A three-stage authentication system for the metaverse

A three-stage authentication system for the metaverse
The proposed login screen. The user is to enter their email ID and perform the authentication operation. Over here the user is allowed to choose any avatar in the metaverse. Credit: Chakkaravarthy, Mitra et al.

In recent years, many computer scientists have been exploring the notion of metaverse, an online space in which users can access different virtual environments and immersive experiences, using VR and AR headsets. While navigating the metaverse, users might also share personal data, whether to purchase goods, connect with other users, or for other purposes.

Past studies have consistently highlighted the limitations of password authentication systems, as there are now many cyber-attacks and strategies for cracking them. To increase the of users navigating the metaverse, therefore, password-based authentication would be far from ideal.

This inspired a team of researchers at VIT-AP University in India to create MetaSecure, a password-less authentication system for the metaverse. This system, introduced in a paper pre-published on arXiv, combines three different authentication techniques, namely device attestation, and physical security keys.

"The concept of metaverse promotes the sustainable growth of human civilizations, enhancing communication on a virtual platform," Sibi Chakkaravarthy, Aditya Mitra and Anisha Ghosh, three of the researchers who carried out the study, told Tech Xplore. "In such a scenario, security of one's is a main concern. Thus, we came up with MetaSecure, a novel authentication system."

MetaSecure was designed to significantly increase the security of the metaverse, protecting users as they engage in a range of virtual activities. The authentication system can secure a wide range of and possessions, including digital assets, online identities, avatars, and .

A three-stage authentication system for the metaverse
Users entering and navigating the world where they can interact with other users of the metaverse. Credit: Chakkaravarthy, Mitra et al.

"MetaSecure ensures that digital identities, digital assets and other in the virtual world of the metaverse are protected and verified," Chakkaravarthy, Mitra and Ghosh explained.

"The user registers their device and physical security key. To login, users need to pass through three security checks, a facial recognition, physical security key and device verification. The uniqueness of MetaSecure lies in the use of FIDO2 standards which ensure that all users in metaverse are genuine, and will be instrumental in keeping a check on the number of fake users on the virtual reality platforms."

MetaSecure could have an edge over other password-less authentication systems introduced in the past, as it implements three different layers of authentication, including device verification, which is known to be very difficult to circumvent. In addition, this authentication system comes in a simple software development kit (SDK) that could be implemented on practically any device, including VR and AR devices.

"Through various notable studies we found out that the rise in cybercrimes on virtual reality platforms were related to users not having a verified unique identity," Chakkaravarthy, Mitra and Ghosh said. "Extensive research found that password-based authentication is not as effective as other methods, due to the attacks including social engineering, keylogging, phishing, vishing, and so on. "With MetaSecure, we eliminate vulnerabilities for these known attacks."

In the future, authentication systems such as MetaSecure could help to secure the , preventing a variety of incidents and data breaches. For instance, it could secure users from the theft of digital identities, personal data, and avatars, while also protecting them from eve-teasing, cyberstalking and many other cybercrimes that can take place on VR platforms.

"MetaSecure has a huge scope in future research, as it can also be implemented in transactions and exchange of sensitive information over , where the FIDO2 enabled security key used in will assure secrecy and privacy to the users," Chakkaravarthy, Mitra and Ghosh added.

More information: Sibi Chakkaravarthy Sethuraman et al, MetaSecure: A Passwordless Authentication for the Metaverse, arXiv (2023). DOI: 10.48550/arxiv.2301.01770

Journal information: arXiv

© 2023 Science X Network

Citation: A three-stage authentication system for the metaverse (2023, January 20) retrieved 31 January 2023 from https://techxplore.com/news/2023-01-three-stage-authentication-metaverse.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Protecting data assets with two-factor authentication

122 shares

Feedback to editors