Nothing Special   »   [go: up one dir, main page]

skip to main content
10.1145/3589608.3593839acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
research-article
Open access

SpaceMediator: Leveraging Authorization Policies to Prevent Spatial and Privacy Attacks in Mobile Augmented Reality

Published: 24 May 2023 Publication History

Abstract

Mobile Augmented Reality (MAR) is a portable, powerful, and suitable technology that integrates digital content, e.g., 3D virtual objects, into the physical world, which not only has been implemented for multiple intents such as shopping, entertainment, gaming, etc., but it is also expected to grow at a tremendous rate in the upcoming years. Unfortunately, the applications that implement MAR, hereby referred to as MAR-Apps, bear security issues, which have been imaged in worldwide incidents such as robberies, which has led authorities to ban MAR-Apps at specific locations. Existing problems with MAR-Apps can be classified into three categories: first, Space Invasion, which implies the intrusive modification through MAR of sensitive spaces, e.g., hospitals, memorials, etc. Second, Space Affectation, which involves the degradation of users' experience via interaction with undesirable MAR or malicious entities. Finally, MAR-Apps mishandling sensitive data leads to Privacy Leaks.
To alleviate these concerns, we present an approach for Policy-Governed MAR-Apps, which allows end-users to fully control under what circumstances, e.g., their presence inside a given sensitive space, digital content may be displayed by MAR-Apps. Through SpaceMediator, a proof-of-concept MAR-App that imitates the well-known and successful MAR-App Pokemon GO, we evaluated our approach through a user study with 40 participants, who recognized and prevented the issues just described with success rates as high as 92.50%. Furthermore, there is an enriched interest in Policy-Governed MAR-Apps as 87.50% of participants agreed with it, and 82.50% would use it to implement content-based restrictions in MAR-Apps These promising results encourage the adoption of our solution in future MAR-Apps.

Supplemental Material

MP4 File
Mobile Augmented Reality (MAR) is now an emerging trend, as it is expected to grow exponentially in the next few years. In this presentation/paper, we discuss three different security concerns: space invasion, space affectation, and privacy leaks, which can significantly degrade the MAR experience. We provide our approach based on Policy-Governed MAR applications, which is based on the idea of allowing for end-users to define their own authorization policies restricting the distribution of MAR content, e.g., digital objects, on certain security-sensitive physical spaces. Later, we introduce SpaceMediator, our proof-of-concept implementation that mimics Pokemon GO, the MAR application famous everywhere, and discuss the encouraging results of our evaluation process conducted through a user study.

References

[1]
Allana Akhtar. 2016. Holocaust Museum, Auschwitz want Pokémon Go hunts out. https://www.usatoday.com/story/tech/news/2016/07/12/holocaust-museum-auschwitz-want-pokmon-go-hunts-stop-pokmon/86991810/.
[2]
Apple. 2023. ARkit. https://developer.apple.com/augmented-reality/arkit/.
[3]
BBC. 2016a. Hundreds of Pokemon Go incidents logged by police. https://www.bbc.com/news/uk-england-37183161.
[4]
BBC. 2016b. Pokemon Go away: Troublesome Sydney Pokestop shut down. https://www.bbc.com/news/technology-36948331.
[5]
Aaron Beach, Mike Gartrell, and Richard Han. 2009. Solutions to Security and Privacy Issues in Mobile Social Networking. 2009 Int. Conf. on Computational Science and Engineering, Vol. 4, 1036--1042.
[6]
Mark Billinghurst, Adrian Clark, and Gun Lee. 2015. A Survey of Augmented Reality. Foundations and Trends in Human--Computer Interaction, Vol. 8, 2--3 (2015), 73--272. https://doi.org/10.1561/1100000049
[7]
Chung, David Ferraiolo, David Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, and Karen Scarfone. 2019. Guide to Attribute Based Access Control (ABAC) Definition and Considerations. https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=927500.
[8]
Forbes. 2023. I've Seen The Future Of AR Glasses At CES 2023 - And It's Amazing. https://www.forbes.com/sites/barrycollins/2023/01/05/ive-seen-the-future-of-ar-glasses-at-ces-2023and-its-amazing/. Last accessed: February 23, 2023.
[9]
Google. 2023. ARCore. https://developers.google.com/ar.
[10]
Todd Haselton. 2021. Google Maps has a wild new feature that will guide you through indoor spaces like airports. https://www.cnbc.com/2021/03/30/google-maps-launches-augmented-reality-directions-for-indoor-spaces.html.
[11]
Kiron Lebeck, Kimberly Ruth, Tadayoshi Kohno, and Franziska Roesner. 2017. Securing Augmented Reality Output. 2017 IEEE Symposium on Security and Privacy (SP), 320--337.
[12]
Kiron Lebeck, Kimberly Ruth, Tadayoshi Kohno, and Franziska Roesner. 2018. Towards Security and Privacy for Multi-user Augmented Reality: Foundations with End Users. 2018 IEEE Symposium on Security and Privacy (SP), 392--408.
[13]
Robyn R. Lutz. 2018. Safe-AR: Reducing Risk While Augmenting Reality., s70--75 pages. https://doi.org/10.1109/ISSRE.2018.00018
[14]
Chen Lyu, Amit Pande, Xinlei Wang, Jindan Zhu, Dawu Gu, and Prasant Mohapatra. 2015. CLIP: Continuous Location Integrity and Provenance for Mobile Phones. 2015 IEEE 12th Int. Conf. on Mobile Ad Hoc and Sensor Systems, 172--180.
[15]
Gabriel Meyer-Lee, Jiacheng Shang, and Jie Wu. 2018. Location-leaking through Network Traffic in Mobile Augmented Reality Applications. 2018 IEEE 37th Int. Performance Computing and Communications Conf. (IPCCC), 1--8.
[16]
R.P. Minch. 2004. Privacy issues in location-aware mobile devices. 37th Annual Hawaii Int. Conf. on System Sciences, 2004. Proc. of the, 10 pp.--.
[17]
José Miguel Mota, Iván Ruiz-Rube, Juan Manuel Dodero, and Inmaculada Arnedillo-Sánchez. 2018. Augmented reality mobile app development for all. Computers & Electrical Engineering, Vol. 65 (2018), 250--260.
[18]
CBS News. 2016. Terrible things happening to Pokemon Go players. https://www.cbsnews.com/pictures/terrible-things-happening-to-pokemon-go-players/2/.
[19]
Lucky Onwuzurike and Emiliano De Cristofaro. 2015. Danger is My Middle Name: Experimenting with SSL Vulnerabilities in Android Apps., s6 pages.
[20]
PTC. 2023. Vuforia. https://www.ptc.com/en/products/vuforia.
[21]
Allied Market Research. 2021. Global Mobile Augmented Reality Market to garner $184.61 billion by 2030: Allied Market Research. https://www.globenewswire.com/news-release/2021/09/15/2297215/0/en/Global-Mobile-Augmented-Reality-Market-to-Garner-184--61-Billion-by-2030-Allied-Market-Research.html.
[22]
Carlos E. Rubio-Medrano, Shaishavkumar Jogani, Maria Leitner, Ziming Zhao, and Gail-Joon Ahn. 2019. Effectively Enforcing Authorization Constraints for Emerging Space-Sensitive Technologies. Proc. of the 24th ACM Symp. on Access Control Models and Technologies, 195--206.
[23]
Jiacheng Shang, Si Chen, Jie Wu, and Shu Yin. 2022. ARSpy: Breaking Location-Based Multi-Player Augmented Reality Application for User Location Tracking. IEEE Transactions on Mobile Computing, Vol. 21, 2 (2022), 433--447.
[24]
Yushan Siriwardhana, Pawani Porambage, Madhusanka Liyanage, and Mika Ylianttila. 2021. A Survey on Mobile Augmented Reality With 5G Mobile Edge Computing: Architectures, Applications, and Technical Aspects. IEEE Communications Surveys Tutorials, Vol. 23, 2 (2021), 1160--1192.
[25]
Pasquale Stirparo, Igor Nai Fovino, Marco Taddeo, and Ioannis Kounelis. 2013. In-memory credentials robbery on android phones., 88--93 pages. https://doi.org/10.1109/WorldCIS.2013.6751023
[26]
Ailie K.Y. Tang. 2017. Key factors in the triumph of Pokémon GO. https://www.sciencedirect.com/science/article/pii/S0007681317300940. Business Horizons, Vol. 60, 5 (2017), 725--728.
[27]
Time. 2016. Pokémon Go Players Anger 9/11 Memorial Visitors: 'It's a Hallowed Place'. https://time.com/4403516/pokemon-go-911-memorial-holocaust-museum/.
[28]
Fatih Turkmen, Jerry den Hartog, Silvio Ranise, and Nicola Zannone. 2017. Formal analysis of XACML policies using SMT. Computers & Security, Vol. 66 (2017), 185--203.
[29]
Yahoo! 2022. CEOS of snap, XTMIF, OGGFF and MQ leading disruptive innovation and revenue growth in fintech, augmented reality and plant-based foods. https://finance.yahoo.com/news/ceos-snap-xtmif-oggff-mq-130400034.html.
[30]
Xueling Zhang, Rocky Slavin, Xiaoyin Wang, and Jianwei Niu. 2019. Privacy Assurance for Android Augmented Reality Apps. 2019 IEEE 24th Pacific Rim Int. Symposium on Dependable Computing (PRDC), 114--1141.

Cited By

View all
  • (2024)SecureCheck: User-Centric and Geolocation-Aware Access Mediation Contracts for Sharing Private DataProceedings of the 29th ACM Symposium on Access Control Models and Technologies10.1145/3649158.3657050(53-58)Online publication date: 24-Jun-2024

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences
SACMAT '23: Proceedings of the 28th ACM Symposium on Access Control Models and Technologies
May 2023
218 pages
ISBN:9798400701733
DOI:10.1145/3589608
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 May 2023

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. attributes
  2. authorization policies
  3. mobile augmented reality

Qualifiers

  • Research-article

Data Availability

Mobile Augmented Reality (MAR) is now an emerging trend, as it is expected to grow exponentially in the next few years. In this presentation/paper, we discuss three different security concerns: space invasion, space affectation, and privacy leaks, which can significantly degrade the MAR experience. We provide our approach based on Policy-Governed MAR applications, which is based on the idea of allowing for end-users to define their own authorization policies restricting the distribution of MAR content, e.g., digital objects, on certain security-sensitive physical spaces. Later, we introduce SpaceMediator, our proof-of-concept implementation that mimics Pokemon GO, the MAR application famous everywhere, and discuss the encouraging results of our evaluation process conducted through a user study. https://dl.acm.org/doi/10.1145/3589608.3593839#SACMAT23-fp2345.mp4

Funding Sources

Conference

SACMAT '23
Sponsor:

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)184
  • Downloads (Last 6 weeks)20
Reflects downloads up to 14 Nov 2024

Other Metrics

Citations

Cited By

View all
  • (2024)SecureCheck: User-Centric and Geolocation-Aware Access Mediation Contracts for Sharing Private DataProceedings of the 29th ACM Symposium on Access Control Models and Technologies10.1145/3649158.3657050(53-58)Online publication date: 24-Jun-2024

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Get Access

Login options

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media