A three-step authentication system for the metaverse

A three-step authentication system for the metaverse

The proposed login screen. The user needs to enter their email id and perform the authentication operation. Here the user is allowed to choose any avatar in the metaverse. Credit: Chakkaravarthy, Mitra et al.

In recent years, many computer scientists have explored the notion of a metaverse, an online space in which users can access different virtual environments and immersive experiences, using VR and AR headsets. While browsing the metaverse, users may also share personal data, whether to purchase goods, connect with other users, or for other purposes.

Previous studies have consistently highlighted the limitations of password authentication systems, as there are now many cyber attacks and strategies to crack them. To increase the security of users browsing the metaverse, password authentication would therefore be far from ideal.

This inspired a team of researchers from VIT-AP University in India to create MetaSecure, a passwordless authentication system for the metaverse. This system, presented in a pre-published article on arXivcombines three different authentication techniques, namely device attestation, facial recognition, and physical security keys.

“The metaverse concept promotes the sustainable growth of human civilizations, enhancing communication on a virtual platform,” Sibi Chakkaravarthy and Aditya Mitra, two of the researchers who conducted the study, told Tech Xplore. “In such a scenario, the security of its digital identity is a major concern. Thus, we proposed MetaSecure, a new authentication system.”

MetaSecure was designed to dramatically increase the security of the metaverse, protecting users when engaging in a range of virtual activities. The authentication system can secure a wide range of personal data and assets, including digital assets, online identities, avatars, and financial information.

A three-step authentication system for the metaverse

Users enter and navigate the world where they can interact with other metaverse users. Credit: Chakkaravarthy, Mitra et al.

“MetaSecure ensures that digital identities, digital assets, and other sensitive information in the virtual world of the metaverse are protected and verified,” Chakkaravarthy and Mitra explained.

“The user registers their device and physical security key. To sign in, users must go through three security checks, facial recognition, physical security key, and device verification. The uniqueness of MetaSecure lies in the use of FIDO2 standards which ensure that all users in the metaverse are genuine and will help control the number of fake users on VR platforms.”

MetaSecure might have an advantage over other passwordless authentication systems introduced in the past, as it implements three different layers of authentication, including device verification, which is known to be very difficult to circumvent. Additionally, this authentication system comes in a simple software development kit (SDK) that can be implemented on virtually any device, including VR and AR devices.

“Through various notable studies, we found that the increase in cybercrimes on virtual reality platforms was linked to users not having verified unique identities,” Chakkaravarthy and Mitra said. “Extensive research has revealed that password authentication is not as effective as other methods, due to attacks such as social engineering, keylogging, phishing, vishing, etc. “With MetaSecure, we eliminate vulnerabilities to these known attacks.”

In the future, authentication systems such as MetaSecure could help secure the metaverse, preventing a variety of incidents and data breaches. For example, it could protect users from the theft of digital identities, personal data, and avatars, while protecting them from teasing, cyberbullying, and many other cybercrimes that can take place on virtual reality platforms.

“MetaSecure has enormous scope in future research, as it can also be implemented in transactions and the exchange of sensitive information via augmented reality, where the FIDO2 enabled security key used in authentication will guarantee secrecy. and privacy to users,” added Chakkaravarthy and Mitra. .

More information:
Sibi Chakkaravarthy Sethuraman et al, MetaSecure: passwordless authentication for the metaverse, arXiv (2023). DOI: 10.48550/arxiv.2301.01770

Journal information:
arXiv

© 2023 Science X Network

Quote: A Three-Stage Authentication System for the Metaverse (January 20, 2023) Retrieved January 20, 2023 from https://techxplore.com/news/2023-01-three-stage-authentication-metaverse.html

This document is subject to copyright. Except for fair use for purposes of private study or research, no part may be reproduced without written permission. The content is provided for information only.

Similar Posts