Mathis, F., Williamson, J. , Vaniea, K. and Khamis, M. (2020) RubikAuth: Fast and Secure Authentication in Virtual Reality. In: ACM CHI Conference on Human Factors in Computing Systems (CHI' 20 Extended Abstracts), Honolulu, HI, USA, 25-30 April 2020, ISBN 9781450368193 (doi: 10.1145/3334480.3382827)
|
Text
210149.pdf - Accepted Version 5MB |
Publisher's URL: https://dl.acm.org/doi/abs/10.1145/3334480.3382827
Abstract
There is a growing need for usable and secure authentication in virtual reality (VR). Established concepts (e.g., 2D graphical PINs) are vulnerable to observation attacks, and proposed alternatives are relatively slow. We present RubikAuth, a novel authentication scheme for VR where users authenticate quickly by selecting digits from a virtual 3D cube that is manipulated with a handheld controller. We report two studies comparing how pointing using gaze, head pose, and controller tapping impacts RubikAuth's usability and observation resistance under three realistic threat models. Entering a four-symbol RubikAuth password is fast: 1.69 s to 3.5 s using controller tapping, 2.35 s to 4.68 s using head pose, and 2.39 s to 4.92 s using gaze and highly resilient to observations; 97.78% to 100% of observation attacks were unsuccessful. Our results suggest that providing attackers with support material contributes to more realistic security evaluations.
Item Type: | Conference Proceedings |
---|---|
Status: | Published |
Refereed: | Yes |
Glasgow Author(s) Enlighten ID: | Mathis, Mr Florian and Khamis, Dr Mohamed and Williamson, Dr John |
Authors: | Mathis, F., Williamson, J., Vaniea, K., and Khamis, M. |
College/School: | College of Science and Engineering > School of Computing Science |
ISBN: | 9781450368193 |
Copyright Holders: | Copyright © 2020 by the author/owner(s) |
Publisher Policy: | Reproduced in accordance with the publisher copyright policy |
Related URLs: |
University Staff: Request a correction | Enlighten Editors: Update this record