Identification and Prototypical Implementation of a Suitable Encryption Method to Securely Exchange Personalized Avatars in Social VR Applications

Closed Human-Computer Interaction Bachelor Thesis Embodiment Lab

Abstract

Personalized avatars that participants embody in social VR applications can represent a very private portrait of the user, depending on its degree of realism and personalization. Since avatars are, compared to photos, a very dynamic impersonation of a person the loss of them could lead to very fatal identity theft. Therefore, it is important that they are appropriately protected when transmitted over the Internet. In this thesis, we present a method for securely exchanging personalized avatars in social VR applications. In particular, a hybrid encryption scheme was developed to encrypt avatars end-to-end while distributing them among all participants. This hybrid scheme operates by encrypting the avatars with a symmetric AES key which then is distributed among all clients in an asymmetric key exchange. This method allows to efficiently encrypt the large files avatars are and send them to their destinations securely. The whole exchange proceeds at runtime of the application and the avatars are not stored in a file system or similar anywhere, neither by the server nor by receiving clients. The developed method was implemented using the Unity Editor and a Node.js server with Socket.io for realizing the networking functionalities. The key and avatar exchange process is explained in detail to give a clear understanding of how it works. We evaluate the implementation regarding the performance of the exchange and its security. The results show that the performance is heavily dependent on the available bandwidth. The proposed exchange method is functional and applicable, but further improvements in the performance are desirable. The security of the system is discussed in detail. We conclude that with taking into account that no authentication system has been implemented the developed method is very likely to be secure.

Contact Persons at the University Würzburg