3D PASSWORD FOR SECURE AUTHENTICATION - CS-Tutorial

licoricebedsSécurité

22 févr. 2014 (il y a 3 années et 1 mois)

55 vue(s)

Copyright© cs
-
tutorial.com

CONTENTS



Introduction



Authentication
Schemes



Functionalities
Required



3D
Password selection and Input



Virtual
Environment Design Guidelines



Applications



Security
Analysis



Attacks
and Countermeasures



Conclusion


INTRODUCTION



Commonly used authentication schemes are textual
passwords, graphical passwords and biometrics.



3D password is a multifactor authentication scheme.




To be authenticated,
werequirea3Dvirtualenvironment.




Combines recognition
-
,recall
-
,token
-
,and biometrics
-
based systems.



Users choice to select the type of authentication
technique.


AUTHENTICATION SCHEMES



KNOWLEDGE BASED


Recall based


Recognition based



TOKEN BASED


eg

: smart card



BIOMETRIC BASED


Fingerprint ,palm prints ,hand geometry ,face
recognition


Intrusiveness upon a user’s personal characteristics.


GRAPHICAL PASSWORDS


Recognition based


Recall based


FUNCTIONALITIES REQUIRED



New scheme should combine the existing
authentication schemes



Freedom to select the type of authentication
technique.



Should provide secrets that are easy to remember
,difficult toguess.


3D PASSWORD SELECTION AND INPUT



3D environment space represented by the co
-
ordinates



User navigate into the 3D virtual environment using
any input device.



The sequence of actions and interactions forms the
users3D password.




Representation of user actions in the 3D virtual
environment

(10,24,91) Action=Open the office door;

(10,24,91) Action=Close the office door;

(4,34,18) Action=
Typing,“F
”;

(4,34,18) Action=
Typing,”A
”;

(4,34,18) Action=
Typing,”L
”;

(4,34,18) Action=
Typing,”C
”;

(4,34,18) Action=
Typing,”O
”;

(4,34,18) Action=
Typing,”N
”;

(10,24,80) Action= Pick up the pen;

(1,18,80) Action= Drawing, point=(330,130).

Virtual Computer where user typing a textual password
as a part of user’s 3D Password

Snapshot of a proof
-
of
-
concept virtual art
gallery

State diagram of a 3D Password application

3D VIRTUAL ENVIRONMENT DESIGN
GUIDELINES



Real
-
life similarity



Object uniqueness and distinction



Three
-
dimensional virtual environment



System importance


APPLICATIONS



Critical servers.



Nuclear and military facilities.



Airplanes and jetfighters.



ATMs, PDA’s, desktop computers and laptops.


SECURITY ANALYSIS



3D Password Space Size.



3D Password Distribution Knowledge.


ATTACKS AND COUNTERMEASURES



Brute Force Attack



Well
-
Studied Attack



Shoulder Surfing Attack



Timing Attack


CONCLUSION


Commonly used authentication schemes are
vulnerable to attacks.


3D Password is a multifactor authentication scheme.


Design of 3D virtual environment, selection of objects
inside the environment, and the object type reflects
the resulted password space.


User’s choice and decision to construct the desired and
preferred 3D password