Go to DBLP homepageContinuous Authentication for Secure and Seamless User-Avatar Integration in Multidevice Metaverses
Abstract: The metaverse connects the virtual and real worlds, enabling users to interact as avatars across multiple devices, including smartphones, head-mounted displays (HMDs), and other devices. While multidevice access enhances convenience, it also expands attack surfaces, increasing security risks. Continuous authentication is crucial, but traditional methods like fuzzy extractors struggle with dynamic data, making reliable identification difficult. Moreover, conventional authentication focuses on user-side verification, failing to detect avatar manipulation attacks like avatar hijacking. This article proposes a continuous authentication system that integrates user and avatar behavior data in multidevice environments. A transformer-based embedding model processes data on edge devices and securely transmits it via JSON Web tokenss (JWTs). The authentication model binds user and avatar data in real-time to compute confidence scores and detect avatar manipulation. We implemented a VRSpace-based metaverse on NGINX and conducted simulations using open datasets—HMOG, Liebers, and BOXRR—to evaluate authentication accuracy and continuity. The Smartphone+ HMD_6DoF+Avt_act+Window_(20) model achieved an average false acceptance rate (FAR) of 0.0034%, an equal error rate (EER) of 0.3386%, and an attack detection rate (ADR) of up to 97.67% for avatar manipulation detection. Based on our work, industry-driven research is expected to explore real-world applications, further validating our approach in evolving multidevice metaverse ecosystems.
External IDs:dblp:journals/iotj/HwangKK25
Loading