Design of Secure Mutual Authentication Scheme for Metaverse Environments Using Blockchain

During the COVID-19 pandemic, engagement in various remote activities such as online education and meetings has increased. However, since the conventional online environments typically provide simple streaming services using cameras and microphones, there have limitations in terms of physical expression and experiencing real-world activities such as cultural and economic activities. Recently, metaverse environments, three-dimensional virtual reality that use avatars, have attracted increasing attention as a means to solve these problems. Thus, many metaverse platforms such as Roblox, Minecraft, and Fortnite have been emerging to provide various services to users. However, such metaverse environments are potentially vulnerable to various security threats because the users and platform servers communicate through public channels. In addition, sensitive user data such as identity, password, and biometric information are managed by each platform server. In this paper, we design a system model that can guarantee secure communication and transparently manage user identification data in metaverse environments using blockchain technology. We also propose a mutual authentication scheme using biometric information and Elliptic Curve Cryptography (ECC) to provide secure communication between users and platform servers and secure avatar interactions between avatars and avatars. To demonstrate the security of the proposed mutual authentication scheme, we perform informal security analysis, Burrows–Abadi–Needham (BAN) logic, Real-or-Random (ROR) model, and Automated Validation of Internet Security Protocols and Applications (AVISPA). In addition, we compare the computation costs, communication costs, and security features of the proposed scheme with existing schemes in similar environments. The results demonstrate that the proposed scheme has lower computation and communication costs and can provide a wider range of security features than existing schemes. Thus, our proposed scheme can be used to provide secure metaverse environments.


I. INTRODUCTION
During the recent COVID-19 pandemic, engagement in var- 24 ious remote activities such as online education, meetings, 25 and games increased rapidly to reduce the risk of infec-26 tion. People can use convenient services such as real-time 27 education, telecommuting, and video conferencing without 28 The associate editor coordinating the review of this manuscript and approving it for publication was Zijian Zhang . physically contacting others in the online environment. How-29 ever, conventional online environments only provide simple 30 streaming services using cameras and microphones. As a 31 result, such environments are limited in terms of physi-32 cal expression and social, cultural, and economic activities 33 [1], [2]. Thus, existing online services cannot provide users 34 with experiences similar to the real world. With the recent 35 development of computer vision and graphics process-36 ing technologies, metaverse environments are expected to 37 other avatars are malicious. This can cause serious problems 94 such as identity leakage, theft, and virtual asset fraud during 95 avatar interactions. 96 To solve these problems, secure communication must be 97 provided between users and platform servers. Avatar authen-98 tication is also required to provide secure avatar interactions 99 such as trading and chatting in virtual spaces. In addition, 100 secure and transparent management of user identification 101 data is required. In this paper, we utilize blockchain technol-102 ogy to prevent the dependency of user data on each platform 103 server and provide security of user data. Then, we design 104 a system model using blockchain technology for metaverse 105 environments. In our system model, we manage the user iden-106 tification data in blockchain to provide user data integrity 107 and transparency. We also propose an authentication scheme 108 utilizing blockchain between users and platform servers and 109 between avatars and avatars to ensure secure communication 110 and avatar interactions in metaverse environments.

112
Our primary contributions are summarized as follows. 113 • We design a system model to guarantee secure com-114 munication and avatar interactions in metaverse envi-115 ronments. In this system model, we suggest transparent 116 management of each user's pseudo-identity and public 117 key using blockchain technology.

118
• We propose a mutual authentication scheme using Ellip-119 tic Curve Cryptography (ECC) and biometric informa-120 tion to provide secure communication between users 121 and platform servers. In addition, we propose an avatar 122 authentication scheme to provide secure avatar-to-avatar 123 interactions.

124
• We perform an informal analysis to show that the pro-125 posed scheme can withstand a variety of security attacks 126 including impersonation, stolen smart devices, MITM, 127 and insider attacks. We also prove that the proposed 128 scheme can guarantee mutual authentication and secu-129 rity of the session key utilizing the Burrows-Abadi-130 Needham (BAN) logic [9] and the Real-or-Random 131 (ROR) model [10]. 132 • We demonstrate that the proposed scheme can resist 133 replay and MITM attacks utilizing the Automated Val-134 idation of Internet Security Protocols and Applications 135 (AVISPA) [11]. In addition, we estimate the computa-136 tion and communication costs of the proposed scheme. 137 Finally, we compare the performance and security fea-138 tures of the proposed scheme with existing schemes in 139 similar environments. The remainder of this paper is organized as follows. Related 142 work is introduced in Section II, and relevant preliminaries 143 including the Blockchain, ECC, Biohashing, the adversary 144 model, and the system model are described in Section III. 145 The proposed mutual authentication scheme to guarantee 146 VOLUME 10, 2022 secure communication is proposed in Section IV. The secu-147 rity and performance of the proposed scheme are discussed 148 in Section V and Section VI, respectively. Finally, the paper 149 is concluded in Section VII.

151
After the term metaverse appeared in the novel Snow Crash, 152 developments in the computer vision and graphic fields made 153 it possible to realize virtual reality technologies. In 2003, 154 the Second Life platform [12] which is a client-server archi-155 tecture was launched to provide a metaverse environment. and data confidentiality are requirements in the design of 202 a virtual reality system to prevent various security threats. 203 In 2022, Tan et al. [20] proposed using blockchain technol-204 ogy in metaverse environments to realize decentralization and 205 interoperability. They said that blockchain technology can be 206 employed to protect, store, and share data. Moreover, in 2022, 207 Yang et al. [21] claimed that blockchain technology can be 208 used to realize data transparency, openness, authenticity, and 209 efficiency in metaverse environments. However, a specific 210 system model and mutual authentication scheme for meta-211 verse environments have not been proposed to date.

212
In the following, we introduce several existing mutual 213 authentication schemes for guaranteeing secure communi-214 cation in IoT environments that are similar to metaverse 215 environments. In 2020, Panda and Chattopadhyay [22] pro-216 posed a mutual authentication scheme for IoT environments 217 using ECC and a password verifier. They analyzed the secu-218 rity aspects of their scheme using the AVISPA tool. How-219 ever, Chen et al. [23] asserted that the scheme proposed by 220 Panda and Chattopadhyay does not consider various security 221 features such as stolen smartcards and user impersonation 222 attacks. Haq et al. [24] proposed a two-factor authentication 223 protocol for 5G networks and they performed informal and 224 formal security analyses to prove that their scheme can pre-225 vent a variety of security attacks. Unfortunately, their proto-226 col is still vulnerable to user/server impersonations, MITM, 227 and privileged insider attacks [25]. In 2022, Li et al. [26] pro-228 posed a blockchain-based mutual authentication scheme for 229 key agreements between users and servers. They stated that 230 their scheme can prevent impersonation and MITM attacks, 231 and that it can provide perfect forward secrecy. However, 232 their scheme does not handle other security features such 233 as insider, privileged insider attacks, and user anonymity. 234 Although [22], [24], and [26] can be utilized for a meta-235 verse environment, these schemes lack the security features 236 required to ensure secure communication, and they do not 237 consider user-to-user authentication.

239
In this section, we describe simple preliminary concepts 240 including Blockchain, ECC, and Biohashing. We then explain 241 the adversary model and system model used in this paper.  x from Q = x · P.

278
Assume that P, x 1 · P, and x 2 · P are three points 279 on E p (u, r). However, it is computationally difficult to 280 determine x 1 · x 2 · P.

284
it is difficult to determine whether x 3 · P = x 1 · x 2 · P.

296
• Apply the Gram-Schmidt procedure with generated 297 pseudo-random number to transform the basis r i into an 298 or i ∈ R n (i = 1, . . . , n).

299
• Calculate the inner product operation between v and or i .

300
As a result, the biohash code b i is computed as follows.
where τ is a preset threshold. The system model for a metaverse environment consists 328 of the certificate authority, users, platform servers, and a 329 blockchain, as represented in Figure 1.

330
• Certificate authority: The certificate authority is a 331 fully-trusted entity that initializes system parameters and 332 publishes public information. The certificate authority 333 receives the user's pseudo-identity, public key, and per-334 sonal information from the user. Then, the certificate 335 authority uses the received personal information to ver-336 ify the user's identity once and stores the user's pseudo-337 identity and public key in the blockchain. In addition, the 338 certificate authority creates user credential values that 339 must be authenticated between the user and the platform 340 servers, and the certificate authority transmits the cre-341 dential values to the user.

342
• User: The user sends the pseudo-identity, public key, 343 and personal information to the certificate authority for 344 identity verification to participate in the metaverse envi-345 ronment. Then, the user can communicate with various 346 platform servers through an authentication process that 347 uses the user's pseudo-identity and credential values. 348 Afterward, the user can create an avatar and access var-349 ious virtual spaces managed by the platform servers. 350 In addition, the user can authenticate with the other 351 avatars using the pseudo-identity and the public key 352 stored in the blockchain to achieve secure avatar-to-353 avatar interaction in virtual spaces.

354
• Platform server: Each platform server provides different 355 immersive services such as education and game services 356 to users through various virtual spaces. If a user attempts 357 to access the platform server, the platform server veri-358 fies their credential value and pseudo-identity using the 359 blockchain and the public key of the certificate authority. 360 VOLUME 10, 2022 In addition, each platform server is responsible for for-  The process of the proposed system model is as follows.   3) If the authentication phase is completed successfully, 393 the platform server sends a session key to the user, and 394 then the user and platform server communicate using 395 the session key to guarantee secure communication. 396 4) A user who has already entered a virtual space using 397 an avatar can interact with the other avatars. For secure 398 avatar-to-avatar interactions, the user can perform the 399 avatar authentication phase.

401
In this section, we propose a secure mutual authentication 402 scheme using blockchain technology for metaverse envi-403 ronments. In addition, we consider the avatar authentica-404 tion phase to guarantee secure avatar-to-avatar interactions 405 in virtual spaces. The proposed scheme comprises five main 406 phases, namely, the initialization, user setup, avatar gen-407 eration, login and authentication, and avatar authentication 408 phases. The notations used in the proposed scheme are 409 defined in Table 1.
In the initialization phase, CA selects a nonsingular elliptic 412 curve E p (u, r) over F p . Afterward, CA selects a base point P 413 on E p (u, r) and a private key k ca . CA then computes a public 414 key PK ca = k ca · P and publishes the system parameters 415 In the user setup phase, U i must verify the identity from CA to 418 obtain the credentials required to participate in the metaverse 419 environment. The process of the user setup phase is shown in 420 Figure 2 and is described as follows. public key where info i is the personal information of U i .
ture value used to confirm that U i is verified by CA. 433 Then, CA sends V i = (X i , Sig i−ca ) to U i and stores 434 (PID i , PK i ) in the blockchain.
In the avatar generation phase, U i can generate an avatar 441 using SD i to enter the virtual space managed by S t . Figure 3 442 presents the avatar generation phase, which is described in 443 detail as follows.
User setup phase of our scheme.
3) S t checks PID i in the blockchain and retrieves PK i . 456 Then, S t verifies the uniqueness of (avatar i , PK i ) in 457 the database and computes S * i = k st · PK i and 458 If it is equal, S t stores (avatar i , PK i ) in the 462 database and publishes (avatar i , PK i ) in the virtual 463 space.

465
U i can login to S t with avatar i to enter the virtual space. 466 U i and S t perform the following steps to obtain the session 467 key to realize secure communication. Figure 4 describes the 468 login and authentication phase. lates  2) If it is same, U i generates a random number n 1 and   The avatar authentication phase is only available to users 500 logged into and exchanged session keys with the platform 501 server for secure avatar interaction in the virtual space. In this 502 phase, the platform server is only responsible for forwarding 503 request and response messages. In the virtual space, avatars 504 can perform mutual authentication according to the follow-505 ing process. Figure 5 indicates the avatar authentication 506 phase.

507
1) U i generates n 3 and T 3 . Then, 2) After receiving Req from U i , S t calculates (avatar j , 514 EM 3 , S 5 , T 3 ) = SYD SK i−st (Req). Then, S t encrypts 515 Req ij using the session key between U j and S t such as 516 . 520 Afterward, U j checks PID i in the blockchain and 521 retrieves PK i . Then, U j verifies Ver i · P ? = S 5 + 522 h(avatar i ||avatar j ||S * 6 ||T 3 ) · PK i .

690
The logical postulates of BAN logic are summarized as fol-691 lows.

692
• Message meaning rule (MMR): • Jurisdiction rule (JR): • Freshness rule (FR): The goals of the proposed scheme to prove mutual authenti-704 cation are expressed as follows.
3) IDEALIZED FORMS 711 We can express our login and authentication messages 712 The assumptions considered in the proposed scheme are sum-718 marized as follows.

719
The BAN logic proof is performed using the above logical 727 postulates, idealized forms, and assumptions to prove the 728 stated goals.

729
• We can obtain E 1 from Message 1.

730
• We apply the MMR using E 1 and A 1 to obtain E 2 .

732
• We apply the FR using E 2 and A 2 to obtain E 3 .

734
• We apply the NVR using E 2 and E 3 to obtain E 4 .

736
• We apply the BR using E 4 to obtain E 5 .

738
• We apply the MMR using E 6 and A 3 to obtain E 7 .

742
• We apply the FR using E 7 and A 4 to obtain E 8 .
• We apply the NVR using E 7 and E 8 to obtain E 9 .

746
• We apply the BR using E 9 to obtain E 10 .

748
• We can obtain E 11 using E 5 . S t can calculate v 2 = 750 h(avatar i ||PID i ||k st ||n 2 ||T 2 ), S 2 = k st · S 1 , and S 4 = 751 v 2 · S 1 . Then, S t can successfully generate the session • We apply the JR using E 11 and A 5 to obtain E 12 .
• We apply the JR using E 10 and A 6 to obtain E 14 .

762
As a result, the proposed scheme guarantees mutual authen-764 tication between U i and S t .

768
In this section, we analyze the session key security of our 769 scheme using the ROR model. We define P t 1   Theorem 1: We define Adv S (t) as the probability of break-792 ing the session key security of the proposed scheme S in 793 running time t. In addition, l, q h , q s , |Hash|, |D i |, and |D p | 794 denote the number of bits in the biometric information, the 795 number of hash queries, the number of send queries, the range 796 space of the hash function, the size of the identity dictio-797 nary, and the size of the password dictionary, respectively. 798 We also define Adv ECDDHP S (t) as the probability of breaking 799 ECDDHP. We then can derive the following result.
Proof: We conduct five games G n , where n = 802 0, 1, 2, 3, 4. We also define Suc ad n as the adversary winning 803 probability of G n . In addition, Pr S [Suc ad n ] is the advantage 804 of Suc ad n . The detailed steps of each game are described as 805 follows.

806
• G 0 : In G 0 , the adversary has no information and does 807 not perform a query. Thus, the adversary chooses the 808 random bit b. Through semantic security, we derive the 809 following result. As a result, we can derive (9) from (7) and (8). In this section, we use the HLPSL language to implement 888 the proposed scheme for the basic roles of user U , plat-889 form server S, and certificate authority CA. Figure 6 indi-890 cates the role of the session and environment. Note that 891 we declare all basic roles and channels in the role of 892 the session. Then, we declare all constants and variables 893 used in the codes, and we define the intruder knowledge, 894 secrecy goals, and authentication goals in the role of the 895 environment.

908
The OF for the proposed scheme obtained after applying the 909 OFMC and CL-AtSe backends is shown in Figure 8. We rep-

915
In this section, we analyze the computation costs, communi-916 cation costs, and security features of the proposed scheme.   [49], we denote the execution times of bilinear pair-928 ing, EC point multiplication, EC point addition, symmetric 929 encryption/decryption, the hash function, and the biohash-930 ing function as T bp (≈ 22.0587 ms), T em (≈ 7.3529 ms), 931 T ea (≈ 0.009 ms), T sye (≈ 0.1303 ms), T h (≈ 0.0004 ms), and 932 T bh (≈ 0.01 ms), respectively. In the login and authentication 933 phase of the proposed scheme, U i performs the operation to 934 send the login request message, which has an execution cost 935 of 4T em + T ea + 8T h + 2T H . After receiving the login request 936 message, S t performs the operation, which requires time as 937 5T em +T ea +5T h for responding to U i . Table 3 shows the total 938 computation costs of the compared authentication schemes. 939

953
The security features of the compared schemes [22], [24], 954 [26], and the proposed scheme are listed in Table 5. Fol-955 lowing Table 5, the proposed scheme can withstand stolen 956 smart cards/devices, offline password guessing, imperson-957 ation, server spoofing, replay, MITM, insider, and privileged 958  insider attacks. In addition, our scheme provides perfect forward secrecy, user anonymity, and user-server mutual authen-960 tication. The proposed scheme also provides user-to-user 961 mutual authentication to guarantee secure avatar interactions.

962
Therefore, the proposed scheme offers a more diverse set 963 of security features than the existing schemes [22], [24],  In addition, we proposed a secure mutual authentication 971 scheme between users and platform servers and between 972 avatars and avatars using ECC and biometric information.

973
The informal security analysis was also performed to eval-