Immersive Virtual Reality Attacks and the Human Joystick

Casey, Peter; Baggili, Ibrahim; Yarramreddy, Ananya

doi:10.1109/tdsc.2019.2907942

Cited by 96 publications

(68 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, malicious software might add additional "objectives" or mechanics to games that induces the user to move in a particular direction. This has been dubbed the Human Joystick effect [10]. A primary use of this technology is to trick a user to enter certain types of biometric authentication.…”

Section: Additional Considerationsmentioning

confidence: 99%

“…Researchers have been able to replicate this effect very consistently on the two most major VR systems, the HTC Vive and Oculus Rift by manipulation of files in the Steam software that they have in common. In doing so, they were able to not only implement overlays, but also set up independent sessions that allowed them to collect data on the user's actions [10]. Researchers have also examined and raised concerns about such technology being utilized in mixed reality (also known as augmented reality) which is an extension of virtual reality that allows the combination of virtual and realworld objects by means of either a partially clear VR screen or a video camera that has its feed combined with the necessary additions before being sent to the standard VR screen [11].…”

Section: Additional Considerationsmentioning

confidence: 99%

See 1 more Smart Citation

Security Considerations for Virtual Reality Systems

Viswanathan¹,

Yazdinejad²

2022

Preprint

View full text Add to dashboard Cite

There is a growing need for authentication methodology in virtual reality applications. Current systems assume that the immersive experience technology is a collection of peripheral devices connected to a personal computer or mobile device. Hence there is a complete reliance on the computing device with traditional authentication mechanisms to handle the authentication and authorization decisions. Using the virtual reality controllers and headset poses a different set of challenges as it is subject to unauthorized observation, unannounced to the user given the fact that the headset completely covers the field of vision in order to provide an immersive experience. As the need for virtual reality experiences in the commercial world increases, there is a need to provide other alternative mechanisms for secure authentication. In this paper, we analyze a few proposed authentication systems and reached a conclusion that a multidimensional approach to authentication is needed to address the granular nature of authentication and authorization needs of a commercial virtual reality applications in the commercial world.

show abstract

Section: Additional Considerationsmentioning

confidence: 99%

Section: Additional Considerationsmentioning

confidence: 99%

Security Considerations for Virtual Reality Systems

Viswanathan¹,

Yazdinejad²

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…This could be conceivably exacerbated within future extensions of technically already feasible "VR deepfakes" [9][10][11] by the particular aptness of VR to facilitate durable memories [12]. While such issues would already play a role regarding unintentional failure modes elicited by ethically aware actors in AIVR, recent research related to the security and safety of AI [13][14][15][16] and VR [17][18][19][20] respectively emphasizes the need to additionally consider the presence of unethical malicious actors. Thereby, to consider intentional malevolent design in AIVR could offer a worst-case scenario analysis [21] that can shed more light on the extent of potential consequences exhibited by the deployment of AIVR technology, but also by simpler cases in AI and VR separately.…”

Section: Motivationmentioning

confidence: 99%

Facing Immersive “Post-Truth” in AIVR?

Aliman

Kester

2020

Philosophies

View full text Add to dashboard Cite

In recent years, prevalent global societal issues related to fake news, fakery, misinformation, and disinformation were brought to the fore, leading to the construction of descriptive labels such as “post-truth” to refer to the supposedly new emerging era. Thereby, the (mis-)use of technologies such as AI and VR has been argued to potentially fuel this new loss of “ground-truth”, for instance, via the ethically relevant deepfakes phenomena and the creation of realistic fake worlds, presumably undermining experiential veracity. Indeed, unethical and malicious actors could harness tools at the intersection of AI and VR (AIVR) to craft what we call immersive falsehood, fake immersive reality landscapes deliberately constructed for malicious ends. This short paper analyzes the ethically relevant nature of the background against which such malicious designs in AIVR could exacerbate the intentional proliferation of deceptions and falsities. We offer a reappraisal expounding that while immersive falsehood could manipulate and severely jeopardize the inherently affective constructions of social reality and considerably complicate falsification processes, humans may neither inhabit a post-truth nor a post-falsification age. Finally, we provide incentives for future AIVR safety work, ideally contributing to a future era of technology-augmented critical thinking.

show abstract

“…A recent study [1] on challenges in AR and VR discusses the threat vectors for educational initiatives without characterizing the attack impact. Survey articles [2]- [4], [14]- [16] are significant for understanding the concepts of threat taxonomy and attack surface area of IoT and fog computing. They highlight the need to go beyond specific components such as network, hardware or application, and propose end-to-end solutions that consider system and data vulnerabilities.…”

Section: Related Workmentioning

confidence: 99%

“…Although existing works [2]- [4] highlight the importance of security and privacy issues in VR applications, there are a limited systematic efforts in evaluating the effect of various threat scenarios on such edge computing based collaborative systems with IoT devices. Specifically, VRLE applications are highly susceptible to Distributed Denial of Service (DDoS) attacks, due to the distributed IoT devices (i.e.,VR headsets) connecting to virtual classrooms through custom controlled Fig.…”

Section: Introductionmentioning

confidence: 99%

Attack Trees for Security and Privacy in Social Virtual Reality Learning Environments

Valluripally,

Gulhane,

Mitra

et al. 2019

Preprint

View full text Add to dashboard Cite

Social Virtual Reality Learning Environment (VRLE) is a novel edge computing platform for collaboration amongst distributed users. Given that VRLEs are used for critical applications (e.g., special education, public safety training), it is important to ensure security and privacy issues. In this paper, we present a novel framework to obtain quantitative assessments of threats and vulnerabilities for VRLEs. Based on the use cases from an actual social VRLE viz., vSocial, we first model the security and privacy using the attack trees. Subsequently, these attack trees are converted into stochastic timed automata representations that allow for rigorous statistical model checking. Such an analysis helps us adopt pertinent design principles such as hardening, diversity and principle of least privilege to enhance the resilience of social VRLEs. Through experiments in a vSocial case study, we demonstrate the effectiveness of our attack tree modeling with a reduction of 26% in probability of loss of integrity (security) and 80% in privacy leakage (privacy) in before and after scenarios pertaining to the adoption of the design principles.

show abstract

Immersive Virtual Reality Attacks and the Human Joystick

Cited by 96 publications

References 20 publications

Security Considerations for Virtual Reality Systems

Security Considerations for Virtual Reality Systems

Facing Immersive “Post-Truth” in AIVR?

Attack Trees for Security and Privacy in Social Virtual Reality Learning Environments

Contact Info

Product

Resources

About