Cyber Security Threats and Challenges in Collaborative Mixed-Reality

Collaborative Mixed-Reality (CMR) applications are gaining interest in a wide range of areas including games, social interaction, design and health-care. To date, the vast majority of published work has focused on display technology advancements, software, collaboration architectures and applications. However, the potential security concerns that affect collaborative platforms have received limited research attention. In this position paper, we investigate the challenges posed by cyber-security threats to CMR systems. We focus on how typical network architectures facilitating CMR and how their vulnerabilities can be exploited by attackers, and discuss the degree of potential social, monetary impacts, psychological and other harms that may result from such exploits. The main purpose of this paper is to provoke a discussion on CMR security concerns. We highlight insights from a cyber-security threat modelling perspective and also propose potential directions for research and development toward better mitigation strategies. We present a simple, systematic approach to understanding a CMR attack surface through an abstraction-based reasoning framework to identify potential attack vectors. Using this framework, security analysts, engineers, designers and users alike (stakeholders) can identify potential Indicators of Exposures (IoE) and Indicators of Compromise (IoC). Our framework allows stakeholders to reduce their CMR attack surface as well understand how Intrusion Detection System (IDS) approaches can be adopted for CMR systems. To demonstrate the validity to our framework, we illustrate several CMR attack surfaces through a set of use-cases. Finally, we also present a discussion on future directions this line of research should take.

[1]  Albert Rizzo,et al.  A SWOT Analysis of the Field of Virtual Rehabilitation and Therapy. , 2005 .

[2]  Helen J. Wang,et al.  Enabling Fine-Grained Permissions for Augmented Reality Applications with Recognizers , 2013, USENIX Security Symposium.

[3]  S. Forsythe,et al.  Adoption of Virtual Try-on technology for online apparel shopping , 2008 .

[4]  Michael Goldsmith The perfect spy for model−checking crypto−protocols , 1997 .

[5]  David W. Chadwick,et al.  An architecture for privacy-preserving sharing of CTI with 3rd party analysis services , 2017, 2017 12th International Conference for Internet Technology and Secured Transactions (ICITST).

[6]  Ben D. Lawson,et al.  Motion Sickness Symptomatology and Origins , 2014, Handbook of Virtual Environments, 2nd ed..

[7]  Thomas Chesney,et al.  Griefing in virtual worlds: causes, casualties and coping strategies , 2009, Inf. Syst. J..

[8]  Steve Pettifer,et al.  DEVA3: architecture for a large-scale distributed virtual reality system , 2000, VRST '00.

[9]  EMMANOUIL VASILOMANOLAKIS,et al.  Taxonomy and Survey of Collaborative Intrusion Detection , 2015, ACM Comput. Surv..

[10]  Ricardo Neisse,et al.  Ethical Design in the Internet of Things , 2016, Science and Engineering Ethics.

[11]  N. Tarrier,et al.  Virtual reality in mental health , 2007, Social Psychiatry and Psychiatric Epidemiology.

[12]  Helen J. Wang,et al.  World-Driven Access Control for Continuous Sensing , 2014, CCS.

[13]  Mehdi Bennis,et al.  Toward Interconnected Virtual Reality: Opportunities, Challenges, and Enablers , 2016, IEEE Communications Magazine.

[14]  Michael Madary,et al.  Real Virtuality: A Code of Ethical Conduct. Recommendations for Good Scientific Practice and the Consumers of VR-Technology , 2016, Front. Robot. AI.

[15]  Jeannette M. Wing,et al.  An Attack Surface Metric , 2011, IEEE Transactions on Software Engineering.

[16]  Clifton L. Smith Understanding concepts in the defence in depth strategy , 2003, IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings..

[17]  Gary McGraw,et al.  Exploiting Online Games , 2007, USENIX Annual Technical Conference.

[18]  Lynne D. Roberts,et al.  Fear of Cyber-Identity Theft and Related Fraudulent Activity , 2013 .

[19]  Chen Zhao Cyber security issues in online games , 2018 .

[20]  S. R. Ellis,et al.  Nature and origins of virtual environments: a bibliographical essay , 1995 .

[21]  N. Persily The 2016 U.S. Election: Can Democracy Survive the Internet? , 2017 .

[22]  Jeff Yan,et al.  Security design in online games , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[23]  Brian Randell,et al.  A systematic classification of cheating in online games , 2005, NetGames '05.

[24]  Hamido Fujita,et al.  Virtual Doctor System (VDS): Framework on Reasoning issues , 2010 .

[25]  Yulia Cherdantseva,et al.  Secure*BPMN : a graphical extension for BPMN 2.0 based on a reference model of information assurance & security , 2014 .

[26]  Tadayoshi Kohno,et al.  Security and privacy for augmented reality systems , 2014, Commun. ACM.

[27]  Tim Szigeti,et al.  Cisco TelePresence Fundamentals , 2009 .

[28]  R. Balicer Modeling infectious diseases dissemination through online role-playing games. , 2007, Epidemiology.

[29]  Sadie Creese,et al.  Cyber Harm: Concepts, Taxonomy and Measurement , 2016 .

[30]  Karen A. Scarfone,et al.  An analysis of CVSS version 2 vulnerability scoring , 2009, ESEM 2009.

[31]  Chris Greenhalgh,et al.  Inside MASSIVE-3: flexible support for data consistency and world structuring , 2000, CVE '00.

[32]  Tim Oates,et al.  Early Detection of Cybersecurity Threats Using Collaborative Cognition , 2018, 2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC).

[33]  Kanchana Thilakarathna,et al.  Security and Privacy Approaches in Mixed Reality , 2018, ACM Comput. Surv..

[34]  Jason R. C. Nurse,et al.  Cyber Security Awareness Campaigns: Why do they fail to change behaviour? , 2014, ArXiv.

[35]  Sadie Creese,et al.  An Ethics Framework for Research into Heterogeneous Systems , 2018, IoT 2018.

[36]  Michael Zyda,et al.  NPSNET:A Network Software Architecture for LargeScale Virtual Environments , 1994, Presence: Teleoperators & Virtual Environments.

[37]  Chong Kuan Chen,et al.  IoT Security: Ongoing Challenges and Research Opportunities , 2014, 2014 IEEE 7th International Conference on Service-Oriented Computing and Applications.

[38]  D. Freeman Studying and Treating Schizophrenia Using Virtual Reality: A New Paradigm , 2007, Schizophrenia bulletin.

[39]  Gerard Jounghyun Kim,et al.  A SWOT Analysis of the Field of Virtual Reality Rehabilitation and Therapy , 2005, Presence: Teleoperators & Virtual Environments.

[40]  Fred Cohen,et al.  Information system defences: A preliminary classification scheme , 1997, Comput. Secur..

[41]  Steve Benford,et al.  User embodiment in collaborative virtual environments , 1995, CHI '95.

[42]  Hae Young Noh,et al.  Do You Feel What I Hear? Enabling Autonomous IoT Device Pairing Using Different Sensor Types , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[43]  Christopher Leckie,et al.  A survey of coordinated attacks and collaborative intrusion detection , 2010, Comput. Secur..

[44]  Sadie Creese,et al.  Dynamic Re-planning for Cyber-Physical Situational Awareness , 2017, 2017 International Conference on Computational Science and Computational Intelligence (CSCI).

[45]  Steve Benford,et al.  An access control framework for multi-user collaborative environments , 1999, GROUP.

[46]  Peng Jiang,et al.  A Survey on the Security of Blockchain Systems , 2017, Future Gener. Comput. Syst..

[47]  Gabriel Zachmann,et al.  Virtual reality as a tool for verification of assembly and maintenance processes , 1999, Comput. Graph..

[48]  Cynthia Wagner,et al.  MISP: The Design and Implementation of a Collaborative Threat Intelligence Sharing Platform , 2016, WISCS@CCS.

[49]  Justin W. Patchin,et al.  Bullying, Cyberbullying, and Suicide , 2010, Archives of suicide research : official journal of the International Academy for Suicide Research.

[50]  Eric T Lofgren,et al.  The untapped potential of virtual game worlds to shed light on real world epidemics. , 2007, The Lancet. Infectious diseases.

[51]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[52]  Hirokazu Kato,et al.  Collaborative Mixed Reality , 1999 .

[53]  Steve Pettifer,et al.  A network architecture supporting consistent rich behavior in collaborative interactive applications , 2006, IEEE Transactions on Visualization and Computer Graphics.

[54]  Omar Alrawi,et al.  SoK: Security Evaluation of Home-Based IoT Deployments , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[55]  Helen J. Wang,et al.  Operating System Support for Augmented Reality Applications , 2013, HotOS.

[56]  N. Magnenat-Thalmann,et al.  E-TAILOR: Integration of 3D Scanners, CAD and Virtual-Try-on Technologies for Online Retailing of Made-to-Measure Garments , 2003 .

[57]  Tadayoshi Kohno,et al.  Securing Augmented Reality Output , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[58]  Joaquim A. Jorge,et al.  Analysis Domain Model for Shared Virtual Environments , 2009, Int. J. Virtual Real..

[59]  Greg Madey,et al.  Discretionary Access Controls for a Collaborative Virtual Environment , 2010 .

[60]  Shun-Yun Hu,et al.  VON: a scalable peer-to-peer network for virtual environments , 2006, IEEE Network.

[61]  Hyun-Jin Choi,et al.  Security issues in online games , 2002, Electron. Libr..

[62]  FischerMathias,et al.  Taxonomy and Survey of Collaborative Intrusion Detection , 2015 .

[63]  Quinn DuPont Experiments in algorithmic governance : A history and ethnography of “The DAO,” a failed decentralized autonomous organization , 2017 .

[64]  Charlie Miller,et al.  Reducing the Attack Surface in Massively Multiplayer Online Role-Playing Games , 2009, IEEE Security & Privacy.

[65]  Jonathan Steuer,et al.  Defining virtual reality: dimensions determining telepresence , 1992 .

[66]  Steve Benford,et al.  Shared spaces: transportation, artificiality, and spatiality , 1996, CSCW '96.

[67]  Steve Pettifer,et al.  Collaborative access model for shared virtual environments , 2001, Proceedings Tenth IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises. WET ICE 2001.

[68]  James Bret Michael,et al.  Security of runtime extensible virtual environments , 2002, CVE '02.

[69]  Jeremy Hilton,et al.  A Reference Model of Information Assurance & Security , 2013, 2013 International Conference on Availability, Reliability and Security.

[70]  Sadie Creese,et al.  Sonification in security operations centres: what do security practitioners think? , 2018, ArXiv.

[71]  Anthony Steed,et al.  Networked Graphics - Building Networked Games and Virtual Environments , 2009 .

[72]  David A. Bray,et al.  Second Life and Other Virtual Worlds: A Roadmap for Research , 2007, Commun. Assoc. Inf. Syst..

[73]  Vincent G. Duffy,et al.  An Internet virtual reality collaborative environment for effective product design , 2001, Comput. Ind..

[74]  Helen J. Wang,et al.  SurroundWeb: Mitigating Privacy Concerns in a 3D Web Browser , 2015, 2015 IEEE Symposium on Security and Privacy.

[75]  Thierry Duval,et al.  Why should we use 3D Collaborative Virtual Environments for Cyber Security? , 2018, 2018 IEEE Fourth VR International Workshop on Collaborative Virtual Environments (3DCVE).

[76]  A. Beaton,et al.  The psychological impact of burglary , 2000 .

[77]  Fred Cohen,et al.  Information system attacks: A preliminary classification scheme , 1997, Comput. Secur..

[78]  P. Milgram,et al.  A Taxonomy of Mixed Reality Visual Displays , 1994 .

[79]  Ivan Martinovic,et al.  HoloPair: Securing Shared Augmented Reality Using Microsoft HoloLens , 2017, ACSAC.

[80]  Mary C. Whitton,et al.  Effective Cooperative Haptic Interaction over the Internet , 2007, 2007 IEEE Virtual Reality Conference.

[81]  Eric Michael Hutchins,et al.  Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains , 2010 .

[82]  Jeroen van den Hoven,et al.  Fact sheet-Ethics Subgroup IoT-Version 4 . 0 1 , 2012 .

[83]  Ronald R. Mourant,et al.  Human Factors Issues in Virtual Environments: A Review of the Literature , 1998, Presence.

[84]  Tadayoshi Kohno,et al.  Arya: Operating System Support for Securely Augmenting Reality , 2018, IEEE Security & Privacy.

[85]  Seng-Phil Hong,et al.  Access control in collaborative systems , 2005, CSUR.

[86]  Edson C. Tandoc,et al.  Facebook use, envy, and depression among college students: Is facebooking depressing? , 2015, Comput. Hum. Behav..

[87]  James A. Ferwerda,et al.  Three varieties of realism in computer graphics , 2003, IS&T/SPIE Electronic Imaging.

[88]  Vance Stevens,et al.  Second Life in Education and Language Learning , 2006 .

[89]  S. R. Ellis Nature and origins of virtual environments: a bibliographical essay , 1991 .

[90]  Anurag Agarwal,et al.  The Internet of Things—A survey of topics and trends , 2014, Information Systems Frontiers.