3D PASSWORD AUTHENTICATION FOR WEB SECURITY

Similar documents
New Era of authentication: 3-D Password

Address for Correspondence 1 Associate Professor department o f Computer Engineering BVUCOE, Pune

3-D Graphical Password Used For Authentication

3LAS (Three Level Authentication Scheme)

DESIGN, IMPLEMENTATION AND EVALUATION OF A KNOWLEDGE BASED AUTHENTICATION SCHEME UPON COMPELLING PLAIT CLICKS

Graphical User Authentication Using Random Codes

NETWORK SECURITY - OVERCOME PASSWORD HACKING THROUGH GRAPHICAL PASSWORD AUTHENTICATION

Graphical User Authentication System An Overview P. Baby Maruthi 1, Dr. K. Sandhya Rani 2

A Secure Graphical Password Authentication System

SHOULDER SURFING RESISTANT GRAPHICAL PASSWORD

Defenses against Large Scale Online Password Guessing by Using Persuasive Cued Click Points

Recall Based Authentication System- An Overview

Graphical Password to Increase the Capacity of Alphanumeric Password

Authentication Using Grid-Based Authentication Scheme and Graphical Password

USER AUTHENTICATION USING NATIVE LANGUAGE PASSWORDS

KNOWLEDGE BASED AUTHENTICATION SYSTEM DESIGN BASED ON PERSUASIVE CUED CLICK POINTS

MULTI-FACTOR AUTHENTICATION USING GRAPHICAL PASSWORDS THROUGH HANDHELD DEVICE

Implementation of Color based Android Shuffling Pattern Lock

Palm Vein Extraction and Matching For Personal Identification

A Multi-Grid Graphical Password Scheme

Authentication schemes for session password using color and special characters

Innovative Graphical Passwords using Sequencing and Shuffling Together

A New Hybrid Graphical User Authentication Technique based on Drag and Drop Method

Securing Web Accounts Using Graphical Password Authentication through MD5 Algorithm

SHOULDER SURFING ATTACK PREVENTION USING COLOR PASS METHOD

Image Password Based Authentication in an Android System

AN IMPROVED MAP BASED GRAPHICAL ANDROID AUTHENTICATION SYSTEM

Minimizing Shoulder Surfing Attack using Text and Color Based Graphical Password Scheme

Graphical password authentication using Pass faces

MODULE NO.28: Password Cracking

In this unit we are continuing our discussion of IT security measures.

International Journal of Pure and Applied Sciences and Technology

Enhanced Textual Password Scheme for Better Security and Memorability

A Novel Approach for Software Implementation of Graphical Authentication Methodology

MULTIPLE GRID BASED GRAPHICAL TEXT PASSWORD AUTHENTICATION

Passwords. EJ Jung. slide 1

Simple Text Based Colour Shuffling Graphical Password Scheme

Cued Click Point Technique for Graphical Password Authentication

FORTIFICATION AGAINST PASSWORD GUESSING ATTACKS IN ONLINE SYSTEM

Graphical Password Authentication with Cloud Securing Method

Keywords security model, online banking, authentication, biometric, variable tokens

What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.

Presented By: Miss Samya Ashraf Want Student ID

ENHANCEMENT OF SECURITY FEATURE IN GRAPHICAL PASSWORD AUTHENTICATION

An image edge based approach for image password encryption

A Hybrid Password Authentication Scheme Based on Shape and Text

Graphical Authentication System

Authenticating using Variable One Time Password in Cloud Computing over Existing Honey Pot Technology for Framework Improvement

Captcha Authenticated Unwanted Message Filtering Technique for Social Networking Services

SECURED PASSWORD MANAGEMENT TECHNIQUE USING ONE-TIME PASSWORD PROTOCOL IN SMARTPHONE

Graphical Password or Graphical User Authentication as Effective Password Provider

USING EMOJI PICTURES TO STRENGTHEN THE IMMUNITY OF PASSWORDS AGAINST ATTACKERS

Highly Secure Authentication Scheme: A Review

Authentication Objectives People Authentication I

DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS

International Journal of Scientific & Engineering Research, Volume 4, Issue 12, December ISSN

5-899 / Usable Privacy and Security Text Passwords Lecture by Sasha Romanosky Scribe notes by Ponnurangam K March 30, 2006

HumanAUT Secure Human Identification Protocols

ISSN: (Online) Volume 2, Issue 10, October 2014 International Journal of Advance Research in Computer Science and Management Studies

Captcha as Textual Passwords with Click Points to Protect Information

I. INTRODUCTION ABSTRACT

An Ancient Indian Board Game as a Tool for Authentication

User Authentication. E.g., How can I tell you re you?

Sumy State University Department of Computer Science

Thematic Graphical User Authentication: Graphical User Authentication Using Themed Images on Mobile Devices

D. Jagadeesan Assistant Professor, Dept. of Computer Science and Engineering, Adhiparasakthi College of Engineering, Kalavai,

ISSN: ISO 9001:2008 Certified International Journal of Engineering and Innovative Technology (IJEIT) Volume 3, Issue 10, April 2014

The Design and Implementation of Background Pass-Go Scheme Towards Security Threats

Novel Shoulder-Surfing Resistant Authentication Schemes using Text-Graphical Passwords

International Journal of Computer Engineering and Applications, Volume XI, Issue III, March 17, ISSN

System Based on Voice and Biometric Authentication

MULTI-FACTOR AUTHENTICATION BASED ON GAME MODE FOR ANDROID APPLICATION

XPS1 Automated Multi-Sample Run Procedure

Authentication. Chapter 2

Implementation of ATM security using IOT

A PROPOSED AUTHENTICATION SCHEME USING THE CONCEPT OF MINDMETRICS

International Journal of Electrical and Computer Engineering 4: Application of Neural Network in User Authentication for Smart Home System

BIOMETRIC BASED VOTING MACHINE

A Model to Restrict Online Password Guessing Attacks

DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS BY USING PERSUASIVE CLICK POINTS

A Survey on Recall-Based Graphical User Authentications Algorithms

Why was an extra step of choosing a Security Image added to the sign-in process?

Security Improvements of Dynamic ID-based Remote User Authentication Scheme with Session Key Agreement

Authentication Methods

International Journal of Emerging Technology in Computer Science & Electronics (IJETCSE) ISSN: Volume 14 Issue 2 APRIL 2015

Create strong passwords

Divide and Conquer Approach for Solving Security and Usability Conflict in User Authentication

Chapter 2: Access Control and Site Security. Access Control. Access Control. ACIS 5584 E-Commerce Security Dr. France Belanger.

CSE 565 Computer Security Fall 2018

Identification, authentication, authorisation. Identification and authentication. Authentication. Authentication. Three closely related concepts:

M.Ashwini 1,K.C.Sreedhar 2

A STUDY OF GRAPHICAL PASSWORDS AND VARIOUS GRAPHICAL PASSWORD AUTHENTICATION SCHEMES

Intruders, Human Identification and Authentication, Web Authentication

Novel Security Method Using Captcha as Graphical Password

DETECTION OF INDIAN COUNTERFEIT BANKNOTES USING NEURAL NETWORK

Usable Privacy and Security, Fall 2011 Nov. 10, 2011

A GRAPHICAL PASSWORD BASED AUTHENTICATION BASED SYSTEM FOR MOBILE DEVICES

International Journal of Advances in Engineering Research

Design & Implementation of Online Security Using Graphical Password Systems Using Captcha Technique

ChoCD: Usable and Secure Graphical Password Authentication Scheme

Transcription:

3D PASSWORD AUTHENTICATION FOR WEB SECURITY Sahana R.Gadagkar 1, Aditya Pawaskar 2, Mrs. Ranjeeta B. Pandhare 3 1,2 Department of Computer Science & Engineering, KIT s College of Engineering, Kolhapur, (India) 3 Assistant Professor, Department of Computer Science & Engineering, KIT s College of Engineering, Kolhapur, (India) ABSTRACT Authentication is an important factor of security. There are many authentication techniques available such as Textual Passwords, Graphical Passwords, Biometric Identification, etc. but each of these, individually having some drawbacks. To overcome the limitations of the existing authentication technique, a new improved authentication scheme is introduced, i.e. 3D Password. This technique can be integrated with existing authentication techniques and hence it can be called as a multifactor authentication. The important part of the 3D Password is the 3D Virtual Environment, which contains objects with which the user interacts. The combination and sequence of user interactions that occur in 3D Virtual Environment is the 3D Password. This paper outlines the drawbacks of existing authentication scheme and explains the way in which 3D Password overcomes these drawbacks. Keywords: Biometric Authentication, Graphical Password, Textual Password, 3D Password, 3D Virtual Environment. I. INTRODUCTION Authentication can be categorized as [1] [5] Knowledge based (what you know), Token based (what you have), Biometric based (what you are). Knowledge based password can be further divided as [6] Recall based and Recognition based. In Recall based technique, one repeats some secret that is already created. Most common form of this type is Textual password. Textual password [3] usually consists of text, alphanumeric characters, etc. which are of short length. Such passwords can be easily hacked by means of Keystroke recording, Brute force attack, Phishing, etc. Daniel V. Klein [2] studied the pattern of textual password in 1990. He collected nearly 15000 accounts and observed that, 25% passwords were guessed by using a small well formed dictionary of 3*10 6 words although the space of passwords is 2*10 14, 21% passwords were guessed in the first week and 368 passwords were guessed in 15 minutes. With about 50 accounts, first account can be guessed in 2 minutes and 5-15 passwords in a day. Graphical passwords [1] have a predetermined image, in which the user can select causing the sequence to construct the password. Most common form of graphical password is Draw A Secret (DAS) where a simple grid is provided and the user creates a drawing. The size and complexity of grid affect the password space. It becomes hard to recall where the drawing started, where it ended and where the middle points were in case of large grid size. Token based technique provides users, PINs, which can be easily hacked. Biometric technique uses unique features of the users but the hardware incurs high cost. Moreover, this type is 82 P a g e

not applicable to remote or internet users. 3D Password overcomes many of these limitations. The further sections describe the 3D Password and its related information. II. OVERVIEW OF 3D PASSWORD What is a 3D Password? It is a multifactor authentication scheme which combines existing authentication techniques into 3D Virtual Environment. This environment contains various virtual objects. The user navigates through this environment and interacts with the objects. The combination and sequence of the user interactions in the environment will be the 3D Password. A general example could be given as, the user enters virtual environment, where the user can open a virtual door which exists in (x1, y1, z1) position, then switch on the light by pressing a button which exists in (x2, y2, z2) position, move a book in (x3, y3, z3) position to (x4, y4, z4) position. This combination and sequence of user interactions constructs the user s 3D Password. 1.1 Prerequisites of designing a 3D Virtual Environment 1.1.1 Real Time Similarity-Possible actions and interactions towards virtual objects should reflect real time situations. 1.1.2 Uniqueness of Objects- Every virtual object should have its own attributes such as position. Thus interaction with object1 is not equal to the interaction with object2. 1.1.3 Size of 3D Virtual Environment- The size of the virtual environment should be designed with care. It shouldn t be too large or too small. 1.1.4 Objects and its Types- The number of objects and the type of the objects should be considered. III. SYSTEM DESIGN The most important part of the 3D Password system is to design the 3D Virtual Environment and to determine what objects it will contain. Let the size of the 3D Virtual Environment be S*S*S. The 3D environment space is represented by [1,..,S] * [1,..,S] * [1,..,S]. The objects are distributed in the 3D Virtual Environment with unique (x, y, z) coordinates where, (x, y, z) [1,..,S] * [1,..,S] * [1,..,S]. The user navigates into the 3D Virtual Environment and interacts with the objects using any input devices like mouse, keyboard, etc. 3.1 Size of 3D Password Space Let L max be the maximum length of password in a 3D environment of size (S * S *S ). Equation (1) calculates the size of 3D Password space [4] as: where, π- Total number of possible 3D passwords of length L max or less. S--> ( S * S * S) i.e. number of actions, interactions and inputs. 83 P a g e n=lmax Π (L max, S) = (m + s(ac)) n (1) n=1

m- All possible actions and interaction towards all existing objects. s(ac)- The count of the total number of actions and inputs in the environment. IV. EXPERIMENT 4.1 Chess 3D Virtual Environment: To demonstrate the design and working of 3D Password, chess has been constructed into 3D Virtual Environment. In this, the password is created based on the position of the chess pieces on the chess board and also whether the white pieces are towards the user or the black ones i.e. the position of the chessboard. Figure 4.1 shows the 3D design of chess, which consists of 16 white objects and 16 black objects having a total of 32 objects. There are 3 buttons provided viz. Help, Reset and Submit. The Help button on click will pop up the instructions to be followed while creating the password. The Reset button will place the pieces back to the original position. The submit button will create the password and this password will be stored in the database. Each square of the chessboard is given a position (example: [1, a], [2, b]) so that the user can remember the password with ease. Fig.4.1: chess 3d virtual environment Fig.4.2: 3d password creation When the user enters into this environment, the user is free to place the pieces at any position on the chess board. One can even delete the pieces by simply dragging and dropping it out of the chessboard. The user has to memorize only the pieces moved and their position onto the chessboard. Figure 4.2 shows an example of creating the 3D Password in the virtual environment. 4.2 Working The function fen() gives the overall status of the chessboard. It stores the position of the pieces in the form a string. Whenever a chess piece is moved, its new position is recorded and changes are made to the string accordingly. For example, when the pieces are at their original position (refer fig.4.1), the string is rnbqkbnr/pppppppp/8/8/8/8/pppppppp/rnbqkbnr where the letters indicate the type of chess piece may be p for pawn, q for queen and so on. Capital letters indicate the white pieces and small letters indicate the black pieces. The number 8 indicates that, the row is empty. When the chess pieces are moved (refer fig.4.2), the string will be modified as, r1bqkbnr/pp1ppppp/n7/2p5/1p6/4k3/pppppppp/rnbq1bnr. To make this environment user friendly, the chess board has been assigned positions which the user can memorize easily as compared to memorizing the string. This string is then stored into the database. 84 P a g e

4.3 Space Size of Chess 3D Virtual Environment According to equation (1) mentioned in section 3.1, the 3D password space can be calculated as [4] : n=lmax Π (L max, S) = (m + s(ac)) n This 3D Virtual Environment is void of the rules of chess game. Consider the scenario where the user wants to create a password and he selects white side which consists of 16 pieces. The user is free to move any of these 16 pieces in the remaining 63 squares in the chessboard and an additional dropout from the chessboard. Hence a total of 16*64 moves are possible i.e. m=16*64. Here, the action is only one i.e. moving the piece and interactions are 5 (moving the piece either horizontal, vertical, diagonal-left, diagonal-right, dropping out from chessboard) and input is null, hence s(ac)=5. Here L max =71. By considering the values mentioned the value of π tends to infinity which gives sufficiently large number of possible combinations of the 3D Password. Hence it is very difficult for an intruder or a hacker to guess the actual password. 4.4 Comparison of 3D Password with other authentication schemes: As described in section 4.3, the combinations of 3D Password are possibly a huge number and hence it becomes difficult for anyone to hack it. The requirement of user is different and hence every user will have a different preference when selecting the 3D Password. This fact will increase the effort required to find a pattern of user s highly selected 3-D password. In addition, since the 3-D password combines several authentication schemes into a single authentication environment, the attacker has to study every single authentication scheme and has to discover what the most probable selected secret could be. V. SECURITY ANALYSIS n=1 As mentioned before, 3D Password overcomes the limitations of existing authentication schemes especially in case of attacks. Mentioned below are some of the attacks [1] that the 3D Password prevents: 5.1 Brute Force Attack The attacker has to try all possible 3D Passwords. It is almost impossible for anyone to guess the correct password whose combination can tend to infinity which in turn is time consuming. 5.2 Well Studied Attack The attacker has to study all the existing authentication schemes that are used in the 3D Virtual Environment. It requires a study of the user s selection of objects, or a combination of objects, that the user will use as a 3D Password. It s hard to accomplish since the attacker has to perform a customized attack against every 3D Virtual Environment. 5.3 Shoulder Surfing Attack An attacker uses a camera to record the user s 3D Password or tries to watch the legitimate user while the 3D Password is being performed. This attack could be the most successful type of attack against 3D Passwords. However if biometric authentication is integrated, then it becomes difficult for the hacker to break it. 85 P a g e

VI. CONCLUSION AND FUTURE WORK There are many authentication techniques available such as Textual Passwords, Graphical Passwords, Biometric Identification, etc. but each of these, individually having some drawbacks. To overcome these limitations, 3D Password is introduced. It is a multifactor authentication scheme which combines existing authentication techniques into 3D Virtual Environment. This environment contains various virtual objects. The user navigates through this environment and interacts with the objects. The combination and sequence of the user interactions in the environment forms the 3D Password. The application of 3D Passwords could be for Critical Servers, Nuclear and Military purposes, ATMs, etc. This paper presented 3D Virtual Environment of Chess which showed that the number of possible 3D Passwords almost tends to infinity making it difficult for a hacker to break it. REFERENCES [1] Fawaz A. Alsulaiman and Abdulmotaleb El Saddik, Three-Dimensional Password for More Secure Authentication, IEEE TRANSACTIONS ON INSTRUMENTATION AND MEASUREMENT, VOL. 57, NO. 9, SEPTEMBER 2008 [2] Daniel V. Klein, Foiling the Cracker: A Survey of and Improvements to Password Security, in Proc. USENIX Security, pp. 14 [3] Banita Chadha, Dr. Puneet Goswami, 3d Password A Secure Tool, International Journal of Advanced Research in Computer Science and Software Engineering, Volume 4, Issue 1, January 2014 [4] Ms. Nidhi Maria Paul, Ms. Monisha Shanmugham, 3D PASSWORD: MINIMAL UTILIZATION OF SPACE AND VAST SECURITY COUPLED WITH BIOMETRICS FOR SECURE AUTHENTICATION, International Journal of Advanced Technology & Engineering Research (IJATER), Volume 2, Issue 4, July 2012 [5] Vishal Kolhe, Vipul Gunjal, Sayali Kalasakar, Pranjal Rathod, Secure Authentication with 3D Password, International Journal of Engineering Science and Innovative Technology (IJESIT), Volume 2, Issue 2, March 2013 [6] Mrs. Vidya Mhaske-Dhamdhere, Bhakti Pawar, Pallavi Ghodke, Pratibha Yadav, 3-D Graphical Password Used For Authentication, Vidya Mhaske et al,int.j.computer Technology & Applications,Vol 3 (2), 510-519 86 P a g e

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback