Hackers are very much interested in stealing our data; it may be images, messages and any such information that is not so confidential. But what if the data is related to the bank account details? It is an obvious fact that cyber-terrorists are interested in such intimate data. There are already various password techniques made available to the users. The process of cracking the passwords has become a child’s play and, the existing conventional methods are vulnerable to attacks. 3D password is a technique introduced that overcomes the above problems.
The 3D password: An interesting, more secure and customizable authentication scheme that involves a virtual three-dimensional environment.
It is multifactor verification strategy that combines all the existing authentication techniques.
Existing techniques:
- Memory based passwords (textual/ graphical passwords)
- Token based (ATM/ Keys/ Id cards).
- Biometrics (Face recognition/ fingerprint, etc.)
All the above techniques require the user to either recall, recognize the passwords, tokens and also involve biometrics. The 3D password is known as multifactor scheme as it combines all these factors.
3D password= recall+ recognize+ tokens+ biometrics
How it works:
A virtual environment is provided and the user has to perform a series of steps to prove the identification that are any of the above-mentioned password techniques. The user can choose the sequence initially. The user is allowed to walk through the virtual environment. All the interactions of the user with the objects in this arena from the 3D password.
Let us understand with an example. Let entering a textual password at some location with coordinates (x, y, z) is the first verification step. If the user enters the correct password he is allowed to the next action. Here let the user has to prove his identification with iris scanning. The scanning device is present at the location (x1, y1, z1). If authenticated at the second step the user is allowed to the 3rd phase. Below shown is an example of virtual realm and let the third phase is to open the right closed window. If all the above steps are verified and use successfully unlocks the password, then he is a legitimate user.
3D virtual environment:
The 3D environment here doesn’t mean that the user is allowed to immerse in the realm and interact with the objects as in virtual reality, but a 3D environment designed to appear on a two-dimensional screen. The design of 3D environment has to satisfy the following criteria:
- The virtual environment has to resemble the real life scenarios.
- Make sure that objects in this environment are distinguishable from one another.
- Consider the virtual environment size.
The Strength of 3D password against various attacks:
Any introduced method or technique is known as secure scheme if it is immune to the attacks. Let us examine with different attacks.
- Brute force attack: This attack refers to trying out all the possibilities. Our 3D password strategy has a number of steps which involves the large number of prospects to unlock. This attack depends on the time required to login and number of interactions the user makes. Also, it costs more to create a virtual environment, and so 3D password scheme is secure against this kind of attacks.
- Timing attacks: The attacker observes the time required by the user to legitimately login. It gives an approximation of password’s length to the attacker. The design of 3D scheme is effective, and it combines different signal word techniques. Therefore, even if one knows the length of the password, it isn’t easy to crack the password.
- Key logger attacks: A software is installed in the legit user’s system, and it stores the textual password entered by the user in a file. But the 3D password isn’t alone a textual password.
- Shoulder surfing attacks: The attacker gets the password using secret cameras. It is something of which one must be careful, and our 3D password scheme is also not secure to some extent. Hence, safe place is required to perform these actions.
Disadvantages:
- This technique requires sophisticated technology.
- It is a time taking process, and the user has to remember more than two passwords.
- Shoulder-surfing attack can affect.
Therefore, the 3D password is a new interesting and highly secure password scheme. This technique not only combines the existing password techniques but, can add any schemes introduced in the future.