Embed Size (px)
Citation preview
Authentication
Authentication is a process of validating who you are to
whom you claimed to be.
Human authentication techniques are as follows:
1.Knowledge Based (What you know)
2.Token Based(what you have)
3.Biometrics(what you are)
Three Basic Identification
Methods of password
Possession(“something I have”)
•Keys •Passport •Smart Card
Knowledge(“Something I know”)
•Password • Pin
Biometrics(“something I am”)
•Face•Fingerprints•Iris
• Password is basically an encryption
algorithms.
It is 8-15 character or slightly more than that.
Mostly textual passwords nowadays are kept which are
very simple.
Passphrase
It’s the enhance version of password.
It is a combination of words or simply collection of
password in proper sequence.
It contains any well known thought also.
Length of passphrase is about 30-50 character or more
than that also.
B
I
O
M
E
T
R
I
C
S
Biometrics
•Refer to a broad range of
technologies.
•Automate the identification
or verification of an individual.
Based on human characteristics or body organs
Process
% market share by type of biometric technology in 2003
•How secure is your password?
Now with the technology change,
fast processors and many tools on
the Internet, cracking password has
become a Child's Play.
Ten years back Klein performed
such tests and he could crack 10-15
passwords per day.
PASSWORD
PASSPHRASE
•Passphrase length is about 30-50 characters or
more than that so it creates ambiguity to remember
if there is no any proper sequence.
BIOMETRICS
•Biometrics has also some
drawbacks.
Suppose you select your fingerprint
as a biometrics..
But what to do when you have crack
or wound in your finger.
And now a days some hackers even
implement exact copy of your
biometrics also….
3D PASSWORD
•The 3D passwords which are more
customizable, and very interesting way of
authentication.
•A 3D password is a multifactor
authentication scheme that
combine
RECOGNITION
+RECALL
+TOKENS
+BIOMETRICS
in one authentication system.
The 3D password presents a virtual environment
containing various virtual objects.
The user walks through the environment and interacts
with the objects.
It is the combination and sequence of user interactions
that occur in the 3D environment.
This is achieved through interacting only with the objects that
acquire information that the user is comfortable in providing.
It becomes much more difficult for the attacker to guess the user’s
3-D password.
Virtual objects
Virtual objects can be any object we encounter in real life:
A computer on which the user can type in
A fingerprint reader that requires users fingerprint
A paper or white board on which user can type
An Automated teller(ATM) machine that requires a
token
A light that can be switched on/off
A television or radio
A car that can be driven
A graphical password scheme
Snapshot of a proof - of - concept virtual
art gallery , which contains 36
pictures and six computers
3D VIRTUAL
ENVIRONMENT
3D Virtual Environment
•3-D virtual environment affects the usability, effectiveness, and
acceptability of a 3-D password system.
• 3-D environment reflects the administration needs and the security
requirements.
3D Virtual Environment
The design of 3D virtual
environments should follow
these guidelines:
Real Life Similarity
Object Uniqueness & Distinction
3D Virtual Environment Size
Number of objects & their types
System Importance
Advantages
Flexibility
Strength
Ease to Memorize
Respect of Privacy
Applications
The 3D password’s main application domains are protecting
critical systems and resources.
Critical Servers
Nuclear Reactors & military Facilities
Airplanes and missile Guiding
A small virtual environment can be used in the following
systems like-
Atm
Personal digital assistance
Desktop computers & laptops
Web authentication etc.
Attacks and Countermeasures
Brute Force Attack
Well studied Attack
Shoulder-surfing Attack
•The authentication can be improved with 3d
password ,because the unauthorized person may not
interact with same object at a particular location as
the legitimate user.
•It is difficult to crack ,because it has no fixed
number of steps and a particular procedure.
•Added with biometrics and token verification this
schema becomes almost unbreakable.
Conclusion
QUERIES
