0 evaluări0% au considerat acest document util (0 voturi)
70 vizualizări7 pagini
This document discusses 3D passwords as a new authentication method that combines multiple factors for enhanced security. A 3D virtual environment is presented to the user where they navigate and interact with objects, and the order of interactions constitutes their unique 3D password. Biometrics can also be incorporated to further increase security. The 3D password scheme has advantages over traditional passwords by utilizing a larger password space and integrating different authentication methods. It allows for flexibility in how users authenticate and provides a highly secure option for applications requiring strong information security.
This document discusses 3D passwords as a new authentication method that combines multiple factors for enhanced security. A 3D virtual environment is presented to the user where they navigate and interact with objects, and the order of interactions constitutes their unique 3D password. Biometrics can also be incorporated to further increase security. The 3D password scheme has advantages over traditional passwords by utilizing a larger password space and integrating different authentication methods. It allows for flexibility in how users authenticate and provides a highly secure option for applications requiring strong information security.
This document discusses 3D passwords as a new authentication method that combines multiple factors for enhanced security. A 3D virtual environment is presented to the user where they navigate and interact with objects, and the order of interactions constitutes their unique 3D password. Biometrics can also be incorporated to further increase security. The 3D password scheme has advantages over traditional passwords by utilizing a larger password space and integrating different authentication methods. It allows for flexibility in how users authenticate and provides a highly secure option for applications requiring strong information security.
International Journal of Advanced Technology & Engineering Research (IJATER)
ISSN No: 2250-3536 Volume 2, Issue 4, July 2012 92
3D PASSWORD: MINIMAL UTILIZATION OF SPACE AND VAST SECURITY COUPLED WITH BIOMETRICS FOR SECURE AUTHENTICATION Ms. Nidhi Maria Paul, Student, Nagarjuna College of Engineering and Technology; Ms. Monisha Shanmugham, Student, Nagarjuna College of Engineering and Technology
Abstract
Existing systems of authentication are plagued by many weaknesses. Commonly, textual passwords are used to secure data or user accounts. However these can be cracked by the application of various brute-force algorithms as the maximum password length is fixed and there are a finite number of possibilities which exist. Presently existing graphical passwords have password space which is lesser than or equal to the textual password space. The 3D password authentication scheme is based on a combination of multiple sets of factors. A 3D virtual environment is presented to the user where he navigates and interacts with a multitude of objects which are present. The order in which actions and interactions are performed with respect to the objects constitutes the users 3D password. The 3D password key space is built on the basis of the design of the 3D virtual environment and the nature of the objects selected. The advantage of the 3D password is that it can combine many existing systems of authentication, providing an extremely high degree of security to the user. Biometrics can be coupled with the 3D password to further increase the degree of security, making it extremely secure and suitable for applications in which information security is of essence. Several techniques like face recognition, fingerprint recognition, hand geometry, iris recognition, and palm print, vascular pattern recognition can be used. Pins and passwords may be forgotten and token based identification methods such as passports and driver licenses may be forged, stolen, or lost. Thus the biometric system of identification enjoys a new interest. It can even be applied in the most basic level such as for a user on a home system as it is based on recall on recognition and is easy to use.
1. Introduction
1.1 History Users commonly use textual passwords, but do not take their recommendations into account. They are inclined to select words of significance from dictionaries, making then liable to dictionary or brute force attacks. [3]
The fundamental principle behind graphical passwords is that users would find it easier to remember and identify pictures as compared to words. However, this paradigm faces a number of complications. Some graphical passwords require a long time to be executed, and more importantly, they can easily be noted or observed when the user is in the process of authentication, making it vulnerable to shoulder surfing attacks. Many graphical passwords are still under research and development in the need of further enrichments as well as usability studies before they can be deployed in various markets. A number of graphical passwords also have a password space that is lesser than or equal to the textual password space. Other forms of authentication also taken into account what is possessed by the user in addition to what is known by them, a common example being token based systems that are used in banking. These are nevertheless susceptible to fraud, loss or theft.
1.2 3D Password Scheme
The 3D password is a paradigm which is based on a combination of multiple sets of factors. The system of authentication presents a 3D virtual environment to the user where in the user navigates and interacts with the multitude of objects that may be present. The order in which actions and interactions are performed with respect to the objects constitutes the users 3D password. The 3D password key space is built on the basis of the design of the 3D virtual environment and the nature of the objects selected. The advantage of the 3D password is that it can combine many existing systems of authentication, providing an extremely high degree of security to the user. [2] This particular authentication scheme has the following necessities: [1]
1) The scheme is not solely based on recall or recognition. It is a combination of recall, recognition, biometrics as well as token-based authentication schemes. 2) Users should have the freedom to choose the specifications of the 3D password, whether it will be exclusively recall, biometric or token based, a combination containing two or more schemes, etc. This is important as different users have different needs, they may not want to carry cards, or to present biometric data while others may have weak memories. In turn, this assures greater acceptability. 3) The scheme should contain secrets, ones that are simple for the intended user to remember and complex for intruders to guess. These should be complicated for example, difficult to break down into a sequence of steps and record on a piece of paper. These secrets must be flexible, the user must be allowed to change or remove them. International Journal of Advanced Technology & Engineering Research (IJATER)
Biometrics or biometric authentication is used to identify human beings on the basis of their characteristics or traits. It is commonly used as a form of identification and access control. Biometrics identifiers are the different characteristics which can be measured that can be used to identify individuals. There are two categories of biometric identifiers; these include physiological and behavioral characteristics. Biometric functionality encapsulates a variety of different aspects. Selecting the use of a particular biometric for a specified application must take several factors into consideration. 1) Universality: Every person using the system should posses the trait. 2) Uniqueness: The trait must be unique to each individual who uses the system such that they can be distinguished from one and another. 3) Permanent: The trait should be permanent and invariant over time. 4) Measurability (Collectability): This refers to the ease with which the trait can be acquired or measured. 5) Performance: This refers to the accuracy, speed and robustness of the technology that is being used. 6) Acceptability: This encompasses how ready individuals are to have their trait captured and assessed. 7) Circumvention: This measures how easy it is for a trait to be emulated by making use of an artifact or a substitute. It is unlikely that a single biometric system will meet the needs of all applications. Figure 1 below shows the basic block diagram of a biometric system.
Figure 1: Basic block diagram of a biometric system.
Biometric systems can operate in two modes, the first being verification mode and the second being identification mode. In verification mode, the system compares a captured biometric with a template which has been stored in a biometric database such that the user can be successfully authenticated. This involves three steps, the first of which involves reference models for all the users to be generated and stored within the database. After this, the samples are matched with the reference models in order to generate the genuine scores. The final step is testing. This may involve the use of a smart card, username or identification number such as a PIN indicating which template must be used for comparison. In the identification mode, the system executes a one-to-many comparison with the biometric database such that the identity of an unknown individual can be established. The process of identification will be successful if while comparing the biometric sample to the template the result falls within a previously set threshold. If the process of identification is a success, it may also be identified as a positive recognition. In this case, the user need not provide any information on the template to be used. However, in the case of a failure, it is a negative recognition and the system must implicitly or explicitly determine whether the user is who they deny to be. The latter can be achieved only through the use of biometrics as in this case, the use of personal recognition such as passwords, PINs and keys are ineffective. The first time a biometric system is accessed by a user is known as enrollment. During this process, information from the individual is captured and saved. In successive uses, biometric information is detected and matched with the information that has been stored at the time of enrollment. Security during the stages of storage as well as retrieval is of essence in order to make sure that the biometric system is robust. The first block (sensor) acts as the interface between the real world and the biometric system, it is responsible for acquiring all the required data. Mostly, it is an image acquisition system, but it may change according to the characteristics that are desired by the user. The second block deals with all the pre-processing, it must remove artifacts from the sensor, enhance the given input, such as removal of the background noise. The third block extracts all these necessary features. This step is of great importance as it must be accurate. A vector of numbers or images is compiled to create a template, which is a synthesis of characteristics that have been extracted from the source. Parts of the biometric measurement that are not utilized within the comparison algorithm are discarded from the template so as to decrease the file size and protect the identity of the user who has enrolled. If enrollment is being performed, the template is saved either on the card or in the database or both. While a matching phase is being performed, the template that has been obtained is transferred to a matcher which compares it to other existing templates and estimates the distance between them using an algorithm. The matching program that is used will analyze the template with the input. An output will be present for any specified use or purpose. The selection of biometrics in any practical application should depend on the characteristic requirements and the user requirements. The 3D password scheme is an excellent paradigm in which biometrics can be coupled, as together they can provide a very strong, or impermeable level of security. International Journal of Advanced Technology & Engineering Research (IJATER)
ISSN No: 2250-3536 Volume 2, Issue 4, July 2012 94 2. MATERIALS AND METHODS:
Here the designs of two 3D environments are specified, the first one being a chess game and the second being a rotating cube.In the chess game, the password is based on placing the chess pieces in predefined positions on the chess board and in the case of the rotating cube, the password is constructed base on rotating the cube right, left, up and down in addition to the option of inserting one of the input images on different sides of the cube.
2.1. Environment 1 Chess:
When a new user enters the environment, the user must initially enter all his details in the registration form. The user must then click on the environment1 button to select the chess environment. Figure 2[1] below shows an environment for a chess game, having a total of 32 objects, out of which 16 are red and 16 are white. It also encloses seven buttons all together namely, New button, Record button, Stop button, Play button, Confirm button, Close button and Swap button, and one Checkbox option. Each button works as specified below [1]:
Figure 2: Enviornment1 (Chess)
New button: Clicking this button initializes all the objects (white and red). Prior to clicking this button, the environment is completely empty.
Swap button: This button is used in order to change the position of the red and white objects. In simple words, it exchanges the positions of the white and red objects respectively.
Record button: Before creating the 3D password, the user must click this button, as a result of which the sequence of actions and interactions are stored as the 3D password as a string. In the event that the record button has not been clicked initially, nothing is recorded and an error occurs when the user slicks the stop button. Stop button: This button is used to end the sequence of actions and interactions. Clicking this button stops recording the users movements and the recorded acti ons and interactions are saved as a 3D password in the form of a string.
Play button: Thi s but t on can be used by t o user t o check the acti ons and int eract i ons that have been per formed aft er pr essing the st op butt on. Once thi s but t on i s cli cked, the user can see a pl ayback of the acti ons and int eracti ons whi ch have been st or ed as a 3D passwor d.
Confirm button: This button confirms the 3D password. Once this button is clicked, the user cannot change the 3D password. The user can however, change his/her password prior to clicking this button by selecting the new button.
Close button: Once clicked, the environment is closed and control returns to the registration form.
2.2 Environment 2 Cube:
The second environment presented in this paper is that of a cube. Figure 3 shows a snapshot of environment2. When this environment is selected, the cube is placed at an initial position of (400, 240, 0) co-ordinates with respect to the x, y and z axis. In addition to this point in the environment, another point known as the camera point is fixed. The camera position is set at the co-ordinates (400, 240,-500) on the x, y and z axis respectively. It is a reference point, or the point from which the user can see the sequence of actions and interactions that are being performed on the cube.
There are mainly four actions that can be performed within this environment, each being further divided into six sub actions and as well as an input action which is used to load an image onto each side of the cube. The four main actions are described below [1]:
Move Cube: This is a main move cube action having the following six sub actions, Left, Right, Up, Down, In, Out. A c l i ck on ea ch of t h e s e but t on s t r a n s l a t e s t he c u be by 45 co-ordinates with respect to the which button is clicked. The maximum number of times each button can be clicked is six. Clicking the button for a seventh time will result in an error message to the user indicating that the maximum limit has been crossed.
Rotate Cube: This main action has the following sub actions, rotate cube x-direction, y-direction, z- direction and x- direction, -y-direction, -z-direction. A single click on one of these buttons will rotate the cube in a 45 direction with respective to which button is clicked. The maximum number of times each button can be clicked is six. Clicking the button for a seventh time will result in an error message to the user indicating that the maximum limit has been crossed.
International Journal of Advanced Technology & Engineering Research (IJATER)
ISSN No: 2250-3536 Volume 2, Issue 4, July 2012 95 Move Camera: The sub actions are Left, Right, Up, Down, In, Out. When the user single clicks on these buttons then the camera or reference point moves 45 co-ordinates with respective to the button which is clicked. The maximum number of times each button can be clicked is six. Clicking the button for a seventh time will result in an error message to the user indicating that the maximum limit has been crossed.
Turn Camera: The sub actions specified by this button are Left, Right, Up, Down, CW (Clockwise), CCW (Counter clock -Wise) direction. A cl i ck on e a ch of t h e s e bu t t on s t r a n s l a t e s t h e cu be by 45 co-ordinates with respect to which button is clicked. The maximum number of times each button can be clicked is six. Clicking the button for a seventh time will result in an error message to the user indicating that the maximum limit has been crossed.
Load Image: This allows the user to load an image on each side of the cube strengthening the password. Any number of actions and interactions can be performed and to save the 3D password, the user must click on the close button.
Figure 3: Snapshot of Enviornment2 Cube
3. RESULTS & DISCUSSION
3.1 3-D password space sizes
To decide the 3-D password space its required to count all possible 3-D password that have certain number of action interaction and inputs towards all objects that are present in the environment. Now we proceed to calculate the password space for the two environments which are specified in this environment.
3.1.1 Enviornment-1 (Chess):
In the suggested scheme we are calculating the password space taking into consideration that the user wants to move a single chess piece at a time when the environment is in view. Assume that we are starting with a chess board that is set up for the start of a game. . Each player has 16 pieces. Consider the scenario where white starts first, white has a total number of 20 moves that he/she can possible make.
1. The white player may move any pawn forward by one or two positions. 2. The white player can move either knight in two different ways.
The white player chooses one of those 20 moves and makes it. The equation for calculating the password space is [1]:
n=Lmax
(L max , G) = (m + g (AC)) n
n=l
Here, m All possible actions and interaction towards all existing objects. In the case of our example, the value is 20. g(AC) The count of the total number of actions and inputs towards the environment. In our example, the action is only one i.e. moving the object and the interactions are 3 (moving pawn forward, moving either knight in two different ways). So the value of g(AC) is 3. G (GGG) Number of actions, interactions and inputs, for consideration action is only one i.e. move, interactions are 3 and inputs are nil. So the value of G is 3. Lmax The maximum length of password. Here L max = 17. Then the possible password space for our consideration is [1]:
n=17 (17, 3) = (20+ 3) n
n=1
= 3.7714x10 43
The above value gives the total amount of space in bytes that is requires to store the password for environment1.
3.1.2 Enviornment-2 (Cube):
In environment-2 the suggested scheme creates the password by moving, rotating and performing zoom operations on the cube. In order to create the codeword there are four different actions i.e., moving cube, rotating cube, moving camera, rotating camera along the x, y, z axis. And for each action user can perform the six different interactions.
The terms to calculate password space for environment -2 are [1]: G (G GG) number of actions, interactions and International Journal of Advanced Technology & Engineering Research (IJATER)
ISSN No: 2250-3536 Volume 2, Issue 4, July 2012 96 inputs. Number of actions = 4 (moving cube, rotating cube, moving camera, rotating camera) Number of interactions = 6 Number of inputs = 6 (Placing an image on each side of cube)
So, G = GGG = 466 = 144
m All possible actions and interactions towards all existing objects in environment.
For Proposed scheme environment is, for each action we have total 36 interactions so total possible interactions are m = 1679616.
Lmax Specifies the maximum length of password, for this environment by taking the input i.e. the images on each side of cube having the name six characters wide then the value for Lmax is 111. g (AC) Count of total number actions and interactions towards virtual environment.
For this environment it is 24 (6 4) Now, the password space for this environment is [1]: n=Lmax (L max , G) = (m + g (AC)) n n=1 After placing the values
n=111 (111, 144) = (1679616 + 24) n n=1
The value obtained gives the total amount of space required in bytes to store passwords for environment-2.
3.1.3 Enviornment-2 (Cube without any image input):
Let us calculate the password space without taking into consideration the image input.
Hence,
G (G GG) Number of actions, interactions and inputs. Number of actions = 4 (moving cube, rotating cube, moving camera, rotating camera) Number of interactions = 6 Input = Nil
So, G = GG = 46 = 24
m All possible actions, interactions towards all existing objects in environment. For our environment is, for each action we have total 36 interactions so total possible interactions are,
m = 1679616
Lmax maximum length of password, for this environment, Lmax is 8
g (AC) count of total number actions and interactions towards hypothetical environment. For this environment it is 24 (6 4).
Now, the password space for this environment is [1]:
n=Lmax (Lmax, G) = (m + g (AC)) n
n=1
After placing the values,
n=8 (8, 24) = (1679616 + 24) n n=1
= 1.4744610 20
The above value gives the total amount of space in bytes that would be required to store the 3D password for environment2 without an input.
3.2 Comparison: Text and 3D password This section compares textual passwords with the suggested scheme. The comparison is between the length of textual password and the action and interactions with 3-D objects in virtual environment. In the following table, the textual password length has been taken as one character and a single action which is present in enviornment1 and enviornment2. The following table shows the comparison between the length of text and 3-D password for virtual environment1 and enviornment2 [1].
International Journal of Advanced Technology & Engineering Research (IJATER)
ISSN No: 2250-3536 Volume 2, Issue 4, July 2012 97 Table 1. Comparison between Text and 3D Password
No. of Action/ Charact er Encrypte d 3D Password Size of Env-1 in Byte Encrypted Text Password size in Byte Encrypte d 3D Password Size of Env-2 in Byte Encrypted 3D Password Size of Env-2 with no image in Byte 1 23 2 18 8 2 39 3 19 8 3 55 4 22 8 4 71 6 23 8 5 87 7 24 8 6 103 8 26 8 7 119 10 28 8 8 135 12 31 8 9 151 13 34 8 10 167 14 36 8 11 188 15 39 8 12 202 16 42 8 13 218 18 44 8 14 236 19 39 8 15 247 20 43 8 16 263 22 47 8 17 283 23 51 8 18 300 24 55 8 19 319 26 59 8 20 340 27 63 8 No. of Action/ Charact er Encrypte d 3D Password Size of Env-1 in Byte Encrypted Text Password size in Byte Encrypted 3D Password Size of Env-2 in
ISSN No: 2250-3536 Volume 2, Issue 4, July 2012 98 Table 1 shows the comparison of password space required for text and 3-D password for enviornment1, enviornment2 and environment2 with no images. The proposed scheme is compared with 40 different records by taking length of text password from one character to forty characters and single action to forty actions on 3-D objects in environment1 and enviornment2 [1].
3.3 Performance result in Graphs:
Figure 4 shows that the blue line shows the password space required for 3-D Env-1 and the yellow line password space for Env-2 with images and the green line shows the password space required for Env-2 with no images whereas the pink line shows the password length for text password[1].
4. Conclusion
In 3D password system as number of series of action and interaction in the hypothetical 3D environment increases then the length of the codeword also increases. The amount of memory that is required to store a 3D password is large when compared to a textual password. This paper presents two environments in which the space required to store the 3D password is reduced. The first environment is a chess game in which user creates the 3D password by moving the chess pieces in valid places on chessboard. The second environment is a cube in which user constructs the 3D password by moving the cube left, right, up, down and by turning around the axis of the cube along with choice of placing the input images on each side of cube. In the second environment cube without any image input, a user can perform a greater number of actions and interactions as compared with first environment and it is noticed that the region necessary to store the 3D password is comparatively very less, and the password created i s very strong.
Figure 4: Comparison of text and 3D password for Env-1 and Env-2.
5. Acknowledgments
We would like to thank our lecturers, Mr. John J. P and Mr. Subramanya S. G for their support and encouragement in preparing this paper.
6. References
[1] Prof. Sonkar S.K.; Dr. Ghungrad S.B., Minimum Space and Huge Security in 3D Password Scheme, International Journal of Computer Applications (0975-8887), Volume 29- No.4, September 2011 [2] Alsulaiman, F.A.; El Saddik, A., "Three- for Secure," IEEE Transactions on Instrumentation and measurement, vol.57, no.9, pp 1929-1938.Sept. 2008
[3] D. V. Klein, Foiling the cracker: A survey of, and to passwords security, in Proc. USENIX Security, pp.14
[4] I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A.D. Rubin, The design and analysis of graphical passwords, in Proc. 8 th USENIX Security Symp, Washington DC, Aug.1999, pp.1-14.
[5] X. Suo, Y. Zhu, and G. S. Owen, Graphical passwords: A survey, in Proc. 21st Annual. Computer Security Appl. Conf., Dec. 59, 2005, pp. 463472.
[6] D. Weinshall and S. Kirkpatrick, "Passwords Youll Never Forget, but Cant Recall," in Proceedings of Conference on Human Factors in Computing Systems (CHI). Vienna, Austria: ACM, 2004, pp. 1399-1402. [7] L. Sobrado and J.-C. Birget, "Graphical passwords," The Rutgers Scholar, An Electronic Bulletin for Undergraduate Research, vol. 4, 2002.
[8] D. Hong, S. Man, B. Hawes, and M. Mathews, "A password scheme strongly resistant to spyware," in Proceedings of International conference on security and management. Las Vergas, NV, 2004.
[9] S. Man, D. Hong, and M. Mathews, "A shouldersurfing resistant graphical password scheme," in Proceedings of International conference on security and management. Las Vegas, NV, 2003.
[10] Two Factor Authentication for the Enterprise, http://realuser.com/realuser. [11] Biometrics, http://en.wikipedia.org/wiki/Biometrics
Hacking With Kali Linux : A Comprehensive, Step-By-Step Beginner's Guide to Learn Ethical Hacking With Practical Examples to Computer Hacking, Wireless Network, Cybersecurity and Penetration Testing