Abstract
As the next development of the Internet, metaverse aims to construct an immersive, hyper-realistic, self-sustaining virtual space. In this space, humans can work, social and entertainment. Over the years, with the continuous development and emergence of various technologies, the realization of metaverse has become possible, and has attracted the attention of researchers. However, the privacy and security problems existing in the Internet world are no exception in metaverse, and even more serious problems will arise in metaverse. In this paper we comprehensively summarize the security and privacy threats in metaverse. Specifically we proposes a three-stage metaverse framework according to the user usage process, including: Ambient Perception, Avatar-Enabled Playing and Virtually Feedback. Meanwhile we point out and summarized the security and privacy issues in metaverse under three-stage framework and the according solutions to key challenges.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Yang, Q., et al.: Fusing blockchain and AI with metaverse: A survey. IEEE Open Journal of the Computer Society 3, 122–136 (2022)
Stephenson, N.: Snow crash: A novel. Spectra (2003)
Lee, L.H., et al.: All one needs to know about metaverse: a complete survey on technological singularity, virtual ecosystem, and research agenda. Computers and Society (2021)
Mohammadi, N., Taylor, J.E.: Thinking fast and slow in disaster decision-making with Smart City Digital Twins. Nature Comput. Sci. 1(12), 771–773 (2021)
Grieves, M., Vickers, J.: Digital twin: Mitigating unpredictable, undesirable emergent behavior in complex systems. Transdisc. Perspect. Complex Syst. New Find. Approaches, 85–113 (2017)
Leenes, R., Fischer-Huebner, S., Duquenoy, P., Zuccato, A., Martucci, L.: Privacy in the metaverse: regulating a complex social construct in a virtual world. In: FIDIS (2007)
Falchuk, B., Loeb, S., Neff, R.: The social metaverse: Battle for privacy. IEEE Technol. Soc. Maga. 37(2), 52–61 (2018)
Hu, P., Li, H., Fu, H., Cansever, D., Mohapatra, P.: Dynamic defense strategy against advanced persistent threat with insiders. In: International Conference on Computer Communications (2015)
Dionisio, J.D.N., Burns, W.G., Gilbert, R.L.: 3d virtual worlds and the metaverse: current status and future possibilities. ACM Comput. Surv. 45, 1–38 (2013)
Nevelsteen, K.J.L.: Virtual world, defined from a technological perspective and applied to video games, mixed reality, and the Metaverse. Comput. Animat. Virtual Worlds 29(1), e1752 (2018)
Ning, H., et al.: A survey on the metaverse: the state-of-the-art, technologies, applications, and challenges. IEEE Internet Things J. 10, 14671–14688 (2023)
Bourlakis, M., Papagiannidis, S., Li, F.: Retail spatial evolution: paving the way from traditional to metaverse retailing. Electron. Commer. Res. 9, 135–148 (2009)
DÃaz, J., Saldaña, C., Avila, C.: Virtual world as a resource for hybrid education. Int. J. Emerg. Technol. Learn. (iJET) 15(15), 94–109 (2020)
Duan, H., et al.: Metaverse for social good: a university campus prototype. In: Proceedings of the 29th ACM International Conference on Multimedia (2021)
Park, S.M., Kim, Y.G.: A metaverse: taxonomy, components, applications, and open challenges. IEEE Access 10, 4209–4251 (2022)
Wang, Y., Su, Z., Zhang, N., Xing, R., Liu, D., Luan, T.H., Shen, X.: A survey on metaverse: fundamentals, security, and privacy. IEEE Commun. Surv. Tutor. 25, 319–352 (2022)
Janin, A.L., Mizell, D.W., Caudell, T.P.: Calibration of head-mounted display for augmented reality applications. In: Virtual Reality Annual International Symposium, 1993. IEEE (1993)
de Guzman, J.A., Thilakarathna, K., Seneviratne, A.: Security and privacy approaches in mixed reality: a literature survey. ACM Comput. Surv. 52, 1–37 (2019)
de Guzman, J.A., Seneviratne, A., Thilakarathna, K.: Unravelling spatial privacy risks of mobile mixed reality data. In: Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (2021)
Sikder, A.K., Petracca, G., Aksu, H., Jaeger, T., Uluagac, A.S.: A survey on sensor-based threats to internet-of-things (iot) devices and applications. Cryptography and Security (2018)
Pan, Z., Cheok, A.D., Yang, H., Zhu, J., Shi, J.: Virtual reality and mixed reality for virtual learning environments. Comput. Graph. 30(1), 20–28 (2006)
Lau, F., Rubin, S., Smith, M., Trajkovic, L.: Distributed denial of service attacks. In: Systems Man and Cybernetics (2000)
Schwarcz, D.: Transparently opaque: understanding the lack of transparency in insurance consumer protection. Social Sci. Res. Netw. (2013)
Shostack, A.: Elevation of privilege: drawing developers into threat modeling. In: Genetics Selection Evolution (2014)
Barbeau, M., Hall, J., Kranakis, E.: Detecting impersonation attacks in future wireless and mobile networks. In: Burmester, M., Yasinsac, A. (eds.) MADNES 2005. LNCS, vol. 4074, pp. 80–95. Springer, Heidelberg (2006). https://doi.org/10.1007/11801412_8
Gulhane, A., et al.: Security, privacy and safety risk assessment for virtual reality learning environment applications. In: Consumer Communications and Networking Conference (2019)
Casey, P., Baggili, I., Yarramreddy, A.: Immersive virtual reality attacks and the human joystick. IEEE Trans. Depend. Secure Comput. 18(2), 550–562 (2019)
Valluripally, S., Gulhane, A., Hoque, K.A., Calyam, P.: Modeling and defense of social virtual reality attacks inducing cybersickness. IEEE Trans. Depend. Secure Comput. 19(6), 4127–4144 (2021)
Lebeck, K., Ruth, K., Kohno, T., Roesner, F.: Towards security and privacy for multi-user augmented reality: foundations with end users. In: IEEE Symposium on Security and Privacy (2018)
Schmalstieg, D., Hollerer, T.: Augmented Reality: Principles and Practice. Addison-Wesley Professional, Boston (2016)
Hasan, R., Saxena, N., Haleviz, T., Zawoad, S., Rinehart, D.: Sensing-enabled channels for hard-to-detect command and control of mobile devices. In: Computer and Communications Security (2013)
Deshotels, L.: Inaudible sound as a covert channel in mobile devices. In: WOOT’14 Proceedings of the 8th USENIX conference on Offensive Technologies (2014)
Subramanian, V., Uluagac, S., Cam, H., Beyah, R.: Examining the characteristics and implications of sensor side channels. In: International Conference on Communications (2013)
Figueiredo, L.S., Livshits, B., Molnar, D., Veanes, M.: Prepose: privacy, security, and reliability for gesture-based programming. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 122–137. IEEE (2016)
Samarati, P.: Protecting respondents identities in microdata release. IEEE Trans. Knowl. Data Eng. 13(6), 1010–1027 (2001)
Yan, F., Zhang, H., Zhao, B.: A secure multi-party computing model based on trusted computing platform. In: 2009 Ninth IEEE International Conference on Computer and Information Technology, vol. 2, pp. 318–322. IEEE (2009)
Li, T., Sahu, A.K., Talwalkar, A., Smith, V.: Federated learning: challenges, methods, and future directions. IEEE Signal Process. Mag. 37(3), 50–60 (2020)
Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Symposium on the Theory of Computing (2009)
George, C., et al.: Seamless and secure vr: adapting and evaluating established authentication systems for virtual reality. In: NDSS (2017)
Gaebel, E., Zhang, N., Lou, W., Hou, Y.T.: Looks good to me: authentication for augmented reality. In Proceedings of the 6th International Workshop on Trustworthy Embedded Devices, pp. 57–67 (2016)
Pearson, J., et al.: Chameleon devices: investigating more secure and discreet mobile interactions via active camouflaging. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 5184–5196 (2017)
Forte, A.G., Garay, J.A., Jim, T., Vahlis, Y.: EyeDecrypt — private interactions in plain sight. In: Abdalla, M., De Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 255–276. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10879-7_15
Maloney, D., Zamanifard, S., Freeman, G.: Anonymity vs. familiarity: self-disclosure and privacy in social virtual reality. Virtual Reality Softw. Technol. (2020)
Ruth, K., Kohno, T., Roesner, F.: Secure multi-user content sharing for augmented reality applications. In: Usenix Security Symposium (2019)
Lampson, B.W.: Protection. ACM SIGOPS Oper. Syst. Rev. 8(1), 18–24 (1974)
Sikder, A.K., Aksu, H., Uluagac, A.S.: 6thsense: a context-aware sensor-based attack detector for smart devices. In: Usenix Security Symposium (2017)
Zafar, Y., Har, D.: A novel countermeasure enhancing side channel immunity in FPGAs. In: 2008 International Conference on Advances in Electronics and Micro-Electronics (2008)
Giuseppe, P., Lisa, M.M., Ananthram, S., Trent, J.: Agility maneuvers to mitigate inference attacks on sensed location data. In: IEEE Conference Proceedings (2016)
Lebeck, K., et al.: Securing augmented reality output. In: 2017 IEEE Symposium on Security and Privacy (SP). IEEE (2017)
Ahn, S., Gorlatova, M., Naghizadeh, P., Chiang, M., Mittal, P.: Adaptive fog-based output security for augmented reality. In: ACM Special Interest Group on Data Communication (2018)
Wang, X., Yang, Y., Zeng, Y., Tang, C., Shi, J., Xu, K.: A novel hybrid mobile malware detection system integrating anomaly detection with misuse detection (2015)
Sundarkumar, G.G., Ravi, V., Nwogu, I., Govindaraju, V.: Malware detection via api calls, topic models and machine learning. In: Conference on Automation Science and Engineering (2015)
Almeida, V., Filgueiras, F., Doneda, D.: The ecosystem of digital content governance. IEEE Internet Comput. 25(3), 13–17 (2021)
Woo, G., Lippman, A., Raskar, R.: Vrcodes: unobtrusive and active visual codes for interaction by exploiting rolling shutter. In: 2012 IEEE International Symposium on Mixed and Augmented Reality (ISMAR), pp. 59–64. IEEE (2012)
Lebeck, K., et al.: Towards security and privacy for multi-user augmented reality: foundations with end users. In: 2018 IEEE Symposium on Security and Privacy (SP). IEEE (2018)
Sun, M., Zheng, M., Lui, J.C.S., Jiang, X.: Design and implementation of an android host-based intrusion prevention system. In: Annual Computer Security Applications Conference (2014)
Wu, W.-C., Hung, S.-H.: Droiddolphin: a dynamic android malware detection framework using big data and machine learning. In: Research in Adaptive and Convergent Systems (2014)
Acknowledgements
This work is supported by the National Natural Science Foundation of China (No. 62172155, 62072465, 62102325), the Natural Science Foundation of Hunan Province (No. 2022JJ40564) and the Science and Technology Innovation Program of Hunan Province (Nos. 2022RC3061, 2021RC2071).
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Liu, K., Zheng, T., Zhou, T., Liu, C., Liu, F., Cai, Z. (2024). The Security and Privacy Concerns on Metaverse. In: Jin, H., Pan, Y., Lu, J. (eds) Computer Networks and IoT. IAIC 2023. Communications in Computer and Information Science, vol 2060. Springer, Singapore. https://doi.org/10.1007/978-981-97-1332-5_23
Download citation
DOI: https://doi.org/10.1007/978-981-97-1332-5_23
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-97-1331-8
Online ISBN: 978-981-97-1332-5
eBook Packages: Computer ScienceComputer Science (R0)