THREE DIMENSIONAL FOR SECURE AUTHENTICATION

AND IT’S USUAGE

C.N.KRISHNA S.CITHARA

III – BCA ‘B’ III – BCA ‘B’

Sri Krishna Arts and Sri Krishna Arts and

Science College, Science College ,

UG Student. UG Student.

A.C.SOUNTHARRAJ
Assistant Professor
Department of Computer Science
Sri Krishna Arts and Science College,
Coimbatore.

many tools on the internet this has become a child’s

play.
Abstract
Keywords – 3-D Virtual environment, 3-D Secure,
This paper describes that the Users nowadays are
3-D Designing, Access Control Server(ACS),
provided with major password stereotypes such as
Graphical passwords, Authentication Problems,
textual passwords, biometric scanning, tokens or
Tokens, 3-D Secure flow.
cards (such as an ATM) etc. Smart cards or tokens
can be stolen. The 3D passwords which are more I) INTRODUCTION
customizable and very interesting way of
authentication. The 3D password is a multi factor
authentication scheme. Mostly textual passwords
follow an encryption algorithm as mentioned above.
Biometric scanning is your "natural" signature and
Cards or Tokens prove your validity. But some
people hate the fact to carry around their cards, some
refuse to undergo strong IR exposure to their retinas
(Biometric scanning). Virtual object walks through
the environment and interacts with the objects. The
3-D password can combine most existing Fig 1 Design of the 3-D Password to
open the locker.
authentication schemes such as textual passwords,
graphical passwords, and various types of biometrics Therefore the 3D passwords which are more
into a 3-D virtual environment. Mostly textual customizable and very interesting way of
passwords, nowadays are kept very simple say a authentication. Now the passwords are based on the
word from the dictionary or their pet names, best fact of Human memory. Generally simple passwords
friends etc. Years back hackers performed such tests are set so as to quickly recall them. The human
and he could crack 10 – 15 passwords per day. Now memory, in our scheme has to undergo the facts of
with the technology change, fast processors and Recognition, Recalling, Biometrics or Token based
authentication. Once implemented and you log in to a
secure site, the 3D password GUI opens up. This is
an additional textual password which the user can
simply put. Once he goes through the first  A biometric recognition device;
authentication, a 3D virtual room will open on the
 A paper or a white board that a user can
screen. In our case, let's say a virtual garage. The 3D
write, sign, or draw on;
password is a multi-factor authentication scheme.
 An automated teller machine (ATM) that
The 3D password presents a 3D virtual environment
requests a token;
containing various virtual objects. The user navigates
through this environment and interacts with the  A light that can be switched on/off;
objects. The 3D password is simply the combination
and the sequence of user interactions that occur in the  A television or radio where channels can be
3D virtual environment. The 3D password can selected;
combine recognition, recall, token, and biometrics  A staple that can be punched;
based systems into one authentication scheme. This
can be done by designing a 3D virtual environment  A car that can be driven;
that contains objects that request information to be
 A book that can be moved from one place to
recalled. For example, the user can enter the virtual
another;
environment and type something on a computer that
exists in (x1 , y1 , z1 ) position, then enter a room  Any graphical password scheme;
that has a fingerprint recognition device that exists in
 Any real life object;
a position (x2 , y2 , z2 ) and provide his/her
fingerprint. The combination and the sequence of the  Any upcoming authentication scheme.
previous actions toward the specific objects construct
the user's 3D password. A) Designing of a 3D Virtual Environment

Designing a well-defined 3-D virtual environment

II) VIRTUAL OBJECTS
affects the usability, effectiveness and acceptability
of a 3-D password system. Therefore, the first step in
building a 3-D password system is to design a 3-D
environment that reflects the administration needs
and the security requirements. The design of 3-D
virtual environment should follow the following
guidelines:

 Real-Life similarity = The prospective 3-D

virtual environment should reflect what
people are used to seeing in real life.
Fig 2 3D Virtual Environment
 Object uniqueness and distinction = The
Virtual objects can be any object that we encounter in design of the 3-D virtual environment
real life. Any obvious actions and interactions toward should consider that every object should be
the real life objects can be done in the virtual 3D distinguishable from other objects.
environment toward the virtual objects. Moreover,
any user input (such as speaking in a specific  Three-Dimensional virtual environment
location) in the virtual 3D environment can be size = The size of a 3-D environment should
considered as a part of the 3D password. be carefully studied as it can depict a space
as focused as a single room (or office) or as
We can have the following objects: vast as a city.
 A computer with which the user can type;

 A fingerprint reader that requires the user's

fingerprint;
 III) Evolution of 3D password for the development of the EMV 3DS 2.0
Specification.
Online-fraud prevention is a continually moving EMV Co published the specs for 3D Secure 2.0. The
target. As fraud tools become more sophisticated, differences between the new version and the original
fraud tactics and attacks also evolve to find 3D Secure 2.0 includes:
undiscovered vulnerabilities and ways to continue to
profit from using stolen credit-card data. While the  Improved messaging with supplementary
main focus of a fraud strategy is to protect the information for better decisions on
bottom-line by canceling fraudulent orders before authentication.
they result in chargebacks and lost product, there is  Non-payment user authentication.
little guarantee that all those orders would result in
 Non-standard extensions to meet specific
chargebacks if not canceled. But some companies
regulations and requirements, including
have found a way to reduce fraud and increase top-
proprietary out-of-band authentication
line sales. By combining 3D Secure (3DS) with Big
solutions, used by card issuers.
Data and what issuers call risk-based authentication
 Better performance for end-to-end message
(RBA) merchants are able to have more confidence
processing.
in a transaction and reduce the amount of orders they
 Improved datasets for risk-based
cancel post-authorization. MasterCard Secure Code
authentication.
and Verified by Visa have been in existence for more
than a decade. Originally, 3D’s asked consumers to  Prevention of unauthenticated payment,
enter a bank-supplied password for every enrolled even if a cardholder's card number is stolen
transaction before it could be completed. Consumers or cloned.
were not well educated about the system and,
therefore, unprepared for it when making a purchases C) 3D Passwords Scheme
at participating online businesses. As a result,
adoption of 3DS was limited. The 3D password scheme is a new authentication
scheme that combines RECOGNITION,
A) 3D Secure RECALL, TOKENS, BIOMETRIC in one
authentication system.
3-D Secure is an XML-based protocol designed to be
an additional security layer for online credit and debit IV) IMPLEMENTATION
card transactions. It was originally developed by
Arcot Systems (now CA Technologies) and first The specifications are currently at version 1.0.2.
deployed by Visa with the intention of improving the Previous versions 0.7 (only used by Visa USA) and
security of Internet payments and is offered to 1.0.1 have become redundant and are no longer
customers under the name Verified by Visa. supported. MasterCard and JCB have adopted version
As American Express Safe Key, in select markets 1.0.2 of the protocol only. In order for a Visa or
and continues to launch additional markets. Analysis MasterCard member bank to use the service, the bank
of the protocol by academia has shown it to have has to operate compliant software that supports the
many security issues that affect the consumer, latest protocol specifications.
including greater surface area for phishing and a shift
of liability in the case of fraudulent payments.
A) ACS providers

B) 3D Secure Flow In the 3-D Secure protocol, ACS (Access Control

Server) is on the issuer side (banks). Currently, most
EMV Co, a company which is collectively owned banks outsource ACS to a third party. Commonly, the
by American Express, Discover, buyer's web browser shows the domain name of the
JCB, MasterCard, Union Pay and Visa, is responsible
ACS provider, rather than the bank's domain name,
this is not required by the protocol.
V) GRAPHICAL PASSWORDS
B) MPI providers
VS. GRAPHICAL USER
AUTHENTICATION
Each 3-D Secure version 1 transaction involves two
Internet request/response pairs: VEReq/VERes and
PAReq/PARes. Visa and MasterCard don't license
merchants for sending requests to their servers.

C) Buyers and Credit Card Holders

The merchant does not know this password and is not

responsible for capturing it, it can be used by the
issuing bank as evidence that the purchaser is indeed
their cardholder. This is intended to help decrease
risk in two ways:
Fig 3 Graphical Password in Finger Print Sensor
1. Copying card details, either by writing down
the numbers on the card itself or by way of
A graphical password is an authentication system that
modified terminals or ATMs, does not
works by having the user select from images, in a
result in the ability to purchase over the
specific order, presented in a graphical user interface
Internet because of the additional password,
(GUI). For this reason, the graphical-password
which is not stored on or written on the
approach is sometimes called graphical user
card.
authentication (GUA).
2. Since the merchant does not capture the
password, there is a reduced risk from
security incidents at online merchants; A) What is Authentication ?
while an incident may still result in hackers
obtaining other card details, there is no way Authentication is the process of determining whether
for them to get the associated password. someone or something is, in fact, who or what it is
declared to be. Logically, authentication
D) General 3D Secure Criticism precedes authorization (although they may often
seem to be combined). The two terms are often used
 Verifiability of site identity. synonymously but they are two different processes.
 Limited mobility.
B) Authentication Vs. Authorization
 Geographic discrimination.
 3D Secure as strong authentication.
Authentication is a process in which the credentials
 Graphical Passwords. provided are compared to those on file in a database
 Graphical User Authentication. of authorized users’ information on a local operating
system or within an authentication server. If the
credentials match, the process is completed and the
user is granted authorization for access. The
permissions and folders returned define both the
environment the user sees and the way he can interact
with it, including hours of access and other rights E) The problem with password-based
such as the amount of allocated storage space. authentication

C) User Authentication vs. Machine User names are frequently a combination of the
Authentication individual’s first initial and last name, which makes
them easy to guess. If constraints are not imposed,
User authentication occurs within most human-to- people often create weak passwords and even strong
computer interactions other than guest accounts, passwords may be stolen, accidentally revealed or
automatically logged-in accounts and kiosk computer forgotten.
systems. Generally, a user has to enter or choose an
ID and provide their password to begin using a VI) Drawbacks of Graphical and
system. User authentication authorizes human-to- Textual Passwords
machine interactions in operating systems and
applications as well as both wired and wireless
 Graphical passwords can be easily recorded
networks to enable access to networked and Internet-
as these schemes take a long time.
connected systems, applications and resources.
 The main drawback of using of using
Machines need to authorize their automated actions
biometric is intrusiveness upon a user’s
within a network too.
personal characteristics which are liable to
change under certain situations.
D) Password - Based Authentication  They require special scanning device to
authenticate the user which is not acceptable
In private and public computer networks (including for remote and internet users.
the Internet), authentication is commonly done  Textual passwords should be easy to
through the use of login IDs (user names) and remember, but as the same time, difficult to
passwords. Knowledge of the login credentials is guess.
assumed to guarantee that the user is authentic. Each  Full password space for 8 characters,
user registers initially using an assigned or self- consisting of both numbers and characters,
declared password. On each subsequent use, the user is 2*(10*14).
must know and use the previously declared password.  A research showed that 25% of the
passwords out of 15,000 users could be
guessed correctly using brute force
dictionary.
breaking a 3-D password. Moreover, it will
VII) CONCLUSION demonstrate how the attackers will acquire the
knowledge of the most probable 3-D passwords
3D Password improves authentication. It is to launch their attacks. The 3D password scheme
difficult to crack as there are no fixed number of is a new authentication scheme that combines
steps or particular procedure. Added with RECOGNITION, RECALL, TOKENS,
biometrics and token verification, this schema BIOMETRIC in one authentication system.
becomes almost unbreakable. If the credentials Refrences :
match, the process is completed and the user is
granted authorization for access. 1) www.wikipedia.com.
2) www.slideshare.net.
3) http://citeseerx.ist.psu.edu/viewdoc/downloa
Moreover, gathering attackers from different d?doi=10.1.1.69.5331&rep=rep1&type=pdf
backgrounds to break the system is one of the .
future works that will lead to system 4) Prof. sonkar S.K “3D password technology
improvement and prove the complexity of and its usuage”.
5) “New Era of authentication: 3-D Password”