research-article

Open access

SoK: A Systematic Literature Review of Knowledge-Based Authentication on Augmented Reality Head-Mounted Displays

Authors:

Reyhan Düzgün,

Melanie VolkamerAuthors Info & Claims

ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security

Article No.: 36, Pages 1 - 12

https://doi.org/10.1145/3538969.3539011

Published: 23 August 2022 Publication History

All formats PDF

Abstract

The adoption of Augmented Reality (AR) technology has increased over the years. AR enhances various activities for consumers and businesses, particularly in industrial contexts. The three-dimensional virtual experience is realized by the usage of Head-Mounted Displays (HMD). These devices provide access to sensitive data and services. Thus, secure and usable authentication schemes are essential to control access to the HMD and the stored data as well as schemes to authenticate to the services one wants to use with the AR device. We conducted a systematic literature review on knowledge-based authentication schemes for AR HMD. 31 different schemes were identified. These schemes were assessed regarding various aspects including the type of AR HMD, the type of secret, how users input their secret, as well as usability and security aspects. We discuss gaps for future work.

References

[1]

Mozhgan Azimpourkivi, Umut Topkara, and Bogdan Carbunar. 2017. Camera based two factor authentication through mobile and wearable devices. Interactive, Mobile, Wearable and Ubiquitous Technologies 1, 3(2017), 1–37.

Digital Library

[2]

Ronald T Azuma. 1997. A survey of augmented reality. Presence: teleoperators & virtual environments 6, 4(1997), 355–385.

[3]

Ahmed Fraz Baig and Sigurd Eskeland. 2021. Security, Privacy, and Usability in Continuous Authentication: A Survey. Sensors 21, 17 (2021), 5967.

[4]

Daniel V Bailey, Markus Dürmuth, and Christof Paar. 2014. “Typing” passwords with voice recognition: How to authenticate to Google Glass. In Proc. of the Symposium on Usable Privacy and Security. Citeseer, Citeseer, CA, USA, 1–2.

[5]

Mohammadreza Hazhirpasand Barkadehi, Mehrbaksh Nilashi, Othman Ibrahim, Ali Zakeri Fardi, and Sarminah Samad. 2018. Authentication systems: A literature review and classification. Telematics and Informatics 35, 5 (2018), 1491–1511.

[6]

Joseph Bonneau, Cormac Herley, Paul C Van Oorschot, and Frank Stajano. 2012. The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In SOUPS. IEEE, CA, USA, 553–567.

[7]

Antonella De Angeli, Mike Coutts, Lynne Coventry, Graham I Johnson, David Cameron, and Martin H Fischer. 2002. VIP: a visual approach to user authentication. In Proceedings of the AVI. Elsevier, London, UK, 316–323.

Digital Library

[8]

Antonella De Angeli, Lynne Coventry, Graham Johnson, and Karen Renaud. 2005. Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. IJHCS 63, 1-2 (2005), 128–152.

Digital Library

[9]

Reyhan Duezguen, Peter Mayer, Sanchari Das, and Melanie Volkamer. 2020. Towards secure and usable authentication for augmented and virtual reality head-mounted displays. In WAY Workshop. WAY, Virtual, 1–6.

[10]

Pedro Ferreira, João Orvalho, and Fernando Boavida. 2007. Security and privacy in a middleware for large scale mobile and pervasive augmented reality. In 2007 15th SOFTCOM. IEEE, Croatia, 1–5.

[11]

Rainhard Dieter Findling, Tahmid Quddus, and Stephan Sigg. 2019. Hide my gaze with EOG! towards closed-eye gaze gesture passwords that resist observation-attacks with electrooculography in smart glasses. In MoMM. ACM, USA, 107–116.

[12]

Eira Friström, Elias Lius, Niki Ulmanen, Paavo Hietala, Pauliina Kärkkäinen, Tommi Mäkinen, Stephan Sigg, and Rainhard Dieter Findling. 2019. Free-Form Gaze Passwords from Cameras Embedded in Smart Glasses. In MoMM. ACM, USA, 136–144.

[13]

Markus Funk, Karola Marky, Iori Mizutani, Mareike Kritzler, Simon Mayer, and Florian Michahelles. 2019. Lookunlock: Using spatial-targets for user-authentication on hmds. In Extended Abstracts CHI. ACM, NY, USA, 1–6.

Digital Library

[14]

Ethan Gaebel, Ning Zhang, Wenjing Lou, and Y Thomas Hou. 2016. Looks good to me: Authentication for augmented reality. In TrustED. ACM, NY, USA, 57–67.

[15]

Gabriela Gheorghe, Nicolas Louveton, Benoît Martin, Benjamin Viraize, Louis Mougin, Sébastien Faye, and Thomas Engel. 2016. Heat is in the eye of the beholder: Towards better authenticating on smartglasses. In 2016 9th International Conference on Human System Interactions (HSI). IEEE, Portsmouth, UK, 490–496.

[16]

Jens Grubert, Lukas Witzani, Eyal Ofek, Michel Pahud, Matthias Kranz, and Per Ola Kristensson. 2018. Text entry in immersive head-mounted display-based virtual reality using standard keyboards. In VR. IEEE, Germany, 159–166.

[17]

Jan Gugenheimer, Christian Mai, Mark McGill, Julie Williamson, Frank Steinicke, and Ken Perlin. 2019. Challenges using head-mounted displays in shared and social spaces. In Extended Abstracts of CHI. ACM, NY, USA, 1–8.

[18]

Andreas Gutmann, Karen Renaud, Joseph Maguire, Peter Mayer, Melanie Volkamer, Kanta Matsuura, and Jörn Müller-Quade. 2016. Zeta-zero-trust authentication: Relying on innate human ability, not technology. In EuroS&P. IEEE, Germany, 357–371.

[19]

George Hadjidemetriou, Marios Belk, Christos Fidas, and Andreas Pitsillides. 2019. Picture passwords in mixed reality: Implementation and evaluation. In Extended Abstracts of the 2019 CHI. ACM, NY, USA, 1–6.

[20]

Ben Hutchins, Anudeep Reddy, Wenqiang Jin, Michael Zhou, Ming Li, and Lei Yang. 2018. Beat-pin: A user authentication mechanism for wearable devices through secret beats. In ASIACCS. ACM, NY, USA, 101–115.

Digital Library

[21]

MD Rasel Islam, Doyoung Lee, Liza Suraiya Jahan, and Ian Oakley. 2018. Glasspass: Tapping gestures to unlock smart glasses. In AH’18. ACM, NY, USA, 1–8.

Digital Library

[22]

Priti Jadhao and Lalit Dole. 2013. Survey on authentication password techniques. IJSCE 3, 2 (2013), 67–68.

[23]

John M Jones, Reyhan Duezguen, Peter Mayer, Melanie Volkamer, and Sanchari Das. 2021. A literature review on virtual reality authentication. In HAISA. Springer, Cham, 189–198.

[24]

Hassan Khan, Urs Hengartner, and Daniel Vogel. 2018. Augmented reality-based mimicry attacks on behaviour-based smartphone authentication. In MobiSys. ACM, NY, USA, 41–53.

[25]

Akhil Khare, Vinaya Kulkarni, and Akhilesh Upadhayay. 2012. A Collaborative Augmented Reality System Based On Real Time Hand Gesture Recognition. In Global Journal of Computer Science and Technology. Global Journals, US, 47–51.

[26]

Sung-Hwan Kim, Jong-Woo Kim, Seon-Yeong Kim, and Hwan-Gue Cho. 2011. A new shoulder-surfing resistant password for mobile environments. In IMCOM. ACM, NY, USA, 1–8.

[27]

Barbara Kitchenham. 2004. Procedures for performing systematic reviews. Keele, UK, Keele University 33, 2004 (2004), 1–26.

[28]

Gregory Kramida. 2015. Resolving the vergence-accommodation conflict in head-mounted displays. TVCG 22, 7 (2015), 1912–1931.

Digital Library

[29]

Christopher Kreider. 2018. The Discoverability of Password Entry Using Virtual Keyboards in an Augmented Reality Wearable: An Initial Proof of Concept. In Southern Association for Information Systems. AISeL, UK, 1–6.

[30]

Lingjun Li, Xinxin Zhao, and Guoliang Xue. 2013. Unobservable re-authentication for smartphones. In NDSS, Vol. 56. NDSS, USA, 57–59.

[31]

Yan Li, Yao Cheng, Weizhi Meng, Yingjiu Li, and Robert H Deng. 2021. Designing leakage-resilient password entry on head-mounted smart wearable glass devices. IEEE Transactions on Information Forensics and Security 16 (2021), 307–321.

[32]

Yingjiu Li, Qiang Yan, and Robert H Deng. 2015. ShadowKey: A Practical Leakage Resilient Password System. In Leakage Resilient Password Systems. Springer, Cham, 53–64.

[33]

Jonathan Liebers and Stefan Schneegass. 2020. Gaze-based Authentication in Virtual Reality. In ETRA. ACM, USA, 1–2.

[34]

Duo Lu, Yuli Deng, and Dijiang Huang. 2021. Global Feature Analysis and Comparative Evaluation of Freestyle In-Air-Handwriting Passcode for User Authentication. In ACSAC. ACM, NY, USA, 468–481.

[35]

Peter Mayer and Melanie Volkamer. 2018. Addressing misconceptions about password security effectively. In STAST. ACM, NY, USA, 16–27.

[36]

Naheem Noah and Sanchari Das. 2021. Exploring evolution of augmented and virtual reality education space in 2020 through systematic literature review. Computer Animation and Virtual Worlds 32, 3-4 (2021), e2020.

[37]

Marc Parveau and Mehdi Adda. 2018. 3iVClass: a new classification method for virtual, augmented and mixed realities. Procedia Computer Science 141 (2018), 263–270.

[38]

Farah Fayaz Quraishi, Summera Ashraf, and Manzoor Ahmad Chachoo. 2016. Fingerprint Feature Extraction, Identification and Authentication: A Review. IJRRMCSIT 2(2016), 156–160. Issue 2.

[39]

Hwajeong Seo, Jiye Kim, Howon Kim, and Zhe Liu. 2017. Personal identification number entry for Google glass. C&EE 63(2017), 160–167.

[40]

Sophie Stephenson, Bijeeta Pal, Stephen Fan, Earlence Fernandes, Yuhang Zhao, and Rahul Chatterjee. 2022. SoK: Authentication in Augmented and Virtual Reality. In S&P. IEEE Computer Society, USA, 1552–1552.

[41]

Ivan E Sutherland. 1968. A head-mounted three dimensional display. In Proceedings of fall joint computer conference. ACM, NY, USA, 757–764.

Digital Library

[42]

Jane Webster and Richard T Watson. 2002. Analyzing the past to prepare for the future: Writing a literature review. MIS quarterly 26, 2 (2002), xiii–xxiii.

[43]

Oliver Wiese and Volker Roth. 2016. See you next time: A model for modern shoulder surfers. In MobileHCI. ACM, Florence, Italy, 453–464.

[44]

Dhruv Kumar Yadav, Beatrice Ionascu, Sai Vamsi Krishna Ongole, Aditi Roy, and Nasir Memon. 2015. Design and analysis of shoulder surfing resistant pin based authentication mechanisms on google glass. In FC. Springer, Germany, 281–297.

[45]

Shanhe Yi, Zhengrui Qin, Ed Novak, Yafeng Yin, and Qun Li. 2016. Glassgesture: Exploring head gesture interface of smart glasses. In INFOCOM. IEEE, USA, 1–9.

[46]

Ruide Zhang, Ning Zhang, Changlai Du, Wenjing Lou, Y Thomas Hou, and Yuichi Kawamoto. 2017. AugAuth: Shoulder-surfing resistant authentication for augmented reality. In ICC. IEEE, Paris, France, 1–6.

Cited By

Hallal LRhinelander JVenkat R(2024)Recent Trends of Authentication Methods in Extended Reality: A SurveyApplied System Innovation10.3390/asi70300457:3(45)Online publication date: 28-May-2024
https://doi.org/10.3390/asi7030045
Adil MSong HKhan MFarouk AJin Z(2024)5G/6G-enabled metaverse technologiesJournal of Network and Computer Applications10.1016/j.jnca.2024.103828223:COnline publication date: 17-Apr-2024
https://dl.acm.org/doi/10.1016/j.jnca.2024.103828
Gajda D(2023)New technologies in the field of sensory marketing and customer experience: a systematic literature reviewJournal of Marketing and Consumer Behaviour in Emerging Markets10.7172/2449-6634.jmcbem.2023.1.42023:1(16)(51-78)Online publication date: 10-May-2023
https://doi.org/10.7172/2449-6634.jmcbem.2023.1.4
Show More Cited By

Index Terms

SoK: A Systematic Literature Review of Knowledge-Based Authentication on Augmented Reality Head-Mounted Displays
1. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Usability in security and privacy

Recommendations

Head-mounted display augmented reality in manufacturing: A systematic review
Abstract
Head-mounted display (HMD) augmented reality (AR) has attracted more and more attention in manufacturing activities, as it enables operators to access visual guidance in front of their view directly while freeing human's two hands. ...
Tourist eXperience and Use of Virtual Reality, Augmented Reality and Metaverse: A Literature Review
Social Computing and Social Media
Abstract
Tourist experience (TX) is considered a specification of the customer experience directly associated with the tourism industry. Researchers agree that the tourist experience begins before the trip with preparations and extends during and after it, ...
Cybersickness in current-generation virtual reality head-mounted displays: systematic review and outlook
Abstract
Cybersickness (CS) is a term used to refer to symptoms, such as nausea, headache, and dizziness that users experience during or after virtual reality immersion. Initially discovered in flight simulators, commercial virtual reality (VR) head-...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security

August 2022

1371 pages

ISBN:9781450396707

DOI:10.1145/3538969

Copyright © 2022 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 August 2022

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ARES 2022

ARES 2022: The 17th International Conference on Availability, Reliability and Security

August 23 - 26, 2022

Vienna, Austria

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
1,103
Total Downloads

Downloads (Last 12 months)464
Downloads (Last 6 weeks)62

Reflects downloads up to 14 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Hallal LRhinelander JVenkat R(2024)Recent Trends of Authentication Methods in Extended Reality: A SurveyApplied System Innovation10.3390/asi70300457:3(45)Online publication date: 28-May-2024
https://doi.org/10.3390/asi7030045
Adil MSong HKhan MFarouk AJin Z(2024)5G/6G-enabled metaverse technologiesJournal of Network and Computer Applications10.1016/j.jnca.2024.103828223:COnline publication date: 17-Apr-2024
https://dl.acm.org/doi/10.1016/j.jnca.2024.103828
Gajda D(2023)New technologies in the field of sensory marketing and customer experience: a systematic literature reviewJournal of Marketing and Consumer Behaviour in Emerging Markets10.7172/2449-6634.jmcbem.2023.1.42023:1(16)(51-78)Online publication date: 10-May-2023
https://doi.org/10.7172/2449-6634.jmcbem.2023.1.4
Anastasaki IDrosatos GPavlidis GRantos K(2023)User Authentication Mechanisms Based on Immersive Technologies: A Systematic ReviewInformation10.3390/info1410053814:10(538)Online publication date: 2-Oct-2023
https://doi.org/10.3390/info14100538
Alt FHassib MDistler V(2023)Human-centered Behavioral and Physiological SecurityProceedings of the 2023 New Security Paradigms Workshop10.1145/3633500.3633504(48-61)Online publication date: 18-Sep-2023
https://dl.acm.org/doi/10.1145/3633500.3633504
Li LChen CPan LZhang LZhang JXiang Y(2023)SigA: rPPG-based Authentication for Virtual Reality Head-mounted DisplayProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607209(686-699)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607209
Kishnani UMadabhushi SDas S(2023)Blockchain in Oil and Gas Supply Chain: A Literature Review from User Security and Privacy PerspectiveHuman Aspects of Information Security and Assurance10.1007/978-3-031-38530-8_24(296-309)Online publication date: 26-Jul-2023
https://doi.org/10.1007/978-3-031-38530-8_24
Patrick ABurris ADas SNoah N(2022)Understanding User Perspective in a University Setting to Improve Biometric Authentication AdoptionProceedings of the 9th Mexican International Conference on Human-Computer Interaction10.1145/3565494.3565498(1-10)Online publication date: 16-Nov-2022
https://dl.acm.org/doi/10.1145/3565494.3565498

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten