A three-stage authentication system for the metaverse

In recent years, many computer scientists have been exploring the notion of metaverse, an online space in which users can access different virtual environments and immersive experiences, using VR and AR headsets. While navigating the metaverse, users might also share personal data, whether to purchase goods, connect with other users, or for other purposes.

Past studies have consistently highlighted the limitations of password authentication systems, as there are now many cyber-attacks and strategies for cracking them. To increase the security of users navigating the metaverse, therefore, password-based authentication would be far from ideal.

This inspired a team of researchers at VIT-AP University in India to create MetaSecure, a password-less authentication system for the metaverse. This system, introduced in a paper pre-published on arXiv, combines three different authentication techniques, namely device attestation, facial recognition and physical security keys.

"The concept of metaverse promotes the sustainable growth of human civilizations, enhancing communication on a virtual platform," Sibi Chakkaravarthy, Aditya Mitra and Anisha Ghosh, three of the researchers who carried out the study, told Tech Xplore. "In such a scenario, security of one's digital identity is a main concern. Thus, we came up with MetaSecure, a novel authentication system."

MetaSecure was designed to significantly increase the security of the metaverse, protecting users as they engage in a range of virtual activities. The authentication system can secure a wide range of personal data and possessions, including digital assets, online identities, avatars, and financial information.

"MetaSecure ensures that digital identities, digital assets and other sensitive information in the virtual world of the metaverse are protected and verified," Chakkaravarthy, Mitra and Ghosh explained.

"The user registers their device and physical security key. To login, users need to pass through three security checks, a facial recognition, physical security key and device verification. The uniqueness of MetaSecure lies in the use of FIDO2 standards which ensure that all users in metaverse are genuine, and will be instrumental in keeping a check on the number of fake users on the virtual reality platforms."

MetaSecure could have an edge over other password-less authentication systems introduced in the past, as it implements three different layers of authentication, including device verification, which is known to be very difficult to circumvent. In addition, this authentication system comes in a simple software development kit (SDK) that could be implemented on practically any device, including VR and AR devices.

"Through various notable studies we found out that the rise in cybercrimes on virtual reality platforms were related to users not having a verified unique identity," Chakkaravarthy, Mitra and Ghosh said. "Extensive research found that password-based authentication is not as effective as other methods, due to the attacks including social engineering, keylogging, phishing, vishing, and so on. "With MetaSecure, we eliminate vulnerabilities for these known attacks."

In the future, authentication systems such as MetaSecure could help to secure the metaverse, preventing a variety of incidents and data breaches. For instance, it could secure users from the theft of digital identities, personal data, and avatars, while also protecting them from eve-teasing, cyberstalking and many other cybercrimes that can take place on VR platforms.

"MetaSecure has a huge scope in future research, as it can also be implemented in transactions and exchange of sensitive information over augmented reality, where the FIDO2 enabled security key used in authentication will assure secrecy and privacy to the users," Chakkaravarthy, Mitra and Ghosh added.

© 2023 Science X Network