1. NCCU Academic Hub
  2. Publications
  3. International college of Innovation
  4. Theses
  5. Item

Publications-Theses

Article View/Open

Publication Export

Google ScholarTM

NCCU Library

Citation Infomation

Related Publications in TAIR

題名 元宇宙之資訊安全威脅與對策
Information Security Threats and Countermeasures in the Metaverse
作者 劉昱其
Liu, Yu-Chi
貢獻者 左瑞麟
Tso, Ray-Lin
劉昱其
Liu, Yu-Chi
關鍵詞 元宇宙
零信任模型
資訊安全
去中心化識別
Metaverse
Zero Trust Model
FIDO
DIDs
Information Security
日期 2024
上傳時間 1-Nov-2024 11:03:23 (UTC+8)
摘要 科技的迅速發展,人們的互動空間有了全新的方式,元宇宙已成為使用者在虛擬世界中互動並參與各種活動的重要平台。然而,人們在元宇宙中進行互動,個人數據和資訊交流頻繁,互動平台擁有大量的用戶生成資料,資訊的安全及隱私的保護,成為一個重要的議題。因此,了解這些威脅挑戰並提出相應的對策對於保護使用者的資訊安全至關重要。 本研究旨在找出元宇宙中會出現的資訊安全威脅,再找出相對應威脅的對策。首先,我們將應用零信任(Zero Trust)模型,這一模型基於一個關鍵理念,即不應信任任何內部或外部用戶或設備,無論其是否在組織的網路內。這將有助於確保虛擬世界的安全,防止未經授權的訪問和數據洩露。其次,我們將利用 FIDO(Fast Identity Online)認證技術,提供更安全和便捷的用戶身份驗證方法,以確保只有經過認證的用戶可以訪問元宇宙。最後,我們將採用 DIDs(Decentralized identifiers)技術,使用戶能夠在虛擬世界中掌握他們的身份信息,從而減少中央控制和數據風險,同時提供更好的用戶體驗,並為未來的資訊安全研究提供有價值的參考。
With the rapid advancement of technology, there are new ways for people to interact, and the metaverse has become a significant platform for users to engage in various activities within a virtual world. However, as individuals interact within the metaverse, the frequent exchange of personal data and information poses critical issues regarding data security and privacy protection. Therefore, understanding these threats and developing corresponding countermeasures is essential for safeguarding user information security. This study aims to identify the information security threats that may arise in the metaverse and propose corresponding countermeasures. First, we will apply the Zero Trust model, which is based on a key principle: do not trust any internal or external users or devices, regardless of whether they are within the organization's network. This will help ensure the security of the virtual world by preventing unauthorized access and data breaches. Secondly, we will utilize Fast Identity Online (FIDO) authentication technology to provide a more secure and convenient method of user identity verification, ensuring that only authenticated users can access the metaverse. Finally, we will adopt Decentralized identifiers (DIDs) technology, allowing users to control their identity information within the virtual world, thereby reducing the risks associated with central control and data breaches. These measures aim to enhance user experience and provide valuable references for future information security research.
參考文獻 Al Shehhi, A., & Otoum, F. (2023). Implementing the Zero Trust model for enhanced security in virtual environments. Cybersecurity Journal, 8(2), 113-128. Chen, A. C. (2023). 探索資訊安全憑證專利技術. 資訊電子學刊, 11(1), 135- 148. Chen, S. H. (2023). 資訊安全威脅與治理政策之探討. 管理資訊計算, 12, 1- 12. Cybersecurity Ventures. (2020). 2020 Official Annual Cybercrime Report. Retrieved from https://cybersecurityventures.com/cybercrime-report-2020/ Deloitte. (2020). Blockchain: A game changer for financial services. Retrieved from https://www2.deloitte.com/global/en/pages/financial- services/articles/blockchain-a-game-changer-for-financial-services.html Dutton, W. H. (2013). The Oxford handbook of internet studies. Oxford University Press. Fan, Y., Huang, T., Meng, Y., & Cheng, S. (2023). The current opportunities and challenges of Web 3.0. Papers with Code. Grand View Research. (2023). Metaverse market size, share & trends analysis report by component, by device, by technology, by application, by region, and segment forecasts, 2023 - 2030. Retrieved from https://www.grandviewresearch.com/industry-analysis/metaverse-market Gulhane, A., Vyas, A., Mitra, R., Oruche, R., Hoefer, G., Valluripally, S., & Calyam, P. (2019). Security, privacy & safety risk assessment for virtual reality learning environment applications. In 16th IEEE Annual Consumer Communications & Networking Conference (CCNC) (pp. 1-9). Vinod John. (2021). Interoperability in the metaverse: Challenges and opportunities. Retrieved from https://ieeexplore.ieee.org/document/9445638 IDC. (2019). Worldwide spending on augmented and virtual reality forecast to deliver strong growth through 2023, according to a new IDC spending guide. Retrieved from https://www.idc.com/getdoc.jsp?containerId=prUS45679219 Kim, J., & Park, H. (2023). Decentralized identification (DID) technology for secure virtual worlds. Journal of Blockchain Research, 12(4), 221-234. MarketsandMarkets. (2021). Artificial intelligence market by offering, technology, deployment mode, organization size, vertical, and region - global forecast to 2026. Retrieved from https://www.marketsandmarkets.com/Market- Reports/artificial-intelligence-market-74851580.html Mathis, F., Williamson, J. H., Vaniea, K., & Khamis, M. (2021). Fast & secure authentication in virtual reality using coordinated 3D manipulation & pointing. ACM Transactions on Computer-Human Interaction (ToCHI), 28(1), 1-44. Metaverse. (2024). The future of digital interaction and commerce. Virtual Reality Magazine, 19(1), 15-27. Miller, S., Jones, A., & Taylor, R. (2020). User authentication in virtual reality environments. Journal of Virtual Reality Research, 15(4), 123-136. Mitrushchenkova, M. (2023). FIDO authentication technology: Enhancing user security in the metaverse. International Journal of Information Security, 11(3), 145-160. NonFungible.com. (2021). The NFT market report 2021. Retrieved from https://nonfungible.com/reports/2021 Pew Research Center. (2015). Social media usage: 2005-2015. Retrieved from https://www.pewresearch.org/internet/2015/10/08/social-networking-usage-2005- 2015/ Pew Research Center. (2021). Social media use in 2021. Retrieved from https://www.pewresearch.org/internet/2021/04/07/social-media-use-in-2021/ PwC. (2019). Seeing is believing: How VR and AR will transform business and the economy. Retrieved from https://www.pwc.com/gx/en/issues/technology/seeing-is-believing.html Saracoglu, A. (2023). The impact of cybersecurity threats on the metaverse. Cybersecurity Insights, 10(2), 98-112. Smith, J., Jones, R., & Taylor, L. (2023). Foundational technology vulnerabilities: Securing the virtual infrastructure. Cybersecurity Journal, 14(2), 123-145. SpringerLink. (2020). Security and privacy in virtual reality. SpringerLink. Retrieved from https://link.springer.com/article/10.1007/s11042-020-08921-4 Stephenson, N. (1992). Snow crash. Bantam Books. Syal, S., & Mathew, R. (2020). Threats faced by mixed reality & countermeasures. Journal of Procedia Computer Science, 171(2), 2720-2728. S&P Global Market Intelligence. (2023). Metaverse market analysis and revenue forecast 2023-2028. Retrieved from https://www.spglobal.com/marketintelligence/en/metaverse-market-analysis- 2023-2028 Viswanathan, K. (2022). Security considerations for virtual reality systems. arXiv preprint arXiv:2201.02563. Wang, Y., Su, Z., Zhang, N., Liu, D., Xing, R., Luan, T. H., & Shen, X. (2022). A survey on metaverse: Fundamentals, security, and privacy. arXiv preprint arXiv:2203.02662. World Economic Forum. (2020). The future of jobs report 2020. Retrieved from https://www.weforum.org/reports/the-future-of-jobs-report-2020 Wu, X. M., Ku, W. C., & Yu, C. H. (2023). 以一次性密碼為基礎的雙因素身份 驗證應用程式之即時網路釣魚攻擊防禦能力的分析與強化. 資訊安全通訊, 29(1), 1-15. 余和謙. (2019). 人工智慧之治理-以深度偽造為例. 科技法律透析, 31(8), 52-72. 陳銘. (2022). 探討 Deepfake 深度造假對傳播的影響. 淡江大學大眾傳播 學系碩士班學位論文, 1-123. Wang, W. C. (2022). 初探零信任網路架構與資安法之互動. 科技法律評析, (14), 185-231. 官玉蘭. (2023). 影響資安科技多元身份認證系統之使用意圖之研究 (淡江 大學管理科學學系企業經營碩士在職專班學位論文). 淡江大學. Reed, D., Sporny, M., Longley, D., Allen, C., Grant, R., Sabadello, M., & Holt, J. (2020). Decentralized identifiers (DIDs) v1.0. Draft Community Group Report.
描述 碩士
國立政治大學
全球傳播與創新科技碩士學位學程
111ZM1013
資料來源 http://thesis.lib.nccu.edu.tw/record/#G0111ZM1013
資料類型 thesis
dc.contributor.advisor 左瑞麟zh_TW
dc.contributor.advisor Tso, Ray-Linen_US
dc.contributor.author (Authors) 劉昱其zh_TW
dc.contributor.author (Authors) Liu, Yu-Chien_US
dc.creator (作者) 劉昱其zh_TW
dc.creator (作者) Liu, Yu-Chien_US
dc.date (日期) 2024en_US
dc.date.accessioned 1-Nov-2024 11:03:23 (UTC+8)-
dc.date.available 1-Nov-2024 11:03:23 (UTC+8)-
dc.date.issued (上傳時間) 1-Nov-2024 11:03:23 (UTC+8)-
dc.identifier (Other Identifiers) G0111ZM1013en_US
dc.identifier.uri (URI) https://nccur.lib.nccu.edu.tw/handle/140.119/154201-
dc.description (描述) 碩士zh_TW
dc.description (描述) 國立政治大學zh_TW
dc.description (描述) 全球傳播與創新科技碩士學位學程zh_TW
dc.description (描述) 111ZM1013zh_TW
dc.description.abstract (摘要) 科技的迅速發展,人們的互動空間有了全新的方式,元宇宙已成為使用者在虛擬世界中互動並參與各種活動的重要平台。然而,人們在元宇宙中進行互動,個人數據和資訊交流頻繁,互動平台擁有大量的用戶生成資料,資訊的安全及隱私的保護,成為一個重要的議題。因此,了解這些威脅挑戰並提出相應的對策對於保護使用者的資訊安全至關重要。 本研究旨在找出元宇宙中會出現的資訊安全威脅,再找出相對應威脅的對策。首先,我們將應用零信任(Zero Trust)模型,這一模型基於一個關鍵理念,即不應信任任何內部或外部用戶或設備,無論其是否在組織的網路內。這將有助於確保虛擬世界的安全,防止未經授權的訪問和數據洩露。其次,我們將利用 FIDO(Fast Identity Online)認證技術,提供更安全和便捷的用戶身份驗證方法,以確保只有經過認證的用戶可以訪問元宇宙。最後,我們將採用 DIDs(Decentralized identifiers)技術,使用戶能夠在虛擬世界中掌握他們的身份信息,從而減少中央控制和數據風險,同時提供更好的用戶體驗,並為未來的資訊安全研究提供有價值的參考。zh_TW
dc.description.abstract (摘要) With the rapid advancement of technology, there are new ways for people to interact, and the metaverse has become a significant platform for users to engage in various activities within a virtual world. However, as individuals interact within the metaverse, the frequent exchange of personal data and information poses critical issues regarding data security and privacy protection. Therefore, understanding these threats and developing corresponding countermeasures is essential for safeguarding user information security. This study aims to identify the information security threats that may arise in the metaverse and propose corresponding countermeasures. First, we will apply the Zero Trust model, which is based on a key principle: do not trust any internal or external users or devices, regardless of whether they are within the organization's network. This will help ensure the security of the virtual world by preventing unauthorized access and data breaches. Secondly, we will utilize Fast Identity Online (FIDO) authentication technology to provide a more secure and convenient method of user identity verification, ensuring that only authenticated users can access the metaverse. Finally, we will adopt Decentralized identifiers (DIDs) technology, allowing users to control their identity information within the virtual world, thereby reducing the risks associated with central control and data breaches. These measures aim to enhance user experience and provide valuable references for future information security research.en_US
dc.description.tableofcontents 1. Introduction 1 1.1 Research Background and Motivation 1 2. Literature Review 3 2.1 Fundamental Concepts of the Metaverse: Internet Evolution to Web 3.0 and Beyond 3 2.2 Key Concepts and Features of the Metaverse 5 2.3 Threats to Information Security in the Metaverse 8 2.4 Navigating the Metaverse: A Comprehensive Guide to Security and Threats 17 3. Research Methods 20 3.1 Information Security Frameworks and Technologies 20 3.2 Zero Trust Model 21 3.3 FIDO (Fast Identity Online) 22 3.4 Decentralized Identifiers (DIDs) 23 4. Results 26 4.1 Application of Zero Trust and Passwordless Authentication in the Metaverse 26 4.2 Comprehensive Security Framework for the Metaverse 27 5. Conclusion 34 References 40zh_TW
dc.format.extent 1055862 bytes-
dc.format.mimetype application/pdf-
dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0111ZM1013en_US
dc.subject (關鍵詞) 元宇宙zh_TW
dc.subject (關鍵詞) 零信任模型zh_TW
dc.subject (關鍵詞) 資訊安全zh_TW
dc.subject (關鍵詞) 去中心化識別zh_TW
dc.subject (關鍵詞) Metaverseen_US
dc.subject (關鍵詞) Zero Trust Modelen_US
dc.subject (關鍵詞) FIDOen_US
dc.subject (關鍵詞) DIDsen_US
dc.subject (關鍵詞) Information Securityen_US
dc.title (題名) 元宇宙之資訊安全威脅與對策zh_TW
dc.title (題名) Information Security Threats and Countermeasures in the Metaverseen_US
dc.type (資料類型) thesisen_US
dc.relation.reference (參考文獻) Al Shehhi, A., & Otoum, F. (2023). Implementing the Zero Trust model for enhanced security in virtual environments. Cybersecurity Journal, 8(2), 113-128. Chen, A. C. (2023). 探索資訊安全憑證專利技術. 資訊電子學刊, 11(1), 135- 148. Chen, S. H. (2023). 資訊安全威脅與治理政策之探討. 管理資訊計算, 12, 1- 12. Cybersecurity Ventures. (2020). 2020 Official Annual Cybercrime Report. Retrieved from https://cybersecurityventures.com/cybercrime-report-2020/ Deloitte. (2020). Blockchain: A game changer for financial services. Retrieved from https://www2.deloitte.com/global/en/pages/financial- services/articles/blockchain-a-game-changer-for-financial-services.html Dutton, W. H. (2013). The Oxford handbook of internet studies. Oxford University Press. Fan, Y., Huang, T., Meng, Y., & Cheng, S. (2023). The current opportunities and challenges of Web 3.0. Papers with Code. Grand View Research. (2023). Metaverse market size, share & trends analysis report by component, by device, by technology, by application, by region, and segment forecasts, 2023 - 2030. Retrieved from https://www.grandviewresearch.com/industry-analysis/metaverse-market Gulhane, A., Vyas, A., Mitra, R., Oruche, R., Hoefer, G., Valluripally, S., & Calyam, P. (2019). Security, privacy & safety risk assessment for virtual reality learning environment applications. In 16th IEEE Annual Consumer Communications & Networking Conference (CCNC) (pp. 1-9). Vinod John. (2021). Interoperability in the metaverse: Challenges and opportunities. Retrieved from https://ieeexplore.ieee.org/document/9445638 IDC. (2019). Worldwide spending on augmented and virtual reality forecast to deliver strong growth through 2023, according to a new IDC spending guide. Retrieved from https://www.idc.com/getdoc.jsp?containerId=prUS45679219 Kim, J., & Park, H. (2023). Decentralized identification (DID) technology for secure virtual worlds. Journal of Blockchain Research, 12(4), 221-234. MarketsandMarkets. (2021). Artificial intelligence market by offering, technology, deployment mode, organization size, vertical, and region - global forecast to 2026. Retrieved from https://www.marketsandmarkets.com/Market- Reports/artificial-intelligence-market-74851580.html Mathis, F., Williamson, J. H., Vaniea, K., & Khamis, M. (2021). Fast & secure authentication in virtual reality using coordinated 3D manipulation & pointing. ACM Transactions on Computer-Human Interaction (ToCHI), 28(1), 1-44. Metaverse. (2024). The future of digital interaction and commerce. Virtual Reality Magazine, 19(1), 15-27. Miller, S., Jones, A., & Taylor, R. (2020). User authentication in virtual reality environments. Journal of Virtual Reality Research, 15(4), 123-136. Mitrushchenkova, M. (2023). FIDO authentication technology: Enhancing user security in the metaverse. International Journal of Information Security, 11(3), 145-160. NonFungible.com. (2021). The NFT market report 2021. Retrieved from https://nonfungible.com/reports/2021 Pew Research Center. (2015). Social media usage: 2005-2015. Retrieved from https://www.pewresearch.org/internet/2015/10/08/social-networking-usage-2005- 2015/ Pew Research Center. (2021). Social media use in 2021. Retrieved from https://www.pewresearch.org/internet/2021/04/07/social-media-use-in-2021/ PwC. (2019). Seeing is believing: How VR and AR will transform business and the economy. Retrieved from https://www.pwc.com/gx/en/issues/technology/seeing-is-believing.html Saracoglu, A. (2023). The impact of cybersecurity threats on the metaverse. Cybersecurity Insights, 10(2), 98-112. Smith, J., Jones, R., & Taylor, L. (2023). Foundational technology vulnerabilities: Securing the virtual infrastructure. Cybersecurity Journal, 14(2), 123-145. SpringerLink. (2020). Security and privacy in virtual reality. SpringerLink. Retrieved from https://link.springer.com/article/10.1007/s11042-020-08921-4 Stephenson, N. (1992). Snow crash. Bantam Books. Syal, S., & Mathew, R. (2020). Threats faced by mixed reality & countermeasures. Journal of Procedia Computer Science, 171(2), 2720-2728. S&P Global Market Intelligence. (2023). Metaverse market analysis and revenue forecast 2023-2028. Retrieved from https://www.spglobal.com/marketintelligence/en/metaverse-market-analysis- 2023-2028 Viswanathan, K. (2022). Security considerations for virtual reality systems. arXiv preprint arXiv:2201.02563. Wang, Y., Su, Z., Zhang, N., Liu, D., Xing, R., Luan, T. H., & Shen, X. (2022). A survey on metaverse: Fundamentals, security, and privacy. arXiv preprint arXiv:2203.02662. World Economic Forum. (2020). The future of jobs report 2020. Retrieved from https://www.weforum.org/reports/the-future-of-jobs-report-2020 Wu, X. M., Ku, W. C., & Yu, C. H. (2023). 以一次性密碼為基礎的雙因素身份 驗證應用程式之即時網路釣魚攻擊防禦能力的分析與強化. 資訊安全通訊, 29(1), 1-15. 余和謙. (2019). 人工智慧之治理-以深度偽造為例. 科技法律透析, 31(8), 52-72. 陳銘. (2022). 探討 Deepfake 深度造假對傳播的影響. 淡江大學大眾傳播 學系碩士班學位論文, 1-123. Wang, W. C. (2022). 初探零信任網路架構與資安法之互動. 科技法律評析, (14), 185-231. 官玉蘭. (2023). 影響資安科技多元身份認證系統之使用意圖之研究 (淡江 大學管理科學學系企業經營碩士在職專班學位論文). 淡江大學. Reed, D., Sporny, M., Longley, D., Allen, C., Grant, R., Sabadello, M., & Holt, J. (2020). Decentralized identifiers (DIDs) v1.0. Draft Community Group Report.zh_TW