Unsure How to Authenticate on Your VR Headset?: Come on, Use Your Head!

For security-sensitive Virtual Reality (VR) applications that require the end-user to enter authenticatioan credentials within the virtual space, a VR user's inability to see (potentially malicious entities in) the physical world can be discomforting, and in the worst case could potentially expose the VR user to visual attacks. In this paper, we show that the head, hand and (or) body movement patterns exhibited by a user freely interacting with a VR application contain user-specific information that can be leveraged for user authentication. For security-sensitive VR applications, we argue that such functionality can be used as an added layer of security that minimizes the need for entering the PIN. Based on a dataset of 23 users who interacted with our VR application for two sessions over a period of one month, we obtained mean equal error rates as low as 7% when we authenticated users based on their head and body movement patterns.

[1]  Rama Chellappa,et al.  Active user authentication for smartphones: A challenge data set and benchmark results , 2016, 2016 IEEE 8th International Conference on Biometrics Theory, Applications and Systems (BTAS).

[2]  Xiaoming Liu,et al.  On Continuous User Authentication via Typing Behavior , 2014, IEEE Transactions on Image Processing.

[3]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[4]  Ashwin Ashok,et al.  Demo of Headbanger: Authenticating smart wearable devices using unique head movement patterns , 2016, 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops).

[5]  Magesh Chandramouli,et al.  A Desktop VR-based HCI framework for programming instruction , 2015, 2015 IEEE Integrated STEM Education Conference.

[6]  Vir V. Phoha,et al.  fNIRS: A new modality for brain activity-based biometric authentication , 2015, 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS).

[7]  Rajesh Kumar,et al.  Beware, Your Hands Reveal Your Secrets! , 2014, CCS.

[8]  Rama Chellappa,et al.  Face-based Active Authentication on mobile devices , 2015, 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[9]  Ashwin Ashok,et al.  Whose move is it anyway? Authenticating smart wearable devices using unique head movement patterns , 2016, 2016 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[10]  Xiaojiang Chen,et al.  Cracking Android Pattern Lock in Five Attempts , 2017, NDSS.

[11]  Judy M. Vance,et al.  Industry use of virtual reality in product design and manufacturing: a survey , 2017, Virtual Reality.

[12]  J. Fung,et al.  Navigating and shopping in a complex virtual urban mall to evaluate cognitive functions , 2013, 2013 International Conference on Virtual Rehabilitation (ICVR).

[13]  Sahin Albayrak,et al.  Continuous and non-intrusive identity verification in real-time environments based on free-text keystroke dynamics , 2011, 2011 International Joint Conference on Biometrics (IJCB).

[14]  Walter J. Greenleaf,et al.  How VR technology will transform healthcare , 2016, SIGGRAPH VR Village.

[15]  Ronggong Song,et al.  Online gaming cheating and security issue , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[16]  Nadia Magnenat-Thalmann,et al.  Reputation mechanism for e-commerce in virtual reality environments , 2014, Electron. Commer. Res. Appl..

[17]  Rama Chellappa,et al.  Partial face detection for continuous authentication , 2016, 2016 IEEE International Conference on Image Processing (ICIP).

[18]  Bogdan Hoanca,et al.  Real-time continuous iris recognition for authentication using an eye tracker , 2012, CCS '12.

[19]  Vir V. Phoha,et al.  Which verifiers work?: A benchmark evaluation of touch-based authentication algorithms , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[20]  Qun Li,et al.  GlassGesture: Exploring head gesture interface of smart glasses , 2016, 2016 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[21]  Isao Nakanishi,et al.  EEG based biometric authentication using new spectral features , 2009, 2009 International Symposium on Intelligent Signal Processing and Communication Systems (ISPACS).

[22]  Lama Nachman,et al.  Unobtrusive gait verification for mobile phones , 2014, SEMWEB.

[23]  Ivan Martinovic,et al.  Preventing Lunchtime Attacks: Fighting Insider Threats With Eye Movement Biometrics , 2015, NDSS.

[24]  Sheikh Iqbal Ahamed,et al.  ePet: when cellular phone learns to recognize its owner , 2009, SafeConfig '09.