Shiqing Luo (Georgia State University), Anh Nguyen (Georgia State University), Chen Song (San Diego State University), Feng Lin (Zhejiang University), Wenyao Xu (SUNY Buffalo), Zhisheng Yan (Georgia State University)

The increasing popularity of virtual reality (VR) in a wide spectrum of applications has generated sensitive personal data such as medical records and credit card information. While protecting such data from unauthorized access is critical, directly applying traditional authentication methods (e.g., PIN) through new VR input modalities such as remote controllers and head navigation would cause security issues. The authentication action can be purposefully observed by attackers to infer the authentication input. Unlike any other mobile devices, VR presents immersive experience via a head-mounted display (HMD) that fully covers users' eye area without public exposure. Leveraging this feature, we explore human visual system (HVS) as a novel biometric authentication tailored for VR platforms. While previous works used eye globe movement (gaze) to authenticate smartphones or PCs, they suffer from a high error rate and low stability since eye gaze is highly dependent on cognitive states. In this paper, we explore the HVS as a whole to consider not just the eye globe movement but also the eyelid, extraocular muscles, cells, and surrounding nerves in the HVS. Exploring HVS biostructure and unique HVS features triggered by immersive VR content can enhance authentication stability. To this end, we present OcuLock, an HVS-based system for reliable and unobservable VR HMD authentication. OcuLock is empowered by an electrooculography (EOG) based HVS sensing framework and a record-comparison driven authentication scheme. Experiments through 70 subjects show that OcuLock is resistant against common types of attacks such as impersonation attack and statistical attack with Equal Error Rates as low as 3.55% and 4.97% respectively. More importantly, OcuLock maintains a stable performance over a 2-month period and is preferred by users when compared to other potential approaches.

View More Papers

Encrypted DNS –> Privacy? A Traffic Analysis Perspective

Sandra Siby (EPFL), Marc Juarez (University of Southern California), Claudia Diaz (imec-COSIC KU Leuven), Narseo Vallina-Rodriguez (IMDEA Networks Institute), Carmela Troncoso (EPFL)

Read More

Measuring the Deployment of Network Censorship Filters at Global...

Ram Sundara Raman (University of Michigan), Adrian Stoll (University of Michigan), Jakub Dalek (Citizen Lab, University of Toronto), Reethika Ramesh (University of Michigan), Will Scott (Independent), Roya Ensafi (University of Michigan)

Read More

Designing a Better Browser for Tor with BLAST

Tao Wang (Hong Kong University of Science and Technology)

Read More

SurfingAttack: Interactive Hidden Attack on Voice Assistants Using Ultrasonic...

Qiben Yan (Michigan State University), Kehai Liu (Chinese Academy of Sciences), Qin Zhou (University of Nebraska-Lincoln), Hanqing Guo (Michigan State University), Ning Zhang (Washington University in St. Louis)

Read More