PRIDA-ME: A Privacy-Preserving, Interoperable and Decentralized Authentication Scheme for Metaverse Environment

The metaverse is a new virtual world that has the potential to significantly impact our interactions with digital content and with each other. It is a shared virtual environment where users can seamlessly and with immersive experiences create, interact, and enjoy digital assets. Nevertheless, the metaverse also poses fundamental challenges, particularly about security and privacy concerns, that require careful consideration. One of the most daunting aspects of securing the metaverse is authentication. Several solutions have been proposed, including deployment of blockchain technology and smart contracts, to address these authentication challenges. While these methods provide a secure and tamper-proof authentication mechanism, they fail to meet certain critical security and privacy requirements like interoperability and decentralization. This research proposes an enhanced privacy-preserving authentication scheme based on blockchain, elliptic curve cryptography, biohashing, and a physical unclonable function that guards against various attacks. The proposed scheme does not rely on a single central authority and consists of various phases, including user and avatar authentication, password change, and avatar generation phases. The proposed scheme underwent security assessment using the Burrows Abadi Needham (BAN) logic, ProVerif tool, and Scyther tool. The results demonstrate that it provides a better level of security against a wide range of attack vectors. The proposed scheme offers a swift and efficient authentication mechanism that adheres to the requirements of the metaverse environment, such as interoperability, decentralization, and privacy protection, and requires less computation cost as compared to state-of-the-art schemes.