No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Awareness of cybersecurity vulnerabilities in virtual reality: an analytical study
Abstract
Users of virtual reality (VR) systems assume that these systems are safe, which leads to significant risk. Despite this, there is little research examining the security of these VR systems. This study is distinguished by the fact that it expanded the scope of the impact of cyberspace vulnerabilities on VR systems and was not limited to one or two elements as in other studies. It also prepared an analytical study of students’ awareness of these vulnerabilities. To explore this issue, a systematic literature review (SLR) was conducted and many recent studies (from 2020 to 2024) were selected and reviewed. The findings of the qualitative study showed that VR has a profound impact on security and presents both potential vulnerabilities and innovative solutions. These impacts are largely due to a lack of user awareness of cybersecurity threats in VR environments. Numerous studies illustrate the potential of VR to enhance security through multi-modal authentication methods, training simulators, and the use of biometrics. However, the expanding VR ecosystem, the metaverse, introduces new security and privacy risks. These can be mitigated through various strategies, including the integration of VR with blockchain technology. Other studies highlight that VR and augmented reality (AR) technologies can pose safety, security, and privacy threats, necessitating a balanced approach to system control and application flexibility. The study recommends prioritizing the development of user-friendly, robust security protocols in VR environments, enabling users to use the VR system in easy and safe by their digital presence, such as physical protective devices and keys, encryption features, and Install automatic terminal identification, dial-back. This study is significant because is intended for both designers and users, for security professionals, developers, users, and policymakers, as it provides insights into the advantages and disadvantages of using VR in security and suggests measures to optimize the benefits while mitigating potential risks.
ResearchGate has not been able to resolve any citations for this publication.
Virtual reality (VR) is a multibillionaire market that keeps growing, year after year. As VR is becoming prevalent in households and small businesses, it is critical to address the effects that this technology might have on the privacy and security of its users. In this paper, we explore the state-of-the-art in VR privacy and security, we categorise potential issues and threats, and we analyse causes and effects of the identified threats. Besides, we focus on the research previously conducted in the field of authentication in VR, as it stands as the most investigated area in the topic. We also provide an overview of other interesting uses of VR in the field of cybersecurity, such as the use of VR to teach cybersecurity or evaluate the usability of security solutions.
Metaverse is a significant field that is currently receiving considerable attention from both industry and academia. The transformation of the metaverse from science fiction to reality is actively promoted by technology, industry, and capital. However, metaverse development is still in its early stages. The system architecture and theoretical technology of the metaverse are not yet mature. This paper provides a comprehensive analysis of the metaverse and summarizes its holographic, omnipotent, multidimensional, and multifaceted characteristics. Development of the metaverse is founded on the pertinent infrastructure. We elaborate on the primary components of the metaverse infrastructure and summarize the security risks inherent in the metaverse infrastructure in a systematic manner. On this basis, we propose to utilize the system security technology concept as a guide to build a metaverse security protection system from various perspectives at each level of computing,cloud, network, digital assets, and terminals in order to construct a secure foundation for addressing the metaverse security risks and challenges.
The metaverse is touted as an exciting new technology amalgamation facilitating next-level immersive experiences for users. However, initial experiences indicate that a host of privacy, security and control issues will need to be effectively resolved for its vision to be realized. This paper highlights the security issues that will need to be resolved in the metaverse and the underlying enabling technologies/platforms. It also discussed the broader challenges confronting the developers, the service providers and other stakeholders in the metaverse ecosystem which if left unaddressed may hamper its broad adoption and appeal. Finally, some ideas on building a viable Zero-Trust Architecture (ZTA) model for the metaverse are presented.
Metaverse describes a new shape of cyberspace and has become a hot-trending word since 2021. There are many explanations about what Meterverse is and attempts to provide a formal standard or definition of Metaverse. However, these definitions could hardly reach universal acceptance. Rather than providing a formal definition of the Metaverse, we list four must-have characteristics of the Metaverse: socialization, immersive interaction, real world-building, and expandability. These characteristics not only carve the Metaverse into a novel and fantastic digital world, but also make it suffer from all security/privacy risks, such as personal information leakage, eavesdropping, unauthorized access, phishing, data injection, broken authentication, insecure design, and more. This paper first introduces the four characteristics, then the current progress and typical applications of the Metaverse are surveyed and categorized into four economic sectors. Based on the four characteristics and the findings of the current progress, the security and privacy issues in the Metaverse are investigated. We then identify and discuss more potential critical security and privacy issues that can be caused by combining the four characteristics. Lastly, the paper also raises some other concerns regarding society and humanity.
Although Virtual Reality (VR) is certainly not a new technology, its recent adoption across several sectors beyond entertainment has led the information security research community to take note of the new cyber threats that come with it. The variety of system components presents an extensive attack surface that can be exploited. At the same time, VR’s emphasis on immersion, interaction and presence means that the user can be targeted directly, yet the use of head-mounted displays may prevent them from observing a cyber attack’s impact in their immediate physical environment. This paper presents the first taxonomic representation of VR security challenges. By systemically classifying existing VR cyber threats against existing defences in a single comparative matrix, we aim to help researchers from different backgrounds to identify key focus areas where further research would be most beneficial.
This study scrutinizes the existing literature regarding the use of augmented reality and gamification in education to establish its theoretical basis. A systematic literature review following the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) statement was conducted. To provide complete and valid information, all types of related studies for all educational stages and subjects throughout the years were investigated. In total, 670 articles from 5 databases (Scopus, Web of Science, Google Scholar, IEEE, and ERIC) were examined. Based on the results, using augmented reality and gamification in education can yield several benefits for students, assist educators, improve the educational process, and facilitate the transition toward technology-enhanced learning when used in a student-centered manner, following proper educational approaches and strategies and taking students’ knowledge, interests, unique characteristics, and personality traits into consideration. Students demonstrated positive behavioral, attitudinal, and psychological changes and increased engagement, motivation, active participation, knowledge acquisition, focus, curiosity, interest, enjoyment, academic performance, and learning outcomes. Teachers also assessed them positively. Virtual rewards were crucial for improving learning motivation. The need to develop appropriate validation tools, design techniques, and theories was apparent. Finally, their potential to create collaborative and personalized learning experiences and to promote and enhance students’ cognitive and social–emotional development was evident.
AR/VR devices create novel issues for user privacy due to the scope, scale, and sensitivity of the information they collect. To mitigate harms, policymakers should reform the current patchwork regulatory landscape for data privacy, which fails to address some risks while over-regulating in response to others.
Virtual Reality (VR) has been applied in training programs in the areas of security and defense, with simulators evolving from basic shooting systems into more immersive situations. In spite of all the efforts that have already been invested into research and development initiatives for such simulators, there are further challenges yet to be overcome. These include new devices of interaction and training modules that enable the recreation of security routines situations, as well as the creation of educational methods using simulation. The main contribution of this paper is mapping the state-of-the-art of VR simulators used on training of security agents and identifying which of them presents some kind of automated or semi-automated performance analysis, as well as research studies with simulators based on different techniques (immersive and non-immersive system). Upon completion of a systematic literature review, the authors detected certain gaps and challenges, such as the complete absence of information about educational methods used in simulation training and the lack of automatic users’ assessments. The assessment systems detected were mainly for gunshot, while a posture assessment system has not been detected. So, it is possible to conclude that the creation of automated evaluation systems with the use of VR simulators remains as a challenge yet to be tackled.
Purpose: The purpose of this study is to assess the coverage of the scientific literature in Scopus and Web of Science from the perspective of research evaluation. Design/methodology/approach: The academic communities of Norway have agreed on certain criteria for what should be included as original research publications in research evaluation and funding contexts. These criteria have been applied since 2004 in a comprehensive bibliographic database called the Norwegian Science Index (NSI). The relative coverages of Scopus and Web of Science are compared with regard to publication type, field of research and language.
Findings: Our results show that Scopus covers 72 percent of the total Norwegian scientific and scholarly publication output in 2015 and 2016, while the corresponding figure for Web of Science Core Collection is 69 percent. The coverages are most comprehensive in medicine and health (89 and 87 percent) and in the natural sciences and technology (85 and 84 percent). The social sciences (48 percent in Scopus and 40 percent in Web of Science Core Collection) and particularly the humanities (27 and 23 percent) are much less covered in the two international data sources.
Research limitation: Comparing with data from only one country is a limitation of the study, but the criteria used to define a country's scientific output as well as the identification of patterns of field-dependent partial representations in Scopus and Web of Science should be recognizable and useful also for other countries.
Originality/value: The novelty of this study is the criteria-based approach to studying coverage problems in the two data sources.
Social Virtual Reality based Learning Environments (VRLEs) such as vSocial render instructional content in a three-dimensional immersive computer experience for training youth with learning impediments. There are limited prior works that explored attack vulnerability in VR technology, and hence there is a need of a frameworks for quantifying risks corresponding to security, privacy, and safety (SPS) factors. The SPS threats can adversely impact the educational user experience and hinder delivery of VRLE content. In this paper, we propose a novel risk assessment framework that utilizes attack trees to calculate a risk score for varied VRLE threats with rate and duration of threats as inputs. We compare the impact of a well-constructed attack tree with an adhoc attack tree to study the trade-offs between overheads in managing attack trees and the cost of risk mitigation when vulnerabilities are identified. We use a vSocial VRLE testbed in a case study to showcase the effectiveness of our framework and demonstrate how a suitable attack tree formalism can result in a more safer, privacy-preserving and secure VRLE system.
Cybersecurity is critical to the national infrastructure, federal and local government, military, industry, and personal privacy. To defend the U.S. against the cyber threats, a significant demand for skilled cybersecurity workforce is predicted in government and industrial sectors. To address this issue, National Security Agency and the National Science Foundation jointly funded GenCyber program to stimulate the K-12 students' interest in the cybersecurity field and raise their awareness of cybersecurity and safe online behavior. Purdue University Northwest has successfully launched four GenCyber summer camps in 2016 and 2017 to 181 high school students, with 51.3% underrepresented minority ratio (Africa American and Hispanics), and about 2:1 male to female ratio. We delivered GenCyber summer camp activities in the format of game based learning and hands-on labs. The use of game-based learning in the camp was an excellent platform to teach concepts of cyber security principles. For example, in Cyber Defense Tower Game, students need to protect their servers from the different types of cyber-attack. They need to select the correct type of defense to stop each wave of cyber-attack. As the students advanced through the game, combinations of the different attacks would come faster, making it more difficult for the students to defend their servers. This game was well received by the students, support staffs, instructors, and site visit team. Learning through these activities provided high school students with an immersive, learner-centered experience, which has been proven very effective on cybersecurity awareness training and practical skill acquisition for learners from diverse backgrounds. Further analysis of survey data revealed that the gamification of cybersecurity education to raise students' interests in computer science and cybersecurity was more effective in male high school students than in female students.
Mixed reality (MR) technology is now gaining ground due to advances in computer vision, sensor fusion, and realistic display technologies. With most of the research and development focused on delivering the promise of MR, there is only barely a few working on the privacy and security implications of this technology. This survey paper aims to put in to light these risks, and to look into the latest security and privacy work on MR. Specifically, we list and review the different protection approaches that have been proposed to ensure user and data security and privacy in MR. We extend the scope to include work on related technologies such as augmented reality (AR), virtual reality (VR), and human-computer interaction (HCI) as crucial components, if not the origins, of MR, as well as a number of work from the larger area of mobile devices, wearables, and Internet-of-Things (IoT). We highlight the lack of investigation, implementation, and evaluation of data protection approaches in MR. Further challenges and directions on MR security and privacy are also discussed.
The virtualization and the digital environments are common learning platforms in several different domains, such as in flying airplanes or controlling nuclear power plants. However, virtual reality is no longer expensive special hardware; the basic installations for virtual and augmented reality can be done within household budgets and with common customer products. In this paper, we study the aspect of usability issues in a scenario, where a new virtual learning environment is built to teach correct prevention mechanics and strategies against common physical and cybersecurity threats in healthcare, namely in a hospital. Our proof-of-concept studies indicate that the concept is functional and that on hardware level components exist. The problems are in the usability and user immersion aspects, which are discussed in this paper and further studied in the proposed research setting.
This book comprehensively covers topics in knowledge management and competence in strategy development, management techniques, collaboration mechanisms, knowledge sharing and learning, as well as knowledge capture and storage. Presented in accessible “chunks,” it includes more than 120 topics that are essential to high-performance organizations. The extensive use of quotes by respected experts juxtaposed with relevant research to counterpoint or lend weight to key concepts; “cheat sheets” that simplify access and reference to individual articles; as well as the grouping of many of the topics under recurrent themes make this book unique. In addition, this book provides scalable tried-and-tested tools, methods, and approaches for improved organizational effectiveness. The research included is particularly useful to knowledge workers engaged in executive leadership; research, analysis, and advice; and corporate management and administration. This book is a valuable resource for those working in the public, private, and third sectors, both in industrialized and developing countries. This book is open access under a CC BY-NC 3.0 IGO license.
The rapid evolution of information, communication and entertainment technologies will transform the lives of citizens and ultimately transform society. This paper focuses on ethical issues associated with the likely convergence of virtual realities (VR) and social networks (SNs), hereafter VRSNs. We examine a scenario in which a significant segment of the world's population has a presence in a VRSN. Given the pace of technological development and the popularity of these new forms of social interaction, this scenario is plausible. However, it brings with it ethical problems. Two central ethical issues are addressed: those of privacy and those of autonomy. VRSNs pose threats to both privacy and autonomy. The threats to privacy can be broadly categorized as threats to informational privacy, threats to physical privacy, and threats to associational privacy. Each of these threats is further subdivided. The threats to autonomy can be broadly categorized as threats to freedom, to knowledge and to authenticity. Again, these three threats are divided into subcategories. Having categorized the main threats posed by VRSNs, a number of recommendations are provided so that policy-makers, developers, and users can make the best possible use of VRSNs.
The Preferred Reporting Items for Systematic reviews and Meta-Analyses (PRISMA) statement, published in 2009, was designed to help systematic reviewers transparently report why the review was done, what the authors did, and what they found. Over the past decade, advances in systematic review methodology and terminology have necessitated an update to the guideline. The PRISMA 2020 statement replaces the 2009 statement and includes new reporting guidance that reflects advances in methods to identify, select, appraise, and synthesise studies. The structure and presentation of the items have been modified to facilitate implementation. In this article, we present the PRISMA 2020 27-item checklist, an expanded checklist that details reporting recommendations for each item, the PRISMA 2020 abstract checklist, and the revised flow diagrams for original and updated reviews.
This is one of the first accounts for the security analysis of consumer immersive Virtual Reality (VR) systems. This work breaks new ground, coins new terms, and constructs proof of concept implementations of attacks related to immersive VR. Our work used the two most widely adopted immersive VR systems, the HTC Vive, and the Oculus Rift. More specifically, we were able to create attacks that can potentially disorient users, turn their Head Mounted Display (HMD) camera on without their knowledge, overlay images in their field of vision, and modify VR environmental factors that force them into hitting physical objects and walls. Finally, we illustrate through a human participant deception study the success of being able to exploit VR systems to control immersed users and move them to a location in physical space without their knowledge. We term this the Human Joystick Attack. We conclude our work with future research directions and ways to enhance the security of these systems.
Technology companies are facing scrutiny over privacy concerns as the public and lawmakers realize that the free services they enjoyed for years come at a cost—access to personal data. Now, many of these same companies are selling virtual reality (VR) devices to consumers. As of 2018, there have been millions of systems sold in the United States.
Root cause analysis (RCA) is an analysis framework used in health care to determine the systemic causes and prevent recurrences of adverse events. It is required by The Joint Commission for reported events and by the Department of Veterans Affairs (VA) National Center for Patient Safety for qualifying events in VA medical centers. The evidence on RCA effectiveness in improving patient safety was reviewed.
MEDLINE, Academic Search Premier, and the Cochrane Database were searched from database inception to September 2007. RCA case studies and articles that directly addressed the RCA framework were reviewed.
Discussion of RCA did not emerge in the literature until the late 1990s, and there have been no controlled trials that test the RCA framework. Twenty-three articles describe the RCA process, 38 articles present RCA case studies, and 12 articles analyze weaknesses of the RCA framework. Eleven of the case studies measure RCA effectiveness, 3 using clinical outcome measures and 8 using process measures. All 11 articles report improvement of safety following RCA. RCA participants report the difficulty in forming causal statements and in developing/implementing corrective actions. Criticisms of RCA include the uncontrolled study design and participant biases.
Overall, the limited literature on RCA effectiveness provides anecdotal evidence that RCA improves safety. At the same time, it highlights the numerous theoretical problems with the analytical framework. Formal studies at the system level and cost-benefit analysis are needed to determine the effectiveness of RCA. Structured publication of case studies will support shared knowledge and will provide benchmarks for improvement. Enrichment of the RCA literature body will enable reproducibility of improvement work, optimization of analysis, and validation of the framework itself.
A systematic literature review on cybersecurity threats of virtual reality (vr) and au gmented reality (ar)
- A Alismail
- E Altulaihan
- M H Rahman
Alismail, A., E. Altulaihan, M.H. Rahman, et al. 2022. A systematic literature review on cybersecurity threats of virtual reality (vr) and au
gmented reality (ar). Data Intelligence and Cognitive Informatics: Proceedings of ICDICI 2022: 761-774.
Virtual reality: The real life consequences
- R Bagheri
Bagheri, R. 2016. Virtual reality: The real life consequences. UC Davis Bus LJ 17: 101-101.
Software evaluation: criteria-based assessment
- M Jacksonm
- S Crouch
- R Baxter
Jacksonm, M., S. Crouch, and R. Baxter. 2011. Software evaluation: criteria-based assessment. Software Sustainability Institute, 1
Security of virtual reality authentication methods in metaverse: An overview
- P Kürtünlüoğlu
- B Akdik
- E Karaarslan
Kürtünlüoğlu, P., B. Akdik, and E. Karaarslan. 2022. Security of virtual reality authentication methods in metaverse: An overview. arXiv
preprint: arXiv:220906447
Security and privacy in virtual reality: A literature review
- S Kulal
- Z Li
- X Tian
Kulal, S., Z. Li, and X. Tian. 2022. Security and privacy in virtual reality: A literature review. Issues in Information Systems 23 (2): 185-1
Users' privacy concerns in IoT based applications
- I Psychoula
- D Singh
- L Chen
Psychoula, I., Singh, D., and L. Chen, et al. 2018. Users' privacy concerns in IoT based applications. In 2018 IEEE SmartWorld, Ubiquito
us Intelligence Computing, Advanced Trusted Computing, Scalable Computing Communications, Cloud Big Data Computing, Internet of
People and Smart City Innovation (SmartWorld/S-CALCOM/UIC/ATC/CBDCom/IOP/SCI). IEEE, pp 1887-1894
A secure learning environment framework of virtual reality application for TVET education us ing blockchain technology
- A Rosli
- S Shahrin
- H Awang
Rosli, A., S. Shahrin, and H. Awang. 2023. A secure learning environment framework of virtual reality application for TVET education us
ing blockchain technology. Multidisciplinary Applied Research and Innovation 4 (1): 10-13.
Security considerations for virtual reality systems
- K Viswanathan
- A Yazdinejad
Viswanathan, K., and A. Yazdinejad. 2022. Security considerations for virtual reality systems. arXiv preprint: arXiv:220102563, pp 2022-2022
Blinkey: A two-factor user authentication method for virtual reality devices
- H Zhu
- W Jin
- M Xiao
Zhu, H., W. Jin, M. Xiao, et al. 2020. Blinkey: A two-factor user authentication method for virtual reality devices. Proceedings of the AC
M on Interactive, Mobile, Wearable and Ubiquitous Technologies 4: 1-29.
The design of virtual reality based data visualization and user interface design in a semi-automated cyber-security res earch application
- S Tipparach
Tipparach, S. 2019. The design of virtual reality based data visualization and user interface design in a semi-automated cyber-security res
earch application