TY - JOUR
T1 - Secure and Memorable Authentication Using Dynamic Combinations of 3D Objects in Virtual Reality
AU - Wang, Jiawei
AU - Gao, Bo Yu
AU - Tu, Huawei
AU - Liang, Hai Ning
AU - Liu, Zitao
AU - Luo, Weiqi
AU - Weng, Jian
N1 - Funding Information:
This work was supported in part by National Key R&D Program of China, under grant No. 2020AAA0104500, and in part by Natural Science Foundation of Guangdong Province (2021A1515012629), and Guangzhou Basic and Applied Basic Foundation (202102021131), in part by Key Laboratory of Smart Education of Guangdong Higher Education Institutes, Jinan University (2022LSYS003) and in part by National Joint Engineering Research Center of Network Security Detection and Protection Technology.
Publisher Copyright:
© 2023 Taylor & Francis Group, LLC.
PY - 2023
Y1 - 2023
N2 - As Virtual Reality (VR) applications gain popularity, the need for a secure, usable, and memorable user authentication method becomes crucial. However, security and privacy in such VR applications are often ignored. Current methods are insufficient in preventing man-in-the-room (MITR) attacks, which allow attackers to observe user interactions in VR while remaining invisible, and inputted passwords can easily be stolen. In this study, we propose a dynamic combination of multi-attribute authentication methods for VR, where various 3D objects and their attributes can be created and displayed. Users must select combinations of 3D objects and their attributes provided by our designed principles for identity authentication. We explore the impact of method parameters on security and provide three specific parameter schemes to deploy the practical authentication system. We designed three user studies to evaluate the usability, security, and memorability of our authentication system. The results show that the proposed scheme can effectively resist both shoulder surfing and MITR attacks with unsuccessful attack rates of 100% and 95.83%, respectively. Furthermore, this research provides suggestions to secure VR applications while maintaining usability and enhancing the memorability of the authentication method.
AB - As Virtual Reality (VR) applications gain popularity, the need for a secure, usable, and memorable user authentication method becomes crucial. However, security and privacy in such VR applications are often ignored. Current methods are insufficient in preventing man-in-the-room (MITR) attacks, which allow attackers to observe user interactions in VR while remaining invisible, and inputted passwords can easily be stolen. In this study, we propose a dynamic combination of multi-attribute authentication methods for VR, where various 3D objects and their attributes can be created and displayed. Users must select combinations of 3D objects and their attributes provided by our designed principles for identity authentication. We explore the impact of method parameters on security and provide three specific parameter schemes to deploy the practical authentication system. We designed three user studies to evaluate the usability, security, and memorability of our authentication system. The results show that the proposed scheme can effectively resist both shoulder surfing and MITR attacks with unsuccessful attack rates of 100% and 95.83%, respectively. Furthermore, this research provides suggestions to secure VR applications while maintaining usability and enhancing the memorability of the authentication method.
KW - knowledge-based authentication
KW - man-in-the-room attack
KW - Virtual reality
UR - http://www.scopus.com/inward/record.url?scp=85163105682&partnerID=8YFLogxK
U2 - 10.1080/10447318.2023.2217608
DO - 10.1080/10447318.2023.2217608
M3 - Article
AN - SCOPUS:85163105682
SN - 1044-7318
VL - 40
SP - 4608
EP - 4626
JO - International Journal of Human-Computer Interaction
JF - International Journal of Human-Computer Interaction
IS - 17
ER -