Secure and Memorable Authentication Using Dynamic Combinations of 3D Objects in Virtual Reality

Jiawei Wang, Bo Yu Gao*, Huawei Tu, Hai Ning Liang, Zitao Liu, Weiqi Luo, Jian Weng

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

2 Citations (Scopus)

Abstract

As Virtual Reality (VR) applications gain popularity, the need for a secure, usable, and memorable user authentication method becomes crucial. However, security and privacy in such VR applications are often ignored. Current methods are insufficient in preventing man-in-the-room (MITR) attacks, which allow attackers to observe user interactions in VR while remaining invisible, and inputted passwords can easily be stolen. In this study, we propose a dynamic combination of multi-attribute authentication methods for VR, where various 3D objects and their attributes can be created and displayed. Users must select combinations of 3D objects and their attributes provided by our designed principles for identity authentication. We explore the impact of method parameters on security and provide three specific parameter schemes to deploy the practical authentication system. We designed three user studies to evaluate the usability, security, and memorability of our authentication system. The results show that the proposed scheme can effectively resist both shoulder surfing and MITR attacks with unsuccessful attack rates of 100% and 95.83%, respectively. Furthermore, this research provides suggestions to secure VR applications while maintaining usability and enhancing the memorability of the authentication method.

Original languageEnglish
JournalInternational Journal of Human-Computer Interaction
DOIs
Publication statusAccepted/In press - 2023
Externally publishedYes

Keywords

  • knowledge-based authentication
  • man-in-the-room attack
  • Virtual reality

Fingerprint

Dive into the research topics of 'Secure and Memorable Authentication Using Dynamic Combinations of 3D Objects in Virtual Reality'. Together they form a unique fingerprint.

Cite this