Three Dimensional Object Used For Data Security

Seminar Guide S.Kuzhalvai Mozhi Assistant Professor

Presented By:Aarti Mohan Rao 4NI07IS001

1

SLIDE NAME

SLIDE NUMBER
3 4 5 7 8 9 10 11 14 15 16 19 20
2

Authentication What is a 3D Password? Literature Survey Proposed System System Overview Security Anaysis 3D Password Space Size Fault Tolerance Application Advantages Experimental Result Conclusion References

Authentication is a process of validating who are you to whom you claimed to be. Human authentication techniques are as follows:
1. 2. Knowledge Base (What you know) Token Based(what you have)

3.
4.

Biometrics(what you are)

Recognition Based(What you recognise)

A multi factor authentication scheme where the users log into a system by navigating through a virtual 3D environment.

This scheme combines RECOGNITION + RECALL +TOKENS +BIOMETRIC In one authentication system
4

1.

Textual Passwords(Recall Based)-:Recall what you have

created before. Biometric schemes(fingerprints, voice recognition etc)

2.

3.

Graphical Passwords:
(Recall Based+Recognition Based)

1.Free Recall
2.Serial Recall 3.Cued Recall
5

3D Password attempts to satisfy the following requirements:-

The new scheme should not be recall or recognition based only.

Users should have freedom to select the combination of authentication schemes. It should provide secrets that are easy to remember and very difficult for the intruders to guess. The secrets should not be easy to write down on paper. It should provide secrets that can be easily revoked or changed.

To analyse how secure a system is we have to consider how hard it is for the attacker to break into the system. Another measurement can be based on the information content of the password space.

n=Lmax

(Lmax,G)= (m+g(AC))
n=1

Lmax-3D password length

-total no of possible 3D passwords(Lmax or less).

AC-possible actions

Brute Force Attack: The attack is very difficult because

1. 2. Time required to login may vary form 20s to 2 min therefore it is very time consuming. Cost of Attack: A 3D Virtual environment may contain biometric object ,the attacker has to forge all biometric information.

Well Studied Attack: Attacker tries to get the most

probable distribution of 3D Password.
This is difficult because attacker has to perform customized attack fo different virtual environment .

10

Shoulder Surfing Attacks: Attacker uses camera to

record the users passwords.This attack is more succesful

Timing Attack: The Attacker observes how long it takes the

legitimate user to perform correct log in using Password.which gives an indication of Passwords length.This attack cannot be succesful since it gives the attacker mere hints.

11

Resistant to brute force attack, timing and shoulder surfing attacks. Withstand well studied attacker Easy to remember and difficult for intruder to guess. 3d password space can be very large,hence the fault tolerance is high.

12

Critical Servers. Nuclear and Military Facilities. Airplanes and jet fighters. ATMs,Desktop and Laptop Logins, Web Authentication

13

Difficult to guess. Not easy to write on paper. Easily Changed. Difficult to share with others. Easiness to memorize. Respect of privacy.

14

50 users volunteered for this experiment. C#.net was used to build the 3D environment which consists of an art gallery and chess board game that the user can walk through.

15

16

17

All authentication schemes are vulnerable to attacks. The 3D Password is a multifactor authentication scheme which combines various authentication schemes into a single 3D virtual environment. It is still in its early stages of development and hence a lot of research is the proper solution. Gathering attackers for testing the system will help in enhancing the system more. A field of research is the proper solution.

18

Fawaz A Alsulaiman and Abdulmotaleb El Saddik,A Novel 3D Graphical Password, VECIMS 2006 IEEE International Conference on Virtual Environments, Human-Computer Interfaces, and Measurement Systems Schema. Ms.VidyaMhaske-Dhamdhere, Prof. G. A. Patil Three Dimensional Object Used for Data Security, in International Conference on Computational Intelligence and Communication Networks,2010.

D. V. Klein, Foiling the cracker: A survey of, and improvement to passwords security, in Proc. USENIX Security Workshop, 1990, pp. 514. NBC news, ATM Fraud: Banking on Your Money, Dateline Hidden Cameras Show Criminals Owning ATMs, Dec. 11, 2003.

19

20