Abstract Current authentication systems suffer from many weaknesses. With all the means of technology developing, it can be very easy for ‘others’ to fabricate or to steal identity or to hack someones password. Users nowadays are provided with major password stereotypes such as textual passwords, biometric scanning, tokens or cards (such as an ATM). But some people hate the fact to carry around their cards, some refuse to undergo strong IR exposure to their retinas. Now with technology change, fast processors and many tools on the Internet this has become a Child’s Play. Therefore we propose and evaluate our contribution which is a new scheme of authentication. This scheme is based on a virtual three-dimensional environment. Users navigate through the virtual environment and interact with items inside the virtual three- dimensional (3-D) environment. The combination of all interactions, actions and inputs towards the items and towards the virtual three- dimensional environment constructs the users 3D password. The 3D password combines most existing authentication schemes such as textual passwords, graphical passwords, and biometrics into one virtual three-dimensional environment and main application is the protection of critical resources and systems.
Authentication is the process of validating who you are to whom you claimed to be. In general, there are four human authentication techniques:
1. What you know (knowledge based).
2. What you have (token based).
3. What you are (biometrics).
4. What you recognize (recognition based).
Textual passwords are the most common authentication techniques used in the computer world. Textual password has two conflicting requirements: passwords should be easy to remember and hard to guess.
Klein acquired a database of nearly 15,000 user accounts that had alphanumerical passwords, and stated that
25% of the passwords were guessed using a small, yet well- formed dictionary of (3 ” 106) words.
Even though the full textual password space for 8- character passwords consisting of letters and numbers is almost (2 ” 1014) possible passwords, by using a small subset of the full space, 25% of the passwords were guessed correctly. This fact is due to the users carelessness in selecting their textual passwords and to the fact that most users do not select random passwords. Many graphical passwords schemes have been proposed. The strength of graphical passwords comes from the fact that users can recall and recognize pictures more than words. Most graphical passwords are vulnerable for shoulder surfing attacks, where an attacker can observe or record the legitimate users graphical password by camera. A study concluded that the selection of faces in Pass Faces can be affected by the attractiveness, gender and race of the selected face which results in an insecure scheme. Currently, many types of graphical passwords are under study yet, it might be some time before they can be applied in the real world.
Token based systems such as ATMs are widely applied in banking systems and in laboratories entrances as a mean of authentication. However, tokens are vulnerable to loss or theft. Moreover, the user has to carry the token whenever access required.
Many biometric schemes have been proposed. Each biometric recognition scheme is different considering consistency, uniqueness, and acceptability. Users tend to resist some biometrics recognition systems due to its intrusiveness to their privacy.
The 3D password combines all existing authentication schemes into one three-dimensional virtual environment. The three-dimensional virtual environment consists of many items or objects. Each item has different responses to actions. The user actions, interactions and inputs towards the objects or towards the three-dimensional virtual environment create the users 3D password.
The 3D password gives users the freedom of selecting what type of authentication techniques they want to be performed as their 3D password. The 3D password has a large number of possible passwords because of the high number of possible actions and interactions towards every object and towards the three dimensional virtual environment.
The remainder of this paper is organized as follows: Section II introduces the 3D password. Section III discusses the security analysis. Section IV presents our conclusions and future work.