Abstract
Virtual Worlds (VWs) are persistent, immersive digital environments, in which people utilise digital representation of themselves. Current management of VW identity is very limited, and security issues arise, such as identity theft. This paper proposes a two-factor user authentication scheme based on One Time Passwords (OTPs), exploiting a Smart Card Web Server (SCWS) hosted on the tamper-resistant Subscriber Identity Module (SIM) within the user’s mobile phone. Additionally, geolocation attributes are used to compare phone and PC locations, introducing another obstacle for an attacker. A preliminary security analysis is done on the protocol, and future work is identified.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bell, M.: Virtual Worlds Research: Past, Present & Future July 2008: Toward a definition of “Virtual Worlds” (2008)
KZero: Virtual worlds: Industry and user data universe (March 2012)
Second Life Official Website, http://www.secondlife.com/
World of Warcraft, http://eu.battle.net/wow/en/
McGraw, G., Chow, M.: Guest editors’ introduction: Securing online games: Safeguarding the future of software security: How world of warcraft almost ruined my credit rating. IEEE Security & Privacy, 11–12 (2009)
Jorstad, I., Jonvik, T., et al.: Strong authentication with mobile phone as security token. In: Mobile Adhoc and Sensor Systems, MASS 2009, pp. 777–782. IEEE (2009)
Vapen, A., Byers, D., Shahmehri, N.: 2-clickauth optical challenge-response authentication. In: Availability, Reliability, and Security, ARES 2010, pp. 79–86. IEEE (2010)
Juniper Networks Inc.: Mobile Threats Report (2011)
Open Mobile Alliance: Smartcard-Web-Server, Candidate Version 1.2, OMA-TS-Smartcard_Web_Server-V1_1_2-20120927-C, Open Mobile Alliance (OMA), Version 1.2 (September 27, 2012)
Neustar: IP Geolocation: A Valuable Weapon to Fight Online Card-Not-Present Payment Fraud, http://www.neustar.biz/enterprise/docs/whitepapers/ip-intelligence/geolocation-detecting-card-not-present-fraud.pdf
Mayes, K.E., Markantonakis, K. (eds.): Smart Cards, Tokens, Security and Applications. Springer (2008)
Calvin, J., Dickens, A., Gaines, B., Metzger, P., Miller, D., Owen, D.: The SIMNET virtual world architecture. In: Virtual Reality Annual International Symposium, pp. 450–455. IEEE (1993)
Frecon, E., Stenius, M.: DIVE: A scaleable network architecture for distributed virtual environments. In: Distributed Systems Engineering 5.3 (1998)
Fernandes, S., Antonello, R., Moreira, J., Kamienski, C., Sadok, D.: Traffic analysis beyond this world: the case of Second Life. In: 17th International Workshop on Network and Operating Systems Support for Digital Audio and Video. University of Illinois, Urbana-Champaign (2007)
RFC 2818: Hypertext Transfer Protocol over TLS protocol (May 2000), http://www.ietf.org/rfc/rfc2818.txt
Oracle: Javacard v3.0 specifications, http://www.oracle.com/technetwork/java/javame/javacard/download/overview/index.html
GlobalPlatform: Remote Application Management over HTTP Card Specification v2.2 Amendment B Version 1.1.1 (2012)
RFC 4226: HOTP: An HMAC-Based One-Time Password Algorithm (December 2005), http://www.ietf.org/rfc/rfc4226.txt
OWASP, The Open Web Application Security Project: OWASP Top Ten Project, https://www.owasp.org
Shetty, S.: Symantec: Introduction to Spyware Keyloggers (November 2010), http://www.symantec.com/connect/articles/introduction-spyware-keyloggers
Goodin, D.: Crack in Internet’s foundation of trust allows HTTPS session hijacking (September 2012), http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/
SANS Institute InfoSec Reading Room: Introduction to IP Spoofing (November 2000)
Gill, P., Ganjali, Y., Wong, B., Lie, D.: Dude, where’s that IP? Circumventing measurement-based IP geolocation. In: Proceedings of the 19th USENIX Conference on Security, Berkeley, CA, USA (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kyrillidis, L., Hili, G., Cobourne, S., Mayes, K., Markantonakis, K. (2013). Virtual World Authentication Using the Smart Card Web Server. In: Thampi, S.M., Atrey, P.K., Fan, CI., Perez, G.M. (eds) Security in Computing and Communications. SSCC 2013. Communications in Computer and Information Science, vol 377. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40576-1_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-40576-1_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40575-4
Online ISBN: 978-3-642-40576-1
eBook Packages: Computer ScienceComputer Science (R0)