Design and development of a three dimensional password scheme

Abstract

Current authentication systems suffer from many weaknesses. Textual passwords are common. However, users do not follow the requirements of a textual password system. Users tend to choose meaningful words from dictionaries, which make textual passwords easy to break and vulnerable to dictionary attacks or brute-force attacks. Many available graphical password schemes have a password space less or equal to the textual password space. Smart cards or tokens can be stolen. Although many biometrics authentications have been proposed, users tend to resist using biometric passwords because of their seeming intrusiveness and their affect on personal privacy. Moreover, biometric passwords cannot be revoked. In this thesis, we propose and evaluate our contribution which is a new scheme of authentication. This new scheme is based on a three-dimensional virtual environment. Users navigate through the virtual environment and interact with items inside the three-dimensional virtual environment. The combination of all interactions, actions and inputs towards the items and towards the three-dimensional virtual environment constructs the user's 3D password. The 3D password combines most existing authentication schemes such as textual passwords, graphical passwords, token-based, and biometrics into one three-dimensional virtual environment. The 3D password's main application is the protection of critical resources and systems.