27-04-2011, 12:10 PM
presented by:-
Balaji Gopal
[attachment=12925]
AUTHENTICATION TECHNIQUES
Authentication is the process of validating who you are and what you claimed to be.
Authentication techniques:
1. What you know (knowledge based).
2. What you have (token based).
3. What you are (biometrics).
4. What you recognize (recognition based).
EXISTING SYSTEM
Textual passwords can be easily cracked or spied.
Smart cards or tokens can be stolen.
Biometrics cannot be revoked.
Even recognition systems suffer many loopholes.
INTRODUCTION
A multifactor authentication scheme.
This schema is a combination of other authentication schemas.
User is free to choose his own authentication schema.
REQUIREMENTS SATISFIED BY THE PROPOSED SCHEMA
Easy to remember. Hard to guess.
Its difficult to share with others. So social engineering attacks fail.
Secrets can be revoked or changes easily.
Fails various attacks like brute force , dictionary attacks etc. Hence security is enhanced.
BRIEF DESCRIPTION
User enters uername and enters in 3D virtual environment.
User interact with objects.
Combination of user’s action and interaction towards the object in 3D environment constructs the user’s password.
3D VIRTUAL ENVIRONMENT -1
3D VIRTUAL ENVIRONMENT -2
SYSTEM IMPLEMENTATION
For eg. the user enters into a virtual environment and type something on a computer that exists on any point (x1,y1,z1) and then go to a room which has a device where he has to provide his fingerprint or play with the objects in that room.
user always has a choice to choose his 3D virtual environment.
OBJECTS THAT CAN BE USED
A computer that the user can type in.
A white board that a user can draw on.
An ATM machine that requires a smart card and PIN.
A light that can be switched on/off.
Any biometric device.
Any upcoming authentication scheme.
PRINCIPLE
The action done by the user to an object at postion (x1,y1,z1) is different from the action done to an object at postion (x2,y2,z2).
So to perform legitimate 3D password , user has to perform actions at the exact position and in a exact sequence.
3D PASSWORD SELECTION AND INPUT
Consider 3D virtual environment of space G*G*G . So the 3D environment space will be represented by the co-ordinates
(x,y,z) € [1,…,G]* [1,…,G]* [1,…,G]
The objects are distributed with unique (x,y,z) co-ordinates.User interacts with these objects using mouse , keyboard , fingerprint scanner, retina scanner ,etc.
For eg consider the following case how user can interact with objects.
(13,2,30) Action =Opening car door.
(13,2,30) Action = Closing car door.
(20,6,12) Action = Turning the Light, Off,
(55,3,30) Action =Some text will be prompted and user has to enter text.
DESIGN GUIDELINES
The design of 3D virtual environment affects the usability , effectiveness and acceptability of 3D password.
Real life similarity.
Object uniqueness.
3D virtual environment size.
Number of objects and their sizes.
SECURITY ANALYSIS
3D Password size.
3D Password distribution knowledge.
ATTACKS AND COUNTMEASURES
Brute force attacks
Well studied attack
Shouder surfing attack
Timing attack
ADVANTAGES
User has a choice to model his own 3D password .
System completely is based on human quality of recognition and recall.
It fails most of the password cracking attacks.
Cost of cracking of 3D passwords is very high and challenging.
Easy to use as a end user.
DISADVANTAGES
Timing attack is effective is design is poor.
For storing more objects more space is required.
Cost of forging increases to fail attack made by any hacker.
Designing is quite complex to give flexibilty to users.
Shoulder surfing is more vulnerable.
3D PASSWORD APPLICATION
Critical servers
Nuclear and military facilities
ATM
Personal digital assistance
Desktop computers and laptops login
Web authentications
Security analysis