Thank you for Subscribing to CIO Applications Weekly Brief
How Meta Are You?
Raymond Kent, LEED AP BD+C, Principal, Innovative Technology Design Group, DLR Group
The virtual world is no longer just for researchers and gamers, having this technology deployed in everything from education to medicine and more, the requirements for processing more data faster over a high-speed connection are growing. The vulnerabilities within this landscape have also exponentially exploded similar to the landscape of Internet of Things (IoT) devices.
Effectively designing devices that bring this powerful technology to the masses presents several challenges that must be incorporated to be effective and salable. Security, however, can be an Achilles heel. Devices must have extremely low power draw from lightweight and small enough batteries to make them comfortable to wear while being able to process large amounts of streaming image data in real time, and with a screen refresh rate high enough to prevent motion sickness. These power sources must also last long enough between charges to make it worthwhile to consumers. This is a similar conundrum to the electric vehicle market where weight, duration, and power all rain supreme. Additionally, they must maintain a comfortable temperature as to not damage the electronics or burn the user. Most of all, they need to be secure, include high-speed I/O and advanced communications technology — all while being affordable.
Protocol security protects data while it’s in transmission, where data sent to and from a Metaverse headset should be encrypted and authenticated to protect confidentiality and ensure authenticity of the data
Quite a bit of this is accomplished through the $7.76 billion dollar Metaverse chip industry which continues to combine processes into smaller and smaller packages requiring less power, creating less heat, while producing higher quality results at speeds that can keep up with the computing needs at scale. This also allows for a widespread utilization across current users and adoption to new applications and markets.
Advancements in 5G technology are also driving quite a bit of the innovations as it untethers the devices from a WiFi or wired connection. However, access to 5G technology also opens new vulnerabilities in the ready that a user needs to prepare for.
Unfortunately, there are not security standards adopted by all the players.
In June 2022, the 1,000+ member Metaverse Standards Forum announced, for the first time, the development of open standards for the Metaverse with the goals of encouraging collaboration on spatial computing. Such collaboration will continue to energize the growth of Metaverse technology. The hope is that security of these systems as edge devices will be carefully considered in this new open-source format.
No matter how a device is connected, that connection makes it vulnerable to attack. Hackers potentially can use the devices as gateways to both home networks and enterprise systems/networks. Once the link has been established, hackers can steal private data and information. Security experts warn against hackers driving by the neighborhood to hack Wi-Fi routers. But with 5G, hackers can launch an attack anytime, anywhere, which increases the vulnerability systems.
Right now, these vulnerabilities are primarily thought of as privacy issues for individual users. However, when deployed at the enterprise level there can be many security concerns such as the protection of proprietary intellectual property and data. When used interactively as part of a human-machine interface, there are concerns about protection of the integrity and availability of data while maintaining low overall latency for precise control which can impact usability in high stakes applications. And in many other applications that are emerging in spaces with confidentiality, there are issues involving privacy and governance requirements.
Security of these ecosystems fall into two categories — protocol security and product security. Protocol security protects data while it’s in transmission, where data sent to and from a Metaverse headset should be encrypted and authenticated to protect confidentiality and ensure authenticity of the data. Product security protects the system from being hacked or inadvertently opening up the network to accidental data distribution. For example, secure boot verifies that only authorized firmware can run on a headset. Without product security protection, a compromised headset could infect a laptop, or vice versa.
The mobility and portability of these devices opens them up to even more potential for attack. Depending on the connectivity model, link-layer security will be sufficient when a one-to-one correspondence between the device and the data source exists. But in many cases, the end-to-end security model makes much more sense, particularly when the device is used to view and interact with remote entities as is becoming more common place. This indicates a need for high-bandwidth IPsec and TLS secure communications.
Safeguarding Metaverse devices with 5G capability will rely on end-to-end security which goes beyond man-in-the-middle and side-channel attacks protecting a network from attack against cloud services over the network. In addition to designing with security software/chips, the device implementation will need to consider access to personal and private data, as well as advanced firmware updates, device and user authentication, and potentially real-time payments.
VR challenges include integration of many design parameters and safeguarding cybersecurity threats. Although they may vary depending upon the application, the parameters typically include software/hardware optimization, selection of VR chips or SoC, power management, HMI, packaging, performance, and testing/ simulation. It is important to clearly define the design goals. Additionally, to minimize the risks of cyber threats, VR systems must incorporate the latest security technologies and know-how.
Additional threats beyond traditional IT attacks in the Metaverse include NFT’s, the Darkverse, financial fraud, advanced social engineering, deep fake cyberstores, and more. Addressing these head on and creating solid policies around deployment, coupled with back checks, and verifications are a must.
Metaverse technologies will continue to improve as will security and bad actor’s desire to wreck mayhem in this new virtualized world. And as new applications emerge, there will be many more such challenges over the next decade as people learn how to apply this technology. After a long wait and lots of promises, the virtual world is beginning to take shape.