Download - 3D Password M Sc BHU Sem 1

Transcript
Page 1: 3D Password M Sc BHU Sem 1

3-D PASSWORD

A more secured way of authentication

Swagato Dey

M. Sc. CS 1st Year

Page 2: 3D Password M Sc BHU Sem 1

Authentication & their types. Knowledge Based Authentication. Token Based Authentication. Biometrics Authentication. Drawbacks. 3D Password. 3D Virtual Environment. Advantages & Application. Attacks & Countermeasures. Conclusion. References.

Areas Of Discussion

Page 3: 3D Password M Sc BHU Sem 1

Authentication

Authentication is a process of validating who you are to whom you claimed to be.

Human authentication techniques are as follows:

1. Knowledge Based (What you know)

2. Token Based (What you have)

3. Biometrics (What you are)

Page 4: 3D Password M Sc BHU Sem 1

Three Basic Identification Methods of password

Possession(“something I have”)

•Keys •Passport •Smart Card

Knowledge(“Something I

know”)

•Password • Pin

Biometrics(“something I

am”)

•Face•Fingerprints•Iris

Page 5: 3D Password M Sc BHU Sem 1

Knowledge Base

d

Page 6: 3D Password M Sc BHU Sem 1

Password• Password is basically an encryption

algorithms.

It is 8-15 character or slightly more than that.

Mostly textual passwords nowadays are

kept which are very simple.

Page 7: 3D Password M Sc BHU Sem 1

PASSPHRASE

•Passphrase length is about 30-50 characters or more than that so it creates ambiguity to remember, if there is any proper sequence.

Page 8: 3D Password M Sc BHU Sem 1

It’s the enhance version of password.It is a combination of words or simply collection of

password in proper sequence.It contains any well known thought also.Length of passphrase is about 30-50 character or more

than that also.

Page 9: 3D Password M Sc BHU Sem 1

TOKEN BASED

TOKEN BASED

TOKEN BASED

Page 10: 3D Password M Sc BHU Sem 1

A security token (or sometimes a hardware token, authentication token, USB token, cryptographic token, software token, virtual token) may be a physical device that an authorized user of computer services is given to ease authentication.

Page 11: 3D Password M Sc BHU Sem 1

Token

DisconnectedToken

ConnectedToken

ContactlessToken

SingleSign – on Software

Token

MobileDeviceToken

Smart Card Bluetooth

Page 12: 3D Password M Sc BHU Sem 1

BIOMETRICS

Page 13: 3D Password M Sc BHU Sem 1

Biometrics •Refer to a broad range of technologies.

•Automate the identification or verification of an individual.

Page 14: 3D Password M Sc BHU Sem 1

Based on human characteristics or body organs

Page 15: 3D Password M Sc BHU Sem 1

Process

Page 16: 3D Password M Sc BHU Sem 1

Percentage market share

by type of biometric

technology in 2003

Page 17: 3D Password M Sc BHU Sem 1

Drawbacks

Page 18: 3D Password M Sc BHU Sem 1

•How secure is your password?

Now with the technology change, fast processors and many tools on the Internet, cracking password has become a Child's Play.Ten years back Klein performed such tests and he could crack 10-15 passwords per day.

PASSWORD

Page 19: 3D Password M Sc BHU Sem 1

Token Involves additional costs, such as the cost of the token and any replacement fees.

Users always need to carry the token with them.

Users need multiple tokens for multiple Web sites and devices.

Does not protect fully from man-in-the-middle attacks (i.e., attacks where an intruder intercepts a user's session and steals the user's credentials by acting as a proxy between the user and the authentication device without the user's knowledge).

Page 20: 3D Password M Sc BHU Sem 1

BIOMETRICS

•Biometrics has also some drawbacks.

Suppose you select your fingerprint as a biometrics..

But what to do when you have crack or wound in your finger.

And now a days some hackers even implement exact copy of your biometrics also….

Page 21: 3D Password M Sc BHU Sem 1

3D PASSWORD

Page 22: 3D Password M Sc BHU Sem 1

•The 3D passwords are more customizable, and very interesting way of authentication.

•A 3D password is a multifactor authentication scheme that combine RECOGNITION +RECALL +TOKENS +BIOMETRICS in one authentication system.

Page 23: 3D Password M Sc BHU Sem 1

The 3D password presents a virtual environment containing various virtual objects.

The user walks through the environment and interacts with the objects.

It is the combination and sequence of user interactions that occur in the 3D environment.

Page 24: 3D Password M Sc BHU Sem 1

This is achieved through interacting only with the objects that acquire information that the user is comfortable in providing.

It becomes much more difficult for the attacker to guess the user’s 3-D password.

Page 25: 3D Password M Sc BHU Sem 1

Virtual objectsVirtual objects can be any object we encounter in real life:

A computer on which the user can type in.

A fingerprint reader that requires users fingerprint.

A paper or white board on which user can type.

An Automated teller(ATM) machine that requires a token.

A light that can be switched on/off.

A television or radio where channels can be selected.

A car that can be driven.

A graphical password scheme.

Page 26: 3D Password M Sc BHU Sem 1

A biometric recognition device.

A staple that can be punched.

A book that can be moved from one place to another.

Any real life object.

Any upcoming authentication scheme.

Page 27: 3D Password M Sc BHU Sem 1

Snapshot of a proof - of - concept virtual art gallery , which contains 36

pictures and six computers

Page 28: 3D Password M Sc BHU Sem 1

STATE DIAGRAM OF A 3D PASSWORD APPLICATION

Page 29: 3D Password M Sc BHU Sem 1

3D VIRTUAL ENVIRONMENT

Page 30: 3D Password M Sc BHU Sem 1

3D Virtual Environment•3-D virtual environment affects the usability, effectiveness, and acceptability of a 3-D password system.

• 3-D environment reflects the administration needs and the security requirements.

3D Virtual Environment

Page 31: 3D Password M Sc BHU Sem 1

The design of 3D virtual environments should follow these guidelines:

Real Life Similarity

Object Uniqueness & Distinction

3D Virtual Environment Size

Number of objects & their types

System Importance

Page 32: 3D Password M Sc BHU Sem 1

Now let us see a3D Virtual Environment

Page 33: 3D Password M Sc BHU Sem 1
Page 34: 3D Password M Sc BHU Sem 1

Advantages

Flexibility

Strength

Ease to Memorize

Respect of Privacy

Page 35: 3D Password M Sc BHU Sem 1

Applications The 3D password’s main application domains are protecting

critical systems and resources.

Critical Servers Nuclear Reactors & Military Facilities Airplanes and Missile Guiding

Page 36: 3D Password M Sc BHU Sem 1

A small virtual environment can be used in the following systems like-

ATM

Personal digital assistance

Desktop computers & laptops

Web authentication etc.

Page 37: 3D Password M Sc BHU Sem 1

Attacks and Countermeasures

Brute Force Attack

Well studied Attack

Shoulder-surfing Attack

Timing Attack

Page 38: 3D Password M Sc BHU Sem 1

Brute Force Attack

The attacker has to try all possible 3D passwords. This kind of attack is very difficult for the following reasons.

Time required to login .

3D Attacks are very expensive.

Page 39: 3D Password M Sc BHU Sem 1

Well Studied Attack

The attacker tries to find the highest probable distribution of 3D passwords. In order to launch such an attack, the attacker has to acquire knowledge of the most probable 3D password distributions. This is very difficult because the attacker has to study all the existing authentication schemes that are used in the 3D environment.Moreover, a well studied attack is very hard to accomplish since the attacker has to perform a customized attack for every different 3D virtual environment design.

Page 40: 3D Password M Sc BHU Sem 1

Shoulder-surfing Attack

An attacker uses a camera to record the user’s 3D password or tries to watch the legitimate user while the 3D password is being performed. This attack is the most successful type of attack against 3D passwords and some other graphical passwords. However, the user’s 3D password may contain biometric data or textual passwords that cannot be seen from behind. Therefore, we assume that the 3D password should be performed in a secure place where a shoulder surfing attack cannot be performed.

Page 41: 3D Password M Sc BHU Sem 1

Timing Attack

In this attack, the attacker observes how long it takes the legitimate user to perform a correct sign in using the 3D password. This observation gives the attacker an indication of the legitimate user’s 3D password length. However, this kind of attack alone cannot be very successful since it gives the attacker mere hints. Therefore, it would probably be launched as part of a well studied or brute force attack. Timing attacks can be very effective if the 3D virtual environment is poorly designed.

Page 42: 3D Password M Sc BHU Sem 1

The authentication can be improved with 3D password, because the unauthorized person may not interact with same object at a particular location as the legitimate user.

It is difficult to crack, because it has no fixed number of steps and a particular procedure.

Added with biometrics and token verification this schema becomes almost unbreakable.

Conclusion

Page 43: 3D Password M Sc BHU Sem 1

X. Suo, Y. Zhu, and G. S. Owen, “Graphical passwords: A survey,” in Proc. 21st Annu. Comput. Security Appl. Conf., Dec. 5–9, 2005, pp. 463–472.

D. V. Klein, “Foiling the cracker: A survey of, and improvement to passwords security,” in Proc. USENIX Security Workshop, 1990, pp. 5–14.

T. Kitten, Keeping an Eye on the ATM. (2005, Jul. 11). [Online]. Available: ATMMarketPlace.com

G. E. Blonder, “Graphical password,” U.S. Patent 5 559 961, Sep. 24, 1996.

R. Dhamija and A. Perrig, “Déjà Vu: A user study using images for authentication,” in Proc. 9th USINEX Security Symp., Denver, CO, Aug. 2000, pp. 45–58.

References

Page 44: 3D Password M Sc BHU Sem 1