An Anti-disguise Authentication System Using the First Impression of Avatar in Metaverse

TL;DR

An anti-disguise authentication method that draws on the idea of the first impression from the physical world to recognize an old friend and a chameleon-based signcryption mechanism and a ciphertext authentication protocol to ensure the public verifiability of encrypted identities are proposed.

Abstract

Metaverse is a vast virtual world parallel to the physical world, where the user acts as an avatar to enjoy various services that break through the temporal and spatial limitations of the physical world. Metaverse allows users to create arbitrary digital appearances as their own avatars by which an adversary may disguise his/her avatar to fraud others. In this paper, we propose an anti-disguise authentication method that draws on the idea of the first impression from the physical world to recognize an old friend. Specifically, the first meeting scenario in the metaverse is stored and recalled to help the authentication between avatars. To prevent the adversary from replacing and forging the first impression, we construct a chameleon-based signcryption mechanism and design a ciphertext authentication protocol to ensure the public verifiability of encrypted identities. The security analysis shows that the proposed signcryption mechanism meets not only the security requirement but also the public verifiability. Besides, the ciphertext authentication protocol has the capability of defending against the replacing and forging attacks on the first impression. Extensive experiments show that the proposed avatar authentication system is able to achieve anti-disguise authentication at a low storage consumption on the blockchain.

Figures (10)

• Figure 1: An illustration of the disguise attack, where an adversary generates the same avatar $A^*$ as avatar $A$ to deceive avatar $B$.
• Figure 2: The replacing attack on the first impression. The notation $CT_{AB}$ represents the ciphertext of the first impression that is made by $A$ for $B$ and $CT_{CB}$ represents the ciphertext of the first impression that is made by $C$ for $B$.
• Figure 3: In the system framework, we only show the process that $B$ writes $(I_{AB}, CT_{AB})$ to form $FI_{AB}$. In fact, $A$ writes $(I_{BA}, CT_{BA})$ in the same way as $B$ to form $FI_{BA}$.
• Figure 4: The user's identity model in the metaverse.
• Figure 5: The avatar authentication protocol and the ciphertext authentication protocol.