Finding a solution for shoulder surfing attacks on 3D passwords and other authentication designs is a field of study.//Our work focus to give an idea how 3 D password is much more secure and have capabilities to integrate with other form or means to give much more security level to the exciting scheme for higher level of authentication. Our main focus is to give priority or security to critical data section in any field. For implementing such a system storage space requirement is very large. In future programmers or algorithm designers must ensure fast way to extract password and limit storage requirement.