3d password

Abstract
Current authentication systems suffer from many weaknesses. In textual password users have to choose meaningful words which make textual passwords easy to break. Smart cards or tokens can be stolen. Moreover, biometrics cannot be revoked. To be authenticated, we present a 3-D virtual environment where the user navigates and interacts with various objects. The sequence of actions and interactions toward the objects inside the 3-D environment constructs the user’s 3-D password. The 3-Dpassword can combine most existing authentication schemes such as textual passwords, graphical passwords, and various types of biometrics into a 3-D virtual environment. The design of the 3-D virtual environment and the type of objects selected determine the 3-D password key space.
Introduction
Why 3-D password is came into existence. How 3d password is more authentic than textual password.
Where it is uses. Drawback of 3d password.
Keywords
countersign, watchword, word, sign; signal; hint, indication;parole Authentication, Graphical password ,security
Methodology
User required time to login. Time vary from 2 20 s to 2 min or more, depending on the number of interactions and actions. Cracking the 3-D password is more challenging. Moreover, the high number of possible 3-D password spaces leaves the attacker with almost no chance of breaking the 3-D password.
Some users might not know what 3-D secure is and they can close the browser window which leads to lost sales. It came into existence for improving the security of Internet payments and it also provide an additional security layer for online credit and debit card transactions which is being offered to users.
Background Work
3-D Secure is an XML-based protocol designed to be an additional security layer for online credit and debit card transactions. It was developed by Visa with the intention of improving the security of Internet
Payments and is offered to customers under the name Verified by Visa. Services based on the protocol have also been adopted by MasterCard as MasterCard Secure Code, and by JCB International as J/Secure. American Express added 3dsecure on November 8, 2010, as American Express Safe Key, in select markets and continues to launch additional markets.Analysis of the protocol by academia has shown it to have many security issues that affect the consumer, including greater surface area for phishing and a shift of liability in the case of fraudulent payments. The 3-D password is a multifactor authentication scheme. It can combine all existing authentication schemes into a single 3-D virtual environment. This 3-D virtual environment contains several objects or items with which the user can interact. The type of interaction varies from one item to another RELATED WORKS [6]–[8] [10]–[12] Many graphical password schemes have been proposed, Blonder [6] introduced the first graphical password schema. Blunder’s idea of graphical passwords is that by having a predetermined image, the user can select or touch regions of the image causing the sequence and the location of the touches to construct the user’s graphical password. After Blonder [6] the notion of graphical passwords was developed. Many graphical password schemes have been proposed. Déjà Vu Recognition Pass faces Based Graphical Story Scheme passwords Pass point Recall Based Draw a Secret (DAS) Figure 2 – Graphical Passwords - Classification [7] Daija and Perrig proposed, which is a Recognition-based graphical password system that authenticates Users by choosing portfolios among decoy portfolios. These portfolios are art randomized portfolios. Each image is derived from an 8-B seed. Therefore, an authentication server does not need to store the whole image; it simply needs to store the 8-B seed. Another recognition- [8] based graphical password is Pass faces. Pass faces simply works by having the user select a subgroup of k faces from a group of n faces. For authentication, the system shows m faces and one of the faces belongs to the subgroup k. The user has to do the selection many times to complete the [9] authentication process. Another scheme is the Story scheme, which requires the selection of pictures of objects (people, cars, foods, airplanes, sightseeing, etc.) to form a story line. Davis et al. [9] concluded that the user’s choices in Pass faces and in the Story scheme result in a password space that is far less than the theoretical entropy. Therefore, it leads to an insecure authentication scheme.
Data Collection

We conducted a user study on 3-D passwords using the experimental 3-D virtual environments. Thestudy reviewed the usage of textual passwords and other authentication schemes. The study coveredalmost 30 users. The users varied in age, sex, and education level. Even though it is a small set of [13]users, the study produced some distinct results . We observed the following regarding textualpasswords, 3-D passwords, and other authentication schemes. 1. Most users who use textual passwords of 9–12 character lengths or who use random characters as a password have only one to three unique passwords. 2. More than 50% of user’s textual passwords are eight characters or less. 3. Almost 25% of users use meaningful words as their textual passwords. 4. Almost 75% of users use meaningful words or partially meaningful words as their textual passwords. In contrast, only 25% of users use random characters and letters as textual passwords. 5. Over 40% of users have only one to three unique textual passwords, and over 90% of users have eight unique textual passwords or less. 6. Over 90% of users do not change their textual passwords unless they are required to by the system. 7. Over 95% of users under study have never used any graphical password scheme as a means of authentication. 8. Most users feel that 3-D passwords have a high acceptability. 9. Most users believe that there is no threat to personal privacy by using a 3-D password as an authentication scheme.

Data Analysis
We have built an experimental 3-D virtual environment that contains several objects of two types.The first type of response is the textual password. The second type of response is requestinggraphical passwords. Almost 30 users volunteered to experiment with the environment. We asked theusers to create their 3-D password and to sign-in using their 3-D password several times over severaldays.Experimental Virtual 3-D EnvironmentIn our experiment, we have used Java Open GL to build the 3-D virtual environment and we haveused a 1.80-GHz Pentium M Centrino machine with 512-MB random access memory and ATIMobility Radeon 9600 video card.The design of the experimental 3-D virtual environment represents an art gallery that the user canwalk through and is depicted . Resulting number of possible 3-d passwords of total length Lmax

References http://www.slideshare.net/mitalicyrus/3d-password-report-15080560 http://en.wikipedia.org/wiki/3-D_Secure http://wiki.answers.com/Q/What_is_the_passwords_on_pickman_3d#slide=3 http://blog.paylane.com/3-d-secure-advantages-and-disadvantages-for-merchants http://www.merriam-webster.com/thesaurus/password http://ieeexplore.ieee.org/xpl/abstractKeywords.jsp?tp=&arnumber=5031479&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D5031479
International Journal of Engineering & Management Sciences. 2012, Vol. 3 Issue 2, p242-245. 4p.
ICWET '11 Proceedings of the International Conference & Workshop on Emerging Trends in Technology
Pages 663-666 https://docs.google.com/document/d/15-cEybQnZuxOSd6EZKaevOUDfk8uu3_0J8VYyUY-peg/edit?hl=en&pli=1 http://www.3dissue.com/3d-flip-book/

Conclusion & Future Work
The user can decide his own authentication schemes .if he comfortable with recall and recognition methods then he can choose the 3d authentication just use above.
The authentication can be improved since the unauthorized will not interact with the same object as a legitimate user. We can also include a timer. Higher the security higher the timer
The 3d environment can change according to user’s request.
Can be used in critical areas such as nuclear reactor, missile guiding system etc.
Added with biometric and card verification, the scheme becomes almost unbreakable. It is difficult to crack using regular technique .since all the algorithms follows the steps to authenticate.
The 3-D password is still in its early stages. Designing various kinds of 3-D virtual environments, deciding on password spaces, and interpreting user feedback and experiences from such environments will result in enhancing and improving the user experience of the 3-D password. Moreover, gathering attackers from different backgrounds to break the system is one of the future works that will lead to system improvement and prove the complexity of breaking a 3-D password. Moreover, it will demonstrate how the attackers will acquire the knowledge of the most probable 3-Dpasswords to launch their attacks. Shoulder surfing attacks are still possible and effective against 3-D passwords. Therefore, a proper solution is a field of research.

References: International Journal of Engineering & Management Sciences. 2012, Vol. 3 Issue 2, p242-245. 4p.