VibHead: An Authentication Scheme for Smart Headsets through Vibration
Article No.: 91, Pages 1 - 21
Abstract
Recent years have witnessed the fast penetration of Virtual Reality (VR) and Augmented Reality (AR) systems into our daily life, the security and privacy issues of the VR/AR applications have been attracting considerable attention. Most VR/AR systems adopt head-mounted devices (i.e., smart headsets) to interact with users and the devices usually store the users’ private data. Hence, authentication schemes are desired for the head-mounted devices. Traditional knowledge-based authentication schemes for general personal devices have been proved vulnerable to shoulder-surfing attacks, especially considering the headsets may block the sight of the users. Although the robustness of the knowledge-based authentication can be improved by designing complicated secret codes in virtual space, this approach induces a compromise of usability. Another choice is to leverage the users’ biometrics; however, it either relies on highly advanced equipments which may not always be available in commercial headsets or introduce heavy cognitive load to users.
In this paper, we propose a vibration-based authentication scheme, VibHead, for smart headsets. Since the propagation of vibration signals through human heads presents unique patterns for different individuals, VibHead employs a CNN-based model to classify registered legitimate users based the features extracted from the vibration signals. We also design a two-step authentication scheme where the above user classifiers are utilized to distinguish the legitimate user from illegitimate ones. We implement VibHead on a Microsoft HoloLens equipped with a linear motor and an IMU sensor which are commonly used in off-the-shelf personal smart devices. According to the results of our extensive experiments, with short vibration signals (≤1s), VibHead has an outstanding authentication accuracy; both FAR and FRR are around 5%.
References
[1]
N. Babich. 2019. How VR in Education Will Change How We Learn and Teach. https://xd.adobe.com/ideas/principles/emerging-technology/virtual-reality-will-change-learn-teach/. (2019).
[2]
H. Cao, H. Jiang, D. Liu, and J. Xiong. 2021. Evidence in hand: Passive vibration response-based continuous user authentication. In Proc. of the 41st IEEE ICDCS. 1020–1030.
[3]
Supply Chain Game Changer. 2020. Virtual reality (VR) is enhancing e-commerce shopping! https://supplychaingamechanger.com/how-virtual-reality-vr-is-drastically-enhancing-the-e-commerce-shopping-experience-infographic/. (2020).
[4]
W. Chen, M. Guan, Y. Huang, L. Wang, R. Ruby, W. Hu, and K. Wu. 2018. ViType: A cost efficient on-body typing system through vibration. In Proc. of the 15th IEEE SECON. 19–27.
[5]
C. Flavián, S. Ibáñez-Sánchez, and C. Orús. 2019. The impact of virtual, augmented and mixed reality technologies on the customer experience. Journal of Business Research 100, 4 (2019), 547–560.
[6]
Y. Fu, Y. Hu, and V. Sundstedt. 2022. A systematic literature review of virtual, augmented, and mixed reality game applications in healthcare. ACM Trans. on Computing for HealthcareVolume 3, 2 (2022), 22:1–22:27.
[7]
M. Funk, K. Marky, I. Mizutani, M. Kritzler, S. Mayer, and F. Michahelles. 2019. LookUnlock: Using spatial-targets for user-authentication on HMDs. In Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems.
[8]
E. Husa and R. Tourani. 2021. Vibe: An implicit two-factor authentication using vibration signals. In Proc. of the 9th CNS. 236–244.
[9]
International Data Corporation (IDC). 2022. Worldwide Augmented and Virtual Reality Spending Guide. https://www.idc.com/getfile.dyn?containerId=IDC_P34919&attachmentId=47456852. (2022).
[10]
N. Karnik, U. Bora, K. Bhadri, P. Kadambi, and P. Dhatrak. 2022. A comprehensive study on current and future trends towards the characteristics and enablers of industry 4.0. Journal of Industrial Information Integration 27 (2022), 100294.
[11]
A. Kumar, L. Lee, J. Chauhan, X. Su, M. Hoque, S. Pirttikangas, S. Tarkoma, and P. Hui. 2022. PassWalk: Spatial authentication leveraging lateral shift and gaze on mobile headsets. In Proc. of the 30th ACM Multimedia. 952–960.
[12]
G. Laput, R. Xiao, and C. Harrison. 2016. ViBand: High-fidelity bio-acoustic sensing using commodity smartwatch accelerometers. In Proc. of the 29th UIST. 321–333.
[13]
S. Lee, W. Choi, and D. Lee. 2021. Usable user authentication on a smartwatch using vibration. In Proc. of the 27th ACM CCS. 304–319.
[14]
C. Li, P. Zheng, S. Li, Y. Pang, and C. Lee. 2022. AR-assisted digital twin-enabled robot collaborative manufacturing system with human-in-the-loop. Robotics and Computer-Integrated Manufacturing 76 (2022), 102321.
[15]
J. Li, K. Fawaz, and Y. Kim. 2019. Velody: Nonlinear vibration challenge-response for resilient user authentication. In Proc. of the 25th ACM CCS. 1201–1213.
[16]
S. Li, A. Ashok, Y. Zhang, C. Xu, J. Lindqvist, and M. Gruteser. 2016. Whose move is it anyway? Authenticating smart wearable devices using unique head movement patterns. In Proc. of the 14th IEEE PerCom. 1–9.
[17]
J. Liebers, P. Horn, C. Burschik, U. Gruenefeld, and S. Schneegass. 2021. Using gaze behavior and head orientation for implicit identification in virtual reality. In Proc. of the 27th VRST. 22:1–22:9.
[18]
J. Liu, Y. Chen, M. Gruteser, and Y. Wang. 2017. VibSense: Sensing touches on ubiquitous surfaces through vibration. In Proc. of the 14th IEEE SECON. 1–9.
[19]
J. Liu, C. Wang, Y. Chen, and N. Saxena. 2017. VibWrite: Towards finger-input authentication on ubiquitous surfaces via physical vibration. In Proc. of the 24th ACM CCS. 73–87.
[20]
F. Mathis, J. Williamson, K. Vaniea, and M. Khamis. 2020. RubikAuth: Fast and secure authentication in virtual reality. In Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing Systems. 1–9.
[21]
K. Murty and B. Yegnanarayana. 2006. Combining evidence from residual phase and MFCC features for speaker recognition. IEEE Signal Processing Letters 13, 1 (2006), 52–55.
[22]
T. Mustafa, R. Matovu, A. Serwadda, and N. Muirhead. 2018. Unsure how to authenticate on your VR headset?: Come on, use your head!. In Proc. of the 4th ACM IWSPA. 23–30.
[23]
F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. VanderPlas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, and E. Duchesnay. 2011. Scikit-learn: Machine learning in Python. Journal of Machine Learning Research 12 (2011), 2825–2830.
[24]
K. Pfeuffer, M. Geiger, S. Prange, L. Mecke, D. Buschek, and F. Alt. 2019. Behavioural biometrics in VR: Identifying people from body motion and relations in virtual reality. In Proc. of ACM CHI. 1–12.
[25]
PlayStation.Blog. 2022. PlayStation VR2 and PlayStation VR2 Sense controller: The next generation of VR gaming on PS5. https://blog.playstation.com/2022/01/04/playstation-vr2-and-playstation-vr2-sense-controller-the-next-generation-of-vr-gaming-on-ps5/. (2022).
[26]
N. Roy and R. Choudhury. 2016. Ripple II: Faster communication through physical vibration. In Proc. of the 13th USENIX NSDI. 671–684.
[27]
N. Roy, M. Gowda, and R. Choudhury. 2015. Ripple: Communicating through physical vibration. In Proc. of the 12th USENIX NSDI. 265–278.
[28]
Y. Shen, H. Wen, C. Luo, W. Xu, T. Zhang, W. Hu, and D. Rus. 2019. GaitLock: Protect virtual and augmented reality headsets using gait. IEEE Trans. on Dependable and Secure Computing 16, 3 (2019), 484–497.
[29]
I. Sluganovic, M. Roeschlin, K. Rasmussen, and I. Martinovic. 2016. Using reflexive eye movements for fast challenge-response authentication. In Proc. of the 23rd ACM CCS. 1056–1067.
[30]
T. Tanprasert and D. Yoon. 2022. AR music visualizers: Application space and design guidelines. In Extended Abstracts of the 2022 CHI Conference on Human Factors in Computing Systems. 298:1–298:6.
[31]
G. Wang, A. Badal, X. Jia, J. Maltz, K. Mueller, K. Myers, C. Niu, M. Vannier, P. Yan, Z. Yu, and R. Zeng. 2022. Development of metaverse for intelligent healthcare. Nature Machine Intelligence 4, 11 (2022), 922–929.
[32]
X. Wang and Y. Zhang. 2021. Nod to auth: Fluent AR/VR authentication with user head-neck modeling. In Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems. 452:1–452:7.
[33]
H. Wen, J. Rojas, and A. Dey. 2016. Serendipity: Finger gesture recognition using an off-the-shelf smartwatch. In Proc. of ACM CHI. 3847–3851.
[34]
X. Xu, J. Yu, Y. Chen, Q. Hua, Y. Zhu, Y. Chen, and M. Li. 2020. TouchPass: Towards behavior-irrelevant on-touch user authentication on smartphones leveraging vibrations. In Proc. of the 26th ACM MobiCom. 24:1–24:13.
[35]
Z. Yu, H. Liang, C. Fleming, and K. Man. 2019. An exploration of usable authentication mechanisms for virtual reality systems. In Proc. of IEEE APCCAS. 458–460.
[36]
H. Zhu, W. Jin, M. Xiao, S. Murali, and M. Li. 2020. BlinKey: A two-factor user authentication method for virtual reality devices. Proc. of the ACM IMWUT 4, 4 (2020), 164:1–164:29.
[37]
A. Álvarez Marín and J. Velázquez-Iturbide. 2021. Augmented reality and engineering education: A systematic review. IEEE Trans. on Learning Technologies, 14, 6 (2021), 817–831.
Index Terms
- VibHead: An Authentication Scheme for Smart Headsets through Vibration
Recommendations
A hash-based strong-password authentication scheme without using smart cards
So far, many strong-password authentication schemes have been proposed, however, none is secure enough. In 2003, Lin, Shen, and Hwang proposed a strong-password authentication scheme using smart cards, and claimed that their scheme can resist the ...
Remarks on fingerprint-based remote user authentication scheme using smart cards
In 2002, Lee, Ryu, and Yoo proposed a fingerprint-based remote user authentication scheme using smart cards. The scheme makes it possible for authenticating the legitimacy of each login user without any password table. In addition, the authors claimed ...
Cryptanalysis and improvement of a biometric and smart card based remote user authentication scheme
IMCOM '17: Proceedings of the 11th International Conference on Ubiquitous Information Management and CommunicationIn recent years, with the increasing amount of internet-connected devices, people tend to access the internet more frequently. User authentication protocol has become one of the most widely used techniques to construct communication between valid users ...
Comments
Information & Contributors
Information
Published In
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Journal Family
Publication History
Published: 11 May 2024
Online AM: 17 August 2023
Accepted: 25 July 2023
Revised: 29 June 2023
Received: 30 January 2023
Published in TOSN Volume 20, Issue 4
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- NSFC
- Shandong Provincial Natural Science Foundation
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 290Total Downloads
- Downloads (Last 12 months)290
- Downloads (Last 6 weeks)48
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in