Liang Kou,Yiqi Shi,Liguo Zhang,Duo Liu,Qing Yang

DOI: https://doi.org/10.32604/cmc.2019.03760

2019-01-01

Abstract:With the development of computer hardware technology and network technology, the Internet of Things as the extension and expansion of traditional computing network has played an increasingly important role in all professions and trades and has had a tremendous impact on people lifestyle. The information perception of the Internet of Things plays a key role as a link between the computer world and the real world. However, there are potential security threats in the Perceptual Layer Network applied for information perception because Perceptual Layer Network consists of a large number of sensor nodes with weak computing power, limited power supply, and open communication links. We proposed a novel lightweight authentication protocol based on password, smart card and biometric identification that achieves mutual authentication among User, GWN and sensor node. Biometric identification can increase the non-repudiation feature that increases security. After security analysis and logical proof, the proposed protocol is proven to have a higher reliability and practicality.

Haonan Zhai,Miaolei Deng,Huanmei Wu

DOI: https://doi.org/10.3390/sym16070891

2024-07-13

Symmetry

Abstract:Compared to traditional platform environments in the online realm, the metaverse, as a three-dimensional (3D) virtual world, exposes more identity data to the network. Once these data are compromised, it leads to privacy breaches. Therefore, how to ensure identity security in the metaverse environment has become an urgent problem to be solved. Although research on identity authentication schemes can help improve identity security, traditional identity authentication schemes in network environments are studied based on their own environmental characteristics, which makes it difficult to meet the security needs in the metaverse environment. As a result, in this paper we propose an elliptic curve cryptography (ECC)-based identity authentication scheme to address identity authentication issues in the metaverse environment. This scheme ensures secure communication among users, avatars, and platform servers. The security of this scheme was demonstrated through informal security analysis and the automated validation of internet security protocols and applications (AVISPA) formal security analysis tools, and the results showed that it can resist various known attacks. Compared with existing identity authentication schemes, this scheme has lower computational and communication costs.

multidisciplinary sciences

Kedi Yang,Zhenyong Zhang,Tian Youliang,Jianfeng Ma

DOI: https://doi.org/10.1109/tifs.2023.3288689

IF: 7.231

2023-07-04

IEEE Transactions on Information Forensics and Security

Abstract:Metaverse is a vast virtual environment parallel to the physical world in which users enjoy a variety of services acting as an avatar. To build a secure living habitat, it's vital to ensure the virtual-physical traceability that tracking a malicious player in the physical world via his avatars in virtual space. In this paper, we propose a two-factor authentication framework based on biometric-based authentication and chameleon signature. First, aiming at disguise in virtual space, we design an avatar's two-factor identity model to ensure the verifiability of avatar's virtual identity and physical identity. Second, facing at authentication efficiency and keys holding cost, we propose a chameleon collision signature algorithm to efficiently ensure that the avatar's virtual identity is associated with its physical identity. Finally, aiming at impersonation in the physical world, we design two decentralized authentication protocols based on the avatar's identity model and the chameleon collision signature to achieve real-time authentication on the avatar's identity. Security analysis indicates that the proposed authentication framework guarantees the consistency and traceability of the avatar's identity. Simulation experiments show that the framework not only completes the decentralized authentication between avatars but also achieves virtual-physical tracking.

computer science, theory & methods,engineering, electrical & electronic

Zhenyong Zhang,Kedi Yang,Youliang Tian,Jianfeng Ma

2024-09-17

Abstract:Metaverse is a vast virtual world parallel to the physical world, where the user acts as an avatar to enjoy various services that break through the temporal and spatial limitations of the physical world. Metaverse allows users to create arbitrary digital appearances as their own avatars by which an adversary may disguise his/her avatar to fraud others. In this paper, we propose an anti-disguise authentication method that draws on the idea of the first impression from the physical world to recognize an old friend. Specifically, the first meeting scenario in the metaverse is stored and recalled to help the authentication between avatars. To prevent the adversary from replacing and forging the first impression, we construct a chameleon-based signcryption mechanism and design a ciphertext authentication protocol to ensure the public verifiability of encrypted identities. The security analysis shows that the proposed signcryption mechanism meets not only the security requirement but also the public verifiability. Besides, the ciphertext authentication protocol has the capability of defending against the replacing and forging attacks on the first impression. Extensive experiments show that the proposed avatar authentication system is able to achieve anti-disguise authentication at a low storage consumption on the blockchain.

Cryptography and Security

Hui Zhong,Chenpei Huang,Xinyue Zhang,Miao Pan

2023-10-05

Abstract:The Metaverse is a virtual world, an immersive experience, a new human-computer interaction, built upon various advanced technologies. How to protect Metaverse personal information and virtual properties is also facing new challenges, such as new attacks and new expectations of user experiences. While traditional methods (e.g., those employed in smartphone authentication) generally pass the basic design considerations, they are repeatedly reported to be either unsafe or inconvenient in the Metaverse. In this paper, we address this discrepancy by introducing CAN: a new design consideration especially for the Metaverse. Specifically, we focus on the legacy and novel biometric authentication systems and evaluate them thoroughly with basic and CAN considerations. We also propose an ear-based method as one example of CAN systems. To conclude, a continuous, active and non-intrusive biometric system is suggested for Metaverse authentication for its capability in continuous sessions, against imposters, and immersive experience.

Cryptography and Security

Pınar Kürtünlüoğlu,Beste Akdik,Enis Karaarslan

DOI: https://doi.org/10.48550/arXiv.2209.06447

2022-09-14

Abstract:The metaverse is said to be the future Internet and will consist of several worlds called verses. This concept is being discussed a lot lately, however, the security issues of these virtual worlds are not discussed enough. This study first discusses the privacy and security concerns of the metaverse. Virtual reality headsets are the main devices used to access the Metaverse. The user needs to verify their identity to log in to the metaverse platforms, and the security of this phase becomes vital. This paper aims to compare the security of the main authentication methods that are used in virtual reality environments. Information-based, biometric, and multi-model methods are compared and analyzed in terms of security. These methods aim to verify the user with different data types such as 3D patterns, PIN systems, or biometric data. The pros and cons are discussed. The paper also concludes with what work can be done to improve the safety of these authentication methods and future work.

Cryptography and Security

Ruoxia Li,Zengxiang Wang,Liming Fang,Changgen Peng,Weizheng Wang,Hu Xiong

DOI: https://doi.org/10.1109/tce.2024.3372506

2024-01-01

IEEE Transactions on Consumer Electronics

Abstract:The metaverse has dramatically transformed the traditional online realm and garnered significant interest from researchers and industry experts. By integrating with consumer electronics such as wearables and smart devices, it presents an immersive virtual world where individuals can engage in diverse activities. As this integration accelerates, there is an increasing need for robust and efficient methods to secure digital communications and transactions. The distributed Identity-Based Digital Signature (IBS) scheme has emerged as a promising solution to address the challenges of authenticity and integrity. However, most distributed IBS schemes are designed to rely on a trusted Key Generation Center (KGC), which introduces security risks of key escrow and a single point of failure. Meanwhile, the extensive use of cryptographic primitives such as homomorphic encryption and zero-knowledge proofs leads to the inefficiency of most schemes. Therefore, this paper proposes a blockchain-assisted fully distributed IBS scheme for integrating consumer electronics in the metaverse that complies with the IEEE P1363 Standard. In detail, our proposal completely eliminates the need for the trusted KGC and the signing key generation process is distributed among multiple users. In addition, we utilize oblivious transfer instead of homomorphic encryption to construct the signature’s additive share, making our scheme more efficient. Under the discrete logarithm assumption, it has been demonstrated that our scheme possesses existential unforgeability. Finally, based on the theoretical and experimental simulation analyses, our work shows outstanding effectiveness and practicality.

telecommunications,engineering, electrical & electronic

Wenxiang Zhang,Hong Wu

DOI: https://doi.org/10.1051/sands/2023011

2023-05-15

Security and Safety

Abstract:The Metaverse is the digitization of the real world, supported by big data, AI, 5G, cloud computing, blockchain, encryption algorithm, perception technology, digital twin, virtual engine and other technologies that interact with human behaviour and thoughts in avatars through digital identity. Cracking the trust problem brought by the avatar depends on the privacy security and authentication technology for individuals using digital identities to enter the Metaverse. To accomplish personal domination of the avatar, metaverse users need privacy data feeding and emotion projection. They must be equipped with proprietary algorithms to process and analyze the complex data generated in adaptive interactions, which challenges the privacy security of user data in the Metaverse. Distinguishing the significance of different identifiers in personal identity generation while imposing different behavioural regulatory requirements on data processing levels may better balance the relationship between personal privacy security and digital identity protection and data utilization in the Metaverse. In response to digital identity issues, there is an objective need to establish a unified digital identity authentication system to gain the general trust of society. Further, the remedies for a right to personality can be applied to the scenario of unlawful infringement of digital identity and privacy security.

Conghao Ruan,Chunqiang Hu,Xingwang Li,Shaojiang Deng,Zewei Liu,Jiguo Yu

DOI: https://doi.org/10.1109/tce.2024.3377107

2024-01-01

IEEE Transactions on Consumer Electronics

Abstract:Amidst the rapid advancements in metaverse and consumer electronics technology, individuals now have the opportunity to engage in immersive interactive experiences. However, the intimate connection between user data within the metaverse and their real-world identities necessitates the implementation of methods to safeguard the security of user data. Cryptography emerges as a prevalent tool for ensuring data security and consistency. Nevertheless, the inherent features of the metaverse, such as decentralization, pose challenges, rendering many access control strategies either inapplicable or ineffective. This paper proposes a privacy-aware and revocable CP-ABE scheme with fair outsourcing decryption (PRE-CPABE) based on blockchain. The scheme provides fine-grained access control capabilities without requiring a completely trusted central entity. Furthermore, we implement access control policy hiding to shield user privacy. We also consider fairness to both the user and the outsourced service provider. Through rigorous security analysis and performance comparisons, we demonstrate the efficacy of our scheme, showcasing its excellence in both security and efficiency.

telecommunications,engineering, electrical & electronic

Junhui Zhao,Fanwei Huang,Huanhuan Hu,Longxia Liao,Dongming Wang,Lisheng Fan

DOI: https://doi.org/10.1016/j.adhoc.2024.103427

IF: 4.816

2024-01-31

Ad Hoc Networks

Abstract:5G technology has been applied and popularized, leading to the widespread usage of the Internet of Things (IoT) in various areas such as intelligent transportation, home security, fire protection, industrial monitoring, healthcare, and data collection intelligence. Data sharing is one of the key factors for successful application in these fields. However, real-time data sharing through open channels may result in transmitted messages being illegally accessed by attackers, leading to privacy breaches. At present, most existing authentication schemes focus on single gateway authentication models. In order to overcome issues such as elevated communication overhead, reduced network performance, and inefficient cross-domain access in the single gateway model with larger network sizes, we introduce a multi-gateway lightweight authentication scheme as a solution. Firstly, our scheme is based on a three-factor authentication scheme of Chebyshev chaotic mapping, hash function, and XOR operation. This scheme achieves secure authentication between sensor nodes and users, establishes session keys, and also supports user key updates. Secondly, through security analysis, we demonstrate that the proposed scheme resists internal disguise attacks, sensor capture attacks, temporary secret leakage attacks, and achieves forward security of session keys. We additionally provide a demonstration of the semantic security of session keys by utilizing a Random Oracle Model (ROM). Finally, compared to other schemes, the results show that our proposed scheme has lower communication overhead and computational resource requirements, and is more in line with the requirements of lightweight device security authentication in the IoT.

computer science, information systems,telecommunications

Kedi Yang,Zhenyong Zhang,Youliang Tian

2024-08-30

Abstract:Metaverse allows users to delegate their AI models to an AI engine, which builds corresponding AI-driven avatars to provide immersive experience for other users. Since current authentication methods mainly focus on human-driven avatars and ignore the traceability of AI-driven avatars, attackers may delegate the AI models of a target user to an AI proxy program to perform impersonation attacks without worrying about being detected. In this paper, we propose an authentication method using multi-factors to guarantee the traceability of AI-driven avatars. Firstly, we construct a user's identity model combining the manipulator's iris feature and the AI proxy's public key to ensure that an AI-driven avatar is associated with its original manipulator. Secondly, we propose a chameleon proxy signature scheme that supports the original manipulator to delegate his/her signing ability to an AI proxy. Finally, we design three authentication protocols for avatars based on the identity model and the chameleon proxy signature to guarantee the virtual-to-physical traceability including both the human-driven and AI-driven avatars. Security analysis shows that the proposed signature scheme is unforgeability and the authentication method is able to defend against false accusation. Extensive evaluations show that the designed authentication protocols complete user login, avatar delegation, mutual authentication, and avatar tracing in about 1s, meeting the actual application needs and helping to mitigate impersonation attacks by AI-driven avatars.

Cryptography and Security

Jungwon Seo,Hankyeong Ko,Sooyong Park

DOI: https://doi.org/10.1109/access.2024.3357938

IF: 3.9

2024-02-10

IEEE Access

Abstract:As the metaverse gains attraction, the importance of metaverse security research becomes increasingly evident. While there has been research on authenticating users in the metaverse, there is a notable gap in research concerning the authentication of specific spaces within the metaverse. This paper addresses this gap by proposing a novel user-centric blockchain-based authentication approach that incorporates space authentication. The proposed approach leverages blockchain smart contracts to authenticate users using cosine similarity metrics. A significant advantage of this approach its ability to establish user-centric authentication by seamlessly integrating metaverse and blockchain technologies, all without the need for a centralized authority. In this paper, we not only evaluate the security of our proposed approach but also conduct experiments to determine the cosine similarity threshold and assess its feasibility within a metaverse environment.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jianrui Chen,Jingjing Wang,Chunxiao Jiang,Yong Ren,Lajos Hanzo

2023-05-16

Abstract:As an evolving successor to the mobile Internet, the Metaverse creates the impression of an immersive environment, integrating the virtual as well as the real world. In contrast to the traditional mobile Internet based on servers, the Metaverse is constructed by billions of cooperating users by harnessing their smart edge devices having limited communication and computation resources. In this immersive environment an unprecedented amount of multi-modal data has to be processed. To circumvent this impending bottleneck, low-rate semantic communication might be harnessed in support of the Metaverse. But given that private multi-modal data is exchanged in the Metaverse, we have to guard against security breaches and privacy invasions. Hence we conceive a trust-worthy semantic communication system for the Metaverse based on a federated learning architecture by exploiting its distributed decision-making and privacy-preserving capability. We conclude by identifying a suite of promising research directions and open issues.

Cryptography and Security,Signal Processing

Yanwei Gong,Xiaolin Chang,Jelena Mišić,Vojislav B. Mišić,Yingying Yao

DOI: https://doi.org/10.48550/arXiv.2310.05033

2023-10-08

Abstract:Establishing and sustaining Metaverse service necessitates an unprecedented scale of resources. This paper considers the deployment of Metaverse service in a cloud-edge resource architecture, which can satisfy the escalating demand for Metaverse service resources while ensuring both high bandwidth and low latency. We propose a novel mechanism, named Reliable and Secure Metaverse Service (RSMS), to ensure Metaverse service reliability and security without sacrificing performance. RSMS consists of two protocols: (1) One is a blockchain-based lightweight mutual authentication protocol concerning heterogeneous Metaverse service resource nodes (RNs) dynamically joining a Metaverse service resource pool while guaranteeing their trustworthiness, which guarantees the security of Metaverse service. (2) The other is a group authentication protocol used to form and maintain a stable and secure Metaverse service group composed by RNs, which ensures the reliability and enhances the security of Metaverse service. The reliability and security of Metaverse service under RSMS are thoroughly discussed, and informal and formal security analysis are conducted. Additionally, we study the impact of RSMS on Metaverse service throughput, demonstrating its lightweight feature.

Cryptography and Security

Jianrui Chen,Jingjing Wang,Chunxiao Jiang,Yong Ren,Lajos Hanzo

DOI: https://doi.org/10.1109/mwc.001.2200587

IF: 12.777

2023-08-01

IEEE Wireless Communications

Abstract:As an evolving successor to the mobile Internet, the Metaverse creates the impression of an immersive environment, integrating the virtual and real world. In contrast to the traditional mobile Internet based on servers, the Metaverse is constructed by billions of cooperating users by harnessing their smart edge devices and having limited communication and computation resources. In this immersive environment, an unprecedented amount of multi-modal data has to be processed. To circumvent this impending bottleneck, low-rate semantic communication might be harnessed in support of the Metaverse. However, given that private multi-modal data is exchanged in the Metaverse, we have to guard against security breaches and privacy invasions. Hence, we conceive a trust-worthy semantic communication system for the Metaverse based on a federated learning architecture by exploiting its distributed decision-making and privacy-preserving capability. We conclude by identifying a suite of promising research directions and open issues.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Jiawei Wang,BoYu Gao,Huawei Tu,Hai-Ning Liang,Zitao Liu,Weiqi Luo,Jian Weng

DOI: https://doi.org/10.1080/10447318.2023.2217608

IF: 4.92

2023-06-12

International Journal of Human-Computer Interaction

Abstract:As Virtual Reality (VR) applications gain popularity, the need for a secure, usable, and memorable user authentication method becomes crucial. However, security and privacy in such VR applications are often ignored. Current methods are insufficient in preventing man-in-the-room (MITR) attacks, which allow attackers to observe user interactions in VR while remaining invisible, and inputted passwords can easily be stolen. In this study, we propose a dynamic combination of multi-attribute authentication methods for VR, where various 3D objects and their attributes can be created and displayed. Users must select combinations of 3D objects and their attributes provided by our designed principles for identity authentication. We explore the impact of method parameters on security and provide three specific parameter schemes to deploy the practical authentication system. We designed three user studies to evaluate the usability, security, and memorability of our authentication system. The results show that the proposed scheme can effectively resist both shoulder surfing and MITR attacks with unsuccessful attack rates of 100% and 95.83%, respectively. Furthermore, this research provides suggestions to secure VR applications while maintaining usability and enhancing the memorability of the authentication method.

computer science, cybernetics,ergonomics

Xinyu Zhou,Yang Li,Jun Zhao

DOI: https://doi.org/10.48550/arXiv.2301.12085

2023-03-10

Abstract:Metaverse has become a buzzword recently. Mobile augmented reality (MAR) is a promising approach to providing users with an immersive experience in the Metaverse. However, due to limitations of bandwidth, latency and computational resources, MAR cannot be applied on a large scale in the Metaverse yet. Moreover, federated learning, with its privacy-preserving characteristics, has emerged as a prospective distributed learning framework in the future Metaverse world. In this paper, we propose a federated learning assisted MAR system via non-orthogonal multiple access for the Metaverse. Additionally, to optimize a weighted sum of energy, latency and model accuracy, a resource allocation algorithm is devised by setting appropriate transmission power, CPU frequency and video frame resolution for each user. Experimental results demonstrate that our proposed algorithm achieves an overall good performance compared to a random algorithm and greedy algorithm.

Social and Information Networks

Ruoyu Zhao,Yushu Zhang,Youwen Zhu,Rushi Lan,Zhongyun Hua

DOI: https://doi.org/10.57019/jmv.1286526

2023-06-18

Abstract:The term "metaverse", a three-dimensional virtual universe similar to the real realm, has always been full of imagination since it was put forward in the 1990s. Recently, it is possible to realize the metaverse with the continuous emergence and progress of various technologies, and thus it has attracted extensive attention again. It may bring a lot of benefits to human society such as reducing discrimination, eliminating individual differences, and socializing. However, everything has security and privacy concerns, which is no exception for the metaverse. In this article, we firstly analyze the concept of the metaverse and propose that it is a super virtual-reality (VR) ecosystem compared with other VR technologies. Then, we carefully analyze and elaborate on possible security and privacy concerns from four perspectives: user information, communication, scenario, and goods, and immediately, the potential solutions are correspondingly put forward. Meanwhile, we propose the need to take advantage of the new buckets effect to comprehensively address security and privacy concerns from a philosophical perspective, which hopefully will bring some progress to the metaverse community.

Computers and Society

Yuntao Wang,Zhou Su,Ning Zhang,Rui Xing,Dongxiao Liu,Tom H. Luan,Xuemin Shen

DOI: https://doi.org/10.1109/COMST.2022.3202047

2022-09-09

Abstract:Metaverse, as an evolving paradigm of the next-generation Internet, aims to build a fully immersive, hyper spatiotemporal, and self-sustaining virtual shared space for humans to play, work, and socialize. Driven by recent advances in emerging technologies such as extended reality, artificial intelligence, and blockchain, metaverse is stepping from science fiction to an upcoming reality. However, severe privacy invasions and security breaches (inherited from underlying technologies or emerged in the new digital ecology) of metaverse can impede its wide deployment. At the same time, a series of fundamental challenges (e.g., scalability and interoperability) can arise in metaverse security provisioning owing to the intrinsic characteristics of metaverse, such as immersive realism, hyper spatiotemporality, sustainability, and heterogeneity. In this paper, we present a comprehensive survey of the fundamentals, security, and privacy of metaverse. Specifically, we first investigate a novel distributed metaverse architecture and its key characteristics with ternary-world interactions. Then, we discuss the security and privacy threats, present the critical challenges of metaverse systems, and review the state-of-the-art countermeasures. Finally, we draw open research directions for building future metaverse systems.

Cryptography and Security

Guangjun Liang,Jianfang Xin,Qun Wang,Xueli Ni,Xiangmin Guo,Pu Chen

DOI: https://doi.org/10.32604/cmc.2023.038403

2023-01-01

Abstract:As a subversive concept, the metaverse has recently attracted widespread attention around the world and has set off a wave of enthusiasm in academic, industrial, and investment circles. However, while the metaverse brings unprecedented opportunities for transformation to human society, it also contains related risks. Metaverse is a digital living space with information infrastructure, interoperability system, content production system, and value settlement system as the underlying structure in which the inner core is to connect real residents through applications and identities. Through social incentives and governance rules, the metaverse reflects the digital migration of human society. This article will conduct an in-depth analysis of the metaverse from the perspective of electronic data forensics. First, from the perspective of Internet development, the background and development process of the metaverse is discussed. By systematically elaborating on the concept and connotation of the metaverse, this paper summarizes the different views of current practitioners, experts, and scholars on the metaverse. Secondly, from the perspective of metaverse security, the social risk and crime risks of the metaverse are discussed. Then the importance of metaverse forensics is raised. Third, from the perspective of blockchain, smart wearable devices, and virtual reality devices, the objects and characteristics of metaverse forensics have been studied in depth. Taking smart wearable devices as an example, this paper gives the relevant experimental process of smart bracelet forensics. Finally, many challenges faced by metaverse forensics are summarized by us which provide readers with some exploratory guidance.

computer science, information systems,materials science, multidisciplinary