SECURE AUTHENTICATION USING

3D PASSWORD
NAMEDIV- TE-I
SEAT NO:

07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

PROBLEM STATEMENT
Design and develop more user friendly, easier and
secure authentication scheme which overcome the
drawbacks and limitations of previously existing
systems.

07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

MOTIVATION

Current authentication systems suffer from many weaknesses. Textual passwords are
commonly used, users do not follow their requirements. Users tend to choose meaningful
words from dictionaries, which make textual passwords easy to break.

Many available graphical passwords have a password space that is less than or equal to the
textual password space. Smart cards or tokens can be stolen. Many biometric authentications
have been proposed.

However, users tend to resist using biometrics because of their intrusiveness and the effect on
their privacy. Moreover, biometrics cannot be revoked.

Hence a new improved authentication scheme is proposed i.e. 3D Password

07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

OBJECTIVES
To provide more secure authentication technique than existing one
To design & develop more user friendly & easier authentication scheme and
giving user to freedom of selecting more than one password scheme as
single system.
To overcome the drawbacks & limitations of previously existing systems
(textual password, graphical password. etc. ).
New scheme should be combination of recall, recognition, biometrics, and
token based authentication schemes.

07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

INTRODUTION
Authentication is a process of validating who are you to whom you
claimed to be.
Authentication is any process by which a system verifies the identity
of a user who wishes to access it.
Commonly used authentication schemes are textual passwords,
graphical passwords and biometrics.
3D password is a multifactor authentication scheme.

07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

HUMAN AUTHENTICATION
TECHNIQUES
Knowledge Based(What you know)
-Textual Passwords
Token Based(What you have)
-Credit Cards, ATM Cards
Biometrics(What you are)
-Fingerprints, Voice recognition
Recognition Based(What you recognize)
-Graphical Password, Iris Recognition, Face Recognition
07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

COMPUTER AUTHENTICATION
TECHNIQUES
1.

Textual Passwords(Recall what you have created before)

2.

Graphical Passwords(Recall Based + Recognition Based)

3.

Biometrics(fingerprints, voice recognition etc.)

4.

Token Based(ATM Cards, Keys , ID Cards)

07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

WHAT IS 3D PASSWORD ?
The 3D Password is a new authentication scheme that can combine
RECOGNITION
+RECALL
+TOKENS
+BIOMETRICS
in one authentication system.
The 3D password presents a 3D virtual environment containing various virtual objects.
The user walks through the environment and interacts with the objects.

07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

3D environment space is represented by the co-ordinates (x,y,z).

The 3d Password is simply the combination and sequence of user interactions that occur in the
3D environment.
It becomes much more difficult for the attacker to guess the users 3-D password.

07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

VIRTUAL ENVIRONMENT OBJECTS

A television or radio where channels can be selected
A staple that can be punched
A car that can be driven
A book that can be moved from one place to another
Any graphical password scheme
Any real-life object
A light that can be switched on/of
A paper or a white board on which user can draw or write
A computer with which the user can type

07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

10

3D VIRTUAL ENVIRONMENT
GUIDELINES
Real life similarity
Object uniqueness and distinction
Three-dimensional virtual environment size
Number of objects and their types

07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

11

ALGORITHM FOR
PROPOSED SYSTEM
Let us consider a 3D virtual environment space of size G G G. The 3D environment space is
represented by the coordinates (x, y, z) [1, . . . , G] [1, . . . , G] [1, . . . , G].
The objects are distributed in the 3D virtual environment with unique (x, y, z) coordinates.
The user can walk in the virtual environment and type something on a computer that exist in (x1,
y1, z1) position, then walk into a room that has a white board that exist in a position (x2, y2, z2)
and draw something on the white board. The combination and the sequence of the previous two
actions towards the specific objects construct the users 3D password.

07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

12

 For example,
Consider a user who navigates through the 3D virtual environment that consists of an office and a meeting
room.
Let us assume that the user is in the virtual office and the user turns around to the door located in (10,24, 91)
and opens it. Then, the user closes the door.
The user then finds a computer to the left, which exists in the position (4, 34, 18), and the user types
FALCON.
Then, the user walks to the meeting room and picks up a pen located at (10, 24, 80) and draws only one dot in
a paper located in (1, 18, 30), which is the dot (x, y) coordinate relative to the paper space is (330, 130).
The user then presses the login button.
The initial representation of user actions in the 3D virtual environment can be recorded as follows:

07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

13

 Representation of user actions in the 3D virtual environment

(10,24,91) Action=Open the office door;
(10,24,91) Action=Close the office door;
(4,34,18) Action= Typing F
(4,34,18) Action= Typing A
(4,34,18) Action= Typing L
(4,34,18) Action= Typing C
(4,34,18) Action= Typing O
(4,34,18) Action= Typing N
(10,24,80) Action= Pick up the pen
(1,18,80) Action= Drawing, point=(330,130).

07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

14

07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

15

SNAPSHOT OF
3D VIRTUAL ENVIRONMENTS

(a)
(b)
(a)User entering textual
password in 3D environment. (b) Snapshot of a proof-of-concept 3-D
(c)

virtual environment, where the user is typing a textual password on a virtual computer as a part
of the users 3-D password. (b) Snapshot of a proof of concept virtual art gallery, which contains
36 pictures and six computers
07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

16

STATE DIAGRAM
Clicks

Typing a letter or a
number
Typical
Textual
Password
Specific
key
passwor
d

Enter User
Name

Moving Inside
Virtual 3D
Environment

Click on
a
graphica
l
passwor
Specific
d item
Biometric
item is
checked

Performing
Graphical
Password
key pressed

Performing
Biometrics

Login
password
Access not
granted

Verifying
Access
grante
d

07/29/16

Move object,
Turn ON/OFF
Changing
Item Status

SINHGAD
SINHGAD COLLEGE
COLLEGE OF ENGINEERING, DEPARTMENT OF
OF COMP.
COMP. ENGINEERING,
ENGINEERING,
STCL 2015-16.

17

ATTACKS AND COUNTERMEASURES

Brute Force Attack
- Attacker has to try n number of possibilities of 3D Password.
- Required time to login: as in 3d password time required for
successful login varies & is
depend on number of actions &
interactions, the size of 3d virtual environment.
- Cost required to attack: as 3d password scheme requires 3D virtual
environment &
cost of creating such a environment is very
high.
Timing Attack
- based on how much time required completing successful sign-in using 3D
password
scheme.
-Timing attacks can be very much efective while Authentication scheme is
not well
designed.
SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,
07/29/16

STCL 2015-16.

18

Well Studied Attack

- Attacker has to study whole password scheme.
- Attacker tries combination of diferent attacks on scheme.
Shoulder Surfing Attack
- Attacker uses camera for capturing & recording of 3D password.
- This attack is more efective than any other attacks on 3D password.

07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

19

Key Logger:
- Attacker install as software called key logger on system where
authentication scheme is
used.
- Software stores text entered through keyboard & those text are stored in
text file.
- More efective & useful for only textual password.

07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

20

ADVANTAGES OF 3D PASSWORD
3D password scheme is a combination of recall, recognized, biometrics etc.
into single authentication technique.
Due to use of multiple schemes into one scheme password space is increased
to great extend.
More secure authentication scheme over currently available schemes.
The new scheme provide secrets that are easy to remember and very difficult
for intruders to guess.
The new scheme provide secrets that are not easy to write down on paper.
Moreover the scheme secrets are difficult to share with others.
The password can be easily revoked or changed.

07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

21

DISADVANTAGES OF 3D PASSWORD
As compare to traditional password approach this approach will definitely
take more time to do user authentication
More storage space required because it needs to save images which is large
binary objects
Time and memory requirement is large.
Shoulder-sufering attack is still can afect the schema.
More complex than previous authentication schemes.
More expensive as cost required is more than other schemes.
More costly due to required devices like web cam, finger print device etc.

07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

22

APPLICATIONS
1. Networking
2. Nuclear and military areas
3. Airplane & jetfighters
4. ATMs, Desktop and Laptop Logins, Web
Authentication

07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

23

CONCLUSION
The user can decide his own authentication schemes. If he's comfortable with Recall
and Recognition methods then he can choose the 3d authentication just used
above.
The authentication can be improved since the unauthorized persons will not interact
with the
same object as a legitimate user would. We can also include a timer
.Higher the security higher the time.
The 3D environment can change according to users request.
It would be difficult to crack using regular techniques.
Can be used in critical areas such as Nuclear Reactors, Missile Guiding Systems etc.
Added with biometrics and card verification ,the scheme becomes almost
unbreakable.

07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

24

REFERENCES
1. Fawaz A Alsulaiman and Abdulmotaleb El Saddik, A Novel 3D Graphical Password Schema,IEEE
International Conference on Virtual Environments, Human-Computer Interfaces, and Measurement
Systems, July 2006.
2. Muneshwar R.N., Sonkar S.K Authentication System for Critical Server Using Three- Dimensional
Virtual Environment , International Journal of Engineering and Innovative Technology (IJEIT) Volume 2, Issue 1, July
2012
3. Fawaz A. Alsulaiman and Abdulmotaleb El Saddik, Senior Member, IEEE, Three-Dimensional
Password for More Secure Authentication , IEEE TRANSACTIONS ON INSTRUMENTATION AND
MEASUREMENT, VOL. 57, NO. 9, SEPTEMBER 2008
4. A.B.Gadicha 1 , V.B.Gadicha, Virtual Realization using 3D Password in International Journal of
Electronics and Computer Science Engineering
5Analysis Of Three-Dimensional Password Scheme. by Chaitali A. Kurjekar, Shital D. Tatale, Sachin
M. Inzalkar inInternational Journal of Scientific & Engineering Research, Volume 4, Issue 12,
December-2013 13 ISSN 2229-5518

07/29/16

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

24

Thank You!

Guided By

07/29/16

Presented By

SINHGAD COLLEGE OF ENGINEERING, DEPARTMENT OF COMP. ENGINEERING,

STCL 2015-16.

25