24-03-2011, 12:17 PM
Presented By
G.PHANINDHER
[attachment=10905]
ABSTRACT:
Secure authentication scheme is one of the most important requirements of current times, considering the fact that more and more activities are being online, let it be shopping, data access from clouds, etc. No doubt there are several authentication schemes already available and being used worldwide, however these preexisting password and authentication schemes have several vulnerabilities. The fact that vulnerabilities exist in preexisting password schemes, researchers are thinking of a password and authentication scheme, which is more efficient in terms of security, the paper “Three-Dimensional Password for More Secure Authentication” is helpful in getting the insight about this mechanism. The paper also talks in-depth about several related topics, like the vulnerabilities in the current authentication schemes, the concept of 3D password scheme, its components, etc..
INTRODUCTION:
Normally the authentication scheme the user undergoes is particularly very lenient or very strict. Throughout the years authentication has been a very interesting approach. With all the means of technology developing, it can be very easy for 'others' to fabricate or to steal identity or to hack someone’s password. Therefore many algorithms have come up each with an interesting approach toward calculation of a secret key. The algorithms are such based to pick a random number in the range of 10^6 and therefore the possibilities of the sane number coming is rare.
Users nowadays are provided with major password stereotypes such as textual passwords, biometric scanning, tokens or cards (such as an ATM) etc.Mostly textual passwords follow an encryption algorithm as mentioned above. Biometric scanning is your "natural" signature and Cards or Tokens prove your validity. But some people hate the fact to carry around their cards, some refuse to undergo strong IR exposure to their retinas (Biometric scanning).Mostly textual passwords, nowadays, are kept very simple say a word from the dictionary or their pet names, girlfriends etc.Ten years back Klein performed such tests and he could crack 10-15 passwords per day.Now with the technology change, fast processors and many tools on the Internet this has become a Child's Play.
Therefore 3D passwords are more customizable and very interesting way of authentication.
Drawbacks for Preexisting Password Mechanisms:
Summarily, textual passwords are guessable; drawback of applying biometrics is its intrusiveness upon a user’s personal characteristic, Smart Cards and Tokens can be stolen and duplicated as well for illegal use, weakness of Graphical Passwords is that the server needs to store the seeds of the portfolio images of each user in plain text. Also, the process of selecting a set of pictures from the picture database can be tedious and time consuming for the user.
The fact that vulnerabilities exist in preexisting password schemes, researchers are thinking of a password and authentication scheme, which is more efficient in terms of security, the paper “Three-Dimensional Password for More Secure Authentication” is helpful in getting the insight about this mechanism.
3D password can be recorded this way
Basically a 3D Interactive environment is created, now the way user interacts with any element or object at particular co-ordinate, in this 3D environment, this way of interaction is recorded and becomes a part of his password, now any number of such interactions can be recorded.
This interaction could be, a textual password being entered on a system in 3D environment, or maybe even the walking pattern of the user, all this is the choice of developer.
WORKING:
Now the passwords are based on the fact of Human memory. Generally simple passwords are set so as to quickly recall them. The human memory, in our scheme has to undergo the facts of Recognition, Recalling, Biometrics or Token based authentication.
Once implemented and you log in to a secure site, the 3D password GUI opens up. This is an additional textual password which the user can simply put. Once he goes through the first authentication, a 3D virtual room will open on the screen. In our case, let’s say a virtual garage.
Now in a day to day garage one will find all sorts of tools, equipments, etc.each of them having a unique property. The user will then interact with these properties accordingly. Each object in the 3D space, can be moved around in an (x, y, z) plane. That’s the moving attribute of each object. This property is common to all the objects in the space. Suppose a user logs in and enters the garage. He sees and picks a screw-driver (initial position in xyz coordinates (5, 5, 5) and moves it 5 places to his right (in XY plane i.e. (10, 5, 5).That can be identified as an authentication.
Only the true user understands and recognizes the object which he has to choose among many. This is the Recall and Recognition part of human memory coming into play.Interestingly,a password can be set as approaching a radio and setting its frequency to number only the user knows. The user can decide his own authentication schemes. If he's comfortable with Recall and Recognition methods then he can choose the 3d authentication just used above.
The authentication can be improved since the unauthorized persons will not interact with the same object as a legitimate user would. We can also include a timer. Higher the security higher the timer. Say after 20 seconds a weak password will be thrown out.
Security can be enhanced by the fact of including Cards and Biometric scanner as input. There can be levels of authentication a user can undergo. More the confidentiality more the complexity. In that scenario a virtual environment can be developed as a globe, a city or simply a garage.
Authentication and security have been major issues right from the beginning of the computer age. One of the emerging and efficient keys to security problem is Biometrics-a technology that strives towards identifying the identity of a living person based on biological characteristics. Biometrics possesses many advantages over conventional user authentication processes. Because a biometric is an intrinsic property of some individual they are difficult to duplicate and impossible to share. Examples of automated biometrics include fingerprints, faces, iris and speech. Even though biometric based system is more reliable and secure than conventional authentication methods, it is still possible to hack into a biometric system. There are 8 possible weak links in a generic biometric system.. Two techniques are proposed. One method involves hiding messages in the image and works in conjunction with the image compression method (WSQ). Other method involves checking the liveliness of the signal acquired from an intelligent sensor using a challenge/response strategy. Two key issues associated with a biometric system are privacy concern and re-issuance of identity tokens. A new technique has been proposed called cancelable biometrics in which the biometric signals are distorted using well defined transformations. The techniques proposed enhance the security of a biometric system.
G.PHANINDHER
[attachment=10905]
ABSTRACT:
Secure authentication scheme is one of the most important requirements of current times, considering the fact that more and more activities are being online, let it be shopping, data access from clouds, etc. No doubt there are several authentication schemes already available and being used worldwide, however these preexisting password and authentication schemes have several vulnerabilities. The fact that vulnerabilities exist in preexisting password schemes, researchers are thinking of a password and authentication scheme, which is more efficient in terms of security, the paper “Three-Dimensional Password for More Secure Authentication” is helpful in getting the insight about this mechanism. The paper also talks in-depth about several related topics, like the vulnerabilities in the current authentication schemes, the concept of 3D password scheme, its components, etc..
INTRODUCTION:
Normally the authentication scheme the user undergoes is particularly very lenient or very strict. Throughout the years authentication has been a very interesting approach. With all the means of technology developing, it can be very easy for 'others' to fabricate or to steal identity or to hack someone’s password. Therefore many algorithms have come up each with an interesting approach toward calculation of a secret key. The algorithms are such based to pick a random number in the range of 10^6 and therefore the possibilities of the sane number coming is rare.
Users nowadays are provided with major password stereotypes such as textual passwords, biometric scanning, tokens or cards (such as an ATM) etc.Mostly textual passwords follow an encryption algorithm as mentioned above. Biometric scanning is your "natural" signature and Cards or Tokens prove your validity. But some people hate the fact to carry around their cards, some refuse to undergo strong IR exposure to their retinas (Biometric scanning).Mostly textual passwords, nowadays, are kept very simple say a word from the dictionary or their pet names, girlfriends etc.Ten years back Klein performed such tests and he could crack 10-15 passwords per day.Now with the technology change, fast processors and many tools on the Internet this has become a Child's Play.
Therefore 3D passwords are more customizable and very interesting way of authentication.
Drawbacks for Preexisting Password Mechanisms:
Summarily, textual passwords are guessable; drawback of applying biometrics is its intrusiveness upon a user’s personal characteristic, Smart Cards and Tokens can be stolen and duplicated as well for illegal use, weakness of Graphical Passwords is that the server needs to store the seeds of the portfolio images of each user in plain text. Also, the process of selecting a set of pictures from the picture database can be tedious and time consuming for the user.
The fact that vulnerabilities exist in preexisting password schemes, researchers are thinking of a password and authentication scheme, which is more efficient in terms of security, the paper “Three-Dimensional Password for More Secure Authentication” is helpful in getting the insight about this mechanism.
3D password can be recorded this way
Basically a 3D Interactive environment is created, now the way user interacts with any element or object at particular co-ordinate, in this 3D environment, this way of interaction is recorded and becomes a part of his password, now any number of such interactions can be recorded.
This interaction could be, a textual password being entered on a system in 3D environment, or maybe even the walking pattern of the user, all this is the choice of developer.
WORKING:
Now the passwords are based on the fact of Human memory. Generally simple passwords are set so as to quickly recall them. The human memory, in our scheme has to undergo the facts of Recognition, Recalling, Biometrics or Token based authentication.
Once implemented and you log in to a secure site, the 3D password GUI opens up. This is an additional textual password which the user can simply put. Once he goes through the first authentication, a 3D virtual room will open on the screen. In our case, let’s say a virtual garage.
Now in a day to day garage one will find all sorts of tools, equipments, etc.each of them having a unique property. The user will then interact with these properties accordingly. Each object in the 3D space, can be moved around in an (x, y, z) plane. That’s the moving attribute of each object. This property is common to all the objects in the space. Suppose a user logs in and enters the garage. He sees and picks a screw-driver (initial position in xyz coordinates (5, 5, 5) and moves it 5 places to his right (in XY plane i.e. (10, 5, 5).That can be identified as an authentication.
Only the true user understands and recognizes the object which he has to choose among many. This is the Recall and Recognition part of human memory coming into play.Interestingly,a password can be set as approaching a radio and setting its frequency to number only the user knows. The user can decide his own authentication schemes. If he's comfortable with Recall and Recognition methods then he can choose the 3d authentication just used above.
The authentication can be improved since the unauthorized persons will not interact with the same object as a legitimate user would. We can also include a timer. Higher the security higher the timer. Say after 20 seconds a weak password will be thrown out.
Security can be enhanced by the fact of including Cards and Biometric scanner as input. There can be levels of authentication a user can undergo. More the confidentiality more the complexity. In that scenario a virtual environment can be developed as a globe, a city or simply a garage.
Authentication and security have been major issues right from the beginning of the computer age. One of the emerging and efficient keys to security problem is Biometrics-a technology that strives towards identifying the identity of a living person based on biological characteristics. Biometrics possesses many advantages over conventional user authentication processes. Because a biometric is an intrinsic property of some individual they are difficult to duplicate and impossible to share. Examples of automated biometrics include fingerprints, faces, iris and speech. Even though biometric based system is more reliable and secure than conventional authentication methods, it is still possible to hack into a biometric system. There are 8 possible weak links in a generic biometric system.. Two techniques are proposed. One method involves hiding messages in the image and works in conjunction with the image compression method (WSQ). Other method involves checking the liveliness of the signal acquired from an intelligent sensor using a challenge/response strategy. Two key issues associated with a biometric system are privacy concern and re-issuance of identity tokens. A new technique has been proposed called cancelable biometrics in which the biometric signals are distorted using well defined transformations. The techniques proposed enhance the security of a biometric system.
