06-05-2011, 12:52 PM
ABSTRACT
Current authentication systems suffer frommany weaknesses. Textual passwords are commonly used;however, users do not follow their requirements. Users tend tochoose meaningful words from dictionaries, which make textualpasswords easy to break and vulnerable to dictionary or bruteforce attacks. Many available graphical passwords have apassword space that is less than or equal to the textual passwordspace. Smart cards or tokens can be stolen.Many biometric authentications have been proposed;however, users tend to resist using biometrics because of theirintrusiveness and the effect on their privacy. Moreover,biometrics cannot be revoked. In this paper, we present andevaluate our contribution, i.e., the 3-D password. The 3-Dpassword is a multifactor authentication scheme. To beauthenticated, we present a 3-D virtual environment where theuser navigates and interacts with various objects. The sequenceof actions and interactions toward the objects inside the 3-Denvironment constructs the user’s 3-D password. The 3-Dpassword can combine most existing authentication schemes suchas textual passwords, graphical passwords, and various types ofbiometrics into a 3-D virtual environment. The design of the 3-Dvirtual environment and the type of objects selected determinethe 3-D password key space.
Keyword --Cryptography, encryption and decryptionalgorithms Authentication, biometrics, graphicalpasswords, multifactor, textual passwords, 3-D passwords,3-D virtual environment.
INTRODUCTION
The dramatic increase of computer usage hasgiven rise to many security concerns. One major securityconcern is authentication, which is the process of validatingwho you are to whom you claimed to be. In general, humanauthentication techniques can be classified as knowledgebased (what you know), token based (what you have), andbiometrics (what you are). Knowledge-based authenticationcan be further divided into two categories as follows: 1) recallbased and 2) recognition based .[1] Recall-based techniquesrequire the user to repeat or reproduce a secret that the usercreated before. Recognition based techniques require the userto identify and recognize the secret, or part of it, that the userselected before. One of the most common recall-basedauthentication schemes used in the computer world is textualpasswords. One major drawback of the textual password is itstwo conflicting requirements: the selection of passwords thatare easy to remember and, at the same time, are hard to guess.Graphical passwords can be divided into twocategories as follows: 1) Recognition based and 2)Recallbased .[1] Various graphical password schemes have beenproposed. Graphical passwords are based on the idea thatusers can recall and recognize pictures better than words.However, some of the graphical password schemes require along time to be performed.[6]-[8] Moreover, most of thegraphical passwords can be easily observed or recorded whilethe legitimate user is performing the graphical password; thus,it is vulnerable to shoulder surfing attacks.[10]-[12] Currently,most graphical passwords are still in their research phase andrequire more enhancements and usability studies to deploythem in the market.Many biometric schemes have been proposed;fingerprints, palm prints, hand geometry, face recognition,voice recognition, iris recognition, and retina recognition areall different biometric schemes. Each biometric recognitionscheme has its advantages and disadvantages based on severalfactors such as consistency, uniqueness, and acceptability.One of the main drawbacks of applying biometrics is itsintrusiveness upon a user’s personal characteristic. Moreover,retina biometrical recognition schemes require the user towillingly subject their eyes to a low-intensity infrared light. Inaddition, most biometric systems require a special scanningdevice to authenticate users, which is not applicable forremote and Internet usersThe 3-D password is a multifactor authenticationscheme. It can combine all existing authentication schemesinto a single 3-D virtual environment.[4]-[7] This 3-D virtualenvironment contains several objects or items with which theuser can interact. The type of interaction varies from one itemto another. The 3-D password is constructed by observing theactions and interactions of the user and by observing thesequences of such actions.
LITERATURE SURVEY
Klein [2] collected the passwords of nearly 15 000accounts that had alphanumerical passwords and he reachedthe following observation: 25% of the passwords wereguessed by using a small yet well-formed dictionary of 3 ×106 words. Furthermore, 21% of the passwords were guessedin the first week and 368 passwords were guessed within thefirst 15 min.
Download full report
http://ieeexplore.ieeeiel5/5701810/57019...er=5702003