Yan Meng,Yuxia Zhan,Jiachun Li,Suguo Du,Haojin Zhu,Xuemin Sherman Shen

DOI: https://doi.org/10.1109/infocom53939.2023.10229062

2023-01-01

Abstract:Virtual reality (VR) can provide users with an immersive experience in the metaverse. One of the most promising properties of VR is that users’ identities can be protected by changing their physical world appearances into arbitrary virtual avatars. However, recent proposed de-anonymization attacks demonstrate the feasibility of recognizing the user’s identity behind the VR avatar’s masking. In this paper, we propose AvatarHunter, a non-intrusive and user-unconscious de-anonymization attack based on victims’ inherent movement signatures. AvatarHunter imperceptibly collects the victim avatar’s gait information via recording videos from multiple views in the VR scenario without requiring any permission. A Unity-based feature extractor is designed that preserves the avatar’s movement signature while immune to the avatar’s appearance changes. Real-world experiments are conducted in VRChat, one of the most popular VR applications. The experimental results demonstrate that AvatarHunter can achieve attack success rates of 92.1% and 66.9% in closed-world and open-world avatar settings, respectively, which are much better than existing works.

Brandon Falk,Yan Meng,Yuxia Zhan,Haojin Zhu

DOI: https://doi.org/10.1145/3460120.3485345

2021-01-01

Abstract:Virtual reality (VR) is on the precipice of entering mainstream entertainment with devices equipped with a multitude of sensing, tracking, and internet capabilities that can reshape the current infotainment industry such as online gaming or conferences with novel features. With VR techniques, the online gamer or conference attendances could choose to keep their identity anonymous by easily altering their appearances (i.e., avatars). However, in this study, we present ReAvatar, a novel de-anonymization attack that identifies users by their virtual avatar via a correlation in specific recorded movements. Using 3D pose estimation, we train a sophisticated machine learning model with user movement data recorded while performing a set of movements in real life and then again with their avatars. We then map correlations between these two sets of movement data using a bespoke agglomerative clustering algorithm and establish relationship between the user's virtual and real-life identity. ReAvatar achieves 89.60% accuracy in detecting a unique user among multiple avatars. The security and privacy implications of this paper will be foundational for users and researchers alike that explore the realm of virtual reality.

Mohd Sabra,Nisha Vinayaga Sureshkanth,Ari Sharma,Anindya Maiti,Murtuza Jadliwala

DOI: https://doi.org/10.48550/arXiv.2301.09041

2023-01-22

Cryptography and Security

Abstract:Virtual Reality (VR) is an exciting new consumer technology which offers an immersive audio-visual experience to users through which they can navigate and interact with a digitally represented 3D space (i.e., a virtual world) using a headset device. By (visually) transporting users from the real or physical world to exciting and realistic virtual spaces, VR systems can enable true-to-life and more interactive versions of traditional applications such as gaming, remote conferencing, social networking and virtual tourism. However, as with any new consumer technology, VR applications also present significant user-privacy challenges. This paper studies a new type of privacy attack targeting VR users by connecting their activities visible in the virtual world (enabled by some VR application/service) to their physical state sensed in the real world. Specifically, this paper analyzes the feasibility of carrying out a de-anonymization or identification attack on VR users by correlating visually observed movements of users' avatars in the virtual world with some auxiliary data (e.g., motion sensor data from mobile/wearable devices held by users) representing their context/state in the physical world. To enable this attack, this paper proposes a novel framework which first employs a learning-based activity classification approach to translate the disparate visual movement data and motion sensor data into an activity-vector to ease comparison, followed by a filtering and identity ranking phase outputting an ordered list of potential identities corresponding to the target visual movement data. Extensive empirical evaluation of the proposed framework, under a comprehensive set of experimental settings, demonstrates the feasibility of such a de-anonymization attack.

Zhuolin Yang,Cathy Yuanchen Li,Arman Bhalla,Ben Y. Zhao,Haitao Zheng

2024-09-10

Abstract:Today's virtual reality (VR) systems provide immersive interactions that seamlessly connect users with online services and one another. However, these immersive interfaces also introduce new vulnerabilities, making it easier for users to fall prey to new attacks. In this work, we introduce the immersive hijacking attack, where a remote attacker takes control of a user's interaction with their VR system, by trapping them inside a malicious app that masquerades as the full VR interface. Once trapped, all of the user's interactions with apps, services and other users can be recorded and modified without their knowledge. This not only allows traditional privacy attacks but also introduces new interaction attacks, where two VR users encounter vastly different immersive experiences during their interaction. We present our implementation of the immersive hijacking attack on Meta Quest headsets and conduct IRB-approved user studies that validate its efficacy and stealthiness. Finally, we examine effectiveness and tradeoffs of various potential defenses, and propose a multifaceted defense pipeline.

Cryptography and Security

Zihao Su,Kunlin Cai,Reuben Beeler,Lukas Dresel,Allan Garcia,Ilya Grishchenko,Yuan Tian,Christopher Kruegel,Giovanni Vigna

2024-09-17

Abstract:As Virtual Reality (VR) applications grow in popularity, they have bridged distances and brought users closer together. However, with this growth, there have been increasing concerns about security and privacy, especially related to the motion data used to create immersive experiences. In this study, we highlight a significant security threat in multi-user VR applications, which are applications that allow multiple users to interact with each other in the same virtual space. Specifically, we propose a remote attack that utilizes the avatar rendering information collected from an adversary's game clients to extract user-typed secrets like credit card information, passwords, or private conversations. We do this by (1) extracting motion data from network packets, and (2) mapping motion data to keystroke entries. We conducted a user study to verify the attack's effectiveness, in which our attack successfully inferred 97.62% of the keystrokes. Besides, we performed an additional experiment to underline that our attack is practical, confirming its effectiveness even when (1) there are multiple users in a room, and (2) the attacker cannot see the victims. Moreover, we replicated our proposed attack on four applications to demonstrate the generalizability of the attack. Lastly, we proposed a defense against the attack, which has been implemented by major players in the VR industry. These results underscore the severity of the vulnerability and its potential impact on millions of VR social platform users.

Cryptography and Security

Yu-Szu Wei,Yuan-Chun Sun,Shin-Yi Zheng,Hsun-Fu Hsu,Chun-Ying Huang,Cheng-Hsin Hsu

DOI: https://doi.org/10.1109/mipr62202.2024.00040

2024-01-01

Abstract:Virtual Reality (VR) applications take users' Head-Mounted Display (HMD) and controller trajectories as inputs for an immersive experience. Leakage of these trajectories threatens user privacy in several aspects, including but not limited to their identities. Existing privacy-preserving approaches, however, overlook the temporal correlation of VR user trajectories, which could be leveraged by attackers. In this paper, we develop a disturber to perturb VR user trajectories in both temporal and spatial domains on the fly. Such trajectory perturbations could, unfortunately, lead to distorted rendered VR viewports. Thus, we develop a compensator to recover from such distortion using efficient image-warping algorithms. Our evaluation results show the merits of our proposed solution: (i) our disturber alone reduces at most 0.42 re-identification rate of VR users compared to the state-of-the-art approach, (ii) our disturber alone outperforms the state-of-the-art approach by 2.43 dB in PSNR, 0.13 in SSIM, and 8.15 in VMAF under the same privacy-preserving settings, and (iii) our compensator further boosts the visual quality of a VR application by at most 6.83 dB in PSNR, 0.45 in SSIM, and 34.57 in VMAF, compared to disturber-only solution.

Vivek Nair,Gonzalo Munilla Garrido,Dawn Song,James F. O'Brien

DOI: https://doi.org/10.56553/popets-2023-0108

2023-12-13

Abstract:Fifty study participants playtested an innocent-looking "escape room" game in virtual reality (VR). Within just a few minutes, an adversarial program had accurately inferred over 25 of their personal data attributes, from anthropometrics like height and wingspan to demographics like age and gender. As notoriously data-hungry companies become increasingly involved in VR development, this experimental scenario may soon represent a typical VR user experience. Since the Cambridge Analytica scandal of 2018, adversarially designed gamified elements have been known to constitute a significant privacy threat in conventional social platforms. In this work, we present a case study of how metaverse environments can similarly be adversarially constructed to covertly infer dozens of personal data attributes from seemingly anonymous users. While existing VR privacy research largely focuses on passive observation, we argue that because individuals subconsciously reveal personal information via their motion in response to specific stimuli, active attacks pose an outsized risk in VR environments.

Cryptography and Security

Vivek Nair,Gonzalo Munilla Garrido,Dawn Song

DOI: https://doi.org/10.1145/3586183.3606754

2023-10-23

Abstract:Virtual reality (VR) telepresence applications and the so-called "metaverse" promise to be the next major medium of human-computer interaction. However, with recent studies demonstrating the ease at which VR users can be profiled and deanonymized, metaverse platforms carry many of the privacy risks of the conventional internet (and more) while at present offering few of the defensive utilities that users are accustomed to having access to. To remedy this, we present the first known method of implementing an "incognito mode" for VR. Our technique leverages local differential privacy to quantifiably obscure sensitive user data attributes, with a focus on intelligently adding noise when and where it is needed most to maximize privacy while minimizing usability impact. Our system is capable of flexibly adapting to the unique needs of each VR application to further optimize this trade-off. We implement our solution as a universal Unity (C#) plugin that we then evaluate using several popular VR applications. Upon faithfully replicating the most well-known VR privacy attack studies, we show a significant degradation of attacker capabilities when using our solution.

Cryptography and Security

Ismat Jarin,Yu Duan,Rahmadi Trimananda,Hao Cui,Salma Elmalaki,Athina Markopoulou

2024-09-23

Abstract:Virtual reality (VR) platforms enable a wide range of applications, however, pose unique privacy risks. In particular, VR devices are equipped with a rich set of sensors that collect personal and sensitive information (e.g., body motion, eye gaze, hand joints, and facial expression). The data from these newly available sensors can be used to uniquely identify a user, even in the absence of explicit identifiers. In this paper, we seek to understand the extent to which a user can be identified based solely on VR sensor data, within and across real-world apps from diverse genres. We consider adversaries with capabilities that range from observing APIs available within a single app (app adversary) to observing all or selected sensor measurements across multiple apps on the VR device (device adversary). To that end, we introduce BehaVR, a framework for collecting and analyzing data from all sensor groups collected by multiple apps running on a VR device. We use BehaVR to collect data from real users that interact with 20 popular real-world apps. We use that data to build machine learning models for user identification within and across apps, with features extracted from available sensor data. We show that these models can identify users with an accuracy of up to 100%, and we reveal the most important features and sensor groups, depending on the functionality of the app and the adversary. To the best of our knowledge, BehaVR is the first to analyze user identification in VR comprehensively, i.e., considering all sensor measurements available on consumer VR devices, collected by multiple real-world, as opposed to custom-made, apps.

Human-Computer Interaction,Cryptography and Security

Kedi Yang,Zhenyong Zhang,Youliang Tian

2024-08-30

Abstract:Metaverse allows users to delegate their AI models to an AI engine, which builds corresponding AI-driven avatars to provide immersive experience for other users. Since current authentication methods mainly focus on human-driven avatars and ignore the traceability of AI-driven avatars, attackers may delegate the AI models of a target user to an AI proxy program to perform impersonation attacks without worrying about being detected. In this paper, we propose an authentication method using multi-factors to guarantee the traceability of AI-driven avatars. Firstly, we construct a user's identity model combining the manipulator's iris feature and the AI proxy's public key to ensure that an AI-driven avatar is associated with its original manipulator. Secondly, we propose a chameleon proxy signature scheme that supports the original manipulator to delegate his/her signing ability to an AI proxy. Finally, we design three authentication protocols for avatars based on the identity model and the chameleon proxy signature to guarantee the virtual-to-physical traceability including both the human-driven and AI-driven avatars. Security analysis shows that the proposed signature scheme is unforgeability and the authentication method is able to defend against false accusation. Extensive evaluations show that the designed authentication protocols complete user login, avatar delegation, mutual authentication, and avatar tracing in about 1s, meeting the actual application needs and helping to mitigate impersonation attacks by AI-driven avatars.

Cryptography and Security

Kedi Yang,Zhenyong Zhang,Tian Youliang,Jianfeng Ma

DOI: https://doi.org/10.1109/tifs.2023.3288689

IF: 7.231

2023-07-04

IEEE Transactions on Information Forensics and Security

Abstract:Metaverse is a vast virtual environment parallel to the physical world in which users enjoy a variety of services acting as an avatar. To build a secure living habitat, it's vital to ensure the virtual-physical traceability that tracking a malicious player in the physical world via his avatars in virtual space. In this paper, we propose a two-factor authentication framework based on biometric-based authentication and chameleon signature. First, aiming at disguise in virtual space, we design an avatar's two-factor identity model to ensure the verifiability of avatar's virtual identity and physical identity. Second, facing at authentication efficiency and keys holding cost, we propose a chameleon collision signature algorithm to efficiently ensure that the avatar's virtual identity is associated with its physical identity. Finally, aiming at impersonation in the physical world, we design two decentralized authentication protocols based on the avatar's identity model and the chameleon collision signature to achieve real-time authentication on the avatar's identity. Security analysis indicates that the proposed authentication framework guarantees the consistency and traceability of the avatar's identity. Simulation experiments show that the framework not only completes the decentralized authentication between avatars but also achieves virtual-physical tracking.

computer science, theory & methods,engineering, electrical & electronic

Cong Shi,Xiangyu Xu,Tianfang Zhang,Payton Walker,Yi Wu,Jian Liu,Nitesh Saxena,Yingying Chen,Jiadi Yu

DOI: https://doi.org/10.1145/3447993.3483272

2021-01-01

Abstract:Augmented reality/virtual reality (AR/VR) has extended beyond 3D immersive gaming to a broader array of applications, such as shopping, tourism, education. And recently there has been a large shift from handheld-controller dominated interactions to headset-dominated interactions via voice interfaces. In this work, we show a serious privacy risk of using voice interfaces while the user is wearing the face-mounted AR/VR devices. Specifically, we design an eavesdropping attack, Face-Mic, which leverages speech-associated subtle facial dynamics captured by zero-permission motion sensors in AR/VR headsets to infer highly sensitive information from live human speech, including speaker gender, identity, and speech content. Face-Mic is grounded on a key insight that AR/VR headsets are closely mounted on the user's face, allowing a potentially malicious app on the headset to capture underlying facial dynamics as the wearer speaks, including movements of facial muscles and bone-borne vibrations, which encode private biometrics and speech characteristics. To mitigate the impacts of body movements, we develop a signal source separation technique to identify and separate the speech-associated facial dynamics from other types of body movements. We further extract representative features with respect to the two types of facial dynamics. We successfully demonstrate the privacy leakage through AR/VR headsets by deriving the user's gender/identity and extracting speech information via the development of a deep learning-based framework. Extensive experiments using four mainstream VR headsets validate the generalizability, effectiveness, and high accuracy of Face-Mic.

Luoyu Mei,Ruofeng Liu,Zhimeng Yin,Qingchuan Zhao,Wenchao Jiang,Shuai Wang,Kangjie Lu,Tian He

2024-11-15

Abstract:Virtual reality (VR), while enhancing user experiences, introduces significant privacy risks. This paper reveals a novel vulnerability in VR systems that allows attackers to capture VR privacy through obstacles utilizing millimeter-wave (mmWave) signals without physical intrusion and virtual connection with the VR devices. We propose mmSpyVR, a novel attack on VR user's privacy via mmWave radar. The mmSpyVR framework encompasses two main parts: (i) A transfer learning-based feature extraction model to achieve VR feature extraction from mmWave signal. (ii) An attention-based VR privacy spying module to spy VR privacy information from the extracted feature. The mmSpyVR demonstrates the capability to extract critical VR privacy from the mmWave signals that have penetrated through obstacles. We evaluate mmSpyVR through IRB-approved user studies. Across 22 participants engaged in four experimental scenes utilizing VR devices from three different manufacturers, our system achieves an application recognition accuracy of 98.5\% and keystroke recognition accuracy of 92.6\%. This newly discovered vulnerability has implications across various domains, such as cybersecurity, privacy protection, and VR technology development. We also engage with VR manufacturer Meta to discuss and explore potential mitigation strategies. Data and code are publicly available for scrutiny and research at <a class="link-external link-https" href="https://github.com/luoyumei1-a/mmSpyVR/" rel="external noopener nofollow">this https URL</a>

Cryptography and Security,Computer Vision and Pattern Recognition

Samantha Aziz,Oleg Komogortsev

2024-11-18

Abstract:Virtual reality (VR) devices use a variety of sensors to capture a rich body of user-generated data, which can be misused by malicious parties to covertly infer information about the user. Privacy-enhancing techniques seek to reduce the amount of personally identifying information in sensor data, but these techniques are typically developed for a subset of data streams that are available on the platform, without consideration for the auxiliary information that may be readily available from other sensors. In this paper, we evaluate whether body motion data can be used to circumvent the privacy protections applied to eye tracking data to enable user identification on a VR platform, and vice versa. We empirically show that eye tracking, headset tracking, and hand tracking data are not only informative for inferring user identity on their own, but contain complementary information that can increase the rate of successful user identification. Most importantly, we demonstrate that applying privacy protections to only a subset of the data available in VR can create an opportunity for an adversary to bypass those privacy protections by using other unprotected data streams that are available on the platform, performing a user identification attack as accurately as though a privacy mechanism was never applied. These results highlight a new privacy consideration at the intersection between eye tracking and VR, and emphasizes the need for privacy-enhancing techniques that address multiple technologies comprehensively.

Human-Computer Interaction

Jiuzhen Zeng,Laurence T. Yang,Chao Wang,Junjie Su,Xianjun Deng

DOI: https://doi.org/10.1145/3689429

2024-01-01

Abstract:Avatar is one of the most intuitive central components in Metaverse, and faces serious security problem particularly during the interacting with each other. In this paper, we consider the problem of timely detecting the stealthy anomaly in the avatar interaction, which is crucial for the security and privacy in Metaverse. With this goal, a new tensor summary statistic is proposed first to well depict the statistical discrepancy between normal and anomalous interaction volume samples, even when anomalies are stealthy. The proposed tensor summary statistic is established from the tensor linear representation residual which naturally implies the statistical probability that an interaction volume sample lies within or deviates from the tensor lateral space. Moreover, a convex optimization programme is introduced to robustly recover the tensor lateral space in the presence of anomalous samples, thereby enhancing the robustness of our tensor summary statistic. On the basis of the tensor summary statistic, a non-parametric statistic framework is developed for the real-time detection of the stealthy interaction volume anomaly. We also provide theoretical analysis concerning its detection performance and parameter selection. Extensive experiments using synthetic and real-world datasets verify our effectiveness and superiority. Compared with benchmark methods, the proposed detection scheme achieves significantly lower detection delay and higher false alarm period, particularly in detection of stealthy anomalies with a low change rate.

Ethan Wilson,Azim Ibragimov,Michael J. Proulx,Sai Deep Tetali,Kevin Butler,Eakta Jain

DOI: https://doi.org/10.1109/tvcg.2024.3372032

IF: 5.2

2024-01-01

IEEE Transactions on Visualization and Computer Graphics

Abstract:Eye tracking is routinely being incorporated into virtual reality (VR) systems. Prior research has shown that eye tracking data, if exposed, can be used for re-identification attacks [14]. The state of our knowledge about currently existing privacy mechanisms is limited to privacy-utility trade-off curves based on data-centric metrics of utility, such as prediction error, and black-box threat models. We propose that for interactive VR applications, it is essential to consider user-centric notions of utility and a variety of threat models. We develop a methodology to evaluate real-time privacy mechanisms for interactive VR applications that incorporate subjective user experience and task performance metrics. We evaluate selected privacy mechanisms using this methodology and find that re-identification accuracy can be decreased to as low as 14% while maintaining a high usability score and reasonable task performance. Finally, we elucidate three threat scenarios (black-box, black-box with exemplars, and white-box) and assess how well the different privacy mechanisms hold up to these adversarial scenarios. This work advances the state of the art in VR privacy by providing a methodology for end-to-end assessment of the risk of re-identification attacks and potential mitigating solutions. f.

computer science, software engineering

Alec G. Moore,Ryan P. McMahan,Hailiang Dong,Nicholas Ruozzi

DOI: https://doi.org/10.1109/ismar52148.2021.00037

2021-10-01

Abstract:Recent research indicates that user tracking data from virtual reality (VR) experiences can be used to personally identify users with degrees of accuracy as high as 95%. However, these results indicating that VR tracking data should be understood as personally identifying data were based on observing 360° videos. In this paper, we present results based on sessions of user tracking data from an ecologically valid VR training application, which indicate that the prior claims may not be as applicable for identifying users beyond the context of observing 360° videos. Our results indicate that the degree of identification accuracy notably decreases between VR sessions. Furthermore, we present results indicating that user tracking data can be obfuscated by encoding positional data as velocity data, which has been successfully used to predict other user experience outcomes like simulator sickness and knowledge acquisition. These results, which show identification accuracies were reduced by more than half, indicate that velocity-based encoding can be used to reduce identifiability and help protect personal identifying data.

Ekta Prashnani,Koki Nagano,Shalini De Mello,David Luebke,Orazio Gallo

2024-08-05

Abstract:Modern avatar generators allow anyone to synthesize photorealistic real-time talking avatars, ushering in a new era of avatar-based human communication, such as with immersive AR/VR interactions or videoconferencing with limited bandwidths. Their safe adoption, however, requires a mechanism to verify if the rendered avatar is trustworthy: does it use the appearance of an individual without their consent? We term this task avatar fingerprinting. To tackle it, we first introduce a large-scale dataset of real and synthetic videos of people interacting on a video call, where the synthetic videos are generated using the facial appearance of one person and the expressions of another. We verify the identity driving the expressions in a synthetic video, by learning motion signatures that are independent of the facial appearance shown. Our solution, the first in this space, achieves an average AUC of 0.85. Critical to its practical use, it also generalizes to new generators never seen in training (average AUC of 0.83). The proposed dataset and other resources can be found at: <a class="link-external link-https" href="https://research.nvidia.com/labs/nxp/avatar-fingerprinting/" rel="external noopener nofollow">this https URL</a>.

Computer Vision and Pattern Recognition

Xuetong Wang,Ziyan Wang,Mingmin Zhang,Kangyou Yu,Pan Hui,Mingming Fan

2024-10-15

Abstract:Sexual harassment has been recognized as a significant social issue. In recent years, the emergence of harassment in social virtual reality (VR) has become an important and urgent research topic. We employed a mixed-methods approach by conducting online surveys with VR users (N = 166) and semi-structured interviews with social VR users (N = 18) to investigate how users perceive sexual harassment in social VR, focusing on the influence of avatar appearance. Moreover, we derived users' response strategies to sexual harassment and gained insights on platform regulation. This study contributes to the research on sexual harassment in social VR by examining the moderating effect of avatar appearance on user perception of sexual harassment and uncovering the underlying reasons behind response strategies. Moreover, it presents novel prospects and challenges in platform design and regulation domains.

Human-Computer Interaction

Xuanyu Wang,Yang Wang,Yan Shi,Weizhan Zhang,Qinghua Zheng

DOI: https://doi.org/10.1145/3394171.3414449

2020-01-01

Abstract:To further enhance the immersion perception of remote interaction, avatars can be involved harnessing Head Mounted Display (HMD) based Augmented Reality (AR). In our demonstration, we present an avatar based remote interaction system AvatarMeeting, enabling users to meet with remote peers through interactive personalized avatars just like face to face. Specifically, we propose a novel framework including a consumer-grade set-up, a complete transmission scheme and a processing pipeline, which consists of prescan modeling, pose detection and action reconstruction. And an angle based reconstruction approach is introduced to empower the AR avatars to perform the same actions as each remote real person do in real time smoothly while keeping a good avatar shape.