2. Authentication & their types.
Knowledge Based Authentication.
Token Based Authentication.
Biometrics Authentication.
Drawbacks.
3D Password.
3D Virtual Environment.
Advantages & Application.
Attacks & Countermeasures.
Conclusion.
Areas Of Discussion
3. Authentication
Authentication is a process of validating who you are to
whom you claimed to be or a process of identifying an
individual, usually based on a username and password.
Human authentication techniques are as follows:
1. Knowledge Based (What you know)
2. Token Based (What you have)
3. Biometrics (What you are)
4. Three Basic Identification
Methods of password
Possession
(“something I have”)
•Keys
•Passport
•Smart Card
Knowledge
(“Something I know”)
•Password
• Pin
Biometrics
(“something I am”)
•Face
•Fingerprints
•Iris
5.
6. Password
• Password is basically an encryption
algorithms.
It is 8-15 character or slightly more than that.
Mostly textual passwords nowadays are
kept which are very simple.
8. A security token (or sometimes a hardware
token, authentication token, software token) may be a
physical device that an authorized user of computer
services is given to ease authentication.
10. Biometrics
•Refer to a broad range of
technologies.
•Automate the identification
or verification of an individual.
11.
12. •How secure is your password?
Now with the technology change,
fast processors and many tools on
the Internet, cracking password has
become a Child's Play.
Approximately, Ten years back
Klein performed such tests and he
could crack 10-15 passwords per
day.
PASSWORD
13. Token
Involves additional costs, such as the cost of the token and
any replacement fees.
Users always need to carry the token with them.
Users need multiple tokens for multiple Web sites and
devices.
Does not protect fully from man-in-the-middle attacks (i.e.,
attacks where an intruder intercepts a user's session and steals
the user's credentials by acting as a proxy between the user and
the authentication device without the user's knowledge).
14. BIOMETRICS
•Biometrics has also some
drawbacks.
Suppose you select your fingerprint
as a biometrics..
But what to do when you have crack
or wound in your finger.
And now a days some hackers even
implement exact copy of your
biometrics also….
15.
16. •The 3D passwords are more customizable, and
very interesting way of authentication.
•A 3D password is a multifactor
authentication scheme that
combine
RECOGNITION
+RECALL
+TOKENS
+BIOMETRICS
in one authentication system.
17. The 3D password presents a virtual environment
containing various virtual objects.
The user walks through the environment and interacts
with the objects.
It is the combination and sequence of user interactions
that occur in the 3D environment.
It becomes much more difficult for the attacker to
guess the user’s 3-D password.
18. Virtual objects
Virtual objects can be any object we encounter in real life:
A computer on which the user can type in.
A fingerprint reader that requires users fingerprint.
A paper or white board on which user can type.
An Automated teller(ATM) machine that requires a token.
A light that can be switched on/off.
A television or radio where channels can be selected.
A car that can be driven.
A graphical password scheme.
A biometric recognition device.
A staple that can be punched.
A book that can be moved from one place to another.
19. Snapshot of a proof - of - concept virtual
art gallery
20. System Implimentation
The 3D password is a multi factor authentication scheme. The 3D password
presents a 3D virtual environment containing various virtual objects. The user
navigates through this environment and interacts with the objects. The 3D
password is simply the combination and the sequence of user interactions that
occur in the 3D virtual environment. The 3D password can combine
recognition, recall, token, and biometrics based systems into one
authentication scheme. This can be done by designing a 3D virtual
environment that contains objects that request information to be recalled,
information to be recognized, tokens to be presented, and biometric data to be
verified.
For example, the user can enter the virtual environment and type something on
a computer that exists in (x1 , y1 , z1 ) position, then enter a room that has a
fingerprint recognition device that exists in a position (x2 , y2 , z2 ) and
provide his/her fingerprint. Then, the user can go to the virtual garage, open
the car door, and turn on the radio to a specific channel. The combination and
the sequence of the previous actions toward the specific objects construct the
user’s 3D password.
22. Example
consider a user who navigates through the 3D virtual environment that consists of an
office and a meeting room. Let us assume that the user is in the virtual office and the
user turns around to the door located in (10, 24, 91) and opens it. Then, the user closes
the door. The user then finds a computer to the left, which exists in the position (4, 34,
18), and the user types “CAT”. The user then walks over turns on the light located in
(50,6,20) and then goes to a white board located in (55,3,30) and draws just one dot in
the (x , y) coordinate of the white board at the specific point of (420,170). The initial
representation of user actions in the 3D virtual environment can be recorded as
follows::
*(10, 24, 91) Action = Open the office door;
*(10, 24, 91) Action = Close the office door;
*(4, 34, 18) Action = Typing, “C”;
*(4, 34, 18) Action = Typing, “A”;
*(4, 34, 18) Action = Typing, “T”;
*(50, 6, 20)Action = Turning the light on;
*(55, 3, 30)Action = Goes to white board;
*(55, 3, 30)Action = Draws point = (420,170);
25. 3D Virtual Environment
•3-D virtual environment affects the usability, effectiveness, and
acceptability of a 3-D password system.
•We can use any real time object as a environment like any room or
village but for simplicity we suggest to use small environment like
room.
3D Virtual Environment
26. The design of 3D virtual environments should follow
these guidelines:
Real Life Similarity
Object Uniqueness & Distinction
3D Virtual Environment Size
Number of objects & their types
27. Advantages
Flexibility:3D Passwords allows Multifactor
authentication biometric, textual passwords can be
embedded in 3D password technology.
Strength: This scenario provides almost unlimited
passwords possibility.
Ease to Memorize: Can be remembered in the form of
short story.
Respect of Privacy: Organizers can select authentication
schemes that respect users privacy.
28. Applications
The 3D password’s main application domains are protecting
critical systems and resources.
Critical Servers
Nuclear Reactors & Military Facilities
Airplanes and Missile Guiding
30. Brute Force Attack
The attacker has to try all possible 3D passwords.
This kind of attack is very difficult for the following
reasons.
Time required to login .
3D Attacks are very expensive.
31. Well Studied Attack
The attacker tries to find the highest probable distribution of
3D passwords. In order to launch such an attack, the attacker
has to acquire knowledge of the most probable 3D password
distributions. This is very difficult because the attacker has to
study all the existing authentication schemes that are used in
the 3D environment.
Moreover, a well studied attack is very hard to accomplish
since the attacker has to perform a customized attack for every
different 3D virtual environment design.
32. Shoulder-surfing Attack
An attacker uses a camera to record the user’s 3D password or
tries to watch the legitimate user while the 3D password is
being performed. This attack is the most successful type of
attack against 3D passwords and some other graphical
passwords. However, the user’s 3D password may contain
biometric data or textual passwords that cannot be seen from
behind. Therefore, we assume that the 3D password should be
performed in a secure place where a shoulder surfing attack
cannot be performed.
33. The authentication can be improved with 3D password,
because the unauthorized person may not interact with same
object at a particular location as the legitimate user.
It is difficult to crack, because it has no fixed number of
steps and a particular procedure.
Added with biometrics and token verification this schema
becomes almost unbreakable.
Conclusion