RubikAuth: Fast and Secure Authentication in Virtual Reality

Mathis, F., Williamson, J. , Vaniea, K. and Khamis, M. (2020) RubikAuth: Fast and Secure Authentication in Virtual Reality. In: ACM CHI Conference on Human Factors in Computing Systems (CHI' 20 Extended Abstracts), Honolulu, HI, USA, 25-30 April 2020, ISBN 9781450368193 (doi: 10.1145/3334480.3382827)

[img]
Preview
Text
210149.pdf - Accepted Version

5MB

Publisher's URL: https://dl.acm.org/doi/abs/10.1145/3334480.3382827

Abstract

There is a growing need for usable and secure authentication in virtual reality (VR). Established concepts (e.g., 2D graphical PINs) are vulnerable to observation attacks, and proposed alternatives are relatively slow. We present RubikAuth, a novel authentication scheme for VR where users authenticate quickly by selecting digits from a virtual 3D cube that is manipulated with a handheld controller. We report two studies comparing how pointing using gaze, head pose, and controller tapping impacts RubikAuth's usability and observation resistance under three realistic threat models. Entering a four-symbol RubikAuth password is fast: 1.69 s to 3.5 s using controller tapping, 2.35 s to 4.68 s using head pose, and 2.39 s to 4.92 s using gaze and highly resilient to observations; 97.78% to 100% of observation attacks were unsuccessful. Our results suggest that providing attackers with support material contributes to more realistic security evaluations.

Item Type:Conference Proceedings
Status:Published
Refereed:Yes
Glasgow Author(s) Enlighten ID:Mathis, Mr Florian and Khamis, Dr Mohamed and Williamson, Dr John
Authors: Mathis, F., Williamson, J., Vaniea, K., and Khamis, M.
College/School:College of Science and Engineering > School of Computing Science
ISBN:9781450368193
Copyright Holders:Copyright © 2020 by the author/owner(s)
Publisher Policy:Reproduced in accordance with the publisher copyright policy
Related URLs:

University Staff: Request a correction | Enlighten Editors: Update this record

Project CodeAward NoProject NamePrincipal InvestigatorFunder's NameFunder RefLead Dept
309501RSE EnterpriseMohamed KhamisThe Royal Society of Edinburgh (ROYSOCED)65040Computing Science