2. ï¶ Authentication & their types.
ï¶ Knowledge Based Authentication.
ï¶ Token Based Authentication.
ï¶ Biometrics Authentication.
ï¶ Drawbacks.
ï¶ 3D Password.
ï¶ 3D Virtual Environment.
ï¶ Advantages & Application.
ï¶ Attacks & Countermeasures.
ï¶ Conclusion.
ï¶ References.
Areas Of Discussion
3. Authentication
Authentication is a process of validating who you are to
whom you claimed to be.
ï Human authentication techniques are as follows:
1. Knowledge Based (What you know)
2. Token Based (What you have)
3. Biometrics (What you are)
4. Three Basic Identification
Methods of password
Possession
(âsomething I haveâ)
âąKeys
âąPassport
âąSmart Card
Knowledge
(âSomething I knowâ)
âąPassword
âą Pin
Biometrics
(âsomething I amâ)
âąFace
âąFingerprints
âąIris
5.
6. Password
âą Password is basically an encryption
algorithms.
ï It is 8-15 character or slightly more than that.
ï Mostly textual passwords nowadays are
kept which are very simple.
7. PASSPHRASE
âąPassphrase length is about 30-50 characters or
more than that so it creates ambiguity to remember,
if there is any proper sequence.
8. ï Itâs the enhance version of password.
ï It is a combination of words or simply collection of
password in proper sequence.
ï It contains any well known thought also.
ï Length of passphrase is about 30-50 character or more than
that also.
10. A security token (or sometimes a hardware
token, authentication token, USB token, cryptographic
token, software token, virtual token) may be a physical
device that an authorized user of computer services is given
to ease authentication.
18. âąHow secure is your password?
Now with the technology change,
fast processors and many tools on
the Internet, cracking password has
become a Child's Play.
Ten years back Klein performed
such tests and he could crack 10-15
passwords per day.
PASSWORD
19. Token
ï Involves additional costs, such as the cost of the token and
any replacement fees.
ï Users always need to carry the token with them.
ï Users need multiple tokens for multiple Web sites and
devices.
ï Does not protect fully from man-in-the-middle attacks (i.e.,
attacks where an intruder intercepts a user's session and steals
the user's credentials by acting as a proxy between the user and
the authentication device without the user's knowledge).
20. BIOMETRICS
âąBiometrics has also some
drawbacks.
ïSuppose you select your fingerprint
as a biometrics..
ïBut what to do when you have crack
or wound in your finger.
ïAnd now a days some hackers even
implement exact copy of your
biometrics alsoâŠ.
21.
22. âąThe 3D passwords are more customizable, and
very interesting way of authentication.
âąA 3D password is a multifactor
authentication scheme that
combine
RECOGNITION
+RECALL
+TOKENS
+BIOMETRICS
in one authentication system.
23. ï The 3D password presents a virtual environment
containing various virtual objects.
ï The user walks through the environment and interacts
with the objects.
ï It is the combination and sequence of user interactions
that occur in the 3D environment.
24. ï This is achieved through interacting only with the objects that
acquire information that the user is comfortable in providing.
ï It becomes much more difficult for the attacker to guess the
userâs 3-D password.
25. Virtual objects
ï Virtual objects can be any object we encounter in real life:
ïŒA computer on which the user can type in.
ïŒA fingerprint reader that requires users fingerprint.
ïŒA paper or white board on which user can type.
ïŒAn Automated teller(ATM) machine that requires a
token.
ïŒA light that can be switched on/off.
ïŒA television or radio where channels can be
selected.
ïŒA car that can be driven.
ïŒA graphical password scheme.
26. ïŒA biometric recognition device.
ïŒA staple that can be punched.
ïŒA book that can be moved from one place to
another.
ïŒAny real life object.
ïŒAny upcoming authentication scheme.
27. Snapshot of a proof - of - concept virtual
art gallery , which contains 36
pictures and six computers
30. 3D Virtual Environment
âą3-D virtual environment affects the usability, effectiveness, and
acceptability of a 3-D password system.
âą 3-D environment reflects the administration needs and the security
requirements.
3D Virtual Environment
31. The design of 3D virtual
environments should follow
these guidelines:
ï± Real Life Similarity
ï± Object Uniqueness & Distinction
ï± 3D Virtual Environment Size
ï± Number of objects & their types
ï± System Importance
35. Applications
The 3D passwordâs main application domains are protecting
critical systems and resources.
ï§ Critical Servers
ï§ Nuclear Reactors & Military Facilities
ï§ Airplanes and Missile Guiding
36. A small virtual environment can be used in the following
systems like-
ï¶ ATM
ï¶ Personal digital assistance
ï¶ Desktop computers & laptops
ï¶ Web authentication etc.
38. Brute Force Attack
The attacker has to try all possible 3D passwords.
This kind of attack is very difficult for the following
reasons.
ï Time required to login .
ï 3D Attacks are very expensive.
39. Well Studied Attack
The attacker tries to find the highest probable distribution of
3D passwords. In order to launch such an attack, the attacker
has to acquire knowledge of the most probable 3D password
distributions. This is very difficult because the attacker has to
study all the existing authentication schemes that are used in
the 3D environment.
Moreover, a well studied attack is very hard to accomplish
since the attacker has to perform a customized attack for every
different 3D virtual environment design.
40. Shoulder-surfing Attack
An attacker uses a camera to record the userâs 3D password or
tries to watch the legitimate user while the 3D password is
being performed. This attack is the most successful type of
attack against 3D passwords and some other graphical
passwords. However, the userâs 3D password may contain
biometric data or textual passwords that cannot be seen from
behind. Therefore, we assume that the 3D password should be
performed in a secure place where a shoulder surfing attack
cannot be performed.
41. Timing Attack
In this attack, the attacker observes how long it takes the
legitimate user to perform a correct sign in using the 3D
password. This observation gives the attacker an
indication of the legitimate userâs 3D password length.
However, this kind of attack alone cannot be very
successful since it gives the attacker mere hints.
Therefore, it would probably be launched as part of a
well studied or brute force attack. Timing attacks can be
very effective if the 3D virtual environment is poorly
designed.
42. ï The authentication can be improved with 3D password,
because the unauthorized person may not interact with same
object at a particular location as the legitimate user.
ï It is difficult to crack, because it has no fixed number of
steps and a particular procedure.
ï Added with biometrics and token verification this schema
becomes almost unbreakable.
Conclusion