OcuLock: Exploring Human Visual System for Authentication in Virtual Reality Head-mounted Display

Luo, Shiqing; Nguyen, Anh; Song, Chen; Lin, Feng; Xu, Wenyao; Yan, Zhisheng

doi:10.14722/ndss.2020.24079

Cited by 48 publications

(23 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The finding is clearly feasible over the entire reality-virtuality continuum. Additionally, as noted in Reference [142] XR generally improves the robustness of biosignal classification, while vivid and immersive imagery is preferred by users. XR provides a great opportunity for the development of down-to-earth scenarios with practical scenes that supports complex user interaction in daily life.…”

Section: Two-way Interaction: Closing the Loopmentioning

confidence: 92%

“…An alternative approach to authentication in XR head-mounted displays relies on unique features of the human visual system, such as eye globe, eyelid, and extraocular muscle movements. OcuLock [142], a system designed specifically for HMDs, captures the EOG associated with the ocular activity. Visual stimuli, presented in an immersive VR environment, improve the robustness of authentication using the acquired signal.…”

Section: Biometrics and Security In Xrmentioning

confidence: 99%

“…OcuLock, as an EOG-based authentication system, is resistant to impersonation and statistical attacks. As a part of the system's evaluation, Luo et al [142] conducted a questionnaire that established: (i) users prefer dynamic and attractive visual stimuli in VR, and (ii) EOG-based authentication system is a more convenient and socially acceptable method of establishing trust in XR, compared to gesture-and brainwave-based approaches.…”

Section: Biometrics and Security In Xrmentioning

confidence: 99%

See 2 more Smart Citations

Emerging ExG-based NUI Inputs in Extended Realities: A Bottom-up Survey

Shatilov

Chatzopoulos

Lee

et al. 2021

ACM Trans. Interact. Intell. Syst.

View full text Add to dashboard Cite

Incremental and quantitative improvements of two-way interactions with e x tended realities (XR) are contributing toward a qualitative leap into a state of XR ecosystems being efficient, user-friendly, and widely adopted. However, there are multiple barriers on the way toward the omnipresence of XR; among them are the following: computational and power limitations of portable hardware, social acceptance of novel interaction protocols, and usability and efficiency of interfaces. In this article, we overview and analyse novel natural user interfaces based on sensing electrical bio-signals that can be leveraged to tackle the challenges of XR input interactions. Electroencephalography-based brain-machine interfaces that enable thought-only hands-free interaction, myoelectric input methods that track body gestures employing electromyography, and gaze-tracking electrooculography input interfaces are the examples of electrical bio-signal sensing technologies united under a collective concept of ExG. ExG signal acquisition modalities provide a way to interact with computing systems using natural intuitive actions enriching interactions with XR. This survey will provide a bottom-up overview starting from (i) underlying biological aspects and signal acquisition techniques, (ii) ExG hardware solutions, (iii) ExG-enabled applications, (iv) discussion on social acceptance of such applications and technologies, as well as (v) research challenges, application directions, and open problems; evidencing the benefits that ExG-based Natural User Interfaces inputs can introduce to the area of XR.

show abstract

Section: Two-way Interaction: Closing the Loopmentioning

confidence: 92%

Section: Biometrics and Security In Xrmentioning

confidence: 99%

Section: Biometrics and Security In Xrmentioning

confidence: 99%

See 1 more Smart Citation

Emerging ExG-based NUI Inputs in Extended Realities: A Bottom-up Survey

Shatilov

Chatzopoulos

Lee

et al. 2021

ACM Trans. Interact. Intell. Syst.

View full text Add to dashboard Cite

show abstract

“…Although there is work on security aspects of VR devices (e.g., authentication and attacks on using virtual keyboards) [15,38,39,41], the privacy of VR is currently not fully understood. Adams et al [1] interviewed VR users and developers on security and privacy concerns, and learnt that they were concerned with data collection potentially performed by VR devices (e.g., sensors, device being always on) and that they did not trust VR manufacturers (e.g., Facebook owning Oculus).…”

Section: Privacy Of Vrmentioning

confidence: 99%

OVRseen: Auditing Network Traffic and Privacy Policies in Oculus VR

Trimananda¹,

Le²,

Chen³

et al. 2021

Preprint

View full text Add to dashboard Cite

Virtual reality (VR) is an emerging technology that enables new applications but also introduces privacy risks. In this paper, we focus on Oculus VR (OVR), the leading platform in the VR space, and we provide the first comprehensive analysis of personal data exposed by OVR apps and the platform itself, from a combined networking and privacy policy perspective. We experimented with the Quest 2 headset, and we tested the most popular VR apps available on the official Oculus and the SideQuest app stores. We developed OVRSEEN, a methodology and system for collecting, analyzing, and comparing network traffic and privacy policies on OVR. On the networking side, we captured and decrypted network traffic of VR apps, which was previously not possible on OVR, and we extracted data flows (defined as app, data type, destination ). We found that the OVR ecosystem (compared to the mobile and other app ecosystems) is more centralized, and driven by tracking and analytics, rather than by third-party advertising. We show that the data types exposed by VR apps include personally identifiable information (PII), device information that can be used for fingerprinting, and VR-specific data types. By comparing the data flows found in the network traffic with statements made in the apps' privacy policies, we discovered that approximately 70% of OVR data flows were not properly disclosed. Furthermore, we provided additional context for these data flows, including the purpose, which we extracted from the privacy policies, and observed that 69% were sent for purposes unrelated to the core functionality of apps.

show abstract

“…The glasses show a randomly created PIN pad on the private display according to which the user can input password through their smartphone. Other proposals include biometric authentication based on head and body movement [31,37,39] or the human visual system [29,32,34]. These proposals require either additional hardware (such as a smartphone) or a training phase to capture the user's biometric pattern.…”

Section: Related Workmentioning

confidence: 99%

Towards Secure and Usable Authentication for Augmented and Virtual Reality Head-Mounted Displays

Duezguen¹,

Mayer²,

Das³

et al. 2020

Preprint

View full text Add to dashboard Cite

Immersive technologies, including augmented and virtual reality (AR & VR) devices, have enhanced digital communication along with a considerable increase in digital threats. Thus, authentication becomes critical in AR & VR technology, particularly in shared spaces. In this paper, we propose applying the ZeTA protocol that allows secure authentication even in shared spaces for the AR & VR context. We explain how it can be used with the available interaction methods provided by Head-Mounted Displays. In future work, our research goal is to evaluate different designs of ZeTA (e.g., interaction modes) concerning their usability and users' risk perception regarding their security -while using a crosscultural approach. IntroductionNew-age technologies help to connect people despite geographical constraints. However, such technological evolution brings new risks. Augmented and virtual reality (AR & VR) are such technologies that have expanded considerably and are projected to reach $114 billion and $65 billion, respectively, by 2021 [44]. AR & VR systems like the Oculus and Google Glass increasingly promise to provide social activities like interactive gaming, virtual shopping, or attending virtual meetings [46]. Many of these activities happen in so-called shared spaces, i.e., places not strictly public, but where multiple people are present at the same time [22]. However, these technologies also introduce new security challenges in AR & VR [24], including authentication challenges. Nowadays, authentication on AR & VR systems is neglected or carried out on the smartphone or PC [6]. Yet, if authentication is required during a VR experience, e.g., paying for a product

show abstract

OcuLock: Exploring Human Visual System for Authentication in Virtual Reality Head-mounted Display

Cited by 48 publications

References 45 publications

Emerging ExG-based NUI Inputs in Extended Realities: A Bottom-up Survey

Emerging ExG-based NUI Inputs in Extended Realities: A Bottom-up Survey

OVRseen: Auditing Network Traffic and Privacy Policies in Oculus VR

Towards Secure and Usable Authentication for Augmented and Virtual Reality Head-Mounted Displays

Contact Info

Product

Resources

About