Survey on Identity Authentication in Metaverse Environment

doi:10.3778/j.issn.1002-8331.2309-0280

Abstract

Abstract: The identity authentication schemes in the traditional network environment are designed according to the characteristics of their own environments, which are difficult to meet the design requirements in the metaverse environment. In order to solve the problem of identity authentication in the metaverse environment, the characteristics, attributes, application scenarios and main attack threats faced by the metaverse are studied. The identity privacy and security risks related to users, avatars, platforms, wearable devices and communications in the metaverse are discussed. The work related to identity authentication in the metaverse environment is sorted out and categorized into user-avatar, user-platform and user-wearable device authentication. Finally, the research directions of identity authentication mechanism in the metaverse environment are discussed.

Key words: identity authentication, metaverse, identity information, identity privacy, security risk

摘要： 传统网络环境中的身份认证方案是按照自身环境的特点进行设计，难以满足元宇宙环境中的设计需求。为解决元宇宙环境中的身份认证问题，对元宇宙的特征、属性、应用场景特点和面临的主要攻击威胁进行了研究；对元宇宙中的用户、化身、平台、可穿戴设备以及通信相关的身份隐私和安全风险进行了讨论；梳理元宇宙环境下与身份认证相关的工作，并将其归纳为用户与化身、用户与平台服务器、用户与可穿戴设备的认证。最后，讨论了元宇宙环境下身份认证机制的研究方向。

关键词: 身份认证, 元宇宙, 身份信息, 身份隐私, 安全风险

DENG Miaolei, ZHAI Haonan, MA Mimi, ZUO Zhibin. Survey on Identity Authentication in Metaverse Environment[J]. Computer Engineering and Applications, 2024, 60(11): 1-16.

邓淼磊, 翟浩南, 马米米, 左志斌. 元宇宙环境下的身份认证综述[J]. 计算机工程与应用, 2024, 60(11): 1-16.

References

[1] DIONISIO J D N, BURNS III W G, GILBERT R. 3D virtual worlds and the metaverse: current status and future possibilities[J]. ACM Computing Surveys, 2013, 45(3): 1-38.
[2] MUSAMIH A, YAQOOB I, SALAH K, et al. Metaverse in healthcare: applications, challenges, and future directions[J]. IEEE Consumer Electronics Magazine, 2023, 12(4): 33-46.
[3] ALMARZOUQI A, ABURAYYA A, SALLOUM S A. Prediction of user’s intention to use metaverse system in medical education: a hybrid sem-ml learning approach[J]. IEEE Access, 2022, 10: 43421-43434.
[4] 马小雅, 童锦, 陆建波, 等. 元宇宙应用探索与展望[J]. 广西科学, 2023, 30(1): 1-13.
MA X Y, TONG J, LU J B, et al. Exploration and prospect of metaverse application[J]. Guangxi Sciences, 2023, 30(1): 1-13.
[5] BHARDWAJ A, KAUSHIK K. Metaverse or metaworst with cybersecurity attacks[J]. IT Professional, 2023, 25(3): 54-60.
[6] SARA Q, ZAHID A, MEHREEN A. A systematic threat analysis and defense strategies for the metaverse and extended reality systems[J]. Computers and Security, 2023, 128: 103127.
[7] SINGH M, SINGH S K, KUMAR S, et al. Sustainable framework for metaverse security and privacy: opportunities and challenges[C]//Proceedings of the International Conference on Cyber Security, Privacy and Networking, 2023: 329-340.
[8] GUPTA B B, GAURAV A, CHUI K T. DDoS attack detection through digital twin technique in metaverse[C]//Proceedings of the IEEE International Conference on Consumer Electronics, Las Vegas, NV, USA, 2023: 1-5.
[9] JAYBIE A D G, KANCHANA T, ARUNA S. Security and privacy approaches in mixed reality: a literature survey[J]. ACM Computing Surveys, 2019, 52(6): 1-37.
[10] DENG M L, ZHAI H N, YANG K. Social engineering in metaverse environment[C]//Proceedings of the 2023 IEEE 10th International Conference on Cyber Security and Cloud Computing (CSCloud) and 2023 IEEE 9th International Conference on Edge Computing and Scalable Cloud (EdgeCom), 2023: 150-154.
[11] JESSE L. Hey, you stole my avatar!: virtual reality and its risks to identity protection[J]. Emory Law Journal, 2020, 69(4): 833.
[12] WANG J X, MAKOWSKI S, CIE?LIK A, et al. Fake news in virtual community, virtual society, and metaverse: a survey[J]. IEEE Transactions on Computational Social Systems, 2023(1): 1-15.
[13] MYSTAKIDIS S. Metaverse[J]. Encyclopedia, 2022, 2(1): 486-497.
[14] FERNANDEZ C B, HUI P. Life, the metaverse and everything: an overview of privacy, ethics, and governance in metaverse[C]//Proceedings of the IEEE 42nd International Conference on Distributed Computing Systems Workshops, Bologna, Italy, 2022: 272-277.
[15] 甘华鸣. Web3.0/元宇宙理论框架: 一个初步研究[J]. 科技导报, 2023, 41(15): 69-78.
GAN H M. Web 3.0/metaverse theoretical framework: a preliminary research[J]. Science & Technology Rview, 2023, 41(15): 69-78.
[16] LI K, CUI Y P, LI W C, et al. When internet of things meets metaverse: convergence of physical and cyber worlds[J]. IEEE Internet of Things Journal, 2023, 10(5): 4148-4137.
[17] 李荣洋, 万月亮, 宁焕生. 元宇宙驱动的新技术及应用[J]. 重庆邮电大学学报 (自然科学版), 2023, 35(4): 571-583.
LI R Y, WANG Y L, NING H S. New technologies and applications driven by metaverse[J]. Journal of Chongqing University of Posts and Telecommunications (Natural Science Edition), 2023, 35(4): 571-583.
[18] 王文喜, 周芳, 万月亮, 等. 元宇宙技术综述[J]. 工程科学学报, 2022, 44(4): 744-756.
WANG W X, ZHOU F, WAN Y L, et al. A survey of metaverse technology[J]. Chinese Journal of Engineering, 2022, 44(4): 744-756.
[19] MIGUEL B A, TILO H. Psychological benefits of using social virtual reality platforms during the covid-19 pandemic: the role of social and spatial presence[J]. Computers in Human Behavior, 2022, 127: 107047.
[20] 王雪, 李莎, 李荣洋, 等. 脑机接口在元宇宙中的应用研究进展[J]. 工程科学学报, 2023, 45(9): 1528-1538.
WANG X, LI S, LI R Y, et al. Advances in the application of a brain-computer interface to the metaverse[J]. Chinese Journal of Engineering, 2023, 45(9): 1528-1538.
[21] 方巍, 伏宇翔. 元宇宙: 概念、技术及应用研究综述[J]. 南京信息工程大学学报, 2024, 16(1): 30-45.
FANG W, FU Y X. Metaverse: conceptions, key technologies and applications[J]. Journal of Nanjing University of Information Science and Technology, 2024, 16(1): 30-45.
[22] SAEED B F, AZADEH I R. Applying digital twins in metaverse: user interface, security and privacy challenges[J]. Journal of Metaverse, 2022, 2(1): 8-16.
[23] 李鸣, 张亮, 宋文鹏, 等. 区块链: 元宇宙的核心基础设施[J]. 计算机工程, 2022, 48(6): 24-32.
LI M, ZHANG L, SONG W P, et al. Blockchain: core metaverse infrastructure[J]. Computer Engineering, 2022, 48(6): 24-32.
[24] PRABHAT K P, SUDIPTA C. A secure mutual authentication protocol for IoT environment[J]. Journal of Reliable Intelligent Environments, 2020, 6: 79-94.
[25] YANG Q L, ZHAO Y T, HUANG H W, et al. Fusing blockchain and AI with metaverse: a survey[J]. IEEE Open Journal of the Computer Society, 2022, 3: 122-136.
[26] HUANG Y, LI Y J, CAI Z P. Security and privacy in metaverse: a comprehensive survey[J]. Big Data Mining and Analytics, 2023, 6(2): 234-247.
[27] WANG Y T, SU Z, ZHANG N, et al. A survey on metaverse: fundamentals, security, and privacy[J]. IEEE Communications Surveys and Tutorials, 2023, 25(1): 319-352.
[28] SOLIMAN M M, DARWISH A, HASSANIEN A E. The threat of the digital human in the metaverse: security and privacy[M]//The future of metaverse in the virtual era and physical world. Studies in big data. Springer: Cham, 2023: 247-265.
[29] 张昭, 郭玉杰, 赵晓宁, 等. 军事元宇宙刍议与展望[J]. 系统仿真学报, 2023, 35(7): 1421-1437.
ZHANG Z, GUO Y J, ZHAO X N, et al. Military metaverse: key technologies, potential applications and future directions[J]. Journal of System Simulation, 2023, 35(7): 1421-1437.
[30] 陈枫, 孙传恒, 邢斌, 等. 农业元宇宙: 关键技术、应用情景、挑战与展望[J]. 智慧农业, 2022, 4(4): 126-137.
CHEN F, SUN C H, XING B, et al. Agricultural metaverse: key technologies, application scenarios, challenges and prospects[J]. Smart Agriculture, 2022, 4(4): 126-137.
[31] SU Z, WANG Y T, XU Q C, et al. LVBS: lightweight vehicular blockchain for secure data sharing in disaster rescue[J]. IEEE Transactions on Dependable and Secure Computing, 2022, 19(1): 19-32.
[32] FAN M Q. Blind dual image watermarking for copyright protection, tamper proofing and self-recovery[J]. Multimedia Tools and Applications, 2023, 82: 45503-45518.
[33] LIANG G Q, WELLER S R, ZHAO J H, et al. The 2015 ukraine blackout: implications for false data injection attacks[J]. IEEE Transactions on Power Systems, 2017, 32(4): 3317-3318.
[34] ZHAO Z G, HUANG Y M, ZHEN Z Y, et al. Data-driven false data-injection attack design and detection in cyber-physical systems[J]. IEEE Transactions on Cybernetics, 2021, 51(12): 6179-6187.
[35] AWADALLAH A M, DAMIANI E, ZEMERLY J, et al. Identity threats in the metaverse and future research opportunities[C]//Proceedings of the International Conference on Business Analytics for Technology and Security, 2023: 1-6.
[36] DONG J H, WANG Y, LAI J H, et al. Restricted black-box adversarial attack against deepfake face swapping[J]. IEEE Transactions on Information Forensics and Security, 2023, 18: 2596-2608.
[37] ALGARNI A, XU Y, CHAN T. An empirical study on the susceptibility to social engineering in social networking sites: the case of Facebook[J]. European Journal of Information Systems, 2017, 26: 661-687.
[38] O’BROLCHAIN F, JACQUEMARD T, MONAGHAN D, et al. The convergence of virtual reality and social networks: threats to privacy and autonomy[J]. Science and Engineering Ethics, 2015, 22(1): 1-29.
[39] ROTH D, LATOSCHIK M E. Construction of the virtual embodiment questionnaire (VEQ)[J]. IEEE Transactions on Visualization and Computer Graphics, 2020, 26(12): 3546-3556.
[40] FRIBOURG R, ARGELAGUET F, LECUYER A, et al. Avatar and sense of embodiment: studying the relative preference between appearance, control and point of view[J]. IEEE Transactions on Visualization and Computer Graphics, 2020, 26(5): 2062-2072.
[41] BOSE A J, AARABI P. Virtual fakes: deepfakes for virtual reality[C]//Proceedings of the IEEE 21st International Workshop on Multimedia Signal Processing, Kuala Lumpur, Malaysia, 2019.
[42] CANNAVò A, LAMBERTI F. How blockchain, virtual reality, and augmented reality are converging, and why[J]. IEEE Consumer Electronics Magazine, 2021, 10(5): 6-13.
[43] CARLOS B, PAN H. A survey on haptic technologies for mobile augmented reality[J]. ACM Computing Surveys, 2021, 54(9): 1-35.
[44] SUGIMOTO M. Extended reality (XR: VR/AR/MR), 3D printing, holography, AI, radiomics, and online VR tele-medicine for precision surgery[M]//Surgery and operating room innovation. Singapore: Springer, 2021: 65-70.
[45] BADER S, BEN AMARA N E. Identity management in virtual worlds based on biometrics watermarking[J]. International Journal of Computer and Systems Engineering, 2016, 10(8): 1478-1482.
[46] FALCHUK B, LOEB S, NEFF R. The social metaverse: battle for privacy[J]. IEEE Technology and Society Magazine, 2018, 37(2): 52-61.
[47] SANSKAR S, REJO M. Threats faced by mixed reality and countermeasures[J]. Procedia Computer Science, 2020, 171: 1877-0509.
[48] MATTHEWS B, SEE Z S, DAY J. Crisis and extended realities: remote presence in the time of covid-19[J]. Media International Australia, 2021, 178(1): 198-209.
[49] MURTAZA A S, WOOGUIL P, MOQUDDAM A S. A study on the psychology of social engineering-based cyberattacks and existing countermeasures[J]. Applied Sciences, 2022, 12(12): 6042.
[50] KANG G, KOO J, KIM Y G. Security and privacy requirements for the metaverse: a metaverse applications perspective[J]. IEEE Communications Magazine, 2024, 62(1): 148-154.
[51] SHANG J C, CHEN S, WU J, et al. ARSpy: breaking location-based multi-player augmented reality application for user location tracking[J]. IEEE Transactions on Mobile Computing, 2022, 21(2): 433-447.
[52] CASEY P, BAGGILI I, YARRAMREDDY A. Immersive virtual reality attacks and the human joystick[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 18(2): 550-562.
[53] KIM K, YANG H, LEE J, et al. Metaverse wearables for immersive digital healthcare: a review[J]. Advanced Science, 2023(11): e2303234.
[54] BUCK L E, BODENHEIMER B. Privacy and personal space: addressing interactions and interaction data as a privacy concern[C]//Proceedings of the IEEE Conference on Virtual Reality and 3D User Interfaces Abstracts and Workshops, Lisbon, Portugal, 2021: 399-400.
[55] NEETHIRAJAN S. Is seeing still believing? Leveraging deepfake technology for livestock farming[J]. Frontiers in Veterinary Science, 2021, 8.
[56] FYSH M C, TRIFONOVA I V, ALLEN J, et al. Avatars with faces of real people: a construction method for scientific experiments in virtual reality[J]. Behavior Research Methods, 2022, 54: 1461-1475.
[57] LINDSAY B, NICOLE E, NATASHA E D, et al. Harassment in social virtual reality: challenges for platform governance[J]. Proceedings of the ACM on Human-Computer Interaction, 2019, 3: 1-25.
[58] 刘永强, 樊祜玺. 可能与现实: 元宇宙技术下的网络隔空性侵问题研究[J/OL]. 海南大学学报 (人文社会科学版) [2023-08-15]. DOI:10.15886/j.cnki.hnus.202207.0426.
LIU Y Q, FAN H X. Possibilities and realities: A study of cyber-spaced sexual assault in the context of metaverse technology[J/OL]. Humanities and Social Sciences Journal of Hainan University [2023-08-15]. DOI:10.15886/j.cnki.hnus.202207.0426.
[59] JAMSHIDI M, DEHGHANIYAN SEREJ A, JAMSHIDI A, et al. The meta-metaverse: ideation and future directions[J]. Future Internet, 2023, 15(8): 252.
[60] MARTIN V, IBRAHIM B, PETER C, et al. Rise of the metaverse’s immersive virtual reality malware and the man-in-the-room attack & defenses[J]. Computers and Security, 2023, 127: 102923.
[61] ANTONIOLI D, TIPPENHAUER N O, RASMUSSEN K. BIAS: bluetooth impersonation attacks[C]//Proceedings of the IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2020: 549-562.
[62] WANG Y T, SU Z, ZHANG N, et al. SPDS: a secure and auditable private data sharing scheme for smart grid based on blockchain[J]. IEEE Transactions on Industrial Informatics, 2021, 17(11): 7688-7699.
[63] SANGWAN R S, BADR Y, SRINIVASAN S M. Cybersecurity for ai systems: a survey[J]. Journal of Cybersecurity and Privacy, 2023, 3(2): 166-190.
[64] HU P F, LI H X, FU H, et al. Dynamic defense strategy against advanced persistent threat with insiders[C]//Proceedings of the IEEE Conference on Computer Communications, Hong Kong, China, 2015: 747-755.
[65] MICHAEL Z, MARK A A M L, LING M C. Ownership in the virtual world and the implications for long-term user innovation success[J]. Technovation, 2018, 78: 56-65.
[66] DHARMINDER D, MISHRA D, LI X. Construction of rsa-based authentication scheme in authorized access to healthcare services[J]. Journal of Medical Systems, 2020, 44(6): 1-9.
[67] 王菲菲, 汪定. 基于雾计算的智能医疗三方认证与密钥协商协[J]. 软件学报, 2023, 34(7): 3272-3291.
WANG F F, WANG D. Fog computing-based three-party authentication and key agreement protocol for smart healthcare[J]. Journal of Software, 2023, 34(7): 3272-3291.
[68] CHETAN C N, ASHIT D H, JOSEPH S. An approach to solve the identification and authentication challenges in metaverse[C]//Proceedings of the Somaiya International Conference on Technology and Information Management, Mumbai India, 2023: 69-72.
[69] YANG K, ZHANG Z Y, YOU L T. A secure authentication framework to guarantee the traceability of avatars in metaverse[J]. IEEE Transactions on Information Forensics and Security, 2023, 18: 3817-3832.
[70] ZHAO Y, PANG Y W, KE X Y, et al. A metaverse-oriented CP-ABE scheme with cryptographic reverse firewall[J]. Future Generation Computer Systems, 2023, 147: 195-206.
[71] GARIMA T, PANKAJ K, CHEINMING C, et al. A robust privacy-preserving ECC-based three-factor authentication scheme for metaverse environment[J]. Computer Communications, 2023, 211: 271-285.
[72] ZHANG S B, WANG Y C, LUO E T, et al. A traceable and revocable decentralized multi-authority privacy protection scheme for social metaverse[J]. Journal of Systems Architecture, 2023, 140: 102899.
[73] 程冠杰, 邓水光, 温盈盈, 等. 基于区块链的物联网认证机制综述[J]. 软件学报, 2023, 34(3): 1470-1490.
CHENG G J, DENG S G, WEN Y Y, et al. Survey on blockchain-based internet of things authentication mechanisms[J]. Journal of Software, 2023, 34(3): 1470-1490.
[74] VENUGOPAL J P, SUBRAMANIAN A A, PEATCHIMUTHU J. The realm of metaverse: a survey[J]. Computer Animation and Virtual Worlds, 2023, 34(5).
[75] PATWE S, MANE S. Blockchain enabled architecture for secure authentication in the metaverse environment[C]//Proceedings of the IEEE 8th International Conference for Convergence in Technology, Lonavla, India, 2023: 1-8.
[76] CHEN J H, XIAO H, HU M C, et al. A blockchain-based signature exchange protocol for metaverse[J]. Future Generation Computer Systems, 2023, 142: 237-247.
[77] KIM G, RYOU J. Digital authentication system in avatar using DID and SBT[J]. Mathematics, 2023, 11(20): 4387.
[78] GUPTA A, KHAN H U, NAZIR S, et al. Metaverse security: issues, challenges and a viable ZTA model[J]. Electronics, 2023, 12(2): 391.
[79] CHENG R Z, CHEN S Q, HAN B. Towards zero-trust security for the metaverse[J]. arXiv:2302.08885, 2023.
[80] HAJIAN R, ZAKERIKIA S, ERFANI S H, et al. Shaparak: scalable healthcare authentication protocol with attack-resilience and anonymous key-agreement[J]. Computer Networks, 2020, 183: 107567.
[81] SONG J, LI G S, XU B R, et al. A novel multiserver authentication protocol with multifactors for cloud service[J]. Security and Communication Networks, 2018(3): 1-13.
[82] WANG D, ZHANG X Z, ZHANG Z J, et al. Understanding security failures of multi-factor authentication schemes for multi-server environments[J]. Computers and Security, 2020, 88: 101619.
[83] RYU J, SON S, LEE J, et al. Design of secure mutual authentication scheme for metaverse environments using blockchain[J]. IEEE Access, 2022, 10: 98944-98958.
[84] YADAV A K, BRAEKEN A, YLIANTTILA M, et al. A blockchain-based authentication protocol for metaverse env-ironments using a zero knowledge proof[C]//Proceedings of the IEEE International Conference on Metaverse Computing, Networking and Applications (MetaCom), Kyoto, Japan, 2023: 242-249.
[85] 吕秋云, 程绍鹏, 杨满智, 等. 面向元宇宙的数字公民身份认证方案[J]. 智能科学与技术学报, 2022, 4(3): 396-409.
LYU Q Y, CHENG S P, YANG M Z, et al. A metaverse-oriented digital citizen authentication scheme[J]. Chinese Journal of Intelligent Science and Technology, 2022, 4(3): 396-409.
[86] LAI C Z, WANG H, MA H Y, et al. Blockchain-based multi-factor group authentication in metaverse[C]//Proceedings of the IEEE/CIC International Conference on Communications in China, Dalian, 2023: 1-6.
[87] KIM M, OH J, SON S, et al. Secure and privacy-preserving authentication scheme using decentralized identifier in metaverse environment[J]. Electronics, 2023, 12(19): 4073.
[88] OH J, KIM M, PARK Y, et al. A secure content trading for cross-platform in the metaverse with blockchain and searchable encryption[J]. IEEE Access, 2023, 11: 120680-120693.
[89] GONG Y W, CHANG X L, JELENA M, et al. RSMS: towards reliable and secure metaverse service provision[J]. arXiv:2310.05033, 2023.
[90] GAI K K, WANG S, ZHAO H, et al. Blockchain-based multisignature lock for uac in metaverse[J]. IEEE Transactions on Computational Social Systems, 2023, 10(5): 2201-2213.
[91] JAN M A, KHAN F, KHAN R, et al. Lightweight mutual authentication and privacy-preservation scheme for intelligent wearable devices in industrial-CPS[J]. IEEE Transactions on Industrial Informatics, 2021, 17(8): 5829-5839.
[92] LIU H, YAO X X, YANG T, et al. Cooperative privacy preservation for wearable devices in hybrid computing-based smart health[J]. IEEE Internet of Things Journal, 2019, 6(2): 1352-1362.
[93] SRINIVAS J, DAS A K, KUMAR N, et al. Cloud centric authentication for wearable healthcare monitoring system[J]. IEEE Transactions on Dependable and Secure Computing, 2020, 17(5): 942-956.
[94] AMIRHOSSEIN G M, ALI B, HAMID B. A secure three-factor authentication scheme for IoT environments[J]. Journal of Parallel and Distributed Computing, 2022, 169: 87-105.
[95] GAO G Y, FENG Z, XIA Z H. Energy efficient three-factor authentication in wireless sensor networks with resisting insider attacks[J]. IEEE Transactions on Green Communications and Networking, 2023, 7(3): 1297-1308.
[96] CHANG Y F, TAI W L, FUNG K H. Offline user authentication ensuring non-repudiation and anonymity[J]. Sensors, 2022, 22: 9673.
[97] LIU S, CHAI Y, HUI L, et al. Blockchain-based anonymous authentication in edge computing environment[J]. Electronics, 2023, 12(1): 219.
[98] PANCHAMI V, RUBELL M L G, MAHIMA M M, et al. A provably secure, privacy-preserving lightweight authentication scheme for peer-to-peer communication in healthcare systems based on internet of medical things[J]. Computer Communications, 2023, 212: 284-297.
[99] ZHOU Z, KUANG X H, SUN L M, et al. Endogenous security defense against deductive attack: when artificial intelligence meets active defense for online service[J]. IEEE Communications Magazine, 2020, 58(6): 58-64.
[100] WANG Y T, SU Z, NI J B, et al. Blockchain-empowered space-air-ground integrated networks: opportunities, challenges, and solutions[J]. IEEE Communications Surveys and Tutorials, 2022, 24(1): 160-209.
[101] SHEN M, GU A J, KANG J W, et al. Blockchains for artificial intelligence of things: a comprehensive survey[J]. IEEE Internet of Things Journal, 2023, 10(16): 14483-14506.