Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman...
Transcript of Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman...
![Page 1: Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman Author: Peace Created Date: 2/7/2020 9:03:49 PM ...](https://reader034.fdocuments.us/reader034/viewer/2022042515/5f6031b90367a41fcc372017/html5/thumbnails/1.jpg)
@xrsidotorg
Virtual Reality Brings Real Risks
Are we Ready?
![Page 2: Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman Author: Peace Created Date: 2/7/2020 9:03:49 PM ...](https://reader034.fdocuments.us/reader034/viewer/2022042515/5f6031b90367a41fcc372017/html5/thumbnails/2.jpg)
@xrsidotorg
VR immerses usersin a fully artificialdigital environment
Specs: Head Mounted Display, Heavy (GPU) Computing, Touch Controllers, Motion Sensors
What is Virtual Reality (VR)?
![Page 3: Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman Author: Peace Created Date: 2/7/2020 9:03:49 PM ...](https://reader034.fdocuments.us/reader034/viewer/2022042515/5f6031b90367a41fcc372017/html5/thumbnails/3.jpg)
@xrsidotorg
What is Social VR?
![Page 4: Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman Author: Peace Created Date: 2/7/2020 9:03:49 PM ...](https://reader034.fdocuments.us/reader034/viewer/2022042515/5f6031b90367a41fcc372017/html5/thumbnails/4.jpg)
@xrsidotorg
XR : Augmentedvs Virtualvs Mixed Reality
![Page 5: Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman Author: Peace Created Date: 2/7/2020 9:03:49 PM ...](https://reader034.fdocuments.us/reader034/viewer/2022042515/5f6031b90367a41fcc372017/html5/thumbnails/5.jpg)
@xrsidotorg
How XRis changing our lives?
1
![Page 6: Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman Author: Peace Created Date: 2/7/2020 9:03:49 PM ...](https://reader034.fdocuments.us/reader034/viewer/2022042515/5f6031b90367a41fcc372017/html5/thumbnails/6.jpg)
Slide 5
1 Explain Real Estate and Automotive.. one in light blue only.. make it clear u r choosing twoKavya Pearlman, 1/25/2020
![Page 7: Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman Author: Peace Created Date: 2/7/2020 9:03:49 PM ...](https://reader034.fdocuments.us/reader034/viewer/2022042515/5f6031b90367a41fcc372017/html5/thumbnails/7.jpg)
@xrsidotorg
...and bringing new risks!
PRIVACYWth constant reality capture, how do we
ensure privacy is accounted for?
SECURITYWhat about the VR
apps getting hacked? Are third party risks
accounted for?
TRUSTIn the era of deep fakes and propaganda, how
can we be sure of individual identity in
VR?
![Page 8: Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman Author: Peace Created Date: 2/7/2020 9:03:49 PM ...](https://reader034.fdocuments.us/reader034/viewer/2022042515/5f6031b90367a41fcc372017/html5/thumbnails/8.jpg)
@xrsidotorg
VIRTUAL REALITY ATTACKS
![Page 9: Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman Author: Peace Created Date: 2/7/2020 9:03:49 PM ...](https://reader034.fdocuments.us/reader034/viewer/2022042515/5f6031b90367a41fcc372017/html5/thumbnails/9.jpg)
@xrsidotorg
VR Attack Surface
![Page 10: Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman Author: Peace Created Date: 2/7/2020 9:03:49 PM ...](https://reader034.fdocuments.us/reader034/viewer/2022042515/5f6031b90367a41fcc372017/html5/thumbnails/10.jpg)
@xrsidotorgSource: Casey, P., Baggili, I., & Yarramreddy, A. (2019). Immersive Virtual Reality
Attacks and the Human Joystick. IEEE Transactions on Dependable and Secure Computing.
Social Networks
Web Services
Applications
SocialNetworkData
Web Service Data
Remote Application Data
Supporting Data ServicesVirtual Reality Environment
VR Attack Surface
User Data
View of the Virtual Reality headset
IKEA furniture
Samsung display
1 new email
1 unread message
Output data flowInput data flow
In-network data flow
![Page 11: Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman Author: Peace Created Date: 2/7/2020 9:03:49 PM ...](https://reader034.fdocuments.us/reader034/viewer/2022042515/5f6031b90367a41fcc372017/html5/thumbnails/11.jpg)
@xrsidotorgSource: Casey, P., Baggili, I., & Yarramreddy, A. (2019). Immersive Virtual Reality
Attacks and the Human Joystick. IEEE Transactions on Dependable and Secure Computing.
Workstation VR Application
Command& Control
Chaperone, Overlay, Camera, Disorientation,
Human Joystick
Compromise
Data LeakageCamera, Position Feed
InitiateBackgroundInstance
Target Machine
ModifyConfiguration
VR Device
VR Attack Vectors
![Page 12: Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman Author: Peace Created Date: 2/7/2020 9:03:49 PM ...](https://reader034.fdocuments.us/reader034/viewer/2022042515/5f6031b90367a41fcc372017/html5/thumbnails/12.jpg)
@xrsidotorg
● Look where you are exactly (Tracker Attack)
● Remove your safety boundaries (Chaperone Attack)
● Move you wherever we want (Human Joystick Attack)
● Block your vision (Overlay Attack)
Novel attacks in VR
Source: Casey, P., Baggili, I., & Yarramreddy, A. (2019). Immersive Virtual Reality Attacks and the Human Joystick. IEEE Transactions on Dependable and Secure
Computing.
![Page 13: Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman Author: Peace Created Date: 2/7/2020 9:03:49 PM ...](https://reader034.fdocuments.us/reader034/viewer/2022042515/5f6031b90367a41fcc372017/html5/thumbnails/13.jpg)
@xrsidotorg
Turn on front facing cameraStream video feed back to attacker
Look inside victim’s roomEven if cam disabled by the user
Tracker Attack
Source: Casey, P., Baggili, I., & Yarramreddy, A. (2019). Immersive Virtual Reality Attacks and the Human Joystick. IEEE Transactions on Dependable and Secure
Computing.
![Page 14: Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman Author: Peace Created Date: 2/7/2020 9:03:49 PM ...](https://reader034.fdocuments.us/reader034/viewer/2022042515/5f6031b90367a41fcc372017/html5/thumbnails/14.jpg)
@xrsidotorg
Chaperone Attack
Source: Casey, P., Baggili, I., & Yarramreddy, A. (2019). Immersive Virtual Reality Attacks and the Human Joystick. IEEE Transactions on Dependable and Secure
Computing.
![Page 15: Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman Author: Peace Created Date: 2/7/2020 9:03:49 PM ...](https://reader034.fdocuments.us/reader034/viewer/2022042515/5f6031b90367a41fcc372017/html5/thumbnails/15.jpg)
@xrsidotorg
Human Joystick Attack
Source: Casey, P., Baggili, I., & Yarramreddy, A. (2019). Immersive Virtual Reality Attacks and the Human Joystick. IEEE Transactions on Dependable and Secure
Computing.
![Page 16: Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman Author: Peace Created Date: 2/7/2020 9:03:49 PM ...](https://reader034.fdocuments.us/reader034/viewer/2022042515/5f6031b90367a41fcc372017/html5/thumbnails/16.jpg)
@xrsidotorg
New type of Ransomware?
Overlay Attack
Source: Casey, P., Baggili, I., & Yarramreddy, A. (2019). Immersive Virtual Reality Attacks and the Human Joystick. IEEE Transactions on Dependable and Secure
Computing.
![Page 17: Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman Author: Peace Created Date: 2/7/2020 9:03:49 PM ...](https://reader034.fdocuments.us/reader034/viewer/2022042515/5f6031b90367a41fcc372017/html5/thumbnails/17.jpg)
@xrsidotorg
Ensure I/O including data
aggregated by system for
use by third-party
applications is properly
stored and protected
Data Protection User Interaction Protection
Users can share virtual
environments, their
interactions and information
within the VE should be
protected
Device Protection
Protecting the physical
devices and their data.
Risk Mitigation Categories
![Page 18: Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman Author: Peace Created Date: 2/7/2020 9:03:49 PM ...](https://reader034.fdocuments.us/reader034/viewer/2022042515/5f6031b90367a41fcc372017/html5/thumbnails/18.jpg)
@xrsidotorg
It begins...
![Page 19: Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman Author: Peace Created Date: 2/7/2020 9:03:49 PM ...](https://reader034.fdocuments.us/reader034/viewer/2022042515/5f6031b90367a41fcc372017/html5/thumbnails/19.jpg)
@xrsidotorg
● XR Bug Bounty Program● 3C Information Security Framework
for XR Enterprises.● Global Security Awareness
Campaign via STOP.THINK.CONNECT.
Our Mission: Help Build Safe Immersive Environments
XRSI - XR Safety Initiative
![Page 20: Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman Author: Peace Created Date: 2/7/2020 9:03:49 PM ...](https://reader034.fdocuments.us/reader034/viewer/2022042515/5f6031b90367a41fcc372017/html5/thumbnails/20.jpg)
@xrsidotorg
3C Information Security Frameworkfor XR enterprises
To Be Released in Q2, 2020
![Page 21: Enigma Talk - Kavya Pearlman - USENIX · Microsoft PowerPoint - Enigma Talk - Kavya Pearlman Author: Peace Created Date: 2/7/2020 9:03:49 PM ...](https://reader034.fdocuments.us/reader034/viewer/2022042515/5f6031b90367a41fcc372017/html5/thumbnails/21.jpg)
@xrsidotorg
WHAT CAN YOU DO?
HACK Extended Reality [email protected]
Other Enquiries: [email protected]