Use this URL to cite or link to this record in EThOS: https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.791630
Title: Security of mixed reality systems : authenticating users, devices, and data
Author: Sluganovic, Ivo
ISNI:       0000 0004 8502 8853
Awarding Body: University of Oxford
Current Institution: University of Oxford
Date of Award: 2018
Availability of Full Text:
Access from EThOS:
Full text unavailable from EThOS. Please try the link below.
Access from Institution:
Abstract:
Mixed reality devices continuously scan their environment in order to naturally blend the virtual objects with the user's real-time view of their physical environment. Given the potential of these technologies to profoundly change how individuals interact with their environments, many of the largest technology companies are releasing their mixed reality systems and devoting significant resources towards achieving technological leadership in this field. However, due to the recency of the first commercially available mixed reality devices and their specific interaction channels, existing research has yet to provide practical proposals to achieve many of the core security objectives. Furthermore, given that these devices continuously analyze their environment using multiple front-facing cameras, when designing secure system it becomes necessary to reassess the commonly assumed threat models. In this thesis, we aim to bridge this gap by focusing on secure authentication on mixed reality headsets. Taking into account the stronger assumed adversary models and the interface capabilities of existing mixed reality devices, we propose methods for user and device authentication, as well as show how these devices can be used to secure one's interactions with legacy systems. Considering that mixed reality headsets are starting to support gaze tracking, in this thesis we propose, build a prototype and experimentally evaluate the use of reflexive eye movements as a biometric modality that is well suited as an authentication method on MR headsets. As an added benefit, the reflexiveness and predictability of one's eye movement responses makes it possible to incorporate the biometric measurements into challenge-response protocols. This allows the system to prevent replay attacks, one of the most common attack vectors on biometrics. Furthermore, given the many multi-user applications of mixed reality technologies that rely on direct communication between users' devices, in this thesis we research secure and usable methods to mixed reality headsets. We propose a practical pairing protocol, implement a system prototype using two commercially available mixed reality headsets and evaluate its security and usability. Finally, we show that front-facing cameras of mixed reality headsets can also serve as the means of securing legacy electronic systems. We therefore build and evaluate a prototype of a system that uses a trusted device with video capture and analysis capabilities to authenticate the data that the user inputs when using a potentially compromised local client to communicate with a remote server.
Supervisor: Martinovic, Ivan Sponsor: Engineering and Physical Sciences Research Council
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.791630  DOI: Not available
Keywords: Computer security
Share: