More Web Proxy on the site http://driver.im/

research-article

CueVR: Studying the Usability of Cue-based Authentication for Virtual Reality

Authors:

Yomna Abdelrahman,

Florian Mathis,

Pascal Knierim,

Mohamed KhamisAuthors Info & Claims

AVI '22: Proceedings of the 2022 International Conference on Advanced Visual Interfaces

Article No.: 34, Pages 1 - 9

https://doi.org/10.1145/3531073.3531092

Published: 06 June 2022 Publication History

Abstract

Existing virtual reality (VR) authentication schemes are either slow or prone to observation attacks. We propose CueVR, a cue-based authentication scheme that is resilient against observation attacks by design since vital cues are randomly generated and only visible to the user experiencing the VR environment. We investigate three different input modalities through an in-depth usability study (N=20) and show that while authentication using CueVR is slower than the less secure baseline, it is faster than existing observation resilient cue-based schemes and VR schemes (4.151 s – 7.025 s to enter a 4-digit PIN). Our results also indicate that using the controllers’ trackpad significantly outperforms input using mid-air gestures. We conclude by discussing how visual cues can enhance the security of VR authentication while maintaining high usability. Furthermore, we show how existing real-world authentication schemes combined with VR’s unique characteristics can advance future VR authentication procedures.

References

[1]

Florian Alt and Emanuel von Zezschwitz. 2019. Emerging Trends in Usable Security and Privacy. i-com (2019). https://doi.org/10.1515/icom-2019-0019

[2]

Andrea Bianchi, Ian Oakley, and Dong Soo Kwon. 2011. Spinlock: A single-cue haptic and audio PIN input technique for authentication. In International Workshop on Haptic and Audio Interaction Design. Springer, 81–90.

[3]

Andrea Bianchi, Ian Oakley, and Dong Soo Kwon. 2012. Counting clicks and beeps: Exploring numerosity based haptic and audio PIN entry. Interacting with computers 24, 5 (2012), 409–422.

[4]

Sonia Chiasson, Elizabeth Stobert, Alain Forget, Robert Biddle, and Paul C Van Oorschot. 2011. Persuasive cued click-points: Design, implementation, and evaluation of a knowledge-based authentication mechanism. IEEE Transactions on Dependable and Secure Computing 9, 2 (2011), 222–235.

Digital Library

[5]

Sonia Chiasson, Paul C Van Oorschot, and Robert Biddle. 2007. Graphical password authentication using cued click points. In European Symposium on Research in Computer Security. Springer, 359–374.

[6]

Sauvik Das, David Lu, Taehoon Lee, Joanne Lo, and Jason I Hong. 2019. The memory palace: Exploring visual-spatial paths for strong, memorable, infrequent authentication. In Proceedings of the 32nd Annual ACM Symposium on User Interface Software and Technology. 1109–1121.

Digital Library

[7]

Jaybie A. De Guzman, Kanchana Thilakarathna, and Aruna Seneviratne. 2019. Security and Privacy Approaches in Mixed Reality: A Literature Survey. 52, 6, Article 110 (Oct. 2019), 37 pages. https://doi.org/10.1145/3359626

Digital Library

[8]

Alexander De Luca, Emanuel von Zezschwitz, and Heinrich Hußmann. 2009. Vibrapass: Secure Authentication Based on Shared Lies. ACM, New York, NY, USA, 913–916. https://doi.org/10.1145/1518701.1518840

Digital Library

[9]

Alexander De Luca, Emanuel von Zezschwitz, Laurent Pichler, and Heinrich Hussmann. 2013. Using Fake Cursors to Secure On-Screen Password Entry. ACM, New York, NY, USA, 2399–2402. https://doi.org/10.1145/2470654.2481331

Digital Library

[10]

Gloria Dhandapani, Jamie Ferguson, and Euan Freeman. 2021. HapticLock: Eyes-Free Authentication for Mobile Devices. In Proceedings of 23rd ACM International Conference on Multimodal Interaction - ICMI ’21. ACM, accepted to appear. https://doi.org/10.1145/3462244.3481001

Digital Library

[11]

Markus Funk, Karola Marky, Iori Mizutani, Mareike Kritzler, Simon Mayer, and Florian Michahelles. 2019. LookUnlock: Using Spatial-Targets for User-Authentication on HMDs. In Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems (Glasgow, Scotland Uk) (CHI EA ’19). ACM, 1–6. https://doi.org/10.1145/3290607.3312959

Digital Library

[12]

Ceenu George, Daniel Buschek, Andrea Ngao, and Mohamed Khamis. 2020. GazeRoomLock: Using Gaze and Head-pose to Improve the Usability and ObservationResistance of 3D Passwords in Virtual Reality. In Augmented Reality, Virtual Reality, and Computer Graphics. Springer International Publishing. https://doi.org/10.1007/978-3-030-58465-8_5

Digital Library

[13]

Ceenu George, Mohamed Khamis, Daniel Buschek, and Heinrich Hussmann. 2019. Investigating the Third Dimension for Authentication in Immersive Virtual Reality and in the Real World. In 2019 IEEE Conference on Virtual Reality and 3D User Interfaces (VR). 277–285. https://doi.org/10.1109/VR.2019.8797862

[14]

Ceenu George, Mohamed Khamis, Emanuel von Zezschwitz, Marinus Burger, Henri Schmidt, Florian Alt, and Heinrich Hussmann. 2017. Seamless and Secure VR: Adapting and Evaluating Established Authentication Systems for Virtual Reality. In Proceedings of the Network and Distributed System Security Symposium (NDSS 2017)(USEC ’17). NDSS. https://doi.org/10.14722/usec.2017.23028

[15]

Mohamed Khamis, Florian Alt, Mariam Hassib, Emanuel von Zezschwitz, Regina Hasholzner, and Andreas Bulling. 2016. GazeTouchPass: Multimodal Authentication Using Gaze and Touch on Mobile Devices. In Proceedings of the 34th Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems(CHI EA ’16). ACM, 6 pages. https://doi.org/10.1145/2851581.2892314

Digital Library

[16]

Mohamed Khamis, Mariam Hassib, Emanuel von Zezschwitz, Andreas Bulling, and Florian Alt. 2017. GazeTouchPIN: Protecting Sensitive Data on Mobile Devices Using Secure Multimodal Authentication. In Proceedings of the 19th ACM International Conference on Multimodal Interaction (Glasgow, UK) (ICMI ’17). ACM, 446–450. https://doi.org/10.1145/3136755.3136809

Digital Library

[17]

Mohamed Khamis, Ludwig Trotter, Ville Mäkelä, Emanuel von Zezschwitz, Jens Le, Andreas Bulling, and Florian Alt. 2018. CueAuth: Comparing Touch, Mid-Air Gestures, and Gaze for Cue-Based Authentication on Situated Displays. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 2, 4, Article 174 (Dec. 2018), 22 pages. https://doi.org/10.1145/3287052

Digital Library

[18]

Alexander Kupin, Benjamin Moeller, Yijun Jiang, Natasha Kholgade Banerjee, and Sean Banerjee. [n.d.]. Task-driven biometric authentication of users in virtual reality (VR) environments. In International conference on multimedia modeling.

[19]

Jonathan Liebers, Mark Abdelaziz, Lukas Mecke, Alia Saad, Jonas Auda, Uwe Gruenefeld, Florian Alt, and Stefan Schneegass. 2021. Understanding User Identification in Virtual Reality Through Behavioral Biometrics and the Effect of Body Normalization. Association for Computing Machinery, New York, NY, USA. https://doi.org/10.1145/3411764.3445528

Digital Library

[20]

John M Jones, Reyhan Duezguen, Peter Mayer, Melanie Volkamer, and Sanchari Das. 2021. A Literature Review on Virtual Reality Authentication. In Proceedings of the Fifteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2021)-Virtual Conference.

[21]

Florian Mathis, Hassan Ismail Fawaz, and Mohamed Khamis. 2020. Knowledge-Driven Biometric Authentication in Virtual Reality. In Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing Systems (Honolulu, HI, USA) (CHI EA ’20). Association for Computing Machinery, New York, NY, USA, 1–10. https://doi.org/10.1145/3334480.3382799

Digital Library

[22]

Florian Mathis, Kami Vaniea, and Mohamed Khamis. 2021. RepliCueAuth: Validating the Use of a Lab-Based Virtual Reality Setup for Evaluating Authentication Systems. Association for Computing Machinery, New York, NY, USA. https://doi.org/10.1145/3411764.3445478

Digital Library

[23]

Florian Mathis, John H. Williamson, Kami Vaniea, and Mohamed Khamis. 2021. Fast and Secure Authentication in Virtual Reality Using Coordinated 3D Manipulation and Pointing. ACM Trans. Comput.-Hum. Interact. 28, 1, Article 6 (Jan. 2021), 44 pages. https://doi.org/10.1145/3428121

Digital Library

[24]

Robert Miller, Ashwin Ajit, Natasha Kholgade Banerjee, and Sean Banerjee. 2019. Realtime Behavior-Based Continual Authentication of Users in Virtual Reality Environments. In 2019 IEEE International Conference on Artificial Intelligence and Virtual Reality (AIVR). 253–2531. https://doi.org/10.1109/AIVR46125.2019.00058

[25]

Robert Miller, Natasha Kholgade Banerjee, and Sean Banerjee. 2020. Within-System and Cross-System Behavior-Based Biometric Authentication in Virtual Reality. In 2020 IEEE Conference on Virtual Reality and 3D User Interfaces Abstracts and Workshops (VRW). 311–316. https://doi.org/10.1109/VRW50115.2020.00070

[26]

Robert Miller, Natasha Kholgade Banerjee, and Sean Banerjee. 2021. Using Siamese Neural Networks to Perform Cross-System Behavioral Authentication in Virtual Reality. In 2021 IEEE Virtual Reality and 3D User Interfaces (VR). 140–149. https://doi.org/10.1109/VR50410.2021.00035

[27]

Tahrima Mustafa, Richard Matovu, Abdul Serwadda, and Nicholas Muirhead. 2018. Unsure How to Authenticate on Your VR Headset? Come on, Use Your Head!. In Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics (Tempe, AZ, USA) (IWSPA ’18). Association for Computing Machinery, New York, NY, USA, 23–30. https://doi.org/10.1145/3180445.3180450

Digital Library

[28]

Ian Oakley and Andrea Bianchi. 2012. Multi-Touch Passwords for Mobile Device Access., 2 pages. https://doi.org/10.1145/2370216.2370329

Digital Library

[29]

Ilesanmi Olade, Hai-Ning Liang, Charles Fleming, and Christopher Champion. 2020. Exploring the Vulnerabilities and Advantages of SWIPE or Pattern Authentication in Virtual Reality (VR). In Proceedings of the 2020 4th International Conference on Virtual and Augmented Reality Simulations (Sydney, NSW, Australia) (ICVARS 2020). Association for Computing Machinery, New York, NY, USA, 45–52. https://doi.org/10.1145/3385378.3385385

Digital Library

[30]

Alexander P Pons and Peter Polak. 2008. Understanding user perspectives on biometric technology. Commun. ACM 51, 9 (2008), 115–118.

Digital Library

[31]

Philipp A. Rauschnabel, Reto Felix, Chris Hinsch, Hamza Shahab, and Florian Alt. 2022. What is XR? Towards a Framework for Augmented and Virtual Reality. Computers in Human Behavior 133 (2022), 107289. https://doi.org/10.1016/j.chb.2022.107289

Digital Library

[32]

Volker Roth, Kai Richter, and Rene Freidinger. 2004. A PIN-Entry Method Resilient against Shoulder Surfing. In Proceedings of the 11th ACM Conference on Computer and Communications Security (Washington DC, USA) (CCS ’04). Association for Computing Machinery, New York, NY, USA, 236–245. https://doi.org/10.1145/1030083.1030116

Digital Library

[33]

Rufat Rzayev, Polina Ugnivenko, Sarah Graf, Valentin Schwind, and Niels Henze. 2021. Reading in VR: The Effect of Text Presentation Type and Location. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems.

Digital Library

[34]

Tobias Seitz, Florian Mathis, and Heinrich Hussmann. 2017. The Bird is the Word: A Usability Evaluation of Emojis inside Text Passwords. In Proceedings of the 29th Australian Conference on Computer-Human Interaction (Brisbane, Queensland, Australia) (OZCHI ’17). ACM, 10–20. https://doi.org/10.1145/3152771.3152773

Digital Library

[35]

Manimaran Sivasamy, VN Sastry, and NP Gopalan. 2020. VRCAuth: Continuous Authentication of Users in Virtual Reality Environment Using Head-Movement. In 2020 5th International Conference on Communication and Electronics Systems (ICCES). IEEE, 518–523.

[36]

Misha Sra, Xuhai Xu, and Pattie Maes. 2018. Breathvr: Leveraging breathing as a directly controlled interface for virtual reality games. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems. 1–12.

Digital Library

[37]

Martin Stokkenes, Raghavendra Ramachandra, and Christoph Busch. 2016. Biometric Authentication Protocols on Smartphones: An Overview. In Proceedings of the 9th International Conference on Security of Information and Networks (Newark, NJ, USA) (SIN ’16). ACM, 136–140. https://doi.org/10.1145/2947626.2951962

Digital Library

[38]

Emanuel von Zezschwitz, Alexander De Luca, Bruno Brunkow, and Heinrich Hussmann. 2015. SwiPIN: Fast and Secure PIN-Entry on Smartphones. ACM, New York, NY, USA, 1403–1406. https://doi.org/10.1145/2702123.2702212

Digital Library

[39]

Mengxin Xu, María Murcia-López, and Anthony Steed. 2017. Object location memory error in virtual and real environments. In 2017 IEEE Virtual Reality (VR). IEEE, 315–316.

[40]

Zhen Yu, Hai-Ning Liang, Charles Fleming, and Ka Lok Man. 2016. An exploration of usable authentication mechanisms for virtual reality systems. In 2016 IEEE Asia Pacific Conference on Circuits and Systems (APCCAS). IEEE, 458–460.

Cited By

Hallal LRhinelander JVenkat R(2024)Recent Trends of Authentication Methods in Extended Reality: A SurveyApplied System Innovation10.3390/asi70300457:3(45)Online publication date: 28-May-2024
https://doi.org/10.3390/asi7030045
Jiao ADuan DXu W(2024)Medusa3D: The Watchful Eye Freezing Illegitimate Users in Virtual Reality InteractionsProceedings of the ACM on Human-Computer Interaction10.1145/36765158:MHCI(1-21)Online publication date: 24-Sep-2024
https://dl.acm.org/doi/10.1145/3676515
Weiss YVilla SGrootjen JHoppe MKale YMüller F(2024)Exploring Redirection and Shifting Techniques to Mask Hand Movements from Shoulder-Surfing Attacks during PIN Authentication in Virtual RealityProceedings of the ACM on Human-Computer Interaction10.1145/36765028:MHCI(1-24)Online publication date: 24-Sep-2024
https://dl.acm.org/doi/10.1145/3676502
Show More Cited By

Recommendations

RubikAuth: Fast and Secure Authentication in Virtual Reality
CHI EA '20: Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing Systems

There is a growing need for usable and secure authentication in virtual reality (VR). Established concepts (e.g., 2D graphical PINs) are vulnerable to observation attacks, and proposed alternatives are relatively slow. We present RubikAuth, a novel ...
Fast and Secure Authentication in Virtual Reality Using Coordinated 3D Manipulation and Pointing

There is a growing need for usable and secure authentication in immersive virtual reality (VR). Established concepts (e.g., 2D authentication schemes) are vulnerable to observation attacks, and most alternatives are relatively slow. We present RubikAuth, ...
Cue-based two factor authentication
Abstract
With the increasing usage of cameras, the threat from video attacks has greatly increased in recent years in addition to shoulder surfing. Many organizations have implemented two-factor authentication to enhance security. However, attackers can ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

AVI '22: Proceedings of the 2022 International Conference on Advanced Visual Interfaces

June 2022

414 pages

ISBN:9781450397193

DOI:10.1145/3531073

General Chair:
Paolo Bottoni
Sapienza University of Rome, Italy
,
Program Chair:
Emanuele Panizzi
Sapienza University of Rome, Italy

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 June 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Digitalization and Technology Research Center of the Bundeswehr [Voice of Wisdom]
EPSRC New Investigator Award
PETRAS National Centre of Excellence for IoT Systems Cybersecurity
UKRI grant

Conference

AVI 2022

AVI 2022: International Conference on Advanced Visual Interfaces

June 6 - 10, 2022

Frascati, Rome, Italy

Acceptance Rates

Overall Acceptance Rate 128 of 490 submissions, 26%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
391
Total Downloads

Downloads (Last 12 months)135
Downloads (Last 6 weeks)11

Reflects downloads up to 22 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Hallal LRhinelander JVenkat R(2024)Recent Trends of Authentication Methods in Extended Reality: A SurveyApplied System Innovation10.3390/asi70300457:3(45)Online publication date: 28-May-2024
https://doi.org/10.3390/asi7030045
Jiao ADuan DXu W(2024)Medusa3D: The Watchful Eye Freezing Illegitimate Users in Virtual Reality InteractionsProceedings of the ACM on Human-Computer Interaction10.1145/36765158:MHCI(1-21)Online publication date: 24-Sep-2024
https://dl.acm.org/doi/10.1145/3676515
Weiss YVilla SGrootjen JHoppe MKale YMüller F(2024)Exploring Redirection and Shifting Techniques to Mask Hand Movements from Shoulder-Surfing Attacks during PIN Authentication in Virtual RealityProceedings of the ACM on Human-Computer Interaction10.1145/36765028:MHCI(1-24)Online publication date: 24-Sep-2024
https://dl.acm.org/doi/10.1145/3676502
Li JArora SFawaz KKim YLiu CMeiser SMinaei MShirvanian MWagner K(2024)Exploring the Interplay Between Interaction Experience and Security Perception of Payment Authentication in Virtual Reality2024 IEEE Conference on Virtual Reality and 3D User Interfaces Abstracts and Workshops (VRW)10.1109/VRW62533.2024.00318(1043-1044)Online publication date: 16-Mar-2024
https://doi.org/10.1109/VRW62533.2024.00318
Jitpanyoyos TSato YMaeda SNishigaki MOhki T(2024)ExpressionAuth: Utilizing Avatar Expression Blendshapes for Behavioral Biometrics in VR2024 IEEE Conference on Virtual Reality and 3D User Interfaces Abstracts and Workshops (VRW)10.1109/VRW62533.2024.00136(679-680)Online publication date: 16-Mar-2024
https://doi.org/10.1109/VRW62533.2024.00136
Rawat PTurkmen RNwagu CSunday KBarrera Machuca M(2024)Evaluating Voxel-Based Graphical Passwords for Virtual Reality2024 IEEE Conference on Virtual Reality and 3D User Interfaces Abstracts and Workshops (VRW)10.1109/VRW62533.2024.00009(12-17)Online publication date: 16-Mar-2024
https://doi.org/10.1109/VRW62533.2024.00009
Yang ZKong J(2024)Cue-based two factor authenticationComputers and Security10.1016/j.cose.2024.104068146:COnline publication date: 1-Nov-2024
https://dl.acm.org/doi/10.1016/j.cose.2024.104068
Giaretta A(2024)Security and privacy in virtual reality: a literature surveyVirtual Reality10.1007/s10055-024-01079-929:1Online publication date: 20-Dec-2024
https://dl.acm.org/doi/10.1007/s10055-024-01079-9
Windl MScheidle AGeorge CMayer SKelley PKapadia A(2023)Investigating security indicators for hyperlinking within the metaverseProceedings of the Nineteenth USENIX Conference on Usable Privacy and Security10.5555/3632186.3632219(605-620)Online publication date: 7-Aug-2023
https://dl.acm.org/doi/10.5555/3632186.3632219
Anastasaki IDrosatos GPavlidis GRantos K(2023)User Authentication Mechanisms Based on Immersive Technologies: A Systematic ReviewInformation10.3390/info1410053814:10(538)Online publication date: 2-Oct-2023
https://doi.org/10.3390/info14100538
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents