首页> 外文期刊>ACM Transactions on Computer-Human Interaction >Fast and Secure Authentication in Virtual Reality Using Coordinated 3D Manipulation and Pointing
【24h】

Fast and Secure Authentication in Virtual Reality Using Coordinated 3D Manipulation and Pointing

机译:使用协调的3D操纵和指向虚拟现实中的快速安全认证

获取原文
获取原文并翻译 | 示例

摘要

There is a growing need for usable and secure authentication in immersive virtual reality (VR). Established concepts (e.g., 2D authentication schemes) are vulnerable to observation attacks, and most alternatives are relatively slow. We present RubikAuth, an authentication scheme for VR where users authenticate quickly and secure by selecting digits from a virtual 3D cube that leverages coordinated 3D manipulation and pointing. We report on results from three studies comparing how pointing using eye gaze, head pose, and controller tapping impact RubikAuth's usability, memorability, and observation resistance under three realistic threat models. We found that entering a four-symbol RubikAuth password is fast: 1.69-3.5 s using controller tapping, 2.35-4.68 s using head pose and 2.39-4.92 s using eye gaze, and highly resilient to observations: 96-99.55% of observation attacks were unsuccessful. RubikAuth also has a large theoretical password space: 45(n) for an n-symbols password. Our work underlines the importance of considering novel but realistic threat models beyond standard one-time attacks to fully assess the observation-resistance of authentication schemes. We conclude with an in-depth discussion of authentication systems for VR and outline five learned lessons for designing and evaluating authentication schemes.
机译:在沉浸式虚拟现实(VR)中,越来越需要可用和安全的身份验证。建立的概念(例如,2D认证方案)容易受到观察攻击的影响,大多数替代方案相对较慢。我们呈现rubikauth,一种用于VR的身份验证方案,其中用户通过从虚拟3D Cube中选择利用协调的3D操纵和指向的虚拟3D立方体选择数字来快速和安全。我们报告了三项研究的结果,比较了使用眼睛凝视,头部姿势和控制器攻丝冲击rubikauth的可用性,令人难忘性和观察阻力在三个现实威胁模型中的指向。我们发现,使用眼睛注视使用控制器攻丝,2.35-4.68秒进入四个符号的Rubikauth密码,2.35-4.68秒,使用眼睛注视和2.39-4.92秒,对观察结果的高度有弹性:96-99.55%的观察攻击没有成功。 Rubikauth还具有大的理论密码空间:45(n)用于n符号密码。我们的工作强调了考虑新颖但现实威胁模型的重要性,超出标准一次性攻击,以充分评估认证方案的观察阻力。我们在深入讨论VR和概述五个学习课程的深入讨论,用于设计和评估认证方案。

著录项

获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号