Software Requirements Specification

for

3D PASSWORDS
Prepared by:
M.S.BALA SUBRAMANYAM (08BQ1A0508) G.KRISHNA KANTH (08BQ1A0520) B.CHAITANYA DAS (08BQ1A0507)

VASIREDDY VENKATADRI INSTITUTE OF TECHNOLOGY DATE:

Table of Contents
1. Introduction .............................................................................................................. 1
1.1 Purpose ........................................................................................................................... 1 1.2 Project Scope .................................................................................................................. 1 1.3 References ...................................................................................................................... 2

2. Overall Description .................................................................................................. 3

2.1 2.2 2.3 2.4 2.5 2.6 2.7
2.7.1

Product Perspective ........................................................................................................ 3 Product Features ............................................................................................................. 5 User Classes and Characteristics .................................................................................... 5 Operating Environment .................................................................................................... 6 Design and Implementation Constraints .......................................................................... 5 Functional Requirements Specification...8
user Use Case... ...Error! Bookmark not defined. Use case: initialize.9

assumptionsand Dependencies.....3

Use register.
2.7.2 server Case... .................

case:
Use

Use case: authentication. 3. External Interface Requirements ............................................................................ 5

3.1 3.2 3.3 3.4 4.1 4.2 4.3 4.4 User Interfaces ................................................................................................................ 5 Hardware Interfaces ........................................................................................................ 5 Software Interfaces.......................................................................................................... 5 Communications Interfaces ............................................................................................. 5 Performance Requirements ............................................................................................. 6 Safety Requirements ....................................................................................................... 6 Security Requirements .................................................................................................... 6 Software Quality Attributes .............................................................................................. 6

4. Other Nonfunctional Requirements ....................................................................... 6

6. Other Requirements ................................................................................................ 7 Glossary ......................................................................................................................... 7

1.0. Introduction
1.1. Purpose The purpose of this document is to present a detailed description of the 3D PASSWORDS AUTHENTICATION SYSTEM. It will explain the purpose and features of the system, the interfaces of the system, what the system will do, the constraints under which it must operate and how the system will react to external stimuli. This document is intended for both the stakeholders and the developers of the system . 1.2. Scope of Project The 3D passwords is a more customizable and very interesting way of authentication.Now the passwords are based on the fact of Human memory. Generally simple passwords are set so as to quickly recall them. The human memory, in our scheme has to undergo the facts of Recognition, Recalling. Once implemented and you log in to a secure site, the 3D password GUI opens up. This is an additional textual password which the user can simply put. Once he goes through the first authentication, a 3D virtual room will open on the screen. In our case, lets say a virtual garage.Now in a day to day garage one will find all sorts of tools, equipments, etc.each of them having unique properties. The user will then interact with these properties accordingly. Each object in the 3D space, can be moved around in an (x,y,z) plane. Thats the moving attribute of each object. This property is common to all the objects in the space. Suppose a user logs in and enters the garage. He sees and picks a screw-driver (initial position in xyz coordinates (5, 5, 5)) and moves it 5 places to his right (in XY plane i.e. (10, 5, 5).That can be identified as an authentication. Only the true user understands and recognizes the object which he has to choose among many. This is the Recall and Recognition part of human memory coming into play.Interestingly,a password can be set as approaching a radio and setting its frequency to number only the user knows.Security can be enhanced by the fact of including Cards and Biometric scanner as input. There can be levels of authentication a user can undergo.

1.3. References 1. IEEE.Std 830-1998 IEEE Recommended Practice for Software Requirements Specifications.IEEE Computer Society, 1998. 2. http://paperpresentation-seminars.blogspot.in/2011/07/3d-passwords.html

3.http://realusers.com

2.0. Overall Description

2.1Product Perspective: Normally the authentication scheme the user undergoes is particularly very lenient or very strict. Throughout the years authentication has been a very interesting approach. With all the means of technology developing, it can be very easy for 'others' to fabricate or to steal identity or to hack someones password. Therefore many algorithms have come up each with an interesting approach toward calculation of a secret key. The algorithms are such based to pick a random number in the range of 10^6 and therefore the possibilities of the same number coming is rare

Users nowadays are provided with major password stereotypes such as textual passwords, biometric scanning, tokens or cards (such as an ATM) etc.Mostly textual passwords follow an encryption algorithm as mentioned above.Biometric scanning is your "natural" signature and Cards or Tokens prove your validity. But some people hate the fact to carry around their cards, some refuse to undergo strong IR exposure to their retinas(Biometric scanning).Mostly textual passwords, nowadays, are kept very simple say a word from the dictionary or their pet names,girlfriends etc. Years back Klein performed such tests and he could crack 10-15 passwords per day. Now with the technology change, fast processors and many tools on the Internet this has become a Child's Play.

Therefore we present our idea, the 3D passwords which are more customizable and very interesting way of authentication.Now the passwords are based on the fact of Human memory. Generally simple passwords are set so as to quickly recall them. The

human memory, in our scheme has to undergo the facts of Recognition, Recalling, Biometrics or Token based authentication.

2.2Product Features The proposed system is a multifactor authentication scheme thatcombines the benefits of various authentication schemes. Users have the freedom toselect whether the 3Dpassword will be solely recall, biometrics,recognitionortokenbasedor a

combination of two schemes or more. This freedom of selection isnecessary because users are different and they have different requirements. Therefore,to ensure high user acceptability, the users freedom of selection is important.The following requirements are satisfied in the proposed scheme. 1. The new scheme provide secrets that are easy to remember and very difficultfor intruders to guess. 2. The new scheme provides secrets that are not easy to write down on paper. Moreover, the scheme secrets should be difficult to share with others. 3. The new scheme provides secrets that can be easily revoked or changed. 2.3User Classes and Characteristics The 3D password can have a password space that is very large compared to other authentication schemes, so the 3D passwords main application domains are protecting critical systems and resources.

1. Critical server many large organizations have critical servers that are usually protected by a textual password. A 3D password authentication proposes a sound replacement for a textual password. 2. Nuclear and military facilities such facilities should be protected by the most powerful authentication systems. The 3D password has a very large probable

password space, and since it can contain token biometrics, recognition and knowledge based authentications in a single authentication system, it is a sound choice for high level security locations. 3. Airplanes and jet fighters Because of the possible threat of misusing airplanes and jet fighters for religion, political agendas, usage of such airplanes should be protected by a powerful authentication system. In addition, 3D passwords can be used in less critical systems because the 3D virtual environment can be designed to fit to any system needs. A small virtual environment can be used in the following systems like 1. 2. 3. 4. 5. ATM Personal Digital Assistance Desktop Computers & laptop logins Web Authentication Security Analysis

2.4Operating environment: The product will be operating in windows environment. Also it will be compatible with any web browser. The only requirement to use this system would be the internet connection.We also need to create a 3d environment,where the user can interact with different objects. Similar to other web applications, the platform required for this is similar to that of a normal web application. 2.5 Design and Implementation Constraints: The designofthe 3D virtual environments affects the usability, effectiveness,acceptability of 3D password.The first step in building a 3D password system is to design a 3D environment that reflects the administration needs and the security requirements. The design of 3D virtual environments should follow these guidelines.

1) Real Life Similarity Theprospective 3D virtual environment should reflect what people are used to seeing in real life. Objects used in virtual environments should be relatively similar in size to real objects (sized to scale). Possible actions and interactions toward virtual objects should reflect reallife situations. Object responses should be realistic. The target should have a 3D virtual environment that users can interact 2) Object uniqueness and distinction every virtual object or item in the 3D virtual environment is different from any other virtual object. The uniqueness comes

from the fact that every virtual object has its own attributes such as position. Thus, the prospective interaction with object 1 is not equal to the interaction with object 2. How ever, having similar objects such as 20 computers in one place might confuse the user. Therefore, the design of the 3D virtual environment should consider that every object should be distinguishable from other objects. Similarly, in designing a 3D virtual environment, it should be easy for users to navigate through and to distinguish between objects. The distinguishing factor increases the users recognition of objects. Therefore, it improves the system usability. 3) Three Dimensional Virtual Environment Size A 3D virtual environment can depict a city or even the world. On the other hand, it can depict a space as

focused as a single room or office. A large 3D virtual environment will increase the time required by the user to perform a 3D password. Moreover, a large 3D virtual environment can contain a large number of virtual objects. Therefore, the probable 3D password space broadens. However, a small 3D virtual environment usually contains only a few objects, and thus, performing a 3D password will take less time. 4) Number of objects and their types Part of designing a 3D virtual environment is determining the types of objects and how many objects should be placed in the environment. The types of objects reflect what kind of responses the object will have. For simplicity, we can consider requesting a textual password or a fingerprint as an object response type. Selecting the right object response types and the number of objects affects the probable password space of a 3D password. 5) System Importance The 3D virtual environment should consider what systems will be protected by a 3D password The number of objects and thetypes of objects that Have been used in the 3D virtual environment should reflect the importance of the protected system.

2.6 Assumptions and Dependencies: Full working of 3D PASSWORDS is dependent on the availability of Internet connection, flash player. Assumptions: In general it has been assumed that the user has complete knowledge of the system that means user is not a nave user. Any data entered by him/her will be valid. To make the software as user friendly as possible but at the same time keeping in minds user requirements. Server OS should be Windows NT/2000/XP. Client PC should be Windows 9X/NT/WorkStation or Windows 2000 with latest service pack. Dependencies: The product uses adobe flash player for proper working of 3d passwords.

3.0

system features:
3.1 Database Storage 3.1.1 Description and Priority Proposed Database is intended to store, retrieve, update, and manipulate information related to particular organization which include user names and passwords.

3.2

Functional Requirements specification: This section gives the list of Functional and nonfunctionalrequirements which are applicable to the 3d passwords. Functional requirements are nothing but the services provided by the system to its end users. There are two modules in this phase. They are 1. Registration module 2. Authentication module

3.2.1 Use case: Registration Diagram:

Description: The user provides the textual passwords then enters into the 3d virtual environment then he changes the states of the desired objects. The interactions of the user with these objects in the 3d environment are stored by the server as users 3d password.

3.2.2 Use case: Authentication Diagram:

Description: The user provides the textual passwords then enters into the 3d virtual environment then he changes the states of the desired objects. The interactions of the user with these objects in the 3d environment are verified with the interactions stored by the server as the users 3d password.

4. UML DIAGRAMS
4.1 Sequence diagram for Authentication:

4.2 State chart diagram

5. External Interface Requirements 5.1User Interfaces 3D Passwords provides the security required for any organization or application. Therefore it forms the link between the user and the application and the user can interact with the objects in the 3d environment through the browser enabled with a flash player plug-in. 5.2. Hardware Interfaces Server Side: Operating System: Windows xp, Processor: Pentium 3.0 GHz or higher RAM: 256 Mb or more Hard Drive: 10 GB or more Client side: Operating System: Windows xp, Processor: Pentium III or 2.0 GHz or higher. RAM: 256 Mb or more 5.3 Software Interfaces Database: SQL Server. Application: python scripts and java applet,web browser Web Server: apache is a powerfulWeb server that provides a highly reliable, manageable, and scalableWeb application infrastructure Web browser: with flash player plug in

5.4. Communication Interfaces The Customer must connect to the Internet to access the Website: Dialup Modem of 52 kbps Broadband Internet Dialup or Broadband Connection with a Internet Provider.

6. Other Nonfunctional Requirements

6.1: Performance Requirements:
The purpose of the implementation is to make implementing the 3d passwords is to provide a more secure way of authentication. This is achieved by using the 3d environment with a combination.

6.2: Safety Requirements

The database may get crashed at any certain time due to virus or operating system failure. Therefore, it is required to take the database backup.

6.3: Security Requirements

Prevention of obtaining password hashes or plaintext passwords from sniffing the network. The 3d password scheme should be able to avoid brute force attack and shoulder surfing attacks.

6.4Hardware Constraints The system requires a database in order to store persistent data. The database should have backup capabilities. The system should have a minimum graphics support. 6.5: Software Constraints The development of the system will be constrained by the availability of required software such as web servers, database and development tools. The 3d environment has to be designed with the animating tools.