Loading…

Medusa3D: The Watchful Eye Freezing Illegitimate Users in Virtual Reality Interactions

The remarkable growth of Virtual Reality (VR) in recent years has extended its applications beyond entertainment to sectors including education, e-commerce, and remote communication. Since VR devices contain user's private information, user authentication becomes increasingly important. Current...

Full description

Saved in:

Bibliographic Details
Published in:	Proceedings of the ACM on human-computer interaction 2024-09, Vol.8 (MHCI), p.1-21, Article 270
Main Authors:	Jiao, Aochen, Duan, Di, Xu, Weitao
Format:	Article
Language:	English
Subjects:	Authentication Human-centered computing Security and privacy Security services Ubiquitous and mobile computing Ubiquitous and mobile computing systems and tools
Citations:	Items that this one cites
Online Access:	Get full text
Tags:	Add Tag No Tags, Be the first to tag this record!

cited_by
cites	cdi_FETCH-LOGICAL-a515-6b7fcbd3a511e2abf4dabed1951f72df7c8aab21cf5156ec5e8bd2ae914e8ac13
container_end_page	21
container_issue	MHCI
container_start_page	1
container_title	Proceedings of the ACM on human-computer interaction
container_volume	8
creator	Jiao, Aochen Duan, Di Xu, Weitao
description	The remarkable growth of Virtual Reality (VR) in recent years has extended its applications beyond entertainment to sectors including education, e-commerce, and remote communication. Since VR devices contain user's private information, user authentication becomes increasingly important. Current authentication systems in VR, such as password-based or static biometric-based methods, are either cumbersome to use or vulnerable to attacks such as shoulder surfing. To address these limitations, we propose Medusa3D, a challenge-response authentication system for VR based on reflexive eye responses. Unlike existing methods, reflexive eye responses are involuntary and effortless, offering a secure and user-friendly credential for authentication. We implement Medusa3D on an off-the-shelf VR and conduct evaluations with 25 participants. The evaluation results show that Medusa3D achieves 0.21% FAR and 0.13% FRR, demonstrating high security under various ocular conditions and resilience against attacks such as zero-effort attack, replay attack, and mimicry attack. A user study indicates that Medusa3D is user-friendly and well-adopted among participants.
doi_str_mv	10.1145/3676515
format	article
fullrecord	<record><control><sourceid>acm_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1145_3676515</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3676515</sourcerecordid><originalsourceid>FETCH-LOGICAL-a515-6b7fcbd3a511e2abf4dabed1951f72df7c8aab21cf5156ec5e8bd2ae914e8ac13</originalsourceid><addsrcrecordid>eNpNkM1Lw0AQxRdRsNTi3dPePEV3Ntl8eJPaaqEiSKzHMNnMtitpKrvbQ_zrjbSKpzeP92N4PMYuQdwAJOo2TrNUgTphI6myOBKQyNN_9zmbeP8hhIBcCVXIEVs9U7P3GD_c8XJD_B2D3ph9y2c98bkj-rLdmi_altY22C0G4m-enOe24yvrwh5b_krY2tDzRRfIoQ521_kLdmaw9TQ56piV81k5fYqWL4-L6f0ywqFllNaZ0XUTDwZIYm2SBmtqoFBgMtmYTOeItQRtBjolrSivG4lUQEI5aojH7PrwVrud945M9emGlq6vQFQ_g1THQQby6kCi3v5Bv-E3F15byA</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Medusa3D: The Watchful Eye Freezing Illegitimate Users in Virtual Reality Interactions</title><source>Association for Computing Machinery:Jisc Collections:ACM OPEN Journals 2023-2025 (reading list)</source><creator>Jiao, Aochen ; Duan, Di ; Xu, Weitao</creator><creatorcontrib>Jiao, Aochen ; Duan, Di ; Xu, Weitao</creatorcontrib><description>The remarkable growth of Virtual Reality (VR) in recent years has extended its applications beyond entertainment to sectors including education, e-commerce, and remote communication. Since VR devices contain user's private information, user authentication becomes increasingly important. Current authentication systems in VR, such as password-based or static biometric-based methods, are either cumbersome to use or vulnerable to attacks such as shoulder surfing. To address these limitations, we propose Medusa3D, a challenge-response authentication system for VR based on reflexive eye responses. Unlike existing methods, reflexive eye responses are involuntary and effortless, offering a secure and user-friendly credential for authentication. We implement Medusa3D on an off-the-shelf VR and conduct evaluations with 25 participants. The evaluation results show that Medusa3D achieves 0.21% FAR and 0.13% FRR, demonstrating high security under various ocular conditions and resilience against attacks such as zero-effort attack, replay attack, and mimicry attack. A user study indicates that Medusa3D is user-friendly and well-adopted among participants.</description><identifier>ISSN: 2573-0142</identifier><identifier>EISSN: 2573-0142</identifier><identifier>DOI: 10.1145/3676515</identifier><language>eng</language><publisher>New York, NY, USA: ACM</publisher><subject>Authentication ; Human-centered computing ; Security and privacy ; Security services ; Ubiquitous and mobile computing ; Ubiquitous and mobile computing systems and tools</subject><ispartof>Proceedings of the ACM on human-computer interaction, 2024-09, Vol.8 (MHCI), p.1-21, Article 270</ispartof><rights>ACM</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-a515-6b7fcbd3a511e2abf4dabed1951f72df7c8aab21cf5156ec5e8bd2ae914e8ac13</cites><orcidid>0000-0003-4184-0762 ; 0009-0007-2294-8459 ; 0000-0001-9741-5912</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,27923,27924</link.rule.ids></links><search><creatorcontrib>Jiao, Aochen</creatorcontrib><creatorcontrib>Duan, Di</creatorcontrib><creatorcontrib>Xu, Weitao</creatorcontrib><title>Medusa3D: The Watchful Eye Freezing Illegitimate Users in Virtual Reality Interactions</title><title>Proceedings of the ACM on human-computer interaction</title><addtitle>ACM PACMHCI</addtitle><description>The remarkable growth of Virtual Reality (VR) in recent years has extended its applications beyond entertainment to sectors including education, e-commerce, and remote communication. Since VR devices contain user's private information, user authentication becomes increasingly important. Current authentication systems in VR, such as password-based or static biometric-based methods, are either cumbersome to use or vulnerable to attacks such as shoulder surfing. To address these limitations, we propose Medusa3D, a challenge-response authentication system for VR based on reflexive eye responses. Unlike existing methods, reflexive eye responses are involuntary and effortless, offering a secure and user-friendly credential for authentication. We implement Medusa3D on an off-the-shelf VR and conduct evaluations with 25 participants. The evaluation results show that Medusa3D achieves 0.21% FAR and 0.13% FRR, demonstrating high security under various ocular conditions and resilience against attacks such as zero-effort attack, replay attack, and mimicry attack. A user study indicates that Medusa3D is user-friendly and well-adopted among participants.</description><subject>Authentication</subject><subject>Human-centered computing</subject><subject>Security and privacy</subject><subject>Security services</subject><subject>Ubiquitous and mobile computing</subject><subject>Ubiquitous and mobile computing systems and tools</subject><issn>2573-0142</issn><issn>2573-0142</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><recordid>eNpNkM1Lw0AQxRdRsNTi3dPePEV3Ntl8eJPaaqEiSKzHMNnMtitpKrvbQ_zrjbSKpzeP92N4PMYuQdwAJOo2TrNUgTphI6myOBKQyNN_9zmbeP8hhIBcCVXIEVs9U7P3GD_c8XJD_B2D3ph9y2c98bkj-rLdmi_altY22C0G4m-enOe24yvrwh5b_krY2tDzRRfIoQ521_kLdmaw9TQ56piV81k5fYqWL4-L6f0ywqFllNaZ0XUTDwZIYm2SBmtqoFBgMtmYTOeItQRtBjolrSivG4lUQEI5aojH7PrwVrud945M9emGlq6vQFQ_g1THQQby6kCi3v5Bv-E3F15byA</recordid><startdate>20240924</startdate><enddate>20240924</enddate><creator>Jiao, Aochen</creator><creator>Duan, Di</creator><creator>Xu, Weitao</creator><general>ACM</general><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0000-0003-4184-0762</orcidid><orcidid>https://orcid.org/0009-0007-2294-8459</orcidid><orcidid>https://orcid.org/0000-0001-9741-5912</orcidid></search><sort><creationdate>20240924</creationdate><title>Medusa3D: The Watchful Eye Freezing Illegitimate Users in Virtual Reality Interactions</title><author>Jiao, Aochen ; Duan, Di ; Xu, Weitao</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a515-6b7fcbd3a511e2abf4dabed1951f72df7c8aab21cf5156ec5e8bd2ae914e8ac13</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Authentication</topic><topic>Human-centered computing</topic><topic>Security and privacy</topic><topic>Security services</topic><topic>Ubiquitous and mobile computing</topic><topic>Ubiquitous and mobile computing systems and tools</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Jiao, Aochen</creatorcontrib><creatorcontrib>Duan, Di</creatorcontrib><creatorcontrib>Xu, Weitao</creatorcontrib><collection>CrossRef</collection><jtitle>Proceedings of the ACM on human-computer interaction</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Jiao, Aochen</au><au>Duan, Di</au><au>Xu, Weitao</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Medusa3D: The Watchful Eye Freezing Illegitimate Users in Virtual Reality Interactions</atitle><jtitle>Proceedings of the ACM on human-computer interaction</jtitle><stitle>ACM PACMHCI</stitle><date>2024-09-24</date><risdate>2024</risdate><volume>8</volume><issue>MHCI</issue><spage>1</spage><epage>21</epage><pages>1-21</pages><artnum>270</artnum><issn>2573-0142</issn><eissn>2573-0142</eissn><abstract>The remarkable growth of Virtual Reality (VR) in recent years has extended its applications beyond entertainment to sectors including education, e-commerce, and remote communication. Since VR devices contain user's private information, user authentication becomes increasingly important. Current authentication systems in VR, such as password-based or static biometric-based methods, are either cumbersome to use or vulnerable to attacks such as shoulder surfing. To address these limitations, we propose Medusa3D, a challenge-response authentication system for VR based on reflexive eye responses. Unlike existing methods, reflexive eye responses are involuntary and effortless, offering a secure and user-friendly credential for authentication. We implement Medusa3D on an off-the-shelf VR and conduct evaluations with 25 participants. The evaluation results show that Medusa3D achieves 0.21% FAR and 0.13% FRR, demonstrating high security under various ocular conditions and resilience against attacks such as zero-effort attack, replay attack, and mimicry attack. A user study indicates that Medusa3D is user-friendly and well-adopted among participants.</abstract><cop>New York, NY, USA</cop><pub>ACM</pub><doi>10.1145/3676515</doi><tpages>21</tpages><orcidid>https://orcid.org/0000-0003-4184-0762</orcidid><orcidid>https://orcid.org/0009-0007-2294-8459</orcidid><orcidid>https://orcid.org/0000-0001-9741-5912</orcidid></addata></record>
fulltext	fulltext
identifier	ISSN: 2573-0142
ispartof	Proceedings of the ACM on human-computer interaction, 2024-09, Vol.8 (MHCI), p.1-21, Article 270
issn	2573-0142 2573-0142
language	eng
recordid	cdi_crossref_primary_10_1145_3676515
source	Association for Computing Machinery:Jisc Collections:ACM OPEN Journals 2023-2025 (reading list)
subjects	Authentication Human-centered computing Security and privacy Security services Ubiquitous and mobile computing Ubiquitous and mobile computing systems and tools
title	Medusa3D: The Watchful Eye Freezing Illegitimate Users in Virtual Reality Interactions
url	http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-11T23%3A04%3A15IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-acm_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Medusa3D:%20The%20Watchful%20Eye%20Freezing%20Illegitimate%20Users%20in%20Virtual%20Reality%20Interactions&rft.jtitle=Proceedings%20of%20the%20ACM%20on%20human-computer%20interaction&rft.au=Jiao,%20Aochen&rft.date=2024-09-24&rft.volume=8&rft.issue=MHCI&rft.spage=1&rft.epage=21&rft.pages=1-21&rft.artnum=270&rft.issn=2573-0142&rft.eissn=2573-0142&rft_id=info:doi/10.1145/3676515&rft_dat=%3Cacm_cross%3E3676515%3C/acm_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-a515-6b7fcbd3a511e2abf4dabed1951f72df7c8aab21cf5156ec5e8bd2ae914e8ac13%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true