Augmented and Virtual Reality Head-Mounted Displays Reyhan Dzgn, - - PowerPoint PPT Presentation

augmented and virtual reality head mounted displays
SMART_READER_LITE
LIVE PREVIEW

Augmented and Virtual Reality Head-Mounted Displays Reyhan Dzgn, - - PowerPoint PPT Presentation

Feb 03, 2023 243 likes •371 views

Towards Secure and Usable Authentication for Augmented and Virtual Reality Head-Mounted Displays Reyhan Dzgn, Peter Mayer, Sanchari Das, Melanie Volkamer COMPETENCE CENTER FOR APPLIED SECURITY TECHNOLOGY (KASTEL) SECURE AND PRIVACY RESEARCH

slide-1
SLIDE 1

COMPETENCE CENTER FOR APPLIED SECURITY TECHNOLOGY (KASTEL) RESEARCH GROUP SECURITY • USABILITY • SOCIETY (SECUSO)

www.kit.edu

KIT – The Research University in the Helmholtz Association

SECURE AND PRIVACY RESEARCH IN NEW-AGE TECHNOLOGY (SPRINT) LAB HUMAN AND TECHNICAL SECURITY (HATS) LAB

Towards Secure and Usable Authentication for Augmented and Virtual Reality Head-Mounted Displays

Reyhan Düzgün, Peter Mayer, Sanchari Das, Melanie Volkamer

slide-2
SLIDE 2

Secure and Usable Authentication for Head-Mounted Displays Research Groups: SECUSO, SPRINT, HATS

Rise of Augmented & Virtual Reality (AR & VR)

2 08/31/2020

Growing market with projections to reach $114 billion in AR and $65 billion in VR in 2021 Increasingly provide social activities which require authentication Use of AR/VR Head- Mounted Displays (HMD) in shared and public places

kjllh

Virtual Gaming Virtual Shopping Navigation Support Virtual Meetings

slide-3
SLIDE 3

Secure and Usable Authentication for Head-Mounted Displays Research Groups: SECUSO, SPRINT, HATS

Challenges in Authentication with AR & VR HMDs

3 08/31/2020

Nowadays authentication on HMDs is usually conducted on another device, e.g. smartphone/PC Alternative 1: Adapting typical concepts for smartphone/PC like password or PIN with e.g. a virtual keyboard Alternative 2: Biometric authentication

kjllh

Interrupts AR/VR experience Not conform with the goal of using HMDs as independent units Not usable Not resistant to shoulder-surfing Is more for continuous authentication Require additional hardware Works just on own device

slide-4
SLIDE 4

Secure and Usable Authentication for Head-Mounted Displays Research Groups: SECUSO, SPRINT, HATS

Research Goals

4 08/31/2020

resistant to shoulder-surfing relies only on the equipment of the AR & VR HMDs perceived as secure usable Proposing an authentication scheme that is … Understand cultural differences between Germany and U.S.

slide-5
SLIDE 5

Secure and Usable Authentication for Head-Mounted Displays Research Groups: SECUSO, SPRINT, HATS

Our Proposal: Zero-Trust Authentication (ZeTA)

Authentication by answering if a specific attribute is related or not E.g.: „sunflower“ – Yes Authentication using innate human-based computation* Two or more concepts and their logical connection (AND, OR) building the secret (= password)

5 08/31/2020

*Gutmann, A., Renaud, K., Maguire, J., Mayer, P., Volkamer, M., Matsuura, K., & Müller-Quade, J.. (2016) ZeTA-Zero-Trust Authentication: Relying on Innate Human Ability, Not Technology. IEEE EuroS&P.

E.g.: “yellow OR forest”

slide-6
SLIDE 6

Secure and Usable Authentication for Head-Mounted Displays Research Groups: SECUSO, SPRINT, HATS

resistant to shoulder-surfing relies only on the equipment of the AR & VR HMDs perceived as secure usable

ZeTA Authentication on AR/VR HMD

6 08/31/2020

HMDs use display as output and diverse input mechanisms ➢ Challenge is shown on the display ➢ User answer with Yes/No with given input systems

slide-7
SLIDE 7

Secure and Usable Authentication for Head-Mounted Displays Research Groups: SECUSO, SPRINT, HATS

Development of ZeTA on AR/VR HMD

7 08/31/2020

User-centered design approach: Iterative development of 12 mock-ups Google Glass Oculus Rift S voice control head movement buttons on controller or touch on AR glasses

slide-8
SLIDE 8

Secure and Usable Authentication for Head-Mounted Displays Research Groups: SECUSO, SPRINT, HATS

Evaluation of usability (i.e. effectiveness, efficacy and satisfaction) | perceived risk regarding its security Within-subject design to compare interaction methods | Between-subject design to compare countries and devices Two participants testing simultaneously, each authenticates with each interaction method 3 times with a different password

Proposed Methodology for User Evaluation (1/2)

8 08/31/2020

Welcome & Informed Consent Introduction in ZeTA & to User Scenario (incl. Passwords) P-1 Authenticates P-2 Observes P-2 Authenticates P-1 Observes Questionnaire + Discussion

3 x Each interaction method

slide-9
SLIDE 9

Secure and Usable Authentication for Head-Mounted Displays Research Groups: SECUSO, SPRINT, HATS

Proposed Methodology for User Evaluation (2/2)

9 08/31/2020

➢ Effectiveness: Ratio of correct password entries among three ➢ Efficacy: Average time needed for authentication across three passwords ➢ Satisfaction: System Usability Scale (SUS) ➢ User’s risk perception: Scales by Fischhoff et al., Liang & Xue, and Das will be adapted to our use case Measurement of usability and user’s risk perception

slide-10
SLIDE 10

Secure and Usable Authentication for Head-Mounted Displays Research Groups: SECUSO, SPRINT, HATS

Conclusion

10 08/31/2020

Currently authentication on HMDs is … ➢ require additional hardware ➢ not resistant to observations ➢ not usable and perceived as secure

ZeTA is resistant to shoulder-surfing and does not require additional hardware. User studies are going to evaluate its usability and perceived risk regarding its security. Attr.: „sunflower“ – Yes Secret: “yellow OR forest”

Feedback and contributions are welcome: reyhan.duezguen@kit.edu ☺ Thank You!

slide-11
SLIDE 11

Secure and Usable Authentication for Head-Mounted Displays Research Groups: SECUSO, SPRINT, HATS

References

11 08/31/2020

Andreas Gutmann, Karen Renaud, Joseph Maguire, Peter Mayer, Melanie Volkamer, Kanta Matsuura, and Jörn Müller-Quade. Zeta-zero-trust authentication: Relying on innate human ability, not technology. In EuroS&P, pages 357–371. IEEE, 2016. Peter Mayer, Nina Gerber, Benjamin Reinheimer, Philipp Rack, Kristoffer Braun, and Melanie Volkamer. I (don’t) see what you typed there! shoulder-surfing resistant password entry on gamepads. In CHI, pages 1– 12, 2019. Huigang Liang, Yajiong Lucky Xue. Understanding security behaviors in personal computer usage: A threat avoidance perspective. Journal of the association for information systems, 11(7):1, 2010. Davrondzhon Gafurov, Kirsi Helkala, and Torkjel Søndrol. Biometric gait authentication using accelerometer

  • sensor. JCP, 1(7):51–59, 2006.

Mohamed Khamis, Carl Oechsner, Florian Alt, and Andreas Bulling. Vr pursuits: interaction in virtual reality using smooth pursuit eye movements. In AVI, pages 1–8, 2018. Das, Sanchari. A Risk-reduction-based Incentivization Model for Human-centered Multi-factor Authentication.

  • Diss. Indiana University, 2020.

Fischhoff, B., Slovic, P., Lichtenstein, S., Read, S., & Combs, B. "How safe is safe enough? A psychometric study of attitudes towards technological risks and benefits." Policy sciences 9.2 (1978): 127-152.