A Robust Privacy-Preserving ECC-Based Three-Factor Authentication Scheme for Metaverse Environment

Abstract

Metaverse is revolutionizing the future iteration of technology with the potential to ameliorate efficiency and innovation drastically. It fashions engaging spaces for user interaction that simulate the real world by integrating augmented and virtual reality. Metaverse furnishes immersive interactive experiences, unrestricted time and space, visualizations, minimal learning costs, and endorses communication. A metaverse offers various services, such as virtual environments and avatars for telecommuting, education, and gaming. Yet, to access services, users must register with the server, where the registration requires user’s identity, password, and personal information. Additionally, the user interaction in metaverse is mediated through avatars over public channels, fabricating opportunities for security attacks such as replay and impersonation attacks. Consequently, we propose a secure mutual authentication scheme for safer user-server and avatar–avatar interactions utilizing Elliptic Curve Cryptography (ECC) and fuzzy extractor. The security of protocol is examined with Burrows–Abadi–Needham (BAN) logic, Real-or-Random (ROR) model, and Automated Validation of Internet Security Protocols Applications (AVISPA). We also conduct a comparative analysis of the computational and communication costs and the security features of proposed scheme with pre-existing works. Hence, the suggested protocol offers magnificent security and efficiency, making it suitable for the metaverse environment.