What is the new secure authentication system 'ZeTA' based on using VR/AR compatible devices in public?
With the advent of the stand-alone VR device ``
Towards Secure and Usable Authentication for Augmented and Virtual Reality Head-Mounted Displays
https://arxiv.org/abs/2007.11663
Zero-trust authentication may replace passwords in AR/VR headsets | VentureBeat
https://venturebeat.com/2020/07/27/zero-trust-authentication-may-replace-passwords-in-ar-vr-headsets/
Some of the latest head mounted displays (HMD) for VR/AR have a function to recognize hand movements and voices. For that reason, gestures and the input of PIN codes using virtual keyboards, biometrics authentication using voice, etc. have been devised as authentication systems.
However, authentication systems that use hand movements or voices have the problem of being easily stolen when used in public. Other biometric authentication systems that use movements of the head and body have also been devised, but if such a system is adopted, additional devices may be required or other people may not be able to use the HMD. I will.
In a paper released on July 22, 2020, a research team of Reyhan Duezguen and others belonging to SECUSO , a security research institute of the Karlsruhe Institute of Technology in Germany, said, “In the VR/AR authentication system using “ZeTA”. I proposed the mechanism of. ZeTA is a concept referred to in a paper published by SECUSO researchers in 2016, 'that even if the device or communication environment used for the authentication process is not reliable, security can be secured' Is an authentication protocol based on.
The following is a graphic representation of the authentication process on a VR HMD using ZeTA. When a user first creates an account, ZeTA presents the user with a simple secret instead of a password. The secrets used in ZeTA consist of two or more concepts and their relationships, such as 'yellow OR wheel' or 'blue NOT green'. I will. When creating an account, you need a secure device and communication environment.
When the user using the HMD actually tries to authenticate, ZeTA presents a simple task, which the user answers with 'yes' or 'no'. For example, if the secret is 'Yellow or Wheel' and the assignment is 'Sunflower', the answer is 'Yes' because sunflowers are generally yellow flowers. You will be asked these questions several times and only if the user answers correctly will authentication be completed.
Using this method, the only information exchanged during the authentication process is the words 'sunflower' and 'yes', and the essential secret is not directly exchanged. Therefore, even if the server is safe, even in a public space where it is more secure than an authentication system that exchanges the password itself, there is a possibility that hand movements can be sniffed, and free Wi-Fi where communication may be compromised You can safely authenticate.
There is a 50% chance of spoofing because there are two choices, 'yes/no' for a single question, but it is possible to reduce the possibility of spoofing by repeating the number of questions. According to the research team, if you do not tolerate even one mistake, you can secure the same level of security as a general PIN code with 14 questions.
ZeTA, which is based on the knowledge of the user, can be authenticated by a simple question, but sometimes the cultural differences are an obstacle. For example, some sunflowers may appear white or red, so some users may think that sunflowers are not yellow. In the future, the research team plans to evaluate ZeTA's balance of usability and security with an approach that focuses on the differences between various cultures.
Related Posts:
in Security, Posted by log1l_ks