3-D Graphical Password Used For Authentication

ISSN:2229-6093 Vidya Mhaske et al ,Int.J.Computer Technology & Applications,Vol 3 (2), 510-519

3-D Graphical Password Used For Authentication Mrs. Vidya Mhaske-Dhamdhere, Lecturer. Bhakti Pawar, Pallavi Ghodke, Pratibha Yadav,Student G.H.Raisoni College of Engg. & Management, Pune. [email protected],[email protected], [email protected]

Abstract-

In today’s world, security is important aspect in day to day life.So, everyone used various ways for security purpose. People use passwords for their security.Generally, everyone uses textual password. Textual password is combination of alphabets and numbers. People keep textual password as name of their favorite things, actors or actress, dish and meaningful word from dictionary. But the person who is very close to that person can easily guess the password. Graphical password is advanced version of password. Graphical passwords have received considerable attention lately as Potential alternatives to text-based passwords. Graphical password is composed of images, parts of images, or sketches[4][7]. These passwords are very easy to use and remember. Biometric password is an extended feature of graphical passwords. Biometric password is consisting of face recognition, thumb impression, eye retina and heartbeats pulses[10]. In this paper, we present and evaluate our contribution, i.e., the 3-D password. The 3-D password is a multifactor authentication scheme. To be authenticated, we present a 3-D virtual environment where the user navigates and interacts with various objects. The sequence of actions and interactions toward the objects inside the 3D environment constructs the user’s 3-D password. The 3-D password can combine most existing authentication schemes such as textual passwords, graphical passwords,

and various types of biometrics into a 3-D virtual environment. The design of the 3-D virtual environment and the type of objects selected determine the 3-D password key space[10]. Keywords-Cryptography, encryption and decryption algorithms Authentication Biometrics, graphical passwords, multifactor, textual passwords, 3Dpasswords, 3- virtual environment.

Introduction Normally the authentication scheme the user undergoes is particularly very lenient or very strict. Throughout the years authentication has been a very interesting approach. With all the means of technology developing, it can be very easy for 'others' to fabricate or to steal identity or to hack someone password. Therefore many algorithms have come up each with an interesting approach toward calculation of a secret key. The algorithms are such based to pick a random number in the range of 106 and therefore the possibilities of the same number coming are rare. Users nowadays are provided with major password stereotypes such as textual passwords, biometric scanning, tokens or cards (such as an ATM) etc.Mostly textual passwords follow an encryption algorithm as mentioned above. Biometric scanning is your "natural" signature and Cards or Tokens prove your validity. But some people hate the fact to carry around their

510

ISSN:2229-6093 Vidya Mhaske et al ,Int.J.Computer Technology & Applications,Vol 3 (2), 510-519

cards, some refuse to undergo strong IR exposure to their retinas(Biometric scanning)[10].Mostly textual passwords, nowadays, are kept very simple say a word from the dictionary or their pet games,grilfriends etc.Ten years back Klein performed such tests and he could crack 1015 passwords per day[2].

Literature Survey Now with the technology change, fast processors and many tools on the Internet this has become a Child’s Play. Therefore we preset our idea, the 3D passwords which are more customizable, and very interesting way of authentication. The dramatic increase of computer usage has given rise to many security concerns. One major security concern is authentication, which is the process of validating who you are to whom you claimed to be. In general, human authentication techniques can be classified as knowledge based (what you know), token based (what you have), and biometrics. Knowledge-based authentication can be further divided into two categories as follows: 1) Recall based and 2) Recognition based Recall-based techniques require the user to repeat or reproduce a secret that the user created before. Recognition based techniques require the user to identify and recognize the secret, or part of it, that the user selected before. One of the most common recall-based authentication schemes used in the computer world is textual passwords. One major drawback of the textual password is its two conflicting requirements: the selection of passwords that are easy to remember and, at the same time, are hard to guess[6]. Many biometric schemes have been proposed; fingerprints, palm prints, hand geometry, face recognition, voice recognition, iris recognition, and retina recognition are all different biometric

schemes. Each biometric recognition scheme has its advantages and disadvantages based on several factors such as consistency, uniqueness, and acceptability. One of the main drawbacks of applying biometrics is its intrusiveness upon a user’s personal characteristic. Moreover, retina biometrical recognition schemes require the user to willingly subject their eyes to a low-intensity infrared light. In addition, most biometric systems require a special scanning device to authenticate users, which is not applicable for remote and Internet users. The 3-D password is a multifactor authentication scheme. It can combine all existing authentication schemes into a single 3-D virtual environment. This 3-D virtual environment contains several objects or items with which the user can interact. The type of interaction varies from one item to another. The 3-D password is constructed by observing the actions and interactions of the user and by observing the sequences of such actions. Beginning around 1999, numerous graphical password schemes have been proposed, motivated by the promise of improved password memorability and thus usability, while at the same time improving strength against guessing attacks. Like text passwords, graphical passwords are knowledge-based authentication mechanisms where users enter a shared secret as evidence of their identity. However, where text passwords involve alphanumeric and/or special keyboard characters, the idea behind graphical passwords is to leverage human memory for visual information, with the shared secret being related to or composed of images, parts of images, or sketches. Despite the large number of options for authentication, text passwords remain the most common choice for several reasons. For example, they are easy and inexpensive to implement; are familiar to essentially all users; allow users to authenticate themselves while avoiding privacy issues that have been raised about biometrics; and have the

511

ISSN:2229-6093 Vidya Mhaske et al ,Int.J.Computer Technology & Applications,Vol 3 (2), 510-519

advantage of portability without, for example, having to carry physical tokens. However, text passwords also suffer from both security and usability disadvantages for example, passwords are typically difficult to remember, and are predictable if user choice is allowed. When text password users adopt unsafe coping strategies such as reusing passwords across accounts to help with memorability, the resulting decrease in security cannot be successfully addressed by simply strengthening, in isolation, the underlying technical security aspects of a system. Usability issues often significantly impact the real-world security of the system[9]. Graphical passwords can be divided into two categories as follows: 1) Recognition based 2) Recall based

1) Recognition based: Recognition based techniques require the user to identify and recognize the secret, or part of it, that the user selected before. Although there is currently no evidence of this happening with graphical passwords, it remains a plausible coping strategy if users can revise a way of relating a recall based Graphical password to a corresponding account name. A number of security vulnerabilities are common to most recall-based systems, as these systems share similar features. These systems are generally susceptible to shoulder surfing to the extent that in many cases, the entire drawing is visible on the screen as it is being entered, and thus an attacker need accurately observe or record only one login for the entire password to be revealed[6].

2) Recall based: Recall is the procedure of the human nature to remember what was done or what was the event. Ours is an experience-based nature and hence we like to try and remember different things accordingly. Scientifically, Recall can be defined as a temporary failure to retrieve

information from memory is known as the tip-of-the-tongue phenomenon. Various means, including met cognitive strategies, priming, and measures of retention may be employed to make the best use of memory. Recollection often requires prompting (as in stimulus or clues) to assist the mind in retrieving the information sought. There are three types of recall: 1. Free recall: when no clues are given to assist retrieval. 2. Serial recall: when items are recalled in a particular order. 3. Cued recall: when some clues are given to assist retrieval[6]. Now the passwords are based on the fact of Human memory. Generally simple passwords are set so as to quickly recall them. The human memory, in our scheme has to undergo the facts of Recognition, Recalling, Biometrics or Token based authentication. Once implemented and you log in to a secure site, the 3D password GUI opens up. This is an additional textual password which the user can simply put. Once he goes through the first authentication, a 3D virtual room will open on the screen. In our case, lets say a virtual garage.Now in a day to day garage one will find all sorts of tools, equipments, etc.each of them having unique properties. The user will then interact with these properties accordingly. Each object in the 3D space, can be moved around in an (x, y, z) plane.Thats the moving attribute of each object. This property is common to all the objects in the space. Suppose a user logs in and enters the garage. He sees and picks a screw-driver (initial position in xyz coordinates (5, 5, 5)) and moves it 5 places to his right (in XY plane i.e. (10, 5, 5).That can be identified as an authentication. Only the true user understands and recognizes the object which he has to choose among many. This is the Recall and Recognition part of human memory coming into play.Interestingly, a password can be set as approaching a radio and setting its frequency

512

ISSN:2229-6093 Vidya Mhaske et al ,Int.J.Computer Technology & Applications,Vol 3 (2), 510-519

to number only the user knows. Security can be enhanced by the fact of including Cards and Biometric scanner as input. There can be levels of authentication a user can undergo. More the confidentiality more the complexity. In that scenario a virtual environment can be developed as a globe, a city or simply a garage. In cryptography, the Advanced Encryption Standard (AES) is a symmetric-key encryption standard adopted by the U.S. government. The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael. Each of these ciphers has a 128bit block size, with key sizes of 128, 192 and 256 bits, respectively. The AES ciphers have been analyzed extensively and are now used worldwide, as was the case with its predecessor, the Data Encryption Standard (DES). AES was announced by National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001 after a five-year standardization process in which fifteen competing designs were presented and evaluated before Rijndael was selected as the most suitable (see Advanced Encryption Standard process for more details). It became effective as a Federal government standard on May 26, 2002 after approval by the Secretary of Commerce. It is available in many different encryption packages. AES is the first publicly accessible and open cipher approved by the National Security Agency (NSA) for top secret information (see Security of AES, below).

Existing System Drawback1. One major drawback of the textual password is its two conflicting requirements: the selection of passwords that are easy to remember and, at the same time, are hard to guess.

2. The biggest drawback of current graphical password is the Shoulder Surfing problem. 3. The main drawbacks of applying biometrics is its intrusiveness upon a user’s personal characteristic. 4. Biometrics is an expensive security solution.

Proposed System 1) Environment 3-D Cube In this dissertation the second environment is a cube. Fig. shows the snapshot of environment-cube.

Fig.1.Enviornment 3-D cube Whenever user is selecting the environment then the cube is at initial position which is already settled at (400, 240, and 0) co-ordinates with respect to X, Y, Z axis(refer fig.1). And one more point that settled in this environment in the form of camera position. This camera position is set at co-ordinates (400, 240,-500) on X, Y, Z axis and acts as a reference point and from this point user can observe the action and interaction that are performed on the cube. This environment has four main actions; each main action has six sub actions and also having the one particular Input action as

513

ISSN:2229-6093 Vidya Mhaske et al ,Int.J.Computer Technology & Applications,Vol 3 (2), 510-519

load image on each side of cube. The detail of the four main actions is as follows: Move Cube: This particular main move cube action having the six different sub actions that are- Left, Right, Up, Down, In, Out. Whenever the user is single click on these buttons then the cube moves by 45 coordinates with respective to which button is click. The maximum click on each button is six. When a user is clicked on any particular button at seventh time then he/she got the error message as you have reached the maximum limit. Rotate Cube: The next main action is rotate cube with sub actions that are – rotate cube x-direction, y-direction, z-direction and –x -direction, -y-direction, -z-direction Whenever the user single clicks on these buttons then the cube rotate in 45° direction with respective to which button is click. The maximum click on each button is six. When a user is clicked on any particular button at seventh time then he/she got the error message as you have reached the maximum limit. Move Camera: Move camera action also having different sub action that is Left, Right, Up, Down, In, Out. When the user is single click on these buttons then the camera or reference point moves 45 coordinates with respective to which button is click. The maximum click on each button is six. When a user is clicked on any particular button at seventh time then he/she got the error message as you have reached the maximum limit. Turn Camera: Turn camera action with different sub action as to rotate camera Left, Right, Up, Down, CW (Clockwise), CCW (Counter clock-Wise) direction. Single click on these buttons then the camera rotate by 45° in direction with respective to which button is click. The maximum click on each button is six. When a user is clicked on any particular button at seventh time then he/she got the error message as you have reached the maximum limit.

Load Image:

This action is used to load image on each side of cube. This will make user 3D password stronger. User can perform any number of action and interaction on the cube and at the end for to save these action and interaction as a 3-D password, user is require clicking on Close button [1]. We are implementing this application using Data Encryption Standard [DES] algorithm. The Data Encryption Standard (DES) is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard (FIPS) for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is based on a symmetric key algorithm that uses a 56-bit key. The algorithm was initially controversial because of classified design elements, a relatively short key length, and suspicions about a National Security Agency (NSA) backdoor. DES consequently came under intense academic scrutiny which motivated the modern understanding of block ciphers and their cryptanalysis.

1. Expansion:

The 32-bit half-block is expanded to 48 bits using the expansion permutation, denoted E in the diagram, by duplicating half of the bits. The output consists of eight 6-bit(8*6=48bits) pieces, each containing a copy of 4 corresponding input bits, plus a copy of the immediately Adjacent bit from each of the input pieces to either side. 2. Key mixing: The result is combined with a sub key using an XOR operation. 16 48-bit sub keys one for each round are derived from the main key using the key schedule (described below). 3. Substitution: After mixing in the sub key, the block is divided into eight 6-bit pieces before processing by the S-boxes or substitution boxes. Each of the eight Sboxes replaces its six input bits with four

514

ISSN:2229-6093 Vidya Mhaske et al ,Int.J.Computer Technology & Applications,Vol 3 (2), 510-519

Fig.2 the Feistel function (F function) of DES . output bits according to a non-linear transformation, provided in the form of a lookup table. The S-boxes provide the core of the security of DES without them; the cipher would be linear, and trivially breakable. 4. Permutation: Finally, the 32 outputs from the Boxes are rearranged according to a fixed permutation, the P-box. This is designed so that, after expansion, each S box's output bits are spread across 6 different S boxes in the next round. The alternation of substitution from the S-boxes, and permutation of bits from the P-box and E-expansion provides so-called "confusion and diffusion" respectively. Fig. 3 illustrates the key schedule for encryption. The algorithm which generates the sub keys. Initially, 56 bits of the key are selected from the initial 64 by Permuted Choice 1 (PC-1) the remaining eight bits are either discarded or used as parity check bits.

Fig. 3 The key-schedule of DES The 56 bits are then divided into two 28-bit halves; each half is thereafter treated separately. In successive rounds, both halves are rotated left by one and two bits (specified for each round), and then 48 sub key bits are selected by Permuted Choice 2 (PC-2) 24 bits from the left half, and 24 from the right. The rotations (denoted by "