3-D Password

Abdul Rauf Butt B-15142

Department of Bachelor Science in Computer Science University of South Asia Lahore, Punjab, Pakistan AbdulRauf!Butt"2#$ma%l!&om I! AB()RAC)

Izhar-ul-Haq Cheema B-14 55

Department of Bachelor Science in Computer Science University of South Asia Lahore, Punjab, Pakistan Izhar&heema"'#$ma%l!&om $ra.h%&al .asswords was de+elo.ed! 2a,- $ra.h%&al .assword s&hemes ha+e bee, .ro.osed! Dham%Da a,d Perr%$ @'B .ro.osed DEDF >u/ wh%&h %s a Re&o$,%t%o,-based $ra.h%&al .assword s-stem that authe,t%&ates 6sers b- &hoos%,$ .ortfol%os amo,$ de&o- .ortfol%os! )hese .ortfol%os are art ra,dom%zed .ortfol%os! 8a&h %ma$e %s der%+ed from a, -B seed! )herefore/ a, authe,t%&at%o, ser+er does ,ot ,eed to store the whole %ma$eG %t s%m.l- ,eeds to store the -B seed! A,other re&o$,%t%o,-based $ra.h%&al .assword %s Pass fa&es @ B! Pass fa&es s%m.l- wor0s b- ha+%,$ the user sele&t a sub$rou. of 0 fa&es from a $rou. of , fa&es! 3or authe,t%&at%o,/ the s-stem shows m fa&es a,d o,e of the fa&es belo,$s to the sub$rou. 0! )he user has to do the sele&t%o, ma,- t%mes to &om.lete the authe,t%&at%o, .ro&ess! A,other s&heme %s the (tors&heme @HB/ wh%&h requ%res the sele&t%o, of .%&tures of obDe&ts 9.eo.le/ &ars/ foods/ a%r.la,es/ s%$htsee%,$/ et&!: to form a stor- l%,e! Da+%s et al! @HB &o,&luded that the user;s &ho%&es %, Pass fa&es a,d %, the (tor- s&heme result %, a .assword s.a&e that %s far less tha, the theoret%&al e,tro.-! )herefore/ %t leads to a, %,se&ure authe,t%&at%o, s&heme! )he $ra.h%&al .assword s&hema of Blo,der @AB %s &o,s%dered to be re&all based s%,&e the user must remember sele&t%o, lo&at%o,s! 2oreo+er/ Pass Po%,t @1"BC@12B %s a re&all-based $ra.h%&al .assword s&hema/ where a ba&0$rou,d .%&ture %s .rese,ted a,d the user %s free to sele&t a,- .o%,t o, the .%&ture as the user;s .assword 9user;s Pass Po%,t:! Draw a (e&ret 9DA(:/ wh%&h %s a re&all-based $ra.h%&al .assword s&hema a,d %,trodu&ed b- Ierm-, et al! @13B/ %s s%m.l- a $r%d %, wh%&h the user &reates a draw%,$! >! 28)H5D5J5?=

*e ha+e had ma,- authe,t%&at%o, s&hemes .rese,tl-/ but the- all ha+e some drawba&0s! (o latel-/ the 3D .assword .arad%$m was %,trodu&ed! )he 3-D .assword %s a mult%fa&tor authe,t%&at%o, s&heme! It &a, &omb%,e all e1%st%,$ authe,t%&at%o, s&hemes %,to a s%,$le 3-D +%rtual e,+%ro,me,t! Howe+er the 3-D .assword %s st%ll %, %ts earl- sta$es! Des%$,%,$ +ar%ous 0%,ds of 3-D +%rtual e,+%ro,me,ts/ de&%d%,$ o, .assword s.a&es/ a,d %,ter.ret%,$ user feedba&0 a,d e1.er%e,&es from su&h e,+%ro,me,ts w%ll result %, e,ha,&%,$ a,d %m.ro+%,$ the user e1.er%e,&e of the 3-D .assword! 2oreo+er/ $ather%,$ atta&0ers from d%ffere,t ba&0$rou,ds to brea0 the s-stem %s o,e of the future wor0s that w%ll lead to s-stem %m.ro+eme,t a,d .ro+e the &om.le1%t- of brea0%,$ a 3-D .assword! )h%s .a.er .rese,ts a stud- of the 3D .assword a,d a, a..roa&h to stre,$the, %t b- wa- of add%,$ a 3ourth d%me,s%o,/ that deals w%th $esture re&o$,%t%o, a,d t%me re&ord%,$/ a,d that would hel. stre,$the, the authe,t%&at%o, .arad%$m alto$ether! II! I4)R5D6C)I54

*hat method %s a..l%ed for data &olle&t%o,7 A,d wh%&h fa&tors are a..l%ed also/ 81.la%,! How mu&h users use the te1tual .asswords a,d what &hara&ters the- use 9wee0 .assword/ med%um .assword/ stro,$ .assword:! *hat %s the .er&e.t%o, of users about 3d .assword7 How 3d .assword &a, rel%ef us a,d what are the drawba&0s7 How 3D .assword;s t%m%,$ a,d s.a&e &a, be &om.l%&ated7 *here 3d .assword &a, be used %, w%de areas for se&ur%t- s-stem7 III! <8=*5RD(

Authe,t%&at%o,/ Password/ (e&ur%t-/ 3D Password/ Password )e&h,olo$-/ 3d 8,+%ro,me,t I>! BAC<?R564D *5R<

3or &olle&t%,$ the data about 3D .assword the method has bee, used %s that &o,sult%,$ the related eBoo0s/ forums/ resear&h .a.ers/ ,ews.a.ers/ blo$s a,d d%re&t hel. from d%ffere,t &om.a,%es a,d thes%s! >I! DA)A C5JJ8C)I54

2a,- $ra.h%&al .assword s&hemes ha+e bee, .ro.osed @ABC@ B/ @1"BC@12B! Blo,der @AB %,trodu&ed the f%rst $ra.h%&al .assword s&hema! Blo,der;s %dea of $ra.h%&al .asswords %s that b- ha+%,$ a .redeterm%,ed %ma$e/ the user &a, sele&t or tou&h re$%o,s of the %ma$e &aus%,$ the seque,&e a,d the lo&at%o, of the tou&hes to &o,stru&t the user;s $ra.h%&al .assword! After Blo,der @AB/ the ,ot%o, of

A &om.a,- &o,du&ted a user stud- o, 3-D .asswords us%,$ the e1.er%me,tal 3-D +%rtual e,+%ro,me,ts! )he stud- re+%ewed the usa$e of te1tual .asswords a,d other authe,t%&at%o, s&hemes! )he stud- &o+ered almost 3" users! )he users +ar%ed %, a$e/ se1/ a,d edu&at%o, le+el! 8+e, thou$h %t %s a small set of users/ the stud- .rodu&ed some d%st%,&t results @5B! Com.a,obser+ed the follow%,$ re$ard%,$ te1tual .asswords/ 3D .asswords/ a,d other authe,t%&at%o, s&hemes!

>II!

DA)A A4AJ=(I(

1! 2ost users who use te1tual .asswords of HC12 &hara&ter le,$ths or who use ra,dom &hara&ters as a .assword ha+e o,l- o,e to three u,%que .asswords! 2! 2ore tha, 5"K of user;s te1tual .asswords are e%$ht &hara&ters or less! 3! Almost 25K of users use mea,%,$ful words as the%r te1tual .asswords! 4! Almost '5K of users use mea,%,$ful words or .art%all- mea,%,$ful words as the%r te1tual .asswords! I, &o,trast/ o,l- 25K of users use ra,dom &hara&ters a,d letters as te1tual .asswords! 5! 5+er 4"K of users ha+e o,l- o,e to three u,%que te1tual .asswords/ a,d o+er H"K of users ha+e e%$ht u,%que te1tual .asswords or less! A! 5+er H"K of users do ,ot &ha,$e the%r te1tual .asswords u,less the- are requ%red to b- the s-stem! '! 5+er H5K of users u,der stud- ha+e ,e+er used a,$ra.h%&al .assword s&heme as a mea,s of authe,t%&at%o,! ! 2ost users feel that 3-D .asswords ha+e a h%$h a&&e.tab%l%t-! H! 2ost users bel%e+e that there %s ,o threat to .erso,al .r%+a&- b- us%,$ a 3-D .assword as a, authe,t%&at%o, s&heme! 3D Password s&heme %s &omb%,at%o, of re-&all based/ re&o$,%zed based/ B%ometr%&s et&! %,to s%,$le authe,t%&at%o, te&h,%que @1B! Due to use of mult%.le s&hemes %,to o,e s&heme .assword s.a&e %s %,&reased to $reat e1te,t! 2ore se&ure authe,t%&at%o, s&heme o+er &urre,tl- a+a%lable s&hemes! )%me a,d memor- requ%reme,t %s lar$e! (houlder-suffer%,$ atta&0 %s st%ll &a, affe&t the s&hema! 2ore e1.e,s%+e as &ost requ%red %s more tha, other s&hemes! >III! C54CJ6(I54

remember a,d re&all a .assword m%$ht &hoose te1tual a,d $ra.h%&al .asswords as .art of the%r 3-D .assword! 5, the other ha,d/ users who ha+e more d%ff%&ult- w%th memor- or re&all m%$ht .refer to &hoose smart &ards or b%ometr%&s as .art of the%r 3-D .assword! 2oreo+er/ users who .refer to 0ee. a,- 0%,d of b%ometr%&al data .r%+ate m%$ht ,ot %,tera&t w%th obDe&ts that requ%re b%ometr%& %,format%o,! )herefore/ %t %s the user;s &ho%&e a,d de&%s%o, to &o,stru&t the des%red a,d .referred 3-D .assword! IL! R838R84C8(

@1B AJ(6JAI2A4/ 3!A!G 8J (ADDI</ A!/ M)HR88- 35R (8C6R8/M I888 )RA4(AC)I54( 54 I4()R6284)A)I54 A4D 28A(6R8284)/ >5J!5'/ 45!H/ PP 1H2H-1H3 !( 8P)! 2"" ! @2B D6HA4 P55IA/ ?6P)A (HIJPI / (A4?*A4 (6IA)A/ N ?6JA)I >I4I)A/ O(8C6R8D A6)H84)ICA)I54P 3D PA((*5RD/I!I!8!2!(!/ >5J!392:/242 C 245/ 2"12! @3B ?R5>8R A2A4/ 4ARA4? *I44I8/ O4-D PA((*5RDP ()R84?)H84I4? )H8 A6)H84)ICA)I54 (C848/I4)8R4A)I54AJ I56R4AJ 53 (CI84)I3IC N 84?I488RI4? R8(8ARCH/ >5J628 3/ I((68 1"/ 5C)5B8R-2"12! @4B A!B!?ADICHA / >!B!?ADICHA / O>IR)6AJ R8AJIQA)I54 6(I4? 3D PA((*5RD/I4 I4)8R4A)I54AJ I56R4AJ 53 8J8C)R54IC( A4D C52P6)8R (CI84C8 84?I488RI4?/ I((4 22''1H5AR>142-21A-222!

@5BI! )hor.e a,d P! C! +a, 5ors&hot/ S?ra.h%&al d%&t%o,ar%es a,d the memorable s.a&e of $ra.h%&al .asswords/T %, Proc. US !"# Security/ (a, D%e$o/ CA/ Au$! HC13/ 2""4/ .! 1"! Adams a,d 2! A! (asse/ S6sers are ,ot the e,em-P *h- users &om.rom%se &om.uter se&ur%t- me&ha,%sms a,d how to ta0e remed%al measures/TCommun. AC$/ +ol! 42/ ,o! 12/ ..! 4"C4A/ De&! 1HHH!
@AB ?! 8! BJ54D8R/ S?RAPHICAJ PA((*5RD/T 6!(! PA)84) 5 55H HA1/ (8P! 24/ 1HHA! @'B R! DHA2IIA A4D A! P8RRI?/ SDUIV >6P A 6(8R ()6D= 6(I4? I2A?8( 35R A6)H84)ICA)I54/T I4 P%&C. '() US"! # S CU%"(* S*$P./ D84>8R/ C5/ A6?! 2"""/ PP! 45C5 ! @ B R8AJ 6(8R C5RP5RA)I54/ () SC" !C B )"!D PASS+AC S! 92""5/ 5C)!:! @54JI48B! A>AIJABJ8P H))PPRR ***!R8AJ6(8R(!C52 @HB D! DA>I(/ 3! 254R5(8/ A4D 2! <! R8I)8R/ S54 6(8R CH5IC8 I4 ?RAPHICAJ PA((*5RD (CH828(/T I4 P%&C. ,-() US !"# S CU%"(* S*$P./ (A4 DI8?5/ CA/ A6?! 2""4/ PP! 1C14!

)he 3-D .assword %s a mult%fa&tor authe,t%&at%o, s&heme that &omb%,es these +ar%ous authe,t%&at%o, s&hemes %,to a s%,$le 3-D +%rtual e,+%ro,me,t! )he +%rtual e,+%ro,me,t &a, &o,ta%, a,- e1%st%,$ authe,t%&at%o, s&heme or e+e, a,- u.&om%,$ authe,t%&at%o, s&hemes b- add%,$ %t as a res.o,se to a&t%o,s .erformed o, a, obDe&t! )herefore/ the resulted .assword s.a&e be&omes +er- lar$e &om.ared to a,e1%st%,$ authe,t%&at%o, s&hemes! )he &ho%&e of what authe,t%&at%o, s&hemes w%ll be .art of the user;s 3-D .assword refle&ts the user;s .refere,&es a,d requ%reme,ts! A user who .refers to

@1"B (! *I8D84B8C</ I! *A)8R(/ I!-C! BIR?8)/ A! BR5D(<I=/ A4D 4! 28254/ SA6)H84)ICA)I54 6(I4? ?RAPHICAJ PA((*5RD(P 8338C)( 53 )5J8RA4C8 A4D I2A?8 CH5IC8/T I4 P%&C. S*$P. USABL P%".AC* S CU%"(*/ PI))(B6R?H/ PA/ I6J! 2""5/ PP! 1C12! @11B D! DA>I(/ 3! 254R5(8/ A4D 2! <! R8I)8R/ S54 6(8R CH5IC8 I4 ?RAPHICAJ PA((*5RD (CH828(/T I4 P%&C. ,-() US !"# ! @12B (! *I8D84B8C</ I! *A)8R(/ I!-C! BIR?8)/ A! BR5D(<I=/ A4D 4! 28254/ SPA((P5I4)(P D8(I?4
A4D J54?I)6DI4AJ 8>AJ6A)I54 53 A ?RAPHICAJ PA((*5RD (=()82/T "!(. /. )U$A!0C&$PU(. S(UD. 1SP C"AL "SSU &! )C" % S A%C) "! P%".AC* A!D S CU%"(*2/ >5J! A3/ 45! 1R2/ PP! 1"2C12'/ I6J! 2""5!I8R2=4/ A! 2A=8R/ 3! 254R5(8/ 2! <! R8I)8R/ A4D A! D! R6BI4/ S)H8 D8(I?4 A4D A4AJ=(I( 53 ?RAPHICAJ PA((*5RD(/T I4 P%&C. 3() US !"# S CU%"(* S*$P./ *A(HI4?)54 DC/ A6?! 1HHH/ PP! 1C

14!

@13B I! )H5RP8 A4D P! C! >A4 55R(CH5)/ S?RAPHICAJ DIC)I54ARI8( A4D )H8 2825RABJ8 (PAC8 53 ?RAPHICAJ PA((*5RD(/T I4 P%&C. US !"# S CU%"(*/ (A4 DI8?5/ CA/ A6?! HC13/ 2""4/ P! 1"! ADA2( A4D 2! A! (A((8/ S6(8R( AR8 45) )H8 8482=P *H= 6(8R( C52PR52I(8 C52P6)8R (8C6RI)=
28CHA4I(2( A4D H5* )5 )A<8 R828DIAJ 28A(6R8(/TC&$$U!. AC$/ >5J! 42/ 45! 12/ PP! 4A/ D8C! 1HHH!

4"C