Litcius/Paper detail

RubikAuth: Fast and Secure Authentication in Virtual Reality

Florian Mathis, John Williamson, Kami Vaniea, Mohamed Khamis

202065 citationsDOIOpen Access PDF

Abstract

There is a growing need for usable and secure authentication in virtual reality (VR). Established concepts (e.g., 2D graphical PINs) are vulnerable to observation attacks, and proposed alternatives are relatively slow. We present RubikAuth, a novel authentication scheme for VR where users authenticate quickly by selecting digits from a virtual 3D cube that is manipulated with a handheld controller. We report two studies comparing how pointing using gaze, head pose, and controller tapping impacts RubikAuth's usability and observation resistance under three realistic threat models. Entering a four-symbol RubikAuth password is fast: 1.69 s to 3.5 s using controller tapping, 2.35 s to 4.68 s using head pose, and 2.39 s to 4.92 s using gaze and highly resilient to observations; 97.78% to 100% of observation attacks were unsuccessful. Our results suggest that providing attackers with support material contributes to more realistic security evaluations.

Topics & Concepts

Computer sciencePasswordUSableUsabilityVirtual realityHuman–computer interactionAuthentication (law)GazeComputer securityController (irrigation)Artificial intelligenceMultimediaBiologyAgronomyUser Authentication and Security SystemsInteractive and Immersive DisplaysGaze Tracking and Assistive Technology
RubikAuth: Fast and Secure Authentication in Virtual Reality | Litcius