SlideShare a Scribd company logo

SEMINAR REPORT ON 3D PASSWORD

K
Karishma Khan

This document discusses 3D passwords as a new authentication technique that combines existing methods like text passwords, graphical passwords, and biometrics into a single 3D virtual environment. The user interacts with various objects in the virtual world to create their unique 3D password. When logging in, they must recreate the same sequence of interactions. This makes 3D passwords more secure by increasing the number of possible passwords and making them difficult for attackers to guess. The document outlines how a 3D password system would work, including designing the virtual environment, recording the user's interactions as their password, and guidelines for the virtual world design like real-life similarity, unique distinguishable objects, and appropriate size.

Engineering
1 of 19
Downloaded 393 times
1
2
Most read
3
4
Most read
5
6
7
8
9
10
11
12
13
14
15
16
Most read
17
18
19
1 1. INTRODUCTION 1.1 AUTHENTICATION Authentication is a process of validating who are you to whom you claimed to be or a process of identifying an individual, usu33ally based on a username and password. To protect any system authentication must be provided, so that only authorized persons can have right to use or handle that system & data related to that system securely. There are many authentication algorithms are available some are effective & secure but having some drawback. Previously there are many authentication techniques were introduced such as graphical password, text password, Biometric authentication, etc. Generally there are three types of authentication techniques are available such as: Fig. 1.1 Classification of existing authentication systems Human Authentication Techniques Knowledge based - What you KNOW Textual Password Graphical Password Token based - What you HAVE ATM cards Keys ID keys Biometrics - What you ARE Finger prints, palm prints Hand geometry Iris, face, voice recognition
2 1.2 DRAWBACKS IN EXISTING AUTHENTICATION SYSTEMS 1.2.1 TEXTUAL PASSWORDS Recall-based techniques require the user to repeat or reproduce a secret that the user created before. Recognition based techniques require the user to identify and recognize the secret, or part of it, that the user selected before. One of the most common recall-based authentication schemes used in the computer world is textual passwords. One major drawback of the textual password is its two conflicting requirements: the selection of passwords that are easy to remember and, at the same time, are hard to guess. 1.2.2 GRAPHICAL PASSWORDS Graphical passwords are based on the idea that users can recall and recognize pictures better than words. However, some of the graphical password schemes require a long time to be performed. Moreover, most of the graphical passwords can be easily observed or recorded while the legitimate user is performing the graphical password; thus, it is vulnerable to shoulder surfing attacks. Currently, most graphical passwords are still in their research phase and require more enhancements and usability studies to deploy them in the market. 1.2.3 BIOMETRICS Many biometric schemes have been proposed; fingerprints, palmprints, hand geometry, face recognition, voice recognition, iris recognition, and retina recognition are all different biometric schemes. Each biometric recognition scheme has its advantages and disadvantages based on several factors such as consistency, uniqueness, and acceptability. One of the main drawbacks of applying biometrics is its intrusiveness upon a user’s personal characteristic. Moreover, retina biometrical recognition schemes require the user to willingly subject their eyes to a low-intensity infrared light. In addition, most biometric systems require a special scanning device to authenticate users, which is not applicable for remote and Internet users.
3 2. WHAT IS 3D PASSWORD The 3D password is a multifactor authentication scheme. It can combine all existing authentication schemes into a single 3D virtual environment. This 3D virtual environment contains several objects or items with which the user can interact. The type of interaction varies from one item to another. The 3D password is constructed by observing the actions and interactions of the user and by observing the sequences of such actions. It is the user’s choice to select which type of authentication techniques will be part of their 3D password. In 3D password, the user has to first authenticate with simple textual password (i.e. user need to provide user name and password). Once authentication successful then user moves in 3D virtual environment, then user automatically enter into an art gallery, where he/she has to select multiple point in that gallery or he can do some action in that environment like switching button on/off or perform action associated with any object like opening door, etc. The sequence in which user has clicked that sequence of points are stored in text file in the encrypted form. In this way the password is set for that particular user. Next time when user wants to access his account then he has to select all the objects which he has selected at the time of creating password with proper sequence. This sequence is then compared with coordinates which are stored in file. If authentication successful thereafter access is given to authorized user. This is achieved through interacting only with the objects that acquire information that the user is comfortable in providing and ignoring the objects that request information that the user prefers not to provide. Moreover, giving the user the freedom of choice as to what type of authentication schemes will be part of their 3D password and given the large number of objects and items in the environment, the number of possible 3D passwords will increase. Thus, it becomes much more difficult for the attacker to guess the user’s 3D password. The following necessities are satisfied in proposed scheme: 1. The new scheme provide secrets that are easy to remember and very difficult for intruders to guess. 2. The new scheme should be difficult to share with others. 3. The new scheme provides secrets that can be easily revoked or changed.
4 3. SYSTEM IMPLEMENTATION The system implementation can be done by designing a 3D virtual environment that contains objects that request information to be recalled, information to be recognized, tokens to be presented, and biometric data to be verified. For example, the user can enter the virtual environment and type something on a computer that exists in (x1, y1, z1) position, then enter a room that has a fingerprint recognition device that exists in a position (x2, y2, z2) and provide his/her fingerprint. Then, the user can go to the virtual garage, open the car door, and turn on the radio to a specific channel. The combination and the sequence of the previous actions toward the specific objects construct the user’s 3D password. Virtual objects can be any object that we encounter in real life. Any obvious actions and interactions toward the real life objects can be done in the virtual 3D environment toward the virtual objects. Moreover, any user input (such as speaking in a specific location) in the virtual 3D environment can be considered as a part of the 3D password. We can have the following objects: 1. A computer with which the user can type. 2. A fingerprint reader that requires the user’s fingerprint. 3. An ATM machine that requires a smart card and PIN. 4. A light that can be switched on/off. 5. A car that can be driven. Fig. 3.1 3D password selection and inputs
5 4. HOW THE TECHNOLOGY WORKS 4.1 WORKING OF 3D PASSWORD Consider a three dimensional virtual environment space that is of the size G×G×G. Each point in the three dimensional environment space represented by the coordinates (x, y, z) ∈ [1..G] × [1..G] × [1..G]. The objects are distributed in the three-dimensional virtual environment. Every object has its own (x, y, z) coordinates. Assume the user can navigate and walk through the three-dimensional virtual environment and can see the objects and interact with the objects. The input device for interactions with objects can be a mouse, a keyboard, stylus, a card reader, a microphone…etc. For example, consider a user who navigates through the 3D virtual environment that consists of a ground and a classroom. Let us assume that the user is in the virtual ground and the user turns around to the door located in (9, 16, 80) and opens it. The user types "ANGEL" into a computer that exists in the position of (10, 5, 25). The user then walks over and turns off the light located in (15, 6, 20), and then the user closes the door. The user then presses the login button. The initial representation of user actions in the 3D virtual environment can be recorded as follows: (9, 16, 80) Action = Open the office door; (10, 5, 25) Action = Typing, “A”; (10, 5, 25) Action = Typing, “N”; (10, 5, 25) Action = Typing, “G”; (10, 5, 25) Action = Typing, “E”; (10, 5, 25) Action = Typing, “L”; (15, 6, 20) Action = Turning the Light Off; (9, 16, 80) Action = Close the office door; 4.2 3D VIRTUAL ENVIRONMENT DESIGN GUIDELINES The design of the 3 D virtual environments affects the usability, effectiveness, acceptability of 3D password. The first step in building a 3D password system is to design a 3D environment that reflects the administration needs and the security requirements. The design of 3D virtual environments should follow these guidelines.
6 4.2.1 REAL LIFE SIMILARITY The prospective 3D virtual environment should reflect what people are used to seeing in real life. Objects used in virtual environments should be relatively similar in size to real objects (sized to scale). Possible actions and interactions toward virtual objects should reflect real life situations. Object responses should be realistic. The target should have a 3D virtual environment that users can interact. 4.2.2 OBJECT UNIQUENESS AND DISTINCTION Every virtual object or item in the 3D virtual environment is different from any other virtual object. The uniqueness comes from the fact that every virtual object has its own attributes such as position. Thus, the prospective interaction with object 1 is not equal to the interaction with object 2. However, having similar objects such as 20 computers in one place might confuse the user. Therefore, the design of the 3D virtual environment should consider that every object should be distinguishable from other objects. Similarly, in designing a 3D virtual environment, it should be easy for users to navigate through and to distinguish between objects. The distinguishing factor increases the user’s recognition of objects. Therefore, it improves the system usability. 4.2.3 THREE DIMENSIONAL VIRTUAL ENVIRONMENT SIZE A 3D virtual environment can depict a city or even the world. On the other hand, it can depict a space as focused as a single room or office. A large 3D virtual environment will increase the time required by the user to perform a 3D password. Moreover, a large 3D virtual environment can contain a large number of virtual objects. Therefore, the probable 3D password space broadens. However, a small 3D virtual environment usually contains only a few objects, and thus, performing a 3D password will take less time. 4.2.4 NUMBER OF OBJECTS AND THEIR TYPES Part of designing a 3D virtual environment is determining the types of objects and how many objects should be placed in the environment. The types of objects reflect what kind of responses the object will have. For simplicity, we can consider requesting a textual password or a fingerprint as an object response type. Selecting the right object response types and the number of objects affects the probable password space of a 3D password.
7 4.2.5 SYSTEM IMPORTANCE The 3D virtual environment should consider what systems will be protected by a 3D password. The number of objects and the types of objects that have been used in the 3D virtual environment should reflect the importance of the protected system. Fig. 4.1 State diagram of 3D password application
8 5. SECURITY ANALYSIS To analyse and study how secure a system is, we have to consider how hard it is for the attacker to break such a system. A possible measurement is based on the information content of a password space, which is defined as “the entropy of the probability distribution over that space given by the relative frequencies of the passwords that users actually choose.” As a result, it is important to have a scheme that has a very large possible password space as one factor for increasing the work required by the attacker to break the authentication system. Another factor is to find a scheme that has no previous or existing knowledge of the most probable user password selection, which can also resist the attack on such an authentication scheme. Fig. 5.1 Password space of the 3D password, textual password, passfaces, and DAS 5.1 3D PASSWORD SPACE SIZE One important factor to determine how difficult it is to launch an attack on an authentication system is the size of the password space. To determine the 3D password space, we have to count all possible 3D passwords that have a certain number of actions, interactions, and inputs toward all objects that exist in the 3D virtual environment. We assume that the length of the 3D password is Lmax, and the probability of the 3D password of size greater than Lmax is zero.
9 To measure the 3D password space, we will calculate Π (Lmax, G) on a 3D virtual environment that has the space (G x G x G) for a 3D password of a length (number of actions, interactions, and inputs) of Lmax or less. In the following expression (1), AC represents the possible actions towards 3D virtual environment whereas Π represents total numbers of possible 3D passwords of length Lmax or less: In the following expression (2), Omax is the number of objects in the 3D virtual environment: Where xi = xj, yi = yj, and zi = zj, only if i = j. The design of the 3D environment will determine the value of Omax. The variable m represents all possible actions and interactions toward all existing objects Oi. However, g(AC) counts the total number of actions and inputs toward the 3D virtual environment, whereas m, as we mentioned before, counts the actions and interactions toward the objects. An example of g(AC) can be a user movement pattern, which can be considered as a part of the user’s 3D password. The function is the number of possible actions and interactions toward the object Oi based on the object type Ti. Object types can be textual password objects, DAS objects, or any authentication scheme. The function f is determined from the object type. It counts the possible actions and interactions that the object can accept. If we assume that an object “Keyboard” is in location (x0, y0, z0) of type = textual password, f will count the possible characters and numbers that can be typed, which is around 93 possibilities. As we mentioned before, an object type is one of the important factors that affects the overall password space.
10 Therefore, higher outcomes of function f mean larger 3D password space size. Fig 5.2 Number of possible actions/interactions of a 3D password within a 3D environment The above figure shows the points where the 3D password exceeds two important textual password points. Point “a” shows that by having only two actions and interactions as a 3D password, the 3D password exceeds the number of textual passwords used by Klein [2] to break 25% of textual passwords of eight characters. Point “b” represents the full textual password space of eight characters or less. It shows that by performing only four interactions, actions, and inputs as a 3D password, the 3D password space exceeds the full textual passwords of eight characters or less. From the previous equations, we observe that the number of objects and the type of actions and interactions determines the probable password space. Therefore, the design of the 3D virtual environment is a very critical part of the 3D password system. Figs. 4 and 5 illustrate the resulting password space of the proposed 3D password compared to textual password, Passfaces, and DAS of a grid of 5 x 5 and 10 x 10, respectively. Notice the difference between a 3D passwords built on a simple 3D virtual environment compared to the other authentication schemes.
11 5.2 3D PASSWORD DISTRIBUTION KNOWLEDGE Users tend to use meaningful words for textual passwords. Therefore finding these different words from dictionary is a relatively simple task which yields a high success rate for breaking textual passwords. Passfaces users tend to choose faces that reflect their own taste on facial attractiveness, race, and gender. Every user has different requirements and preferences when selecting the appropriate 3D Password. This will increase the effort to find a pattern of user’s highly selected 3D password. In addition, since the 3D password combines several authentication schemes into a single authentication environment, the attacker has to study every single authentication scheme and has to discover what the most probable selected secrets are. Since every 3D password system can be designed according to the protected system requirements, the attacker has to separately study every 3D password system. Therefore, more effort is required to build the knowledge of most probable 3D passwords. Studying the user’s behavior of password selection and knowing the most probable textual passwords are the key behind dictionary attacks. Klein used such knowledge to collect a small set of 3 x 106 words that have a high probability of usage among users. The question is how has such information (highly probable passwords) been found and why. Users tend to choose words that have meaning as places, names, famous people’s names, sports terms, and biological terminologies. Therefore, finding these different words from the dictionary is a relatively simple task. Using such knowledge yields a high success rate for breaking textual passwords. Any authentication scheme is affected by the knowledge distribution of the user’s secrets Passfaces. Users tend to choose faces that reflect their own taste on facial attractiveness, race, and gender. Moreover, 10% of male passwords have been guessed in only two guesses. Another study about user selection of DAS concluded that for their secret passwords, users tend to draw things that have Meaning, which simplifies the attacker’s task. Currently, knowledge about user behaviors on selecting their 3D password does not exist. Every user has different requirements and preferences when selecting the appropriate 3D password. This fact will increase the effort required to find a pattern of user’s highly selected 3D password. In addition, since the 3D password combines several authentication schemes into a single authentication environment, the attacker has to study every single authentication scheme and has to discover what the most probable selected secrets are.
12 For textual password, the highly probable selected textual password might be determined by the use of dictionaries. Since every 3D password system can be designed according to the protected system requirements, the attacker has to separately study every 3D password system. This is because objects that exist in one 3D password system might not exist on other 3D password systems. Therefore, more effort is required to build the knowledge of most probable 3D passwords. 5.3 ATTACKS AND COUNTERMEASURES To realize and understand how far an authentication scheme is secure, we have to consider all possible attack methods. We have to study whether the authentication scheme proposed is immune against such attacks or not. Moreover, if the proposed authentication scheme is not immune, we then have to find the countermeasures that prevent such attacks. In this section, we try to cover most possible attacks and whether the attack is valid or not. Moreover, we try to propose countermeasures for such attacks. 5.3.1 BRUTE FORCE ATTACK The attacker has to try all possible 3D passwords. This kind of attack is very difficult for the following reasons: 1. Time required to login needed for a legitimate user to login may vary depending on the number of interactions and actions, the size of the 3D virtual environment, and the type of actions and interactions. Therefore, a brute force attack on a 3D password is very difficult and time consuming. 2. The 3D virtual environment contains biometric recognition objects and token based objects. The attacker has to forge all possible biometric information and forge all the required tokens. The cost of forging such information is very high, therefore cracking the 3D password is more challenging. 5.3.2 WELL – STUDIED ATTACK The attacker tries to find the highest probable distribution of 3D passwords. In order to launch such an attack, the attacker has to acquire knowledge of the most probable 3D password distributions. This is very difficult because the attacker has to study all the existing authentication schemes that are used in the 3D environment. This environment has a number of objects and types of object responses that differ from any other 3D virtual environment. Therefore, a carefully customized study is required to initialize an effective attack.
13 5.3.3 SHOULDER SURFING ATTACK An attacker uses a camera to record the user’s 3D password or tries to watch the legitimate user while the 3D password is being performed. This attack is the most successful type of attack against 3D passwords and some other graphical passwords. However, the user’s 3D password may contain biometric data or textual passwords that cannot be seen from behind. Therefore, we assume that the 3D password should be performed in a secure place where a shoulder surfing attack cannot be performed. 5.3.4 TIMING ATTACK In this attack, the attacker observes how long it takes the legitimate user to perform a correct sign in using the 3D password. This observation gives the attacker an indication of the legitimate user’s 3D password length. However, this kind of attack alone cannot be very successful since it gives the attacker mere hints. Therefore, it would probably be launched as part of a well studied or brute force attack. 5.4 MATHEMATICAL CONCEPTS 5.4.1 TIME COMPLEXITY For calculating the time complexity of 3D password scheme let‘s assume A be the virtual 3D environment plotting and B is algorithmic processing. From this data available we have come to time complexity of system. Time Complexity = A m + B n Where m is time required to communicate with system and n is time required to process each algorithm in 3D environment. 5.4.2 SPACE COMPLEXITY This system include 3D virtual environment, so that each point in this environment will having 3 co-ordinate values. Any point from 3D virtual environment is represented in the form of (X, Y, Z) where X, Y & Z are the coordinate values stored for particular point. We are storing three co-ordinate values of each point such as (x1, y1, z1). Therefore the space complexity is n3.
14 6. EXPERIMENTAL RESULTS We have built an experimental 3D virtual environment that contains several objects of two types. The first type of response is textual password. The second type of response is requesting graphical passwords. Almost 30 users volunteered to experiment with the environment. We asked the users to create their 3D password and to sign in using 3D password several times over several days. In our experiment, we have used Java Open GL to build the 3D virtual environment and we have used a 1.80-GHz Pentium M Centrino machine with 512-MB random access memory and ATI Mobility Radeon 9600 video card. The design of the experimental 3D virtual environment represents an art gallery that the user can walk through and is depicted below. Table 6.1 Resulting number of possible 3D passwords of total length Lmax
15 We conducted a user study on 3D passwords using the experimental 3D virtual environments. The study reviewed the usage of textual passwords and other authentication schemes. The study covered almost 30 users. The users varied in age, sex, and education level. Even though it is a small set of users, the study produced some distinct results. We observed the following regarding textual passwords, 3D passwords, and other authentication schemes. 1. Most users who use textual passwords of 9–12 character lengths or who use random characters as a password have only one to three unique passwords. 2. More than 50% of user’s textual passwords are eight characters or less. 3. Almost 25% of users use meaningful words as their textual passwords. 4. Almost 75% of users use meaningful words or partially meaningful words as their textual passwords. In contrast, only 25% of users use random characters and letters as textual passwords. 5. Over 40% of users have only one to three unique textual passwords, and over 90% of users have eight unique textual passwords or less. 6. Over 90% of users do not change their textual passwords unless they are required to by the system. 7. Over 95% of users under study have never used any graphical password scheme as a means of authentication. 8. Most users feel that 3D passwords have a high acceptability. 9. Most users believe that there is no threat to personal privacy by using a 3D password as an authentication scheme.
16 7. APPLICATIONS The 3D password can have a password space that is very large compared to other authentication schemes, so the 3D password’s main application domains are protecting critical systems and resources. Possible critical applications include the following. 1. Critical server: Many large organizations have critical servers that are usually protected by a textual password. A 3D password authentication proposes a sound replacement for a textual password. 2. Nuclear and military facilities: Such facilities should be protected by the most powerful authentication systems. The 3D password has a very large probable password space, and since it can contain token, biometrics, recognition and knowledge based authentications in a single authentication system, it is a sound choice for high level security locations. 3. Airplanes and jet fighters: Because of the possible threat of misusing airplanes and jet fighters for religion, political agendas, usage of such airplanes should be protected by a powerful authentication system. In addition, 3D passwords can be used in less critical systems because the 3D virtual environment can be designed to fit to any system needs. 4. A small virtual environment can be used in the following systems like: a) ATM b) Personal Digital Assistance c) Desktop Computers and Laptop Logins d) Web Authentication e) Security Analysis
17 8. ADVANTAGE AND DISADVANTAGE 8.1 ADVANTAGE 1. It provides user options to choose the type of authentication of his/her own choice.  There are number of options available for users to choose sequence of own choice.  In 3D password user can build a sequence which is easier for him to remember. 2. It eliminates a brute force attack.  All data and critical information like passwords are stored in encrypted manner so it’s difficult for brute force attack to crack it.  In 3D password combination of recognition and recall base are using so it is difficult. 3. Provides high level security to the system which contains more important data.  Its provide hide securities to data using multi factors and multiple technique to protect data. 4. Secure against a software like key logger.  Software like key logger installed in a system it’s difficult to secure your data these types software’s are stored all text which are pass through the keyboard. In 3D password graphical password is also use for authentication. 8.2 DISADVANTAGE 1. Shoulder attack. Attackers observe the user from back shoulder than easily break their authentication. 2. More time and memory. To use 3D password its require more time and memory chunk because 3D password need more space to store in database. 3. It’s expensive. 3D Password is more expensive compare to other authentication technique. 4. Complexity. 3D password is more complexity in coding.
18 9. CONCLUSION AND FUTURE SCOPE The choice of what authentication schemes will be part of the user’s 3D password reflects the user’s preferences and requirements. A user who prefers to remember and recall a password might choose textual and graphical passwords as part of their 3D password. On the other hand, users who have more difficulty with memory or recall might prefer to choose smart cards or biometrics as part of their 3D password. Moreover, users who prefer to keep any kind of biometrical data private might not interact with objects that require biometric information. Therefore, it is the user’s choice and decision to construct the desired and preferred 3D password. The 3D password is still in its early stages. Designing various kinds of 3D virtual environments, deciding on password spaces, and interpreting user feedback and experiences from such environments will result in enhancing and improving the user experience of the 3D password. Gathering attackers from different background and attack made by them and how to overcome them is main future work. Shoulder surfing attacks are still possible so how to overcome that is a field of research and development. Inclusion of biometrics leads to in-creasing cost and hardware in scheme, to reduce this is still field of research. So that 3D password can be used in many application areas as discussed earlier and also many more area other than those. Thus this paper tells about our study about 3D password, still it is in early stage. Future work is needed in 3D password scheme to develop this scheme up to more secure level. Implementing 3D password for mobile handset is the another important future work.
19 REFERENCE 1. http://www.seminartopics.in/computer%20seminar%20topics/3D-password.php 2. https://www.slideshare.net/manisha0902/3d-password-ppt-43870131 3. https://www.youtube.com/watch?v=7sP7TawXAUg 4. http://research.ijcaonline.org/icacact/number1/icacact1002.pdf 5. http://www.ijesit.com/Volume%202/Issue%202/IJESIT201302_16.pdf 6. http://research.ijcaonline.org/volume120/number7/pxc3904024.pdf

More Related Content

PPT
3D PASSWORD
Akhi Balakrishnan
 
PPTX
3d password ppt
manisha0902
 
PDF
3D Password PPT
Seminar Links
 
PPT
3D-Password: A More Secure Authentication
Mahesh Gadhwal
 
PPTX
3D Password and its importance
shubhangi singh
 
PPTX
3D PASSWORD
ramyasaikondapi
 
PPT
3D Password Presentation
Sambit Mishra
 
PPT
graphical password authentication
Akhil Kumar
 
3D PASSWORD
Akhi Balakrishnan
 
3d password ppt
manisha0902
 
3D Password PPT
Seminar Links
 
3D-Password: A More Secure Authentication
Mahesh Gadhwal
 
3D Password and its importance
shubhangi singh
 
3D PASSWORD
ramyasaikondapi
 
3D Password Presentation
Sambit Mishra
 
graphical password authentication
Akhil Kumar
 

What's hot (20)

PPTX
3D PASSWORD SEMINAR
Karishma Khan
 
PPTX
3d password 23 mar 14
Saddam Ahmed
 
PPTX
Computer clothing
Dibyakanta Sahoo
 
PPTX
3D-Password
Devyani Vaidya
 
PPTX
Haptic technology ppt
Mohammad Sabouri
 
PPT
3d password ppt
Gowsalyasri
 
PPTX
Graphical Password Authentication
Abhijit Akotkar
 
PPTX
Jini technology ppt
OECLIB Odisha Electronics Control Library
 
PPT
3 d password
blogger at indiandswad
 
PDF
3d password - Report
Sunanda Bansal
 
PPTX
Image Security
Satyendra Rajput
 
PPT
Graphical password
vitam,berhampur
 
PPTX
3D Password
Ankit Nagar
 
PDF
Google glass ppt
Nidhin P Koshy
 
PPTX
FOG COMPUTING
Saisharan Amaravadhi
 
PPTX
Graphical User Authentication
Sarthak Gupta
 
PPTX
Atm using fingerprint
AnIsh Kumar
 
PPSX
Face recognition technology - BEST PPT
Siddharth Modi
 
PPTX
Fundamentals steps in Digital Image processing
KarthicaMarasamy
 
PPT
3D Password
Zishan Mohsin
 
3D PASSWORD SEMINAR
Karishma Khan
 
3d password 23 mar 14
Saddam Ahmed
 
Computer clothing
Dibyakanta Sahoo
 
3D-Password
Devyani Vaidya
 
Haptic technology ppt
Mohammad Sabouri
 
3d password ppt
Gowsalyasri
 
Graphical Password Authentication
Abhijit Akotkar
 
Jini technology ppt
OECLIB Odisha Electronics Control Library
 
3 d password
blogger at indiandswad
 
3d password - Report
Sunanda Bansal
 
Image Security
Satyendra Rajput
 
Graphical password
vitam,berhampur
 
3D Password
Ankit Nagar
 
Google glass ppt
Nidhin P Koshy
 
FOG COMPUTING
Saisharan Amaravadhi
 
Graphical User Authentication
Sarthak Gupta
 
Atm using fingerprint
AnIsh Kumar
 
Face recognition technology - BEST PPT
Siddharth Modi
 
Fundamentals steps in Digital Image processing
KarthicaMarasamy
 
3D Password
Zishan Mohsin
 
Ad

Similar to SEMINAR REPORT ON 3D PASSWORD (20)

DOCX
3d pass words
mkanth
 
PPTX
3dpassword11.pptx.......................
abhishekB96
 
DOCX
3dpassword
Divyaprathapraju Divyaprathapraju
 
DOCX
3d
Divyaprathapraju Divyaprathapraju
 
PPTX
3d password by suresh
suresh5c2
 
PPT
3 dpswd
Heena Chugh
 
DOC
Deepak 3 dpassword (2)
Deepak Choudhary
 
PPTX
3dpassword by janapriya
janapriyanaidu
 
PPTX
3D Password by Kuldeep Dhakad
kuldeepdhakad
 
PPTX
3d password ppt presentation innovative idea
AmarNath514531
 
PPTX
3 d ppt
dwivedibrothers
 
PPTX
3 d password
ASHOK KUMAR PALAKI
 
PPTX
3d password
Abhirami P S
 
PPTX
3dpswd 130320115940-phpapp01-converted
Maheshbabu319
 
PPTX
3d pswdbysuresh-120112091037-phpapp02
bujjiflute
 
DOCX
Graphical authintication
Tapesh Chalisgaonkar
 
PPT
Ppt on 3d password (2)
ASIM MIRZA
 
PPT
3dpassword
Belal Ahmad
 
PPTX
Vivek
Vivek Gupta
 
PPTX
3D Passwrd
Rakshita Paliwal
 
3d pass words
mkanth
 
3dpassword11.pptx.......................
abhishekB96
 
3dpassword
Divyaprathapraju Divyaprathapraju
 
3d
Divyaprathapraju Divyaprathapraju
 
3d password by suresh
suresh5c2
 
3 dpswd
Heena Chugh
 
Deepak 3 dpassword (2)
Deepak Choudhary
 
3dpassword by janapriya
janapriyanaidu
 
3D Password by Kuldeep Dhakad
kuldeepdhakad
 
3d password ppt presentation innovative idea
AmarNath514531
 
3 d ppt
dwivedibrothers
 
3 d password
ASHOK KUMAR PALAKI
 
3d password
Abhirami P S
 
3dpswd 130320115940-phpapp01-converted
Maheshbabu319
 
3d pswdbysuresh-120112091037-phpapp02
bujjiflute
 
Graphical authintication
Tapesh Chalisgaonkar
 
Ppt on 3d password (2)
ASIM MIRZA
 
3dpassword
Belal Ahmad
 
Vivek
Vivek Gupta
 
3D Passwrd
Rakshita Paliwal
 
Ad

Recently uploaded (20)

PDF
Advanced LangChain & RAG: Building a Financial AI Assistant with Real-Time Data
Soufiane Sejjari
 
PPTX
Inventory management chapter in automation and robotics.
atisht0104
 
PDF
Zero carbon Building Design Guidelines V4
BassemOsman1
 
PPTX
Victory Precisions_Supplier Profile.pptx
victoryprecisions199
 
PPTX
quantum computing transition from classical mechanics.pptx
gvlbcy
 
PDF
2025 Laurence Sigler - Advancing Decision Support. Content Management Ecommer...
Francisco Javier Mora Serrano
 
PDF
LEAP-1B presedntation xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
hatem173148
 
PDF
Construction of a Thermal Vacuum Chamber for Environment Test of Triple CubeS...
2208441
 
PPT
Understanding the Key Components and Parts of a Drone System.ppt
Siva Reddy
 
DOCX
SAR - EEEfdfdsdasdsdasdasdasdasdasdasdasda.docx
Kanimozhi676285
 
PDF
Natural_Language_processing_Unit_I_notes.pdf
sanguleumeshit
 
PDF
20ME702-Mechatronics-UNIT-1,UNIT-2,UNIT-3,UNIT-4,UNIT-5, 2025-2026
Mohanumar S
 
PDF
Machine Learning All topics Covers In This Single Slides
AmritTiwari19
 
PDF
Biodegradable Plastics: Innovations and Market Potential (www.kiu.ac.ug)
publication11
 
PPTX
22PCOAM21 Session 1 Data Management.pptx
Guru Nanak Technical Institutions
 
PPTX
business incubation centre aaaaaaaaaaaaaa
hodeeesite4
 
PPTX
Civil Engineering Practices_BY Sh.JP Mishra 23.09.pptx
bineetmishra1990
 
PDF
FLEX-LNG-Company-Presentation-Nov-2017.pdf
jbloggzs
 
PDF
Zero Carbon Building Performance standard
BassemOsman1
 
PPTX
MULTI LEVEL DATA TRACKING USING COOJA.pptx
dollysharma12ab
 
Advanced LangChain & RAG: Building a Financial AI Assistant with Real-Time Data
Soufiane Sejjari
 
Inventory management chapter in automation and robotics.
atisht0104
 
Zero carbon Building Design Guidelines V4
BassemOsman1
 
Victory Precisions_Supplier Profile.pptx
victoryprecisions199
 
quantum computing transition from classical mechanics.pptx
gvlbcy
 
2025 Laurence Sigler - Advancing Decision Support. Content Management Ecommer...
Francisco Javier Mora Serrano
 
LEAP-1B presedntation xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
hatem173148
 
Construction of a Thermal Vacuum Chamber for Environment Test of Triple CubeS...
2208441
 
Understanding the Key Components and Parts of a Drone System.ppt
Siva Reddy
 
SAR - EEEfdfdsdasdsdasdasdasdasdasdasdasda.docx
Kanimozhi676285
 
Natural_Language_processing_Unit_I_notes.pdf
sanguleumeshit
 
20ME702-Mechatronics-UNIT-1,UNIT-2,UNIT-3,UNIT-4,UNIT-5, 2025-2026
Mohanumar S
 
Machine Learning All topics Covers In This Single Slides
AmritTiwari19
 
Biodegradable Plastics: Innovations and Market Potential (www.kiu.ac.ug)
publication11
 
22PCOAM21 Session 1 Data Management.pptx
Guru Nanak Technical Institutions
 
business incubation centre aaaaaaaaaaaaaa
hodeeesite4
 
Civil Engineering Practices_BY Sh.JP Mishra 23.09.pptx
bineetmishra1990
 
FLEX-LNG-Company-Presentation-Nov-2017.pdf
jbloggzs
 
Zero Carbon Building Performance standard
BassemOsman1
 
MULTI LEVEL DATA TRACKING USING COOJA.pptx
dollysharma12ab
 

SEMINAR REPORT ON 3D PASSWORD

  • 1. 1 1. INTRODUCTION 1.1 AUTHENTICATION Authentication is a process of validating who are you to whom you claimed to be or a process of identifying an individual, usu33ally based on a username and password. To protect any system authentication must be provided, so that only authorized persons can have right to use or handle that system & data related to that system securely. There are many authentication algorithms are available some are effective & secure but having some drawback. Previously there are many authentication techniques were introduced such as graphical password, text password, Biometric authentication, etc. Generally there are three types of authentication techniques are available such as: Fig. 1.1 Classification of existing authentication systems Human Authentication Techniques Knowledge based - What you KNOW Textual Password Graphical Password Token based - What you HAVE ATM cards Keys ID keys Biometrics - What you ARE Finger prints, palm prints Hand geometry Iris, face, voice recognition
  • 2. 2 1.2 DRAWBACKS IN EXISTING AUTHENTICATION SYSTEMS 1.2.1 TEXTUAL PASSWORDS Recall-based techniques require the user to repeat or reproduce a secret that the user created before. Recognition based techniques require the user to identify and recognize the secret, or part of it, that the user selected before. One of the most common recall-based authentication schemes used in the computer world is textual passwords. One major drawback of the textual password is its two conflicting requirements: the selection of passwords that are easy to remember and, at the same time, are hard to guess. 1.2.2 GRAPHICAL PASSWORDS Graphical passwords are based on the idea that users can recall and recognize pictures better than words. However, some of the graphical password schemes require a long time to be performed. Moreover, most of the graphical passwords can be easily observed or recorded while the legitimate user is performing the graphical password; thus, it is vulnerable to shoulder surfing attacks. Currently, most graphical passwords are still in their research phase and require more enhancements and usability studies to deploy them in the market. 1.2.3 BIOMETRICS Many biometric schemes have been proposed; fingerprints, palmprints, hand geometry, face recognition, voice recognition, iris recognition, and retina recognition are all different biometric schemes. Each biometric recognition scheme has its advantages and disadvantages based on several factors such as consistency, uniqueness, and acceptability. One of the main drawbacks of applying biometrics is its intrusiveness upon a user’s personal characteristic. Moreover, retina biometrical recognition schemes require the user to willingly subject their eyes to a low-intensity infrared light. In addition, most biometric systems require a special scanning device to authenticate users, which is not applicable for remote and Internet users.
  • 3. 3 2. WHAT IS 3D PASSWORD The 3D password is a multifactor authentication scheme. It can combine all existing authentication schemes into a single 3D virtual environment. This 3D virtual environment contains several objects or items with which the user can interact. The type of interaction varies from one item to another. The 3D password is constructed by observing the actions and interactions of the user and by observing the sequences of such actions. It is the user’s choice to select which type of authentication techniques will be part of their 3D password. In 3D password, the user has to first authenticate with simple textual password (i.e. user need to provide user name and password). Once authentication successful then user moves in 3D virtual environment, then user automatically enter into an art gallery, where he/she has to select multiple point in that gallery or he can do some action in that environment like switching button on/off or perform action associated with any object like opening door, etc. The sequence in which user has clicked that sequence of points are stored in text file in the encrypted form. In this way the password is set for that particular user. Next time when user wants to access his account then he has to select all the objects which he has selected at the time of creating password with proper sequence. This sequence is then compared with coordinates which are stored in file. If authentication successful thereafter access is given to authorized user. This is achieved through interacting only with the objects that acquire information that the user is comfortable in providing and ignoring the objects that request information that the user prefers not to provide. Moreover, giving the user the freedom of choice as to what type of authentication schemes will be part of their 3D password and given the large number of objects and items in the environment, the number of possible 3D passwords will increase. Thus, it becomes much more difficult for the attacker to guess the user’s 3D password. The following necessities are satisfied in proposed scheme: 1. The new scheme provide secrets that are easy to remember and very difficult for intruders to guess. 2. The new scheme should be difficult to share with others. 3. The new scheme provides secrets that can be easily revoked or changed.
  • 4. 4 3. SYSTEM IMPLEMENTATION The system implementation can be done by designing a 3D virtual environment that contains objects that request information to be recalled, information to be recognized, tokens to be presented, and biometric data to be verified. For example, the user can enter the virtual environment and type something on a computer that exists in (x1, y1, z1) position, then enter a room that has a fingerprint recognition device that exists in a position (x2, y2, z2) and provide his/her fingerprint. Then, the user can go to the virtual garage, open the car door, and turn on the radio to a specific channel. The combination and the sequence of the previous actions toward the specific objects construct the user’s 3D password. Virtual objects can be any object that we encounter in real life. Any obvious actions and interactions toward the real life objects can be done in the virtual 3D environment toward the virtual objects. Moreover, any user input (such as speaking in a specific location) in the virtual 3D environment can be considered as a part of the 3D password. We can have the following objects: 1. A computer with which the user can type. 2. A fingerprint reader that requires the user’s fingerprint. 3. An ATM machine that requires a smart card and PIN. 4. A light that can be switched on/off. 5. A car that can be driven. Fig. 3.1 3D password selection and inputs
  • 5. 5 4. HOW THE TECHNOLOGY WORKS 4.1 WORKING OF 3D PASSWORD Consider a three dimensional virtual environment space that is of the size G×G×G. Each point in the three dimensional environment space represented by the coordinates (x, y, z) ∈ [1..G] × [1..G] × [1..G]. The objects are distributed in the three-dimensional virtual environment. Every object has its own (x, y, z) coordinates. Assume the user can navigate and walk through the three-dimensional virtual environment and can see the objects and interact with the objects. The input device for interactions with objects can be a mouse, a keyboard, stylus, a card reader, a microphone…etc. For example, consider a user who navigates through the 3D virtual environment that consists of a ground and a classroom. Let us assume that the user is in the virtual ground and the user turns around to the door located in (9, 16, 80) and opens it. The user types "ANGEL" into a computer that exists in the position of (10, 5, 25). The user then walks over and turns off the light located in (15, 6, 20), and then the user closes the door. The user then presses the login button. The initial representation of user actions in the 3D virtual environment can be recorded as follows: (9, 16, 80) Action = Open the office door; (10, 5, 25) Action = Typing, “A”; (10, 5, 25) Action = Typing, “N”; (10, 5, 25) Action = Typing, “G”; (10, 5, 25) Action = Typing, “E”; (10, 5, 25) Action = Typing, “L”; (15, 6, 20) Action = Turning the Light Off; (9, 16, 80) Action = Close the office door; 4.2 3D VIRTUAL ENVIRONMENT DESIGN GUIDELINES The design of the 3 D virtual environments affects the usability, effectiveness, acceptability of 3D password. The first step in building a 3D password system is to design a 3D environment that reflects the administration needs and the security requirements. The design of 3D virtual environments should follow these guidelines.
  • 6. 6 4.2.1 REAL LIFE SIMILARITY The prospective 3D virtual environment should reflect what people are used to seeing in real life. Objects used in virtual environments should be relatively similar in size to real objects (sized to scale). Possible actions and interactions toward virtual objects should reflect real life situations. Object responses should be realistic. The target should have a 3D virtual environment that users can interact. 4.2.2 OBJECT UNIQUENESS AND DISTINCTION Every virtual object or item in the 3D virtual environment is different from any other virtual object. The uniqueness comes from the fact that every virtual object has its own attributes such as position. Thus, the prospective interaction with object 1 is not equal to the interaction with object 2. However, having similar objects such as 20 computers in one place might confuse the user. Therefore, the design of the 3D virtual environment should consider that every object should be distinguishable from other objects. Similarly, in designing a 3D virtual environment, it should be easy for users to navigate through and to distinguish between objects. The distinguishing factor increases the user’s recognition of objects. Therefore, it improves the system usability. 4.2.3 THREE DIMENSIONAL VIRTUAL ENVIRONMENT SIZE A 3D virtual environment can depict a city or even the world. On the other hand, it can depict a space as focused as a single room or office. A large 3D virtual environment will increase the time required by the user to perform a 3D password. Moreover, a large 3D virtual environment can contain a large number of virtual objects. Therefore, the probable 3D password space broadens. However, a small 3D virtual environment usually contains only a few objects, and thus, performing a 3D password will take less time. 4.2.4 NUMBER OF OBJECTS AND THEIR TYPES Part of designing a 3D virtual environment is determining the types of objects and how many objects should be placed in the environment. The types of objects reflect what kind of responses the object will have. For simplicity, we can consider requesting a textual password or a fingerprint as an object response type. Selecting the right object response types and the number of objects affects the probable password space of a 3D password.
  • 7. 7 4.2.5 SYSTEM IMPORTANCE The 3D virtual environment should consider what systems will be protected by a 3D password. The number of objects and the types of objects that have been used in the 3D virtual environment should reflect the importance of the protected system. Fig. 4.1 State diagram of 3D password application
  • 8. 8 5. SECURITY ANALYSIS To analyse and study how secure a system is, we have to consider how hard it is for the attacker to break such a system. A possible measurement is based on the information content of a password space, which is defined as “the entropy of the probability distribution over that space given by the relative frequencies of the passwords that users actually choose.” As a result, it is important to have a scheme that has a very large possible password space as one factor for increasing the work required by the attacker to break the authentication system. Another factor is to find a scheme that has no previous or existing knowledge of the most probable user password selection, which can also resist the attack on such an authentication scheme. Fig. 5.1 Password space of the 3D password, textual password, passfaces, and DAS 5.1 3D PASSWORD SPACE SIZE One important factor to determine how difficult it is to launch an attack on an authentication system is the size of the password space. To determine the 3D password space, we have to count all possible 3D passwords that have a certain number of actions, interactions, and inputs toward all objects that exist in the 3D virtual environment. We assume that the length of the 3D password is Lmax, and the probability of the 3D password of size greater than Lmax is zero.
  • 9. 9 To measure the 3D password space, we will calculate Π (Lmax, G) on a 3D virtual environment that has the space (G x G x G) for a 3D password of a length (number of actions, interactions, and inputs) of Lmax or less. In the following expression (1), AC represents the possible actions towards 3D virtual environment whereas Π represents total numbers of possible 3D passwords of length Lmax or less: In the following expression (2), Omax is the number of objects in the 3D virtual environment: Where xi = xj, yi = yj, and zi = zj, only if i = j. The design of the 3D environment will determine the value of Omax. The variable m represents all possible actions and interactions toward all existing objects Oi. However, g(AC) counts the total number of actions and inputs toward the 3D virtual environment, whereas m, as we mentioned before, counts the actions and interactions toward the objects. An example of g(AC) can be a user movement pattern, which can be considered as a part of the user’s 3D password. The function is the number of possible actions and interactions toward the object Oi based on the object type Ti. Object types can be textual password objects, DAS objects, or any authentication scheme. The function f is determined from the object type. It counts the possible actions and interactions that the object can accept. If we assume that an object “Keyboard” is in location (x0, y0, z0) of type = textual password, f will count the possible characters and numbers that can be typed, which is around 93 possibilities. As we mentioned before, an object type is one of the important factors that affects the overall password space.
  • 10. 10 Therefore, higher outcomes of function f mean larger 3D password space size. Fig 5.2 Number of possible actions/interactions of a 3D password within a 3D environment The above figure shows the points where the 3D password exceeds two important textual password points. Point “a” shows that by having only two actions and interactions as a 3D password, the 3D password exceeds the number of textual passwords used by Klein [2] to break 25% of textual passwords of eight characters. Point “b” represents the full textual password space of eight characters or less. It shows that by performing only four interactions, actions, and inputs as a 3D password, the 3D password space exceeds the full textual passwords of eight characters or less. From the previous equations, we observe that the number of objects and the type of actions and interactions determines the probable password space. Therefore, the design of the 3D virtual environment is a very critical part of the 3D password system. Figs. 4 and 5 illustrate the resulting password space of the proposed 3D password compared to textual password, Passfaces, and DAS of a grid of 5 x 5 and 10 x 10, respectively. Notice the difference between a 3D passwords built on a simple 3D virtual environment compared to the other authentication schemes.
  • 11. 11 5.2 3D PASSWORD DISTRIBUTION KNOWLEDGE Users tend to use meaningful words for textual passwords. Therefore finding these different words from dictionary is a relatively simple task which yields a high success rate for breaking textual passwords. Passfaces users tend to choose faces that reflect their own taste on facial attractiveness, race, and gender. Every user has different requirements and preferences when selecting the appropriate 3D Password. This will increase the effort to find a pattern of user’s highly selected 3D password. In addition, since the 3D password combines several authentication schemes into a single authentication environment, the attacker has to study every single authentication scheme and has to discover what the most probable selected secrets are. Since every 3D password system can be designed according to the protected system requirements, the attacker has to separately study every 3D password system. Therefore, more effort is required to build the knowledge of most probable 3D passwords. Studying the user’s behavior of password selection and knowing the most probable textual passwords are the key behind dictionary attacks. Klein used such knowledge to collect a small set of 3 x 106 words that have a high probability of usage among users. The question is how has such information (highly probable passwords) been found and why. Users tend to choose words that have meaning as places, names, famous people’s names, sports terms, and biological terminologies. Therefore, finding these different words from the dictionary is a relatively simple task. Using such knowledge yields a high success rate for breaking textual passwords. Any authentication scheme is affected by the knowledge distribution of the user’s secrets Passfaces. Users tend to choose faces that reflect their own taste on facial attractiveness, race, and gender. Moreover, 10% of male passwords have been guessed in only two guesses. Another study about user selection of DAS concluded that for their secret passwords, users tend to draw things that have Meaning, which simplifies the attacker’s task. Currently, knowledge about user behaviors on selecting their 3D password does not exist. Every user has different requirements and preferences when selecting the appropriate 3D password. This fact will increase the effort required to find a pattern of user’s highly selected 3D password. In addition, since the 3D password combines several authentication schemes into a single authentication environment, the attacker has to study every single authentication scheme and has to discover what the most probable selected secrets are.
  • 12. 12 For textual password, the highly probable selected textual password might be determined by the use of dictionaries. Since every 3D password system can be designed according to the protected system requirements, the attacker has to separately study every 3D password system. This is because objects that exist in one 3D password system might not exist on other 3D password systems. Therefore, more effort is required to build the knowledge of most probable 3D passwords. 5.3 ATTACKS AND COUNTERMEASURES To realize and understand how far an authentication scheme is secure, we have to consider all possible attack methods. We have to study whether the authentication scheme proposed is immune against such attacks or not. Moreover, if the proposed authentication scheme is not immune, we then have to find the countermeasures that prevent such attacks. In this section, we try to cover most possible attacks and whether the attack is valid or not. Moreover, we try to propose countermeasures for such attacks. 5.3.1 BRUTE FORCE ATTACK The attacker has to try all possible 3D passwords. This kind of attack is very difficult for the following reasons: 1. Time required to login needed for a legitimate user to login may vary depending on the number of interactions and actions, the size of the 3D virtual environment, and the type of actions and interactions. Therefore, a brute force attack on a 3D password is very difficult and time consuming. 2. The 3D virtual environment contains biometric recognition objects and token based objects. The attacker has to forge all possible biometric information and forge all the required tokens. The cost of forging such information is very high, therefore cracking the 3D password is more challenging. 5.3.2 WELL – STUDIED ATTACK The attacker tries to find the highest probable distribution of 3D passwords. In order to launch such an attack, the attacker has to acquire knowledge of the most probable 3D password distributions. This is very difficult because the attacker has to study all the existing authentication schemes that are used in the 3D environment. This environment has a number of objects and types of object responses that differ from any other 3D virtual environment. Therefore, a carefully customized study is required to initialize an effective attack.
  • 13. 13 5.3.3 SHOULDER SURFING ATTACK An attacker uses a camera to record the user’s 3D password or tries to watch the legitimate user while the 3D password is being performed. This attack is the most successful type of attack against 3D passwords and some other graphical passwords. However, the user’s 3D password may contain biometric data or textual passwords that cannot be seen from behind. Therefore, we assume that the 3D password should be performed in a secure place where a shoulder surfing attack cannot be performed. 5.3.4 TIMING ATTACK In this attack, the attacker observes how long it takes the legitimate user to perform a correct sign in using the 3D password. This observation gives the attacker an indication of the legitimate user’s 3D password length. However, this kind of attack alone cannot be very successful since it gives the attacker mere hints. Therefore, it would probably be launched as part of a well studied or brute force attack. 5.4 MATHEMATICAL CONCEPTS 5.4.1 TIME COMPLEXITY For calculating the time complexity of 3D password scheme let‘s assume A be the virtual 3D environment plotting and B is algorithmic processing. From this data available we have come to time complexity of system. Time Complexity = A m + B n Where m is time required to communicate with system and n is time required to process each algorithm in 3D environment. 5.4.2 SPACE COMPLEXITY This system include 3D virtual environment, so that each point in this environment will having 3 co-ordinate values. Any point from 3D virtual environment is represented in the form of (X, Y, Z) where X, Y & Z are the coordinate values stored for particular point. We are storing three co-ordinate values of each point such as (x1, y1, z1). Therefore the space complexity is n3.
  • 14. 14 6. EXPERIMENTAL RESULTS We have built an experimental 3D virtual environment that contains several objects of two types. The first type of response is textual password. The second type of response is requesting graphical passwords. Almost 30 users volunteered to experiment with the environment. We asked the users to create their 3D password and to sign in using 3D password several times over several days. In our experiment, we have used Java Open GL to build the 3D virtual environment and we have used a 1.80-GHz Pentium M Centrino machine with 512-MB random access memory and ATI Mobility Radeon 9600 video card. The design of the experimental 3D virtual environment represents an art gallery that the user can walk through and is depicted below. Table 6.1 Resulting number of possible 3D passwords of total length Lmax
  • 15. 15 We conducted a user study on 3D passwords using the experimental 3D virtual environments. The study reviewed the usage of textual passwords and other authentication schemes. The study covered almost 30 users. The users varied in age, sex, and education level. Even though it is a small set of users, the study produced some distinct results. We observed the following regarding textual passwords, 3D passwords, and other authentication schemes. 1. Most users who use textual passwords of 9–12 character lengths or who use random characters as a password have only one to three unique passwords. 2. More than 50% of user’s textual passwords are eight characters or less. 3. Almost 25% of users use meaningful words as their textual passwords. 4. Almost 75% of users use meaningful words or partially meaningful words as their textual passwords. In contrast, only 25% of users use random characters and letters as textual passwords. 5. Over 40% of users have only one to three unique textual passwords, and over 90% of users have eight unique textual passwords or less. 6. Over 90% of users do not change their textual passwords unless they are required to by the system. 7. Over 95% of users under study have never used any graphical password scheme as a means of authentication. 8. Most users feel that 3D passwords have a high acceptability. 9. Most users believe that there is no threat to personal privacy by using a 3D password as an authentication scheme.
  • 16. 16 7. APPLICATIONS The 3D password can have a password space that is very large compared to other authentication schemes, so the 3D password’s main application domains are protecting critical systems and resources. Possible critical applications include the following. 1. Critical server: Many large organizations have critical servers that are usually protected by a textual password. A 3D password authentication proposes a sound replacement for a textual password. 2. Nuclear and military facilities: Such facilities should be protected by the most powerful authentication systems. The 3D password has a very large probable password space, and since it can contain token, biometrics, recognition and knowledge based authentications in a single authentication system, it is a sound choice for high level security locations. 3. Airplanes and jet fighters: Because of the possible threat of misusing airplanes and jet fighters for religion, political agendas, usage of such airplanes should be protected by a powerful authentication system. In addition, 3D passwords can be used in less critical systems because the 3D virtual environment can be designed to fit to any system needs. 4. A small virtual environment can be used in the following systems like: a) ATM b) Personal Digital Assistance c) Desktop Computers and Laptop Logins d) Web Authentication e) Security Analysis
  • 17. 17 8. ADVANTAGE AND DISADVANTAGE 8.1 ADVANTAGE 1. It provides user options to choose the type of authentication of his/her own choice.  There are number of options available for users to choose sequence of own choice.  In 3D password user can build a sequence which is easier for him to remember. 2. It eliminates a brute force attack.  All data and critical information like passwords are stored in encrypted manner so it’s difficult for brute force attack to crack it.  In 3D password combination of recognition and recall base are using so it is difficult. 3. Provides high level security to the system which contains more important data.  Its provide hide securities to data using multi factors and multiple technique to protect data. 4. Secure against a software like key logger.  Software like key logger installed in a system it’s difficult to secure your data these types software’s are stored all text which are pass through the keyboard. In 3D password graphical password is also use for authentication. 8.2 DISADVANTAGE 1. Shoulder attack. Attackers observe the user from back shoulder than easily break their authentication. 2. More time and memory. To use 3D password its require more time and memory chunk because 3D password need more space to store in database. 3. It’s expensive. 3D Password is more expensive compare to other authentication technique. 4. Complexity. 3D password is more complexity in coding.
  • 18. 18 9. CONCLUSION AND FUTURE SCOPE The choice of what authentication schemes will be part of the user’s 3D password reflects the user’s preferences and requirements. A user who prefers to remember and recall a password might choose textual and graphical passwords as part of their 3D password. On the other hand, users who have more difficulty with memory or recall might prefer to choose smart cards or biometrics as part of their 3D password. Moreover, users who prefer to keep any kind of biometrical data private might not interact with objects that require biometric information. Therefore, it is the user’s choice and decision to construct the desired and preferred 3D password. The 3D password is still in its early stages. Designing various kinds of 3D virtual environments, deciding on password spaces, and interpreting user feedback and experiences from such environments will result in enhancing and improving the user experience of the 3D password. Gathering attackers from different background and attack made by them and how to overcome them is main future work. Shoulder surfing attacks are still possible so how to overcome that is a field of research and development. Inclusion of biometrics leads to in-creasing cost and hardware in scheme, to reduce this is still field of research. So that 3D password can be used in many application areas as discussed earlier and also many more area other than those. Thus this paper tells about our study about 3D password, still it is in early stage. Future work is needed in 3D password scheme to develop this scheme up to more secure level. Implementing 3D password for mobile handset is the another important future work.
  • 19. 19 REFERENCE 1. http://www.seminartopics.in/computer%20seminar%20topics/3D-password.php 2. https://www.slideshare.net/manisha0902/3d-password-ppt-43870131 3. https://www.youtube.com/watch?v=7sP7TawXAUg 4. http://research.ijcaonline.org/icacact/number1/icacact1002.pdf 5. http://www.ijesit.com/Volume%202/Issue%202/IJESIT201302_16.pdf 6. http://research.ijcaonline.org/volume120/number7/pxc3904024.pdf