iconOpen Access

ARTICLE

crossmark

Chaotic Map-Based Authentication and Key Agreement Protocol with Low-Latency for Metasystem

by Guojun Wang1,2, Qi Liu3,*

1 School of Electronics & Information Engineering, Nanjing University of Information Science & Technology, Nanjing, 210044, China
2 Yancheng Polytechnic College, Yancheng, 224000, China
3 Jiangsu Province Engineering Research Center of Advanced Computing and Intelligent Services, School of Software, Nanjing University of Information Science and Technology, Nanjing, China

* Corresponding Author: Qi Liu. Email: email

Computers, Materials & Continua 2024, 78(3), 4471-4488. https://doi.org/10.32604/cmc.2024.047669

Abstract

With the rapid advancement in exploring perceptual interactions and digital twins, metaverse technology has emerged to transcend the constraints of space-time and reality, facilitating remote AI-based collaboration. In this dynamic metasystem environment, frequent information exchanges necessitate robust security measures, with Authentication and Key Agreement (AKA) serving as the primary line of defense to ensure communication security. However, traditional AKA protocols fall short in meeting the low-latency requirements essential for synchronous interactions within the metaverse. To address this challenge and enable nearly latency-free interactions, a novel low-latency AKA protocol based on chaotic maps is proposed. This protocol not only ensures mutual authentication of entities within the metasystem but also generates secure session keys. The security of these session keys is rigorously validated through formal proofs, formal verification, and informal proofs. When confronted with the Dolev-Yao (DY) threat model, the session keys are formally demonstrated to be secure under the Real-or-Random (ROR) model. The proposed protocol is further validated through simulations conducted using VMware workstation compiled in HLPSL language and C language. The simulation results affirm the protocol’s effectiveness in resisting well-known attacks while achieving the desired low latency for optimal metaverse interactions.

Keywords


1  Introduction

With the arrival of 5G, the rapid development of artificial intelligence and cloud computing technology [1] has accelerated the realization of the metaverse. People can enter the virtual world and interact with others in the form of metaverse avatars [2] through virtual reality (VR) [3] headsets. This will change the organization and operation of existing societies by combining virtual reality. However, new challenges are also brought in protecting the privacy and security of the avatars. Different from the real world, the metaverse will not only face passive attacks and eavesdropping attacks but also more active attacks will be launched to gain the benefits of the virtual world. Therefore, preserving the security and privacy of the avatar [4] is a current issue that needs to be addressed urgently.

Identity verification is an essential part of either the real world or the metaverse. In the real world, authentication is also applied in multiple environments. Under the industrial IoT environment [5], the user and sensing device authenticate and negotiate a session key for communication. In the metaverse, users represent themselves virtually by creating avatars and can access a variety of services through these avatars. However, in the current metaverse environment, any user has the freedom to create any avatar as their virtual representative. This property provides an avenue for malicious users to create avatars and cause serious security issues during metaverse interactions. Therefore, it is essential to design an AKA protocol that allows users to securely access available services in the metaverse and remain safe against other security threats. In the metaverse, meta-users and virtual devices verify each other’s identity legitimacy and generate session key for communication transfer to protect the privacy of the users as well as the devices.

Although the metaverse can provide a variety of services, it is vulnerable to a variety of attacks that can threaten security. First, each communication in the metasystem may be maliciously attacked by an adversary. Attackers can illegally enter the virtual world of the meta-user or tamper with transmitted data by attacking the metasystem’s communication channels. In addition, performance is a significant aspect of the user experience, besides the security aspect. Ryu et al. [6] presented a mutual authentication scheme using Elliptic Curve Cryptography (ECC) to offer secure communication between users and servers as well as secure interactions between avatars and avatars of the platform. Thakur et al. [7] proposed a secure ECC-based authentication scheme utilizing a fuzzy extractor for more secure user-server and avatar-avatar interactions. However, the high computational cost of the above literature makes them unsuitable for deployment into the metaverse.

1.1 Main Contributions

To solve the above problems, a chaotic mapping-based AKA protocol is proposed to protect the privacy of metaverse avatars, which can achieve secure communication between VR headset and tactile devices. Biometric of metaverse user is adopted as one of the authentication factors to improve the security of metaverse avatars which can resist malicious impersonation of the avatar. Further, user anonymity is achieved even if the tactile device is corrupted without any valid information. Finally, the proposed protocol is analyzed through experimental simulations and the experimental results show that it can be applied to privacy protection for metaverse avatars with better performance. The main contributions are summarized as follows:

1. User anonymity is considered to resist malicious attackers or corrupted tactile devices impersonating metaverse avatars when logging into a VR headset. To ensure the legitimacy of the avatar, the VR headset needs to verify the user’s identity and complete collaboration with the tactile device. It means multi-party authentication needs to be completed between the user, headset, and tactile device before entering the metaverse. Based on the semi-group attribute of the Chebyshev polynomial, the session key is established after multi-party authentication. Malicious attackers cannot obtain user information from VR device communication even if launching Man-in-the-middle (MITM), impersonation, and forgery attacks.

2. The security of the session key established between the VR headset and tactile devices has been formally proven under the ROR model. Additionally, informal proofs substantiate its resilience against both passive and active attacks. This paper adopts the robust DY threat model to define the capabilities of the adversary. Malicious attacker not only has access to information stored locally in sensor-based VR tactile devices through powerful analysis but also has absolute control over the information transmitted on the public channel. Without loss of generality, impersonation attacks on users, edge nodes, and tactile devices are analyzed in Section 5.1. The analysis results show that the proposed protocol can protect the security and privacy of metaverse avatars effectively despite strong attackers.

3. To further verify that the protocol can protect the privacy and security of the avatar effectively, security was further analyzed using the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. To provide a robust level of security for the proposed protocol, rigorous testing was performed using the AVISPA tool. This tool allowed us to simulate active attacks and thoroughly evaluate the protocol’s resistance to these attacks. The test results indicate that it provides efficient protection against replay and man-in-the-middle attacks. Based on the successful completion of these tests, it can be confidently asserted that the protocol is capable of withstanding a variety of active attacks and can offer a robust level of security for its intended use cases.

4. For security and performance, the proposed protocol is compared with related works and the result shows that the proposed protocol has better usability for Metasystem. The proposed protocol has undergone thorough analysis and comparison with other related works in terms of security and performance. The comparison results show that the proposed protocol has better usability, making it a more reliable and efficient means of authentication for secure communication in Metasystem. Overall, the comparison analysis highlights the strengths and advantages of the proposed protocol and confirms its potential as a leading solution in secure communication for Metasystem.

1.2 Related Works

Although the exploration and development of metaverse is still in the infancy phase, some works on metaverse [8,9] have already been proposed. Additionally, several works [1014] have discussed security and privacy issues in the metaverse. As relevant technologies are deeply explored, research on the metaverse has involved multiple areas. Park et al. [15] discussed the three components involved in the metaverse and review representative applications in the metaverse in terms of user interaction, and implementation. Wang et al. [2] analyzed what security threats the metaverse will face in terms of security and privacy.

However, the issue of security in the metaverse has been of considerable concern. Rafique et al. [16] found that virtual reality systems work by presenting interactive views on head-mounted displays. To make virtual reality systems more secure, they also propose possible countermeasures. O’Brolcháin et al. [17] focused on two core ethical issues that may exist in virtual reality and social networks, namely threats to privacy (information printing, physical privacy, associative privacy) and threats to autonomy (freedom, knowledge, authenticity). They also proposed some countermeasures to address the threats to privacy. Falchuk et al. [18] concentrated on the technological underpinnings that contribute to an increased level of privacy for VR participants while immersed in social VR in their article.

Authentication is the first line of defense against access by illegal meta-users in the metaverse, which protects the meta-user’s avatar [19] from unauthorized intrusion, therefore authentication is an integral part of the metaverse. Yang et al. [20] proposed a two-factor authentication framework based on chameleon signature and biometric authentication to suggest a secure meta-universe environment. In addition, the authentication framework is shown to guarantee the consistency and traceability of virtual identities after security analysis. Yu et al. [21] proposed a multi-server-based authentication key agreement to protect the user’s private information, which can achieve user untraceability. Although it reduced the communication and computation overheads compared to partially related works. However, it transmits 7 times, which cannot effectively guarantee the freshness of the message. Zheng et al. [22] proposed a three-party authentication key agreement based on chaotic mapping, considering the security needs of real applications, in which user anonymity is achieved.

2  Preliminaries

In this section, descriptions of the preliminaries are given and the notations are illustrated in Table 1.

images

2.1 Fuzzy Extractor

Fuzzy extractor is widely accepted technique for extracting biometric characteristics. In this technique, it mainly contains generation and restoration functions. Now, we give the formal definitions of the two functions as follows:

GEN(BIO)(σ,τ): GEN() is the generating function of the fuzzy extractor. When the biometric BIO is input, the function outputs a secret value σ about the biometric and a recovery parameter τ.

REP(BIO,τ)σ: REP() is the restoration function of the fuzzy extractor. When the biometric BIO and the recovery parameter τ are input, the function outputs the secret value σ about the biometric BIO.

2.2 Chebyshev Chaotic-Map

Chebyshev chaotic-map is a chaotic mapping function for generating a pseudo-random sequence of numbers. The formal definitions of Chebyshev chaotic-map are given as follows:

Definition 1: Tr(p) represents the Chebyshev polynomial and is drawn up as Tr(p)=cos(ncos1(p)), where r is randomly sampled in Z+ and p[1,1]. What’s more, Chebyshev polynomials satisfy the following characteristic.

1. Recursiveness: Tr(p)=2pTr1(p)Tr2(p), where r2, T0(p)=1 and T1(p)=p.

2. Semi-group: Tm(Tr(p))=cos(mcos1(cos(rcos1(p))))=cos(mrcos1(p))=Tmr(p), where m,rRZ+ and p[1,1].

Definition 2: Chaotic-map discrete logarithm (CMDL): For a given number p[1,1] and the related Chebyshev polynomial Tr(p), the CMDL problem confirms that it is hard for probabilistic polynomial time (PPT) adversary to compute r. In other words, the probability of an adversary A solving the CMDL problem in a finite time span is negligible.

AdvACMDL=Pr[A(p,Tr(p))=r]ε(1)

3  Formal Definition

3.1 System Model

Suppose a scenario exists where a patient has a sudden illness that requires surgery. However, specialized surgical treatment is not available where the patient is located. The relevant experienced physician can access the metasystem through the terminal and operate on the patient through the sensory device. Under the above scenario, there are three entities in the proposed metasystem communication network as shown in Fig. 1. The detailed description of each entity is given as follows.

images

Figure 1: System model

Meta-user (Mui): Meta-users access the meta-system and connect VR tactile devices by logging in to their VR headset device Vhi. Before Mu joined the metasystem, it needs to send registration information to the edge node to complete the registration through the secure channel. When the legitimate meta-user has successfully logged into the system, Vhi sends an authentication message to the edge node over the public channel.

Edge node (En): In this paper, En is responsible for offline-registration of Vtdj and online registration of Mu. When En received the authentication message from Vhi, En verifies its legitimacy and computes a novel authentication message to send to Vtdj. It is worth mentioning that edge node is assumed to be a trusted entity. This is sensible because the edge nodes are deployed by authorities in reality.

VR tactile device (Vtdj): Offline-registration is required to be completed through En before Vtdj can be deployed. When receiving an authentication message from En, Vtdj verifies its legitimacy and generates a novel authentication message to send to Vhi. Finally, the session key is generated between Vhi and Vtdj.

3.2 Adversary Model

In this paper, the popular DY adversary model is adopted, in which a strong adversary A is defined. The adversary has absolute control of the metasystem network under the DY model, specific capabilities are defined as follows.

Information transmitted over public channels can be obtained by adversaries, and even more can be deleted and modified. Notably, Vhi and Vtdj communicate on a public channel.

VR tactile devices in metasystem can be captured by A and information in the devices can be extracted by powerful analytical tool.

3.3 Security Model

We prove session key security under the widely-used ROR model, which is applied in formal proofs of many authentication protocols. The detailed description of the ROR security model is provided and shown as follows:

Participants. For better identification, the θ1th, θ2th and θ3th of Mui, En and Vtdj are defined as PMuiθ1, PEnθ2 and PVtdjθ3.

Acceptance. A participant Pθ is accepted if it enters the accepted state after receiving the final intended protocol message. The links of communication messages constitute the session identifiers.

Partnering. Two participants Pθ1 and Pθ2 are partners if they both meet the following conditions. 1) Pθ1 and Pθ2 are in the accepted state. 2) Pθ1 and Pθ2 completed mutual authentication and shared an identifier. 3) Pθ1 and Pθ2 are mutual partners.

Freshness. If the session key between Mui and Vtdj has not been obtained by an adversary A, the participants PMuiθ1 and PVtdjθ3 are fresh. A is assumed to have absolute control of the metasystem communication network. A can modify and delete information transmitted on the public channel and further access the following oracles.

Execute(PMuiθ1,PEnθ2,PVtdjθ3): A can obtain information about interactions between PMuiθ1, PEnθ2 and PVtdjθ3 in public channel through this oracle. A can launch an eavesdropping attack with this query.

Reveal(Pθ): A can obtain sk generated between Pθ and its partner through this oracle.

Send(Pθ,m): A can send m to the participant Pθ through this oracle and can further obtain a response related to m. A can launch an active attack with this query.

Corruptheadset(PMuiθ1): A can obtain all the parameters stored in the VR headset through this oracle. A can launch a VR headset device loss attack with this query.

Corruptheadset(PVtdjθ3): A can obtain all the parameters stored in the VR tactile device through this oracle. A can launch a VR tactile device loss attack with this query.

Guess(Pθ): A can obtain the semantic security of sk between Mui and Vtdj through this oracle. Before starting, a guess g{0,1} is output and sent to A. Pθ returns sk in case g=1 or a random number in case g=0 when sk is fresh. Otherwise, the output is .

4  Proposed Protocol

There are four phases in our protocol. We will give the detailed construction of each phase in this section. Before adding an entity to the meta-system, initialization and entity registrations need to be completed. Then, the session key is generated between the meta-user and the device after verifying each other’s identities. The update of the authentication factor is additionally considered to prevent privacy breaches due to loss of passwords. The detailed construction of each stage is shown as follows.

4.1 Initial Phase

First of all, En will start to initiate the metasystem and pre-deploy for VR tactile devices. Vtdj selects the device identifier IDVtdj and generates random number cj. Then, the pseudo-identifier PVDj=H(IDVtdjcj) is computed by Vtdj and sent to En. For each PVDj, En chooses a long-term secret γj and computes H(αγj), where α is En’s master key and H(αγj) is sent to Vtdj as a response over the secure channel. Meanwhile, En stores <PVDj,H(αγj),p> in local database, where p is the public parameter chosen by En.

4.2 Offline-Registration Phase

Meta-user access to the metaverse via a VR headset means that the legitimate meta-user needs to complete meta-user registration to gain permission. As shown in Fig. 2, the offline registration phase for meta-users can be divided into the following 3 steps.

images

Figure 2: Meta-user registration

Step 1: Vhi chooses IDi, PWi and reads retinal biometrics of meta-users BIOi, after which the random numbers ai and bi are further generated. Then, Vhi computes GEN(BIOi)=(σi,τi), RIDi=H(IDiσiai) and RPWi=H(IDiσiai). Meta-user registration information {RIDi,RPWi} is sent to En via the secure channel.

Step 2: After receiving the registration message from Vhi, En selects the long-term secret βi and computes Ai=RPWiRIDiH(αβi). As a registration response, {Ai,p} is sent to Vhi through the secure channel. Notably, <RIDi,H(αβi)> is likewise stored in En’s database.

Step 3: Vhi computes Bi=aiH(IDiPWi), Ci=biH(σiai) and Di=H(IDiPWiσibi) when receiving Ai from En. Then, the information {Ai,Bi,Ci,H(),GEN(),REP(),τi,p} associated with IDi is stored in Vhi’s database.

4.3 Login and Authentication Phase

Once the meta-user wants to access the metaverse and collaborate with the VR tactile devices, a secure session key needs to be established between Vhi and Vtdj. Before establishing the session key, authentication is required to prevent attackers from obtaining private information about the meta-user. As shown in Fig. 3, the login and registration phase can be divided into the following 7 steps.

images

Figure 3: Login and authentication

Step 1: Vhi computes σi=REP(BIOi,τi), ai=BiH(IDiPWi), bi=CiH(σiPWi) and Di=H(IDiPWiσibi), when meta-user inputs IDi, PWi and BIOi. Vhi verifies whether Di=Di holds, where Di is the information stored in Vhi’s database associated with IDi.

Step 2: If the above equation holds, Vhi computes RIDi=H(IDiσiai), RPWi=H(PWibi), Ai=AiRPWiRIDi, Ei=AiTri(p) and Fi=H(EiRIDiAiTri(p)T1), where ri is randomly chosen by Vhi and T1 is the timestamp. After the computation is completed, the authentication information {Ei,RIDi,Fi,T1} is sent to En through the public channel.

Step 3: En verifies whether |T1 T1|ΔT holds when receiving {Ei,RIDi,Fi,T1} from Vhi. If the above equation holds, En computes Tri(p)=EiH(αβi) and Fi=H(EiRIDiH(αβi)Tri(p)T1). Then, En verifies whether Fi=Fi holds when Fi has been computed.

Step 4: If the above equation holds, En computes Gj=RVDjTri(p), Kj=H(H(αβi)Tri(p))nj, Xj=H(αβi)nj and Lj=H(GjKjRVDjTri(p)njT2), where nj is randomly chosen by En and T2 is the timestamp. After the computation is completed, the authentication information {Gj,Kj,Xj,Lj,T2} is sent to Vtdj through the public channel.

Step 5: Vtdj verifies whether |T2 T2|ΔT holds when receiving {Gj,Kj,Xj,Lj,T2} from En. If the above equation holds, Vtdj computes Tri(p)=GjRVDj, nj=XjH(αγj) and Lj=H(GjKjRVDjTri(p)njT2). Then, Vtdj verifies whether Lj=Lj holds when Lj has been computed.

Step 6: If the above equation holds, Vtdj computes Kj=Kjnj, RVDjnew=KjH(IDVtdjcjnew), Mj=H(RIDiTri(p))Tmj(p), sk=H(RIDiRVDjnewKjTmj(Tri(p))T3) and Vj=H(MjRVDjnewskT3), where mj is randomly chosen by En and T3 is the timestamp. After the above parameters have been calculated, Vtdj replaces RVDj by RVDjnew in Vtdj’s database and sends {Mj,Vj,RVDjnew,T3} to Vhi through the public channel.

Step 7: Vhi verifies whether |T3 T3|ΔT holds when receiving {Mj,Vj,RVDjnew,T3} from Vhi. If the above equation holds, Vhi computes Tmj(p)=MjH(RIDiTri(p)), RVDjnew=RVDjnewH(H(αβi)Tri(p)), sk=H(RIDiRVDjnewH(H(αβi)Tri(p))Tri(Tmj(p))T3), and Vj=H(MjRVDjnewskT3). After the above parameters have been calculated, Vhi verifies whether Vj=Vj holds. If so, Vhi stores sk.

4.4 Factors Update Phase

Considering the practical needs of users who have lost their passwords or whose biometrics need to be updated, factors update is also designed. As shown in Fig. 4, the factors update phase can be divided into the following 3 steps.

images

Figure 4: Factors update

Step 1: Vhi computes σi=REP(BIOi,τi), ai=BiH(IDiPWi), bi=CiH(σiPWi) and Di=H(IDiPWiσibi), when meta-user inputs IDi, PWi and BIOi. Vhi verifies whether Di=Di holds, where Di is the information stored in Vhi’s database associated with IDi.

Step 2: Vhi computes GEN(BIOinew)=(σinew,τinew), Binew=BiH(IDiPWi)H(IDiPWinew) Ainew=AiH(IDiσinewai)H(PWibi)H(IDiσinewai)H(PWinewbi), Cinew=CiH(σiai)H(σiai) and Dinew=H(IDiPWinewσinewbi).

Step 3: Replace Ai,Bi,Ci,Di by Ainew, Binew, Cinew and Dinew in Vtdj’s database when the above computation is completed.

5  Security Analysis

In this section, formal and informal proofs are given to prove security. The detailed proofs are described as follows.

5.1 Formal Proof

Assume that A is the PPT adversary to break our protocol. qs, qh, |Hash|, |D|, and l denote the number of Send query, the number of Hash oracle, the range space of h(), the size of the password dictionary D, and bits of σi, respectively.

Theorem 1: The advantage of A in breaking the sk security be shown as follows:

Adv𝒜(PPT)qh2|Hash|+qs2l1|D|+2AdvACMDL(PPT)(2)

Proof. We prove Theorem 1 through five games, which are described in detail as follows.

Game0: In Game0, real attack is launched by A breaking our protocol under the ROR model. Then, the probability for A prevailing in Game0 is summarized as follows:

Adv𝒜(PPT)=|2AdvGame01|(3)

Game1: Game1 is simulated as an eavesdropping attack. In Game1, A can obtain the authentication information {Ei,RIDi,Fi,T1}, {Gj,Kj,Xj,Lj,T2} and {Mj,Vj,RVDjnew,T3} transmitted over the public channel by accessing the Execute(PMuiθ1,PEnθ2,PVtdjθ3). Then, A visits Guess(Pθ) oracle to verify whether sk established between Vhi and Vtdj is a session key or a random number, where sk=H(RIDiRVDjnewH(H(αβi)Tri(p))Tri(Tmj(p))T3), RVDjnew=KjH(IDVtdjcjnew), Kj=Kjnj, Kj=H(H(αβi)Tri(p))nj and Tmj(p)=MjH(RIDiTri(p)). A needs to obtain H(αβi), IDVtdj, nj and cjnew to forge sk. However, the information exposed on public channels did not leak these parameters. Therefore, A will not increase the probability of winning through Game1. Then, the probability for A prevailing in Game1 is summarized as follows:

AdvGame1=AdvGame0(4)

Game2: In Game2, A can access the Send(Pθ,m) and Hash oracle compared to Game1. It means that A can launch an active attack through these oracles in this game, attempting to fabricate messages to blind the participants. Although A can launch a hash query to verify the collision, each parameter contains random numbers, IDi, PWi and secrets associated with En. However, the information exposed on public channels did not leak these parameters. Therefore, A will not increase the probability of collision through Game2. Then, the probability for A prevailing in Game2 is summarized as follows:

|AdvGame2AdvGame1|qh22|Hash|(5)

Game3: In Game3, A can access the Corruptheadset(PVtdjθ3) oracle compared to Game2. A can access information {Ai,Bi,Ci,H(),GEN(),REP(),τi,p} in Vhi which is related to Meta-user, where Ai=RPWiRIDiH(αβi), Bi=aiH(IDiPWi), Ci=biH(σiai) and Di=H(IDiPWiσibi). A needs to know the temporary secret ai, σi and bi to guess IDi and PWi. Assume that A can guess incorrectly at most qs times and the probability for A prevailing in Game3 is summarized as follows:

|AdvGame3AdvGame2|qs2l|D|(6)

Game4: In Game4, A tries to compute sk by analyzing the captured {Ei,RIDi,Fi,T1}, {Gj,Kj,Xj,Lj,T2} and {Mj,Vj,RVDjnew,T3} and solving the CMDL. A needs to get Tri(Tmj(x)) and H(H(αβi)Tri(p)) to compute sk=h(CIDjTs(Tu(x))TS3v), where ri and mj are respectively chosen by Vhi and Vtdj. It is clear from the above computations that A is difficult to compute Tri(Tmj(p)) without ri and mj even if it obtains p. Therefore, it requires A to solve the CMDL to obtain ri and mj from Tri(p) and Tmj(p), respectively. Then, the probability for A prevailing in Game4 is summarized as follows:

|AdvGame4AdvGame3|AdvACMDL(PPT)(7)

A makes a guess g after accessing Guess(Pθ) oracle. Then, the probability for A prevailing in Game4 is summarized as follows:

AdvGame5=1/2(8)

The probabilities from Game0, Game1 and Game4 can be derived using the following expression:

12AdvA(PPT)=|AdvGame01/2|=|AdvGame1AdvGame4|(9)

Through the trigonometric inequality, we can obtain the following equation:

|AdvGame2AdvGame5|qh22|Hash|+qs2l|D|+AdvACMDL(PPT)(10)

Finally, Theorem 1 can be proved from the above equation and the final conclusion drawn.

Adv𝒜(PPT)=2|AdvGame1AdvGame4|qh2|Hash|+qs2l1|D|+2AdvACMDL(PPT)(11)

5.2 Informal Proof

Privileged-insider attack. In the meta-user registration phase, Vhi sends RIDi,RPWi to En to complete registration, where RIDi=H(IDiσiai) and RPWi=H(PWibi). Assume that there exists an internal adversary A who has obtained RIDi,RPWi, and that it is unable to obtain IDi and PWi from RIDi,RPWi without ai and bi. Additionally, PWi and σi are just as impossible to be stolen due to the one-way character of H(). Overall, the proposed protocol will not leak any user-related information under the privileged-insider attack.

Anonymity and untraceability. As shown in Section 4.3, information {Ei,RIDi,Fi,T1}, {Gj,Kj,Xj,Lj,T2} and {Mj,Vj,RVDjnew,T3} exposed on the public channel without leaking credentials about meta-user. Similarly, the messages stored in the database of Vhi have not disclosed the credentials of the meta-user. Assume that A can launch an eavesdropping attack to obtain {Ei,RIDi,Fi,T1}, {Gj,Kj,Xj,Lj,T2} and {Mj,Vj,RVDjnew,T3}. However, A wants to get the IDi which requires obtaining the secret H(αβi), H(αγj) and the numbers ri, nj, mj and cjnew chosen randomly by Vhi, En and Vtdj. Finally, {Ei,RIDi,Fi,T1}, {Gj,Kj,Xj,Lj,T2} and {Mj,Vj,RVDjnew,T3} transmitted on the public channel is the result of the computation of H(), and it is difficult for A to recover the IDi. Therefore, the proposed protocol can achieve anonymity and untraceability.

Stolen headset attack. Assume the headset Vhi of meta-user is stolen by A and the information {Ai,Bi,Ci,H(),GEN(),REP(),τi,p} stored in Vhi s database is captured, where Ai=RPWiRIDiH(αβi), Bi=aiH(IDiPWi), Ci=biH(σiai), Di=H(IDiPWiσibi), {H(),GEN(),REP()} are one-way functions. From the above information, A who guesses the IDi and PWi correctly needs to know ai and bi. However, A wants to recover the correct ai from Bi will need IDi and PWi. Therefore, A cannot guess IDi and PWi correctly from the information stored in Vhi. In summary, the proposed protocol can resist stolen headset attack.

Replay attack. Assume A captures and replies the messages {Ei,RIDi,Fi,T1}, where Ei=H(αβi)Tri(p), RIDi=H(IDiσiai) and Fi=H(EiRIDiAiTri(p)T1). However, timestamp T1 will be verified by the setting threshold T and A cannot calculate sk=H(RIDiRVDjnewH(H(αβi)Tri(p))Tri(Tmj(p))T3) without ri, nj, mj and cjnew. Therefore, it can resist replay attack.

MITM attack. Assume A can launch the MITM attack to capture information {Ei,RIDi,Fi,T1}, {Gj,Kj,Xj,Lj,T2} and {Mj,Vj,RVDjnew,T3} and attempt to impersonate a valid entity. In the case of {Ei,RIDi,Fi,T1}, A modifies it in an attempt to trick En into believing that A is a legitimate user. It means that A needs to forge Ei=H(αβi)Tri(p), RIDi=H(IDiσiai) and Fi=H(EiRIDiAiTri(p)T1). Although A can select ri and compute Tri(x), A cannot forge Ei=H(αβi)Tri(p) and RIDi=H(IDiσiai) without H(αβi) and ai. The same is true for other authentication information, A entities cannot be authenticated without knowing the long-term secret values.

Mutual authentication. In metasystem, Vhi, En and Vtdj verify each other’s legitimacy. First, En verifies the legitimacy of Vhi by checking whether Fi=Fi holds, where Fi=H(EiRIDiAiTri(p)T1). Then, Vtdj verifies the legitimacy of En by checking whether Li=Li holds, where Li=H(GjKjRVDjTri(p)njT2). Finally, Vhi verifies the legitimacy of Vtdj by checking whether Vi=Vi holds, where Vi=H(MjRVDjnewskT3).

Meta-user impersonation attack. Assume A steals the headset Vhi of the meta-user and accesses the information {Ai,Bi,Ci,H(),GEN(),REP(),τi,p} in the local database through powerful analytical tools. Further, A intercepts {Ei,RIDi,Fi,T1} sent by Vhi to En and tries to forge a valid message to fool En into believing it is a legitimate Meta-user. It means that A needs to forge Ei=AiTri(p), RIDi=H(IDiσiai) and Fi=H(EiRIDiAiTri(p)T1), where Ai=H(αβi) and ai=BiH(IDiPWi). Although A can generate ri randomly and compute Tri(p), the valid secret A=H(αβi) and PIDi=H(IDiσiai) cannot be calculated without IDi, σ, α and βi. More importantly, the forged H(αβi) cannot be verified by En. Therefore, it can resist Meta-user impersonation attack effectively.

Edge node impersonation attack. Assume A intercepts {Gj,Kj,RIDi,Lj,T2} sent by En to Vtdj and tries to forge a valid message to fool Vtdj into believing it is a legitimate edge node. It means that A needs to forge Gj=RVDjTri(p), Kj=H(H(αβi)Tri(p))nj, Xj=H(αγj)nj and Lj=H(GjKjRVDjTri(p)njT2), where RVDj=H(IDVtdjcj) and nj=XjH(αγi). Although A can generate nj randomly, the valid secret Xj=H(αγj)nj and Kj=H(H(αβi)Tri(p))nj cannot be calculated without α, βi, and γj. More importantly, the forged H(αγj) cannot be verified by Vtdj. Therefore, it can resist Edge node impersonation attack effectively.

Tactile device impersonation attack. Assume A intercepts {Mj,Vj,RVDjnew,T3} sent by Vtdj to Vhi and tries to forge a valid message to fool Vhi into believing it is a legitimate tactile device. It means that A needs to forge Mj=H(RIDiTr), Kj=H(H(αβi)Tri(p))nj, Xj=H(αγj)nj and Lj=H(GjKjRVDjTri(p)njT2), where Kj=H(H(αβi)Tri(p)) and RVDjnew=H(H(αβi)Tri(p))H(IDVtdjcjnew). Although A can generate mj randomly and compute Tmj(p), the valid secret Kj=H(H(αβi)Tri(p)) cannot be calculated without α, and βi. More importantly, the forged H(αβj) cannot be verified by Vhi. Therefore, it can resist Tactile device impersonation attack effectively.

Session key security. The session key sk=H(RIDiRVDjnewKjTmj(Tri(p))T3) is generated between Vhi and Vtdj. Assume A intercepts {Mj,Vj,RVDjnew,T3} and attempts to compute sk=H(RIDiRVDjnewKjTmj(Tri(p))T3) by generating cj and T3. However, A cannot recover the valid RVDjnew=H(H(αβi)Tri(p))H(IDVtdjcjnew) and Kj=H(H(αβi)Tri(p)) without α, βi, ri and IDVtdj. Furthermore, H() is the collision-resistant one-way function. Therefore, the session key is secure in this paper.

6  Performance Analysis

In this section, detailed performance analyses are described from theoretical side, tool simulation and experimental analysis.

6.1 Comparison of Security and Overhead

We will analyze the security and theoretical overheads compared to the associated metaverse authentication protocols, respectively. First, the security is compared and the results are presented in Table 2. Ryu et al. [6] proposed a blockchain-assisted authentication protocol for metasystem. In their protocol, elliptic curve is employed to provide secure communication between the user and the platform server as well as avatar security. However, it is not able to resist real-world impersonation attacks and ensure session key security. Li et al. [23] proposed a server-assisted authentication method using chaotic mapping. However, it is also impossible to resist an impersonation attack. Zheng et al. [22] proposed an efficient session key establishment method between users through chaotic mapping. However, it still has information leakage when facing MITM attacks. From Table 2, it is easy to find that just Yu et al. [21] and ours can satisfy the full security requirements.

images

In terms of overhead, we compare and analyze the computation and communication overheads, respectively. From Table 3, We can find that our total cost is 18Th+4Tc, where Th is the time of hash operation and Tc is the time of chaotic mapping operation. Ryu et al. [6] implemented the security of avatars based on ECC and its total overhead is 25Tm+31Th+8Ts, where Ts is the time of symmetric encryption and decryption operation. Li 2016 implemented multi-party authentication using chaotic mapping and its total overhead is 19Th+6Tc, which is higher than ours in terms of overhead. Meanwhile, Yu et al. [21] completed the three-party authentication using chaotic mapping and its total overhead is 19Th+4Tc. However, it has the transmission count of 7, which will cause additional delay. Although Zheng et al. [22] and ours have the same total overhead, Zheng et al. only completed the two-party authentication. Finally, the analysis results show that the proposed protocol has high practicality in balancing security and computational overhead by comparing Tables 2 and 3.

images

6.2 Tool Simulation

In order to analyze whether the protocol is resistant to man-in-the-middle and replay attacks, the popular AVISPA tool is employed to verify security. AVISPA is a tool for proving network security protocols and applications, which is integrated into the SPAN virtual machine through a virtual box. Our protocol is compiled in the HLPSL language and the validation result is shown in Fig. 5.

images

Figure 5: Simulation result

6.3 Experimental Analysis

To further compare the performance, the protocol was simulated with a VMware workstation at 2.7 GHz and 8 G RAM. We completed the experimental simulation using C based on PBC and GMP libraries. The computational and communication overhead results are shown in Figs. 6 and 7.

images

Figure 6: Computational overhead

images

Figure 7: Communication overhead

In [6], its runtime is 207.36 ms on the user side, 120 ms on the edge node side, 207.36 ms in the device side and transmission times is 6. Its total overhead is 534 milliseconds due to the high runtime of the power operation. In [23], its runtime is 53.54 ms in the user side, 19.66 ms in edge node side, 35.48 ms in the device side and transmission times is 5. In [21], its runtime is 36.12 ms in the user side, 2.24 ms in edge node side, 36.12 ms in the device side and transmission times are 7. In [22], its runtime is 37.4 ms in the user side, 36.76 ms in edge node side and transmission times is 7. Compared to the above protocol, our user-side runtime is 37.4 ms, node-side runtime is 0.96 ms and device-side runtime is 35.8 ms, which is the lowest total runtime. Importantly, we completed the session key establishment in the metasystem using only 3 rounds of transmission. This will reduce transmission delay and energy consumption in the metasystem.

7  Conclusion

In this paper, we proposed a chaotic map-based AKA protocol to secure the security of meta-users and avatars, which enables low-latency transmission of information in the metasystem. Considering the characteristics of the metasystem, meta-user biometrics are employed to strengthen session key security. Further, the functionality of updating passwords and biometrics through VR headsets by meta-users is considered. The security of the protocol is comprehensively analyzed through formal and formal security proofs. Finally, we simulated the performance of the protocol through theoretical analysis, tool simulation, and experimental simulation which shows that it can effectively resist MITM and replay attacks without additional overhead compared to other related protocols. In future work, we will take into account the frequent dynamic updates of devices in the metasystem. Improvement of secret values in the proposed scheme to reduce communication overhead and enhance security. Therefore, designing an authentication scheme without locally stored secret values is the first step in our future work.

Acknowledgement: Not applicable.

Funding Statement: This work has received funding from National Natural Science Foundation of China (No. 42275157).

Author Contributions: The authors confirm their contribution to the paper as follows: study conception and design: Guojun Wang; data collection: Qi Liu; analysis and interpretation of results: Guojun Wang, Qi Liu; draft manuscript preparation: Guojun Wang. All authors reviewed the results and approved the final version of the manuscript.

Availability of Data and Materials: Not applicable.

Conflicts of Interest: The authors declare that they have no conflicts of interest to report regarding the present study.

References

1. M. E. M. Cayamcela and W. Lim, “Artificial intelligence in 5G technology: A survey,” in Proc. ICTC, Jeju, Korea, 2018, pp. 860–865. [Google Scholar]

2. Y. Wang et al., “A survey on metaverse: Fundamentals, security, and privacy,” IEEE Commun. Surv. Tutor., vol. 25, no. 1, pp. 319–352, 2022. [Google Scholar]

3. C. Anthes, R. J. García-Hernández, M. Wiedemann, and D. Kranzlmüller, “State of the art of virtual reality technology,” in 2016 IEEE Aerospace Conf., Big Sky, MT, USA, 2016, pp. 1–19. [Google Scholar]

4. R. D. Pietro and S. Cresci, “Metaverse: Security and privacy issues,” in Proc. TPS-ISA, Atlanta, GA, USA, 2021, pp. 281–288. [Google Scholar]

5. D. Liu, Y. Zhang, W. Wang, K. Dev, and S. A. Khowaja, “Flexible data integrity checking with original data recovery in IoT-enabled maritime transportation systems,” IEEE Trans. Intell. Transp., vol. 24, no. 2, pp. 2618–2629, 2023. [Google Scholar]

6. J. Ryu, S. Son, J. Lee, Y. Park, and Y. Park, “Design of secure mutual authentication scheme for metaverse environments using blockchain,” IEEE Access., vol. 10, pp. 98944–98958, 2022. [Google Scholar]

7. G. Thakur, P. Kumar, C. M. Chen, A. V. Vasilakos, Anchna and S. Prajapat, “A robust privacy-preserving ECC-based three-factor authentication scheme for metaverse environment,” Comput. Commun., vol. 211, pp. 271–285, 2023. [Google Scholar]

8. H. Ning et al., “A survey on the metaverse: The state-of-theart, technologies, applications, and challenges,” IEEE Internet Things, vol. 10, pp. 14671–14688, 2023. [Google Scholar]

9. N. A. Dahan, M. Al-Razgan, A. Al-Laith, M. A. Alsoufi, M. S. Al-Asaly and T. Alfakih, “Metaverse framework: A case study on e-learning environment (ELEM),” Electron., vol. 11, no. 10, pp. 1616, 2022. doi: 10.3390/electronics11101616. [Google Scholar] [CrossRef]

10. T. Zhang, J. Shen, C. F. Lai, S. Ji, and Y. Ren, “Multi-server assisted data sharing supporting secure deduplication for metaverse healthcare systems,” Future Gener. Comput. Syst., vol. 140, no. 1, pp. 299–310, 2023. doi: 10.1016/j.future.2022.10.031. [Google Scholar] [CrossRef]

11. S. Qamar, Z. Anwar, and M. Afzal, “A systematic threat analysis and defense strategies for the metaverse and extended reality systems,” Comput. Secur., vol. 128, no. 6, pp. 103127, 2023. doi: 10.1016/j.cose.2023.103127. [Google Scholar] [CrossRef]

12. J. D. N. Dionisio, W. G. B. Iii, and R. Gilbert, “3D virtual worlds and the metaverse: Current status and future possibilities,” ACM Comput. Surv., vol. 45, no. 3, pp. 1–38, 2013. doi: 10.1145/2480741.2480751. [Google Scholar] [CrossRef]

13. L. H. Lee et al., “All one needs to know about metaverse: A complete survey on technological singularity, virtual ecosystem, and research agenda,” arXiv preprint arXiv:2110.05352, 2021. [Google Scholar]

14. H. Yang, P. Vijayakumar, J. Shen, and B. B. Gupta, “A location-based privacy-preserving oblivious sharing scheme for indoor navigation,” Future Gener. Comp. Syst., vol. 137, no. 3, pp. 42–52, 2022. doi: 10.1016/j.future.2022.06.016. [Google Scholar] [CrossRef]

15. S. M. Park and Y. G. Kim, “A metaverse: Taxonomy, components, applications, and open challenges,” IEEE Access., vol. 10, pp. 4209–4251, 2022. doi: 10.1109/ACCESS.2021.3140175. [Google Scholar] [CrossRef]

16. M. U. Rafique and S. C. S. Cheung, “Tracking attacks on virtual reality systems,” IEEE Consum. Electron. Mag., vol. 9, no. 2, pp. 41–46, 2020. doi: 10.1109/MCE.2019.2953741. [Google Scholar] [CrossRef]

17. F. O’Brolcháin, T. Jacquemard, D. Monaghan, N. O’Connor, P. Novitzky and B. Gordijn, “The convergence of virtual reality and social networks: Threats to privacy and autonomy,” Sci. Eng. Ethics., vol. 22, no. 1, pp. 1–29, 2016. doi: 10.1007/s11948-014-9621-1. [Google Scholar] [PubMed] [CrossRef]

18. B. Falchuk, S. Loeb, and R. Neff, “The social metaverse: Battle for privacy,” IEEE Technol. Soc. Mag., vol. 37, no. 2, pp. 52–61, 2018. doi: 10.1109/MTS.2018.2826060. [Google Scholar] [CrossRef]

19. J. A. de Guzman, K. Thilakarathna, and A. Seneviratne, “Security and privacy approaches in mixed reality: A literature survey,” ACM Comput. Surv., vol. 52, no. 6, pp. 1–37, 2019. doi: 10.1145/3359626. [Google Scholar] [CrossRef]

20. K. Yang, Z. Zhang, Y. Tian, and J. Ma, “A secure authentication framework to guarantee the traceability of avatars in metaverse,” IEEE Trans. Inf. Foren. Secur., vol. 18, pp. 3817–3832, 2023. doi: 10.1109/TIFS.2023.3288689. [Google Scholar] [CrossRef]

21. Y. Yu, O. Taylor, R. Li, and B. Sunagawa, “An extended chaotic map-based authentication and key agreement scheme for multi-server environment,” Math., vol. 9, no. 8, pp. 798, 2021. doi: 10.3390/math9080798. [Google Scholar] [CrossRef]

22. Y. Zheng et al., “Design and analysis of a security-enhanced three-party authenticated key agreement protocol based on chaotic maps,” IEEE Access., vol. 8, pp. 66150–66162, 2020. doi: 10.1109/ACCESS.2020.2979251. [Google Scholar] [CrossRef]

23. X. Li et al., “A novel chaotic maps-based user authentication and key agreement protocol for multi-server environments with provable security,” Wirel. Pers. Commun., vol. 89, no. 2, pp. 569–597, 2016. doi: 10.1007/s11277-016-3293-x. [Google Scholar] [CrossRef]


Cite This Article

APA Style
Wang, G., Liu, Q. (2024). Chaotic map-based authentication and key agreement protocol with low-latency for metasystem. Computers, Materials & Continua, 78(3), 4471-4488. https://doi.org/10.32604/cmc.2024.047669
Vancouver Style
Wang G, Liu Q. Chaotic map-based authentication and key agreement protocol with low-latency for metasystem. Comput Mater Contin. 2024;78(3):4471-4488 https://doi.org/10.32604/cmc.2024.047669
IEEE Style
G. Wang and Q. Liu, “Chaotic Map-Based Authentication and Key Agreement Protocol with Low-Latency for Metasystem,” Comput. Mater. Contin., vol. 78, no. 3, pp. 4471-4488, 2024. https://doi.org/10.32604/cmc.2024.047669


cc Copyright © 2024 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 283

    View

  • 192

    Download

  • 0

    Like

Share Link