Abstract
There is a growing need for usable and secure authentication in virtual reality (VR). Established concepts (e.g., 2D graphical PINs) are vulnerable to observation attacks, and proposed alternatives are relatively slow. We present RubikAuth, a novel authentication scheme for VR where users authenticate quickly by selecting digits from a virtual 3Dcube that is manipulated with a handheld controller. We report two studies comparing how pointing using gaze, headpose, and controller tapping impacts RubikAuth’s usability and observation resistance under three realistic threat models. Entering a four-symbol RubikAuth password is fast:1.69 s to 3.5 s using controller tapping, 2.35 s to 4.68 s using head pose, and 2.39 s to 4.92 s using gaze and highly resilient to observations; 97.78% to 100% of observation attacks were unsuccessful. Our results suggest that providing attackers with support material contributes to more realistic security evaluations.
| Original language | English |
|---|---|
| Title of host publication | CHI EA '20: Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing Systems |
| Publisher | Association for Computing Machinery (ACM) |
| Number of pages | 9 |
| ISBN (Print) | 9781450368193 |
| DOIs | |
| Publication status | Published - 25 Apr 2020 |
| Event | ACM CHI Conference on Human Factors in Computing Systems - Hawaiʻi Convention Center on the island of Oahu, Honolulu, United States Duration: 25 Apr 2020 → 30 Apr 2020 https://chi2020.acm.org/ |
Conference
| Conference | ACM CHI Conference on Human Factors in Computing Systems |
|---|---|
| Abbreviated title | CHI 2020 |
| Country/Territory | United States |
| City | Honolulu |
| Period | 25/04/20 → 30/04/20 |
| Internet address |
Keywords / Materials (for Non-textual outputs)
- Usable Security
- Authentication
- Virtual Reality