Browse > Article
http://dx.doi.org/10.13089/JKIISC.2018.28.2.437

VR Threat Analysis for Information Assurance of VR Device and Game System  

Kang, Tae Un (Graduate School of Information Security, Korea University)
Kim, Huy Kang (Graduate School of Information Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.28, no.2, 2018 , pp. 437-447 More about this Journal
Abstract
Virtual Reality (VR) is becoming a new standard in the game industry. PokeMon GO is a representative example of VR technology. The day after the launch of PokeMon Go in the U.S, It has achieved the highest number of iOS App Store downloads. This is an example of the power of VR. VR comprises gyroscopes, acceleration, tactile sensors, and so on. This allow users could be immersed in the game. As new technologies emerge, new and different threats are created. So we need to research the security of VR technology and game system. In this paper, we conduct a threat analysis for information assurance of VR device (Oculus Rift) and game system (Quake). We systematically analyze the threats (STRIDE, attack library, and attack tree). We propose security measures through DREAD. In addition, we use Visual Code Grepper (VCG) tool to find out logic errors and vulnerable functions in source code, and propose a method to solve them.
Keywords
Virtual Reality; Virtual Reality Security; Threat Modeling; Threat Analysis; STRIDE; DREAD; Attack Tree; Attack Library; Game Security;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Yunmok Son, Hocheol Shin, Dongkwan Kim, Youngseok Park, Junwan Noh, Kibum Choi, Jungwoo Choi, and Yongdae Kim, "Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors," Usenix Security Symposium, pp. 881-896, Aug. 2015
2 KBENCH, "Oculus lift collects personal information, irrespective of Facebook," http://www.kbench.com/?q=node/161711 , Apr. 2016
3 Young Woon Woo, Soon Ho Baek, Young Ho Cha, Geun Ho Kim, Jong Hoon Heo, and Da-In Kim, "A 3D FPS Game based on Virtual Reality," The Korean Society Of Computer And Information, 24(2), pp. 205-206, Jul. 2016
4 Suk Tae Kim, "Game engine based vir- tual reality characteristics and the development of content implementation technology," Korea Multimedia Society, 20(4), Dec. 2016
5 Parth Rajesh Desai, Pooja Nikhil Desai, Komal Deepak Ajmera, and Khushbu Mehta, "A Review Paper on Oculus Rift-A Virtual Reality Headset," International Journal of Engineering Trends and Technology, vol. 13, no. 4, Jul. 2014.
6 Kumar Mridul and Ramanathan Muthuganapathy, "Design and Development of a Portable Virtual Reality," Proceedings of the Virtual Reality International Conference, no. 15, Mar. 2016.
7 Przemyslaw Kazimierz Krompiec and Kyoung Ju Park, "Enhanced player in- teraction using motion controllers for VR FPS," 2017 IEEE ICCE, pp. 19-20, Mar. 2017.
8 Marnix Dekker and Giles Hogben, "ENISA Appstore security: 5 lines of defence against malware," ENISA, Sep. 2011.
9 Kim Wuyts, Riccardo Scandariato, and Wouter Joosen, "Empirical evaluation of a privacy-focused threat modeling," The Journal of Systems and Software, pp. 122-138, Jun. 2014.
10 Tony Ucedavelez and Marco M. Morana, "Intro to Pasta," Wiley, May. 2015.
11 Ji Young Woo and Huy Kang Kim, "Survey and Research Direction on Online Game Security," Proceedings of the Workshop at SIGGRAPH Asia, pp. 19-25, Nov. 2012.
12 Tae Un Kang, "VR-Threat-Modeling," https://github.com/comma1/VR-Threat-Modeling
13 OWASP, "OWASP Game Security Framework Project," OWASP, Mar. 2017.
14 CAPEC, "CAPEC List Version 2.9," CAPEC, Aug. 2017.
15 Sabeel Ansari, Rajeev S.G., and Chandrashekar, "Packet sniffing:a brief introduction," IEEE potentials, vol. 21, no. 5, Jan, 2003.
16 Akash B. Mahagaonkar and Amar Buchade, "Survey of DoS attack quelling technics," International Journal of Computer Science and Information Technology & Security, vol. 6, no.2, Mar. 2016.
17 Teresa Nicole Brooks, "Survey of Automated Vulnerability Detection and Exploit Generation Techniques in Cyber Reasoning Systems," arXiv preprint, Oct. 2017.
18 nccgroup, "Visual Code Grepper," https://github.com/nccgroup/VCG, Mar. 2016.